Global distribution systems, such as the Internet, are increasingly being used for distribution of digital content that includes text and graphic information encoded in a variety of formats. However, copyright holders and publishers of such digital content have been slow to embrace the use of the Internet for distribution of digital content because it has been difficult to control unauthorized copying and dissemination of the content once it has been delivered onto the Internet. In particular, once content has been placed in digital form and delivered to a user, it can easily be copied, printed or forwarded to other users.
Thus, providers of digital content desire to establish a secure, global distribution system for digital content that protects the rights of the content's copyright holders. One prior art technique for controlling the distribution of digital content is shown in FIG. 1. In this technique, unencrypted content is placed in a server farm that is located behind a secure firewall. A user, such as user 100 desiring access to the content stored in database 106 logs in to the server 104 using a conventional authentication scheme, such as a password or subscription service. Once connected to the server 104, an authorized user 100 can view content and request a copy of that content as indicated by arrow 108. In response to this request, the server 104 retrieves the information from the database 106 as indicated schematically by arrow 110 and displays the content.
This conventional protection technique has several drawbacks. First, many users prefer to view the content with a conventional web browser. In order to display the content in such a browser, it is necessary to download a digital version of the content, as indicated schematically by arrow 112. This digital version is typically stored, at least temporarily, in the computer, and can be printed or forwarded to other users. Therefore, in accordance with another prior art technique, in order to view the content, the conventional browser must be equipped with a plug-in, ActiveX components or another program which controls the browser and disables the printing function and prevents forwarding the content to unauthorized users. However, in order to use this system, it is necessary to first download and install the plug-in, the ActiveX libraries or other program, before the content can be viewed. In addition, since the content is not encrypted when it is downloaded to the browser, it can still be stored and then later printed or forwarded to other users.
Another problem with this conventional system is that the content sits behind a firewall and it is not directly accessible from the Internet. Consequently, the content cannot be easily cataloged and indexed by conventional search tools, such as search engines or web crawlers. This cuts off a source of potential revenue for the content provider from users who might be interested in the material if they were made aware of it. In addition, locating the content behind a firewall forces authorized users to log in to the server before they can conduct a search for selected material.
Another conventional protection technique is called a “secure container” system. In this system, the content is delivered to the user in an encrypted form and is decrypted at the user's site by means of a decryption key. This technique provides a solution to protecting the document during delivery over insecure channels, but does not provide any mechanism to prevent legitimate users from obtaining the plaintext document and then copying or redistributing it.
In addition, the secure container system requires a way to securely distribute decryption keys for the content. Since the decryption keys and the encrypted content must inevitably both be delivered to an uncontrolled machine, it is important that the key delivery process be as robust as possible. In one conventional embodiment of the secure container system, a key pair is used to encrypt and decrypt the content. For example, the publisher can use the public key of a key pair assigned to the user to encrypt the content. The user then uses the private key of the key pair to decrypt the encrypted content. The problem with this arrangement is that the publisher must encrypt each content document when the user requests it. Since the key pair is specific to a user, the publisher cannot encrypt the content before it is requested.
An alternative to key pairs in a secure container system is to use a single key or key pair that is specific to each content document rather than each user. In this manner, that publisher can encrypt the content ahead of time. In response to a user request for a document and after pre-specified authorization conditions have been met, the decryption key for the requested document is provided to a program in the user's computer that decrypts the content for presentation to the user. However, such a system is only as secure as the key distribution arrangement. Further, since the decryption keys must be associated with the corresponding documents, this association is subject to discovery especially if the content server is located in an uncontrolled environment.
Still another prior art technique uses a software device driver that is permanently installed as part of the operating system. This driver attempts to detect usage of the content wherever it may appear in memory and decrypt it from within the operating system kernel. The advantage of this approach is the ability to do without plug-ins or ActiveX controls specific to each application that requires access to the content, such as the browser, the word processor, and other applications. Disadvantages include the level of system access required to perform an installation of the driver into the operating system as well as the risk of introducing overall system instability and hardware platform incompatibility. An example of this approach is the system offered by elisar.com.
In still another approach, instead of using plug-ins for existing browsers or applications, such as word processors, a separate standalone viewer is used for all protected content. In particular, a separate viewer application that can decrypt and present the encrypted content is permanently installed in the computer of the content user. This approach reduces the development work and software distribution required to make the solution available while still offering the advantages of the prior art techniques. The disadvantage of the approach is the difficulty of getting the user community to adopt a new software application for one kind of work in addition to the tools already in use. This approach is common among e-book readers such as Microsoft Reader.