,111111
`
`01
`
`1,11,1111111111111011010111111111111
`
`1111111111111101111111111111111111)1,11,11J1111
`
`01
`
`(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2007/0233606 Al
`Oct. 4, 2007
`Zweig et al. (cid:9)
`(43) Pub. Date: (cid:9)
`
`(54) DECOUPLING RIGHTS IN A DIGITAL
`CONTENT UNIT FROM DOWNLOAD
`
`(75) Inventors: Jonathan M. Zweig, Cupertino, CA
`(US); James H. Woodyatt, San
`Francisco, CA (US)
`
`Correspondence Address:
`APPLE COMPUTER, INC.
`do DORSEY & WHITNEY LLP
`370 SEVENTEENTH ST.
`SUITE 4700
`DENVER, CO 80202 (US)
`
`(73) Assignee: Apple Computer, Inc., Cupertino, CA
`
`(21) Appl. No.: (cid:9)
`
`11/397,149
`
`(22) Filed: (cid:9)
`
`Apr. 4, 2006
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`G06Q 99/00 (cid:9)
`(52) U.S. Cl. (cid:9)
`
`(2006.01)
`
` 705/57
`
`(57) (cid:9)
`
`ABSTRACT
`
`Systems and methods for enabling a user to obtain rights in
`a legitimate copy of a digital content unit without down-
`loading the copy from a digital content store are provided.
`The systems and methods provide an encrypted copy of a
`digital content unit to a first user and transcript the encrypted
`copy to generate the legitimate copy to a second user. The
`encrypted copy is encrypted with a first encrypt key that may
`be associated with the first user and the legitimate copy is
`encrypted with a second encrypt key that may be associated
`with the second user.
`
`500
`
`Start
`
`505
`
`510
`
`User A downloads encrypted
`digital content unit from
`digital content store according
`to steps illustrated
`
`•
`User B accesses copy of the
`encrypted digital content unit
`downloaded by user A
`
`515
`
`520
`
`User B requests and is granted permission
`from the digital content store to
`access content represented in the copy
`
`Digital content user system in user B device
`communicates with the digital content
`distribution system in the digital
`content store to decrypt copy with
`appropriate decrypt key
`
`525
`
`Digital content user system in
`user B device re-encrypts
`unencrypted copy with
`encrypt key associated with user B
`to generate legitimate copy of
`digital content unit for user B to enjoy
`
`530
`
`End
`
`Adobe, Exhibit 1008
`
`

`

`Patent Application Publication
`
`S Jo 1 WIN
`
`TV 909££ZO/LOOZ SR
`
`Unit
`
`Content
`Digital
`
`4
`
`0 0 0
`
`FIG. 1
`
`Unit
`
`Unit (cid:9)
`
`Content
`Digital
`
`
`
` 4 (cid:9)
`
`Content (cid:9)
`Digital (cid:9)
`
`4 (cid:9)
`
`110
`
`105
`
`100 (cid:9)
`
`Store
`
`Digital Content
`
`115
`
`120
`
`155
`
`150 (cid:9)
`
`145
`
`140
`
`135
`
`125
`
`130
`
`Adobe, Exhibit 1008
`
`

`

`
`Patent Application Publication O
`
`S Jo Z WIN
`
`TV 909££ZO/LOOZ SR
`
`FIG. 2
`
`Store
`
`Digital Content
`
`Network
`
`Content Distribution
`
`Device
`User
`
`210
`
`115
`
`120
`
`Distribution System
`
`Digital Content
`
`200
`
`Information
`
`Digital Content Unit
`
`User System
`Digital Content
`
`205
`
`Adobe, Exhibit 1008
`
`

`

`Patent Application Publication
`
`Sao £ WI'S
`
`TV 909££ZO/LOOZ SR
`
`330
`
`represented in digital content unit
`for user to access digital content
`
`with decrypt key associated with user
`
`decrypts the encrypted digital content unit
`Digital content user system in user device
`
`325
`
`digital content unit to user device
`
`User downloads encrypted
`
`generate encrypted digital content unit
`
`content unit using encrypt key to
`
`Digital content store encrypts digital
`
`unit from digital content store
`User purchases digital content
`
`unit from digital content store
`User selects digital content
`
`Start
`
`300
`
`320
`
`315
`
`310
`
`305
`
`Adobe, Exhibit 1008
`
`

