Developments in the field of digital rights management (DRM) have accelerated as the proliferation of peer-to-peer file sharing services on the Internet exacerbate the conflict between digital content creators and digital content users. Much digital content such as financial records or medical records is extremely private yet has to be shared with the appropriate users. Transmission of such private digital content over the Internet is problematic even when the content is encrypted given the ever-increasing skills of “hackers.”
Once in possession of digital content, a consumer will often act as if he or she has full rights to this digital content. However, the content provider often retains copyright protection and privacy concerns over the digital content that is violated by certain actions of the user—for example, when the user allows unauthorized third parties to freely copy this digital content via a file sharing program.
To address this inherent conflict between users and providers of digital content, a variety of Digital Rights Management (DRM) systems have been implemented. For example, a commonplace scenario involves a user on a host system such as a personal computer accessing content through the Internet. Upon receipt of digital content, the host system must have some type of storage engine such as a hard disk drive to store the content on a storage medium (for example, a magnetic storage hard disk). A typical location for a DRM system in such an environment is in the operating system of the host. But this location is inherently vulnerable to hacking by a user bent upon violating the copyright/privacy rights of the content provider. Thus, there has been a need in the art for DRM systems that provide greater security for content providers. At the same time, however, a DRM system should not impact the legitimate expectations of users in regard to fair use of the digital content.
To address the need in the art for a DRM system that meets both user and content provider expectations, U.S. Pat. No. 6,636,966, entitled “Digital Rights Management Within an Embedded Storage Device,” U.S. application Ser. No. 09/583,452, entitled “Method of Decrypting Data Stored on a Storage Device Using an Embedded Encryption/Decryption Means,” filed May 31, 2000, U.S. Serial application Ser. No. 09/940,026, entitled “Host Certification Method and System,” filed Aug. 27, 2001, U.S. Serial application Ser. No. 09/940,083, entitled “A Secure Access Method and System,” filed Aug. 27, 2001, describe a DRM system in which the DRM “intelligence” has been integrated into the storage engine. As opposed to conventional DRM systems that reside on the host, the integrated storage engine approach is far less vulnerable to hacking by a user of a host system—the user has no access to the DRM functionality within the storage engine other than through the reading or writing of secure content from the storage medium associated with the storage engine. The user knows that digital content may flow to and from the data storage medium but cannot access the “how” within the storage engine that enabled such movement.
Despite the advances described above with respect to DRM-system-integrated storage engines, there remains a need in the art for improvements in the DRM field with respect to protecting confidential information such as financial records or medical records.