This invention relates in general to encryption/decryption systems, and in particular a system for managing keys used for encryption and/or decryption and/or rights objects that control use of or access to content.
Media content such as music, video and games is distributed increasingly as digital files. Such digital content has been distributed widely through a number of channels, including the internet and the use of storage devices. The digital content may be stored in a number of different types of devices, such as magnetic or optical disks, tapes, and non-volatile memories such as flash memories. The digital content in these storage devices can be played, stored and operated by a wide variety of devices such as personal computers of both the desk top and portable types, iPods and other types of embedded or stand alone media players, personal digital assistants (“PDA”), game controllers, MP3 players, and cellular phone handsets (referred to collectively herein as “host devices”).
In order for the owners of the digital content to reduce or prevent unauthorized access to the content, the digital content is frequently encrypted so that only authorized users may access the content. With the proliferation of a large number of different digital files, such as songs, the number of keys that needs to be managed can be quite large. Furthermore, for enhanced security, multiple keys may be involved in the encryption and decryption of each of the digital files. Therefore, a problem that can be anticipated in digital rights management (“DRM”) is the capability to efficiently manage a large number of keys and to determine the right key for encrypting and/or decrypting any particular digital file.
A number of key management systems have been used. In a first type of key management system, the content file is named so as to make it easier to identify and locate the encryption and/or decryption key. In another type of key management system known as the encrypting file system (“EFS”), the key used for encrypting the file is itself encrypted and the encrypted key is stored in the header of the corresponding encrypted content file. While the above key management systems may be useful for some applications, they each have their limitations. None of the above systems are entirely satisfactory. It is therefore desirable to provide a key management system that is more flexible and easier to use.
In digital rights management (DRM), each content file may be associated with rules regarding or controlling how the content file can be accessed and/or used. Such rules are referred to as rights objects in DRM. For example, the rules may specify that the content file may only be accessed for a limited number of times, before certain expiration dates or only for certain time durations. Hence, when it is desired to control use of and/or access to a content file, a rights object is created, which may contain the above described rules as well as content encryption/decryption keys that are used for encrypting/decrypting a content file. The rights object is then also associated with the content file controlled by the rights object. Frequently, the rights objects control use of and/or access to the content files by controlling access to content encryption/decryption keys that are used to encrypt/decrypt the content files. Thus, in order to be able to use and/or access a protected content file, one would first retrieve or otherwise obtain the rights object associated with it, decipher the rules in the rights object, and then use or access the content file in accordance with the rules. Where the content file is encrypted, the key(s) are retrieved from the associated rights object and used to decrypt the file before the content therein can be used or accessed. When it is desired to control use of and/or access to a content file, a rights object is created with rules governing use and/or access to the file and with any encryption/decryption keys that are used to encrypt/decrypt the content file, which object is associated with such content file.
In DRM, there may be a large number of rights objects that need to be managed. Thus, it may also be desirable to provide a management system for managing rights objects that is more flexible and easier to use and can manage a large number of rights objects.