Digital rights management systems exist that control access to digital content. An access control policy can control, for example, which users may access particular units of content, when particular users may access particular content, from what devices particular users may access protected content, what particular users may do with that content (e.g., read, modify, copy, save, print), and whether particular users may be limited to accessing content having a watermark rendered over it (e.g., by physically printing a watermark when a document is printed, by applying a watermark on a display screen when a document is displayed, etc.) or not.
FIG. 1 is a block diagram of an illustrative prior art digital rights management (DRM) system 100 that includes a DRM server 102, an authoring device 106a, an access device 106b, and a content server 108. Numerous types of electronic content may be managed using the DRM system 100. Examples include word processing documents, formatted documents (e.g., PDF documents), spreadsheets, video files, audio files, image files, email messages, and/or other types of electronic content. Each type of content may be created and/or viewed by one or more particular types of application programs. An example of such a DRM system is described in, for example, U.S. Pat. No. 6,978,376, entitled “INFORMATION SECURITY ARCHITECTURE FOR ENCRYPTING DOCUMENTS FOR REMOTE ACCESS WHILE MAINTAINING ACCESS CONTROL,” filed on Dec. 15, 2000, which is incorporated herein by reference in its entirely.
The DRM scheme implemented by system 100 encrypts protected content to prevent unauthorized access. The DRM scheme further implements a scheme to ensure that only authorized users gain access to the information necessary to decrypt the protected content, and only in a manner that enables each user to access the content and perform the actions with that content that they are authorized to perform consistent with the access control policy for that content.
DRM server 102 performs several functions associated with the digital rights management of protected content. An encryption key is generated (e.g., by the DRM server, the authoring device or otherwise). The DRM server 102 maintains decryption keys for protected content (also referred to as content “registered” with the DRM system), maintains decryption keys for registered encrypted content, authenticates requests for viewing registered content, and grants access to registered content by providing decryption keys and associated access policies to authorized users. The DRM server may maintain a secure central database which provides an association between registered users that created or authored the registered content, the registered content, decryption keys for the registered content, access policies for the registered content, and registered users authorized to access each unit of protected content.
Content server 108 may generate and/or store units of content that may be managed by the DRM system. Content server 108 may have one or more application programs to generate various types of content (e.g., an email exchange server application, a word processing application, an image generation application, etc.). Content on content server 108 may be created and/or modified in response to user actions on an authoring device (e.g., authoring device 106a). A software plugin (not shown) for the DRM system may be installed on the authoring device and may allow the selection of an option to protect a unit of content (e.g., a word processing document) when it is opened or created on the access device in response to a user's actions. The plugin can connect to the DRM server over a secure communication link (e.g., via an SSL connection), and the user can be authenticated by the DRM server through a user interface presented by the plugin. The DRM server may connect to one or more resources in a networked computer system (e.g., a directory service storing authentication information such as a user name and password), so that the user may be authenticated based upon information provided via the plugin user interface, to the DRM server.
Once authenticated, the DRM user interface allows the authenticated user to set a policy to protect the document. The user may select a pre-defined policy or create a new one. The policy may specify any of the control criteria discussed above (e.g., which user(s) may access the document, when the document may be accessed, from where the document may be accessed (e.g., only local network access), what actions may be performed with the document (e.g., printing, copying, modifying), whether a watermark should be applied to the document, etc.).
A unique identifier is created for the content (e.g., by applying a hashing algorithm to the content), in association with a request to register the content with the DRM server that is sent 122 by the authoring device 106a. In response, a content encryption key is generated. The content is encrypted using the content encryption key and sent 126 to the content server 108 where it is stored along with the unencrypted unique identifier for the content, and an unencrypted address for the DRM server 102. The DRM server 102 stores the policy and the content encryption key, and associates them with the content via the unique identifier for the content in any suitable way. In one embodiment, the unique identifier and the unencrypted address of the DRM server may be embedded in the content (e.g., in an unencrypted portion of the content).
When a user attempts to access the protected content using an access device 106b, the encrypted content is transmitted 112 from the content server 108 to the access device 106b, along with the unencrypted address of the DRM server 102 and the unencrypted unique identifier for the content. The access device can then use the unencrypted address of the DRM server to request access to the protected content associated with the unique content identifier, as described further below.
Access device 106b is a device through which a user may seek to access a protected unit of content. For example, if the content server 108 is a word processing server, a user may attempt to access a protected word processing document on the word processing server via an access device (e.g., a workstation). The protected unit of content may be transmitted 112 from the content server 108 to the access device 106b (e.g., via a network connection). As discussed above, the protected content is encrypted, so that the user utilizing the access device 106b cannot access it without authority granted by the access policy that is associated with the protected unit of content and is stored on the DRM server 102.
When a user on access device 106b seeks access to a protected content unit, it can only gain access by retrieving the content key from the DRM server 102. If the access device 106b has a DRM plugin installed, the plugin issues a communication 114 to the DRM server 102 (e.g., using the address associated with the content) to request access to the protected unit of content. If no plugin is installed, information within the content may point the device to a server from which the DRM plugin may be installed. The DRM server 102 determines whether the user using the access device 106b is authorized to access the specified unit of content. If not, the access request is denied. If the user is authorized, the content decryption key is transmitted 116 from the DRM server 102 to the access device 106b. This content key may be encrypted using a communication session key for the transaction between the access device and the DRM server so as to keep it secure. The content key may be used to decrypt the unit of content so as to generate a decrypted unit of content which may be accessed by the user. However, the DRM server 102 further transmits 118 policy information to the access device, which dictates the actions the user may perform on the unit of content. The DRM software plugin installed on the access device enforces the policy.