Digital Rights Management (“DRM”) is a term used to describe a range of techniques that use information about rights and rightsholders to manage copyright material and the terms and conditions on which the material is made available to users. More specifically, DRM involves the description, layering, analysis, valuation, trading, and monitoring of an owner's property rights to an asset. DRM covers the management of the digital rights to the physical manifestation of a work (e.g., a textbook) or the digital manifestation of a work (e.g., an Internet web page). DRM also covers the management of an asset whether the asset has a tangible or an intangible value. Current DRM technologies include languages for describing the terms and conditions for an asset, tracking asset usage by enforcing controlled environments or encoded asset manifestations, and closed architectures for the overall management of the digital rights.
In general, DRM protection is based on the principle that every end-entity able to consume DRM protected content is equipped with a cryptographic key, which usually is unique for every end-entity. DRM protected content is distributed, possibly together with a set of consumption rights, in encrypted form. Thus, only authorized parties, usually those that have paid for the content, are able to consume the content. This is done, for example, by encrypting the content with the public key matching the recipient's private DRM key (asymmetric key encryption). For practical reasons, usually a hybrid scheme is chosen, wherein DRM protected content is encrypted under a content encryption key (CEK) using symmetric encryption. The CEK in turn is then encrypted with the public DRM key matching the recipient's private DRM key. The CEK may be accompanied by consumption rights (which may also be encrypted) expressing the usage rules for the DRM protected content.
The effect is the same for both approaches, i.e., only authorized parties are able to consume the DRM protected content (if implemented securely and correctly). The two approaches, however, also share a drawback originating from the fact that every end-entity is equipped with a unique DRM key: content (or the CEK) has to be personalized for every device prior to consumption.
Usually, DRM content is protected (using encryption, for example) by the network side for various reasons, e.g., to guarantee payment for the content. Typically, the network infrastructure has a server for personalizing content transported in the wireless network. The network centric nature of current approaches, however, is not very suitable for certain types of content, e.g., free content. One example is content intended for preview purposes.
It is usually the case that the transfer of purchased, digital rights management (DRM)-protected content from one terminal to another cannot be performed by the end user of a terminal. Typically, the rights holders for the content want to enforce certain usage rights over content management, and this includes in most cases control over how content can be copied and which technical and security requirements have to be met.
Challenges in the context of DRM include handling the license data (e.g., distributing it to the user, checking it, managing it on the terminal), using the license data in a meaningful way, and preventing the unauthorized use of the application to be protected (e.g., copying or circumventing the rights checking). Conventional attempts at resolving these challenges do not tie the functioning of the software application to the license. Instead, only a simple check for a license is performed. Such simple checks are easily removed or manipulated.
Thus, there is a need to manage licensed software applications in a digital rights management (DRM) environment. Further, there is a need to combine copy protection mechanisms with rights management for software applications. Even further, there is a need for improved techniques for licensing, using, and preventing unauthorized use of data protected using DRM.