This invention relates generally to an apparatus and method for managing digital rights, and more particularly to an apparatus and method for using biometric information to control access to digital media that is obtained over a network such as the Internet.
The convergence of computing, communication and music technology in recent years has created the opportunity for music sales on the Internet. Consumers can now download music files from a website over the Internet onto their personal computers. Artwork and liner notes can be viewed, downloaded and printed. To date, major music label catalogs have not been made fully available for digital music download largely due to the perceived risk of piracy of the music properties on the Internet. Today's technology has made it relatively easy for “savvy” users to copy and distribute (e-mail) music files or to burn the files to writeable CDs. The music industry is searching for technologies that will reduce the risk of piracy and ensure that rights-owners are properly compensated for the use of their property.
Various digital rights management (DRM) technologies have been proposed for authenticating user authorization to view and download media. At present, most DRMs take the form of some encryption of content and the provision of a key to authorized users of the content. A database of who acquired the rights to use the property is maintained. The key often takes the form of a password, which unfortunately can be easily shared with non-authorized users. Some DRM technologies attempt to overcome password sharing by using the user's computer serial number or IP (Internet) address as an additional key. The disadvantage of such technologies is that the content is locked down to a particular machine, or a limited number of systems (i.e., 2 or 3). This severely restricts the user's portability of the content. For example, music files downloaded on a home computer could not be heard on systems of friends and family members, at the office, or on portable computers or laptops other than the home computer.
Biometric technology has been proposed to control access to computing devices and networks by measuring a unique physical characteristic of an individual and comparing the measured characteristics with stored characteristics to determine if the individual has pre-authorized access approval. For example, U.S. Pat. Nos. 5,887,140, and 6,122,737, issued Mar. 23, 1999, and Sep. 19, 2000, respectively, disclose biometric systems in which fingerprint data is used to control distribution of information over a network. However, the use of fingerprint data requires users to purchase, install and use additional hardware. Additionally, the use of fingerprint data can raise privacy issues and negative sentiments in the minds of some consumers given the traditional association of fingerprint databases with the criminal elements of society. U.S. Pat. No. 4,805,222 issued Feb. 14, 1989, discloses a biometric verification technology in which the identity of an individual is determined based on keystroke dynamics. However, existing biometric proposals lack a comprehensive, user-friendly integration of biometrics with DRM.
Thus, there is a need for a biometric rights use management apparatus and method that provides increased security. There is a need for such a system that integrates biometrics with digital rights management to provide a comprehensive, secure and user-friendly system for accessing and downloading online media, and which provides for portability of such assets.