« PreviousContinue »
SYSTEM AND METHOD FOR ACTIVATING
A RENDERING DEVICE IN A MULTI-LEVEL
FIELD OF THE INVENTION
The present invention relates generally to distribution of electronic content, and, more particularly, to systems and methods for enabling the use of certain protected content by a client in a rights-management architecture that supports multiple levels of security.
BACKGROUND OF THE INVENTION
As the availability and use of computers and palm-sized electronic devices has increased, it has become common for documents to be transmitted and viewed electronically. With improvements in the speed and facility of communication over infrastructures such as the Internet, there is a tremendous drive to provide enhanced services and content to the devices. Examples of services and content that may be provided are authored works, such as books or other textual material. Electronic distribution of text documents is both faster and cheaper than conventional distribution of paper copies. The same principle applies to non-text content, such as audio and video: electronic distribution of such content is generally faster and cheaper than the delivery of such content on conventional media (e.g., magnetic tape or optical disk). However, the low cost and instantaneity of electronic distribution, in combination with the ease of copying electronic content, is at odds with controlled distribution in a manner that protects the rights of the owners of the distributed works.
Once an electronic document is transmitted to one party, it may be easily copied and distributed to others without authorization by the owner of rights in the electronic document or, often, without even the owner's knowledge. This type of illicit document distribution may deprive the author or content provider of royalties and/or income. A problem with many present delivery schemes is that they may make no provisions for protecting ownership rights. Other systems attempt to protect ownership rights, but however, are cumbersome and inflexible and make the viewing/reading of the authored works (or otherwise rendering the authored works, in the case of non-text content such as music, video, etc.) difficult for the purchaser.
Thus, in view of the above, there is a need for an improved digital rights management system that allows of delivery of electronic works to purchasers in a manner that protects ownership rights, while also being flexible and easy to use. There is also a need for the system that provides flexible levels of security protection and is operable on several client platforms such that electronic content may be viewed/ rendered by its purchaser on each platform. The digital rights management system of the present invention advantageously provides solutions to the above problems which protect the intellectual property rights of content owners and allow for authors or other content owners to be compensated for their creative efforts, while ensuring that purchasers are not over-burdened by the protection mechanism.
SUMMARY OF THE INVENTION
An architecture for a content-rendering client in a digital rights management ("DRM") system is provided. The architecture includes a rendering application (e.g., a text-viewing application or "reader") which renders content protected by
the DRM system. The architecture also includes various security features that guard against unauthorized distribution or use of protected content, as well as software components that navigate the security features to allow content to be
5 rendered in an appropriate client environment.
In accordance with the architecture provided, content may be protected at a plurality of levels, including: no protection, source sealed, individually sealed (or "inscribed"), source signed, and fully individualized (or "owner exclusive"). "No
10 protection" content is distributed in an unencrypted format. "Source sealed" and "individually sealed" content is encrypted and bundled with an cryptographic key (the "content key") that is cryptographically sealed with certain rights-management data associated with the content, such
15 that the key cannot be retrieved if the rights-management data has been altered. The distinction between "source" and "individual" sealing is that "individually sealed" content includes in the rights-management data information pertinent to the rightful owner (e.g., the owner's name, credit
20 card number, receipt number or transaction ID for the purchase transaction, etc.), such that this information cannot be removed from a working copy of the content, thereby allowing for detection of unauthorized distributors. The particular type of information included is determined by the
25 retailer of the copy. "Signed" content is cryptographically signed in such a way that the rendering application can verify its authenticity, or the authenticity of its distribution channel. "Fully individualized" content is encrypted content provided with a decryption key that has not merely been
30 sealed with the rights-management information, but also encrypted in such a way that it cannot be accessed in the absence of a "secure repository" and "activation certificate," which are issued only to a particular client or set of clients, thereby limiting the use of such content to a finite number of
35 installations. "Fully individualized" content also includes a license, which specifies the rights that a user may exercise with respect to the content.
In one embodiment of the invention, the client is used for reading books or text, which are distributed to the client in
40 a file having protection as described above. Preferably, the client software and data relating to the protection and use of the content includes: the rendering application (called the "reader" in the case where the content is text); a "management" component that performs unsealing of protected con
45 tent and certain other cryptographic functions; a software object that provides to content distributors information such as the installation and/or "activation" status of the reader application, as well as information about the "activation" certificate that is needed by the distributor in order to prepare
50 "fully individualized" content whose decryptability is limited to a certain set of readers; and an "activation" software object that performs the function of obtaining a secure repository and activation certificate for installation on the client. Preferably, the activation software object is embodied
55 as an ACTIVEX control, and the object that provides information to content-distribution sites is embodied as an ACTIVEX and/or browser plug-in wrapped in one or more Java script functions. Additionally, it is preferable that the management object be operable by the reader application
60 through an API exposed to the reader application.
Preferably, the content key of fully individualized content is encrypted according to a public/private key pair associated with a particular activation certificate, and a copy of the activation certificate may be provided to various client
65 devices owned or used by a particular person (or "persona"), such that one person can read the same "fully individualized" content on plural devices owned by that person,
whereas other people who own similar devices cannot read that same "fully individualized" content because the necessary activation certificate will not be issued to those persons, thereby limiting the dissemination of fully individualized content.
