The characteristics of digitized information require that there should be a unique technique to enhance protection of the copyright of such digitized audio and video program contents, and such a technique is called the Digital Right Management (DRM) technique.
The operating principle of the Digital Right Management technique is typically as such: a digital content authorization center is established first to encode the compressed digital contents, the digital contents are encrypted by a key, and the head of the encrypted digital contents stores the digital content ID and the address of the authorization center. When the user renders (play) the digital contents, a license for the relevant embedded decryption key is sent to the user after authentication and authorization by the digital content authorization center according to the content ID and the address information at the head of the program, then the digital contents can be rendered. Since the contents to be protected are encrypted, and thus even they are downloaded and stored by a user, they cannot be rendered without the authentication and authorization by the digital program authorization center. Consequently, the copyright of the program is strictly protected.
In the prior art, there are three types of DRM mode. One of them is device based DRM, wherein a right to render a digital content item is granted to one or several devices; another mode is user based DRM, wherein the right is granted to a user; and the other mode is hybrid DRM, wherein the right is granted to a device or a user, and this means that any user can render the encrypted digital content on the authorized device and the authorized user can render the encrypted digital content on any device.
FIG. 1A shows a DRM system of the prior art. As shown in FIG. 1A, said DRM system generally includes a Service provider (SP), a Right Issuer, a DRM terminal and a storage medium. The Service Provider and the Right Issuer are usually associated with each other and can be integrated together. The storage medium can be a network store or various types of movable media. The DRM terminal can be a software program or a hardware for solidifying the program function, which can be installed on a device. Said device may be various digital terminals having a rendering function, such as a mobile phone having a player, a Personal Digital Assistant (PDA), a set top box, a lap top, an MP3, an MP4, an electronic book reader, etc. The rendering mentioned here includes the meaning of reading the contents of digital texts. The digital right management function of the device is achieved through a DRM module thereon.
FIG. 1B shows a flow chart of DRM in the prior art. As shown in this figure, firstly, the client device obtains the digital contents including the encrypted digital program from the digital content issuer. A single digital content includes not only the encrypted digital program, but also some other components, such as the header. Wherein the format of the digital program can be audio, video, text or else. The way of distributing or obtaining digital contents can be implemented by downloading from web sites, issuing CD, and distributing digital contents through IPTV or wireless transmission, etc. As a result, when begin to render a program, the device shall get the license for rendering the program from the right issuer according to the prompt or instruction of the digital contents, and then renders the program in the digital contents using the license.
Nevertheless, there are still some disadvantages in the DRM techniques of the prior art, as need to be overcome. For example, in the device based DRM system, before granting the license to a device, the copy right issuer shall checks if the device is compliant on the basis of a whitelist or a blacklist, and if the device is non-compliant, the right issuer does not grant a right to the device. In the person based or hybrid DRM, it is necessary to firstly perform a real-time authentication on the device used thereof; but when the device is offline, the authentication center cannot issue the license in real-time or cannot authenticate the copyright of the device, thus it is difficult to identify whether the device is authorized to render the digital contents.