1. Field of the Invention
This invention relates generally to controlling and enforcing access rights to data objects and, more particularly, the invention relates to restricting the use of a data object to particular data processors and/or users.
2. Description of the Related Art
Digital representations of media include text files, digital audio, digital video, digital images, and digital multimedia files, among others. The benefits of these media representations and their associated technologies are manifold. These digital representations of media have enabled significant advances in the reproduction, distribution, and use/presentation of the media. There are, however, drawbacks associated with these representations. Digital media is easily copied and/or reproduced, making unauthorized copying or use difficult to control. Ease of transmission also makes unauthorized distribution difficult to control.
Systems have been developed to address the problem of controlling and securely maintaining one's ownership rights in digital media, while still permitting use of the digital media by others. One system is described in U.S. Pat. No. 5,845,281, METHOD AND SYSTEM FOR MANAGING A DATA OBJECT SO AS TO COMPLY WITH PREDETERMINED CONDITIONS FOR USAGE, which issued Dec. 1, 1998 to Benson et al., and is assigned to the assignee of the present application. Another system is described in U.S. Pat. No. 5,892,900, SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION, which issued Apr. 6, 1999 to Ginter et al.
Existing systems generally comprise a client program (user program) executing on a user computer and a server program (data packaging program) executing on a server computer. The computers are generally connected through a computer network. The server program packages a digital media representation (data object) along with a set of rules that govern the use of the data object, in a secure package. The secure package is encrypted such that only the client program can decrypt and use it. The secure package is then transmitted to the client program, which allows use of the data object in accordance with the prescribed rules of use. The data object may, for example, be a digital video file in MPEG format. In this case, the server program would package the video file and a set of rules governing the use of the file in a secure package. The server would then transmit the secure package to the client program. The client program would then likely display the video sequence in accordance with the rules associated with the file.
The limitations of the rules of use are generally delimited by the capabilities of the client program. In other words, a rule is typically an instruction to the client program to allow or not allow some action, or alternatively an instruction to perform an action. Accordingly, the client program needs to be able to understand and implement the actions prescribed by the rules. Typical client programs allow rules that specify such things as: a) how many times a data object can be used or presented, b) whether the data object can be copied, c) whether a hardcopy or printout of the data object can be made, if applicable. Other rules can be created, as long as the client program is capable of performing the associated actions on the device upon which the client program is running.