Other features of the invention are described below.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing summary, as well as the following detailed description, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, like references numerals represent similar parts throughout the several views of the drawings, it being understood, however, that the invention is not limited to the specific methods and instrumentalities disclosed. In the drawings:
FIG. 1 is a block diagram showing an exemplary computing environment in which aspects of the present invention may be implemented;
FIG. 2 is a block diagram of a first embodiment of a client architecture implementing aspects of a digital rights management system in accordance with the invention;
FIG. 3 is a block diagram of a second embodiment of a client architecture implementing aspects of a digital rights management system in accordance with the invention;
FIG. 4 is an exemplary electronic book (eBook) title file format;
FIG. 5 is a flow diagram illustrating a reader activation process; and
FIG. 6 is a flow diagram illustrating exemplary processes of selecting, obtaining and reading an eBook using a digital rights management system according to the invention.
DETAILED DESCRIPTION OF THE
The present invention is directed to a system for processing and delivery of electronic content wherein the content may be protected at multiple levels. Apreferred embodiment of the invention is described, which is directed to the processing and delivery of electronic books, however, the invention is not limited to electronic books and may include all digital content such as video, audio, software executables, data, etc.
The success of the electronic book industry will undoubtedly require providing the existing book-buying public with an appealing, secure, and familiar experience to acquire all sorts of textual material. This material may include "free" or low-cost material requiring little copy protection, to "premium-quality" electronic book titles (herein "eBooks") requiring comprehensive rights protection. In order to enable a smooth transition from the current distribution and retail model for printed books into an electronic distribution system, an infrastructure must exist to ensure a high level of copy protection for those publications that demand it, while supporting the distribution of titles that require lower levels of protection.
The Digital Rights Management (DRM) and Digital Asset Server (DAS) systems of the present invention advantageously provides such an infrastructure. The present invention makes purchasing an eBook more desirable than "stealing" (e.g., making an unauthorized copy of) an eBook. The non-intrusive DRM system minimizes piracy risk, while increasing the likelihood that any piracy will be offset by increased sales/distribution of books in the form of eBooks.
In addition, the present invention provides retailers with a system that can be rapidly deployed at a low-cost.
The primary users of the system are publishers and retailers, who use and/or deploy the system to ensure legiti
5 macy of the content sold as well as copy protection. Exemplary users of the system may be the traditional publisher, the "leading edge" publisher, and the "hungry author." The traditional publisher is likely to be concerned about losing revenue from their printed book publishing operation to
10 eBook piracy. The leading edge publisher is not necessarily concerned with isolated incidents of piracy and may appreciate that eBooks commerce will be most successful in a system where consumers develop habits of purchase. Meanwhile, the hungry author, who would like to collect money
15 for the sale of his or her works, is more interested in attribution (e.g., that the author's name be permanently bound to the work).
As will be described in greater detail below, the DRM System of the present invention accomplishes its goals by
20 protecting works, while enabling their rightful use by consumers, by supporting various "levels" of protection. At the lowest level ("Level 1"), the content source and/or provider may choose no protection via unsigned and unsealed (cleartext) eBooks that do not include a license. A next level of
25 protection ("Level 2") is "source sealed," which means that the content has been encrypted and sealed with a key, where the seal is made using a cryptographic hash of the eBook's title's meta-data (see below) and the key is necessary to decrypt the content. Source sealing guards against tampering
30 with the content or its accompanying meta-data after the title has been sealed, since any change to the meta-data will render the title unusable; however, source sealing does not guarantee authenticity of the a copy of the title (i.e., source sealing does not provide a mechanism to distinguish legiti
35 mate copies from unauthorized copies). In the case of the "hungry author," the author's name may be included in the meta-data for permanent binding to the content, thereby satisfying the "hungry author's" goal of attribution. A next level of protection ("Level 3") is "individually sealed" (or
40 "inscribed"). An "individually sealed" title is an eBook whose meta-data includes information related to the legitimate purchaser (e.g., the user's name or credit card number, the transaction ID or receipt number from the purchase transaction, etc.), such that this information is cryptographi
45 cally bound to the content when the title is sealed. This level of protection discourages people from distributing copies of the title, since it would be easy to detect the origin of an unauthorized copy (and any change to the meta-data, including the information related to the purchaser, would make it
50 impossible, or at least improbable, that the necessary decryption key could be unsealed).
The next level of protection ("Level 4") is "source signed." Source signed eBooks are titles that can be authenticated by a "reader" (which, as more particularly discussed
55 below, is a user application that enables the reading of eBooks on a computing device, such as a PC, a laptop, a Personal Digital Assistant (PDA), PocketPC, or a purposebuilt reading device). Authenticity may preferably be defined in three varieties: "tool signed," which guarantees
60 that the eBook title was generated by a trusted conversion and encryption tool; "owner signed," which is a tool signed eBook that also guarantees the authenticity of the content in the copy (e.g., the owner may be the author or other copyright holder); and "provider signed," which is a tool
65 signed eBook that attests to the authenticity of its provider (e.g., the publisher or retailer of the content). The "tool," the owner, and the provider may each have their own asymmet