The use of digital content has increased significantly due to its high quality and efficiency in storage and distribution. Protection against piracy is needed and so Digital Rights Management (“DRM”) technologies are employed to provide persistent rights management for digital contents. In a typical DRM system, content is encrypted and packaged for distribution. A rights object, also called a license, must generally be obtained by a user to access the protected content. A license typically contains the decryption key as well as a specification of rights that a user has acquired. Licenses may be distributed and stored separately from the corresponding contents to make it easier to manage the entire system. A license is typically acquired from a license server. It is usually locked to a user or a user's computer to prevent unauthorized sharing with other people or computers. A DRM system typically enforces the acquired rights through trusted DRM modules on the client side.
The technologies employed by a DRM system to enforce intellectual property protection may sacrifice consumer privacy. For example, the DRM client module knows what content a user accesses, and the license server knows what contents a user has acquired licenses for. The latter case can be explained as follows. In a typical DRM system, a license and the decryption key are associated with a protected content through a key identifier (“ID”) or the like. A key ID may be used instead of a content ID since it enables a content to be packaged into multiple different packages by encrypting it with different encryption keys. When a user acquires a license from a license server, the key ID is typically retrieved from the protected content and sent to the license server which typically generates or retrieves the corresponding content decryption key and sends it to the user in a license. More precisely, the decryption key in the license may be encrypted by the public key bound to the user's device so that only the targeted device can access the protected content. By searching a database or protected content objects, it may not be difficult to identify the content associated with the key ID. As a result, the submitted key ID enables a license server or the like to link a user with the contents associated with the licenses acquired from the license server. This may represent an intrusion into consumer privacy. A balance is desirable between protection of intellectual property for content owners and protection of privacy for consumers. A question naturally arises: is it possible to let a license server send a user the correct decryption key without knowing the key ID, content ID, specific content, or the like? This seems to be a hard problem for a DRM system in which, for the sake of security, each content object is encrypted with a unique encryption key. Without knowing the key ID, a license server does not typically know which decryption key a consumer needs to access the content.