`

`S JO 17 JamiS
`
`TV 909££ZO/LOOZ SR
`
`O
`
`Patent Application Publication
`
`FMG. 4
`
`End
`V
`
`440
`
`in digital content unit
`
`access digital content represented
`
`with generated decrypt key for user to
`
`decrypts the encrypted digital content unit
`Digital content user system in user device
`
`435
`
`to decrypt the encrypted digital content unit
`and a decrypt key associated with the user
`generates decrypt key based on the header
`Digital content user system in user device
`
`header attached to it
`
`unit with the unique unencrypted
`
`the encrypted digital content
`User downloads to user device
`
`key associated with the user
`
`header and an encrypt
`
`encrypt key based on the
`digital content unit using an
`
`Digital content store encrypts the
`
`content unit
`
`unique header for the digital
`Digital content store creates
`
`430
`
`unit from digital content store
`User purchases digital content
`
`unit from digital content store
`User selects digital content
`
`Start
`
`400
`
`425
`
`420
`
`415
`
`410
`
`405
`
`Adobe, Exhibit 1008
`
`

`

`S Jo S WIN
`
`TV 909££ZO/LOOZ SR
`
`O
`
`Patent Application Publication
`
`FIG. 5
`
`End
`
`530
`
`digital content unit for user B to enjoy
`
`to generate legitimate copy of
`
`encrypt key associated with user B
`
`unencrypted copy with
`user B device re-encrypts
`
`Digital content user system in
`
`525
`
`appropriate decrypt key
`
`content store to decrypt copy with
`distribution system in the digital
`
`communicates with the digital content
`
`Digital content user system in user B device
`
`520
`
`access content represented in the copy
`
`from the digital content store to
`
`User B requests and 's granted permission
`
`515
`
`downloaded by user A
`
`encrypted digital content unit
`User B accesses copy of the
`
`•
`
`to steps illustrated in FIG. 3 or 4
`digital content store according
`
`digital content unit from
`
`User A downloads encrypted
`
`510
`
`505
`
`Start
`
`500
`
`Adobe, Exhibit 1008
`
`(cid:9)
`(cid:9)
`

`

`US 2007/0233606 Al (cid:9)
`
`Oct. 4, 2007
`
`1
`
`DECOUPLING RIGHTS IN A DIGITAL CONTENT
`UNIT FROM DOWNLOAD
`
`FIELD OF THE INVENTION
`
`[0001] The present invention relates generally to digital
`content protection and, more particularly, to cryptographic
`techniques for obtaining a right in a legitimate copy of a
`digital content unit without downloading the copy.
`
`BACKGROUND INFORMATION
`
`[0002] The explosion of the Internet has revolutionized the
`ways in which information is disseminated and shared.
`Users are no longer tied to the basic newspaper, television
`and radio distribution formats and their respective schedules
`to receive their written, auditory, or visual information.
`Likewise, users no longer need to obtain information or data
`stored in a so-called "hard" or physical format, such as on
`a compact disk (CD) or digital versatile disk (DVD). At any
`given time, massive amounts of information are exchanged
`electronically by millions of users worldwide using the
`Internet not only for communication but also for research,
`education, business, and entertainment. Information can
`now be downloaded, streamed or delivered directly to com-
`puter desktops, laptops, set-top boxes, entertainment units,
`personal digital assistants ("PDAs"), wireless telephones,
`digital music players, and other portable devices, providing
`virtually unlimited information access to users.
`
`[0003] This information is often disseminated as digital
`content in the form of digital content "units" or files, such as
`audio, video, graphics, or multimedia files, that may be
`shared by users, devices, and networks. For example, users
`may now listen to audio broadcasts and live music concerts
`on various web sites or download and play audio files as
`desired. The audio files may be downloaded from digital
`content stores, which are basically repositories of digital
`content units available for user access. Often a per unit fee
`or subscription is charged for access to digital content units.
`Examples of digital content stores offering audio downloads
`and other multimedia services include the iTunes Music
`Store, operated by Apple Computer, Inc., of Cupertino,
`Calif., the Yahoo! Music Store, operated by Yahoo!, Inc., of
`Sunnyvale, Calif., the NapsterTM web