High quality digital video entertainment will not be Internet delivered without effective content protection. Content providers view content protection as an absolute must have before compelling content is released for network connected devices. Moreover, it seems unreasonable to assume that in the future consumers will accept inferior quality content, or an inferior experience based upon the limitations of the Internet. The technology exists for content providers to provide high quality content over the Internet. However, digital content by its very nature is easy to duplicate either with or without the copyright holders permission. Broadband Internet allows the delivery of the content from the legal copyright holder, but that same technology also allows for the wide spread distribution of improperly duplicated content.
There are two predominate and rather distinct digital content protection models: Conditional Access (CA), and Digital Rights Management (DRM). The CA technology is based on encryption of live content that is broadcasted to consumers and the presence of a set-top box that has the ability to selectively decrypt the content. The digital content is encrypted during transmission at the uplink site and distributed over an broadcast network. Providing the keys to decrypt the content only to authorized subscribers restricts the content access. The keys are typically protected using smart card technology.
The DRM technology addresses the need for protecting file distribution. DRM has emerged as a complex set of technologies and business models to protect digital media copyrights and to provide revenue to content owners.
Most DRM systems use the same overall systems design as illustrated in FIG. 1. A ClearText Repository 10 includes a collection of content provided by content owners. The ClearText Repository 10 resides within a trusted area behind at least one firewall 15. Within the trusted area, content residing on the ClearText Repository 10 can be encrypted. An Encrypted Content Server 20 receives encrypted content from the ClearText Repository 10 and packages the encrypted content for distribution. A License Server 30 holds description of rights and usage rules associated with the encrypted content, as well as associated encryption keys. A playback device 40 receives encrypted content from the Encrypted Content Server 20 for display and communicates with the License Server 30 to verify access rights.
The DRM process consists of requesting a unit of content, encrypting the unit of content with a session key, storing the session key in a content license, distributing the encrypted content to a playback device, delivering a license file that includes the encrypted session key to the playback device, and decrypting the content file and playing it under the usage rules specified in the license. A significant security issue exists in this process in that a content provider loses a degree of control over the content's security and distribution once the encrypted content and associated license file are transmitted to and stored on the playback device. Although the playback device may include a trusted area where the encrypted content is decrypted and decoded, the trusted area on a playback device is less secure than a trusted area maintained directly by the content provider.
A better set of protection mechanisms than CA and DRM is necessary to accomplish delivery of any media to any device on the Internet.