A removable storage device, such as a Secure Digital (SD) card or a MultiMedia Card (MMC), can be used to store digital content, such as a song or a movie. To prevent unauthorized access and control copying of the stored content, the content can be encrypted with a content encryption key, where only authorized entities are able to use the key to decrypt the content. While a storage device can be pre-loaded with content, in some environments, the content is downloaded to the storage device from a server (e.g., via a mobile phone that is hosting the storage device). In such situations, the server can encrypt the content with a content encryption key, send the content encryption key to the storage device securely or via a secure channel, and send the encrypted content to the storage device via an open channel.
In some environments (sometimes referred to as “super-distribution” environments), a user is allowed to freely copy the encrypted content (but not the content encryption key) to other storage devices. Since the content is encrypted and the content encryption key is not copied along with the content, the content on the target storage device will not be renderable. In order to render the content, the user of the target storage device requests or purchases the content encryption key from a digital rights management (DRM) server. The content encryption key can be part of a “rights object” that contains rules on when and how the content encryption key can be used to access the content. Such environments are often desired by service providers and mobile phone operators because the free redistribution of protected content creates opportunities for use of the mobile phone to contact the service provider to purchase a content encryption key.
A problem can occur, however, when the server is not aware of the content encryption key internally-generated by a storage or host device. In such a situation, since the server is not aware of the content encryption key, the server is unable to respond on its own to requests from target storage devices for the content encryption key. As such, content protected in this fashion would be tied to the storage or host device that generated the content encryption key, thus preventing access to super-distributed content.