It is known to encrypt data to prevent unwanted recipients from easily determining the contents of the data. That is, it is known to apply an encryption algorithm to otherwise legible data (such as a written message) to result in illegible, encrypted data. This encrypted data can be transmitted to an intended recipient, and is illegible to anyone who intercepts the data, in its encrypted form. Upon receipt by the intended recipient, the encrypted data can be decrypted using an algorithm designed to reverse the effect of the original encryption algorithm. Application of the combination encryption and decryption algorithms enables the sender/encryptor to control access to the underlying data to only those individuals who possess the decryption algorithm.
One weakness of the described encryption/decryption methods or schemes is that the described encryption/decryption schemes can be broken using appropriate techniques. For example, certain trial-and-error attempts, frequency analysis techniques, physical compromise of a host machine, knowledge by a hacker of the make-up of a portion of an encrypted set of data, and myriad other encryption breaking techniques could result in successful breaking of an encryption/decryption scheme.
The concept of rights management of digital content (whether in the form of software, video, music, or other digital content) began with the development of so-called superdistribution in the 1980s. In such superdistribution systems, content is delivered to a consumer of the content (e.g., a listener of digital music) stored on a delivery machine in encrypted form. The delivery machine includes content delivery software to enable the consumer to access the encrypted content. For example, the content delivery software could be a proprietary music player that includes an algorithm for decrypting encrypted digital music content. In addition to decrypting the encrypted content, such software can enable the distributor of the content to enforce rules about content usage, and can enable the consumer to provide payments in exchange for consuming the content.
These superdistribution systems possess certain drawbacks. First, since the encrypted data is static on the delivery machine, the encrypted data is susceptible to substantial brute-force attempts to decrypt. That is, because of the unlimited temporal access to the encrypted data, a pernicious user may attempt unlimited amounts of code breaking and reverse engineering of the encrypted data itself. Second, since the usage tracking and content delivery software is present on the delivery machine and accessible to the user, such usage tracking and content delivery software is also susceptible to reverse engineering. If such reverse engineering is successful, even if the encryption of the data itself remains intact, the usage tracking and content delivery software can be modified not to keep track of how many times the encrypted content is used. Likewise, the usage tracking and content delivery software can be modified to believe that the attempted uses of the content have been paid for, when in fact they have not. Either situation effectively enables unlimited access to the content.
More recent content distribution systems and schemes have sought to protect against unwanted use or distribution of digital content by relying on periodic or continuous connections to a data network such as the Internet. In such systems, a delivery machine (such as a personal computer) connects to a central server over the Internet to obtain permission to make content available to a person at the delivery machine. This connection to the central server via the Internet enables a content distributor to track usage of the content. Systems relying on such data network connections can also cause the delivery machine to remove copies of the encrypted digital content, if such copies of the encrypted digital content are stored on erasable or re-writable media.
Despite the reliance on a connection to the Internet to provide access to digital content, such systems are nonetheless subject to unwanted access to the encrypted content. For example, the connection to the Internet could be “snooped” or “spoofed,” such that the delivery machine believes it has received authorization from the central server to distribute the content, while it in fact has not received such authorization. When such a connection is “snooped,” software or hardware external to the encrypted content intercepts the signal sent from the central server to the delivery machine for use in any one of a number of ways. When a connection is “spoofed,” software or hardware external to the encrypted content mimics some or all of the signals expected to be received by the delivery machine (such as signals determined by the described “snooping”) from the central server, wherein such mimicked signals indicate to the delivery machine that the user should be allowed access to the encrypted data. Alternatively, spoofing could include the creation of signals which mimic or otherwise resemble signals that are expected by the server, such that the server behaves as desired by the spoofing party. Though the described “snooping” and “spoofing” has been described with respect to the signals received by the delivery machine, it should be appreciated that such “snooping” and “spoofing” could similarly alter the signals sent to the central server; for example the altered signals could cause the central server to believe that the usage of the content was different from the actual usage, or to believe that the encrypted content does not continue to exist on the delivery machine despite its continued existence.
Another technique for controlling the availability of digital content is known as watermarking. Watermarking involves inserting a signal (i.e., a “watermark”) into digital content that does not impact the functionality, appearance, or other characteristics of the digital content. The watermark can be later extracted from the content to determine whether the content is the same as that which was initially released. Watermarking can be used to uniquely identify content that has been stolen, thus enabling better tracking of security breaches that lead to such theft. Moreover, watermarking enables identification of the source of stolen content. However, watermarking does not actually prevent piracy or theft of digital content—it merely enables a user with knowledge of the watermark's whereabouts in the content to verify that the content is the same as that which was released by the contents originator or creator.
Many of the above-described mechanisms for controlling the distribution of digital content involve the distribution of the content, in full and in encrypted form, to a delivery machine. After delivery in each of these mechanisms, the content resides on a memory device of the delivery machine.
Another, different approach to content management involves streaming content to the delivery machine as that content is needed for consumption. In such approaches, a server delivers content to a delivery machine via a data network in small parts that are individually stored, synchronized by content access software (e.g., a media player), delivered for consumption (e.g., played), and discarded. Though such content delivery systems were developed with the initial goal that a user could begin viewing or otherwise consuming content upon delivery of the first of the small parts of the content (rather than upon delivery of the entirety of the content), such systems possess security-based benefits as well. For example, the content only exists in small portions and only for a very limited amount of time. Thus, unauthorized reproduction of the content is impractical and difficult. Further, if each small portion of the content is encrypted as discussed above, additional steps must be taken to make unauthorized copies of the content.
Even with the advent of broadband Internet access in homes, schools, and places of business, the inability to stream certain data-intensive content still limits use of this mechanism. Moreover, the data delivered by streaming is subject to reverse engineering and compromise. For example, instead of being discarded, the small portions of content can be intercepted and assembled into the digital content itself, which can be copied and distributed in its entirety.
Attempts have been made by operating system designers to develop operating systems which enable digital content to remain encrypted until it is delivered to an appropriate hardware device (such as a sound card or graphics card) for consumption. Such encryption ideally prevents software running on top of the operating system from intercepting and altering the encrypted digital content. However, as with all of the types of software described above, operating systems themselves are vulnerable to reverse engineering. Though security holes are frequently plugged through updates distributed by operating system developers, such holes represent avenues through which encrypted digital content can be compromised.
Thus, it is desirable to create a content management system wherein the amount of access to an encrypted message is limited, thus limiting the ability to try to break the encryption algorithm. It is further desirable to create a content management system wherein the algorithms and mechanisms used to encrypt and decrypt data can change frequently without requiring user interaction. It is further desirable to create a content management system wherein a software agent distributed to a delivery machine in real time determines whether the delivery machine has suffered a security breach and to securely communicate any such breathes with a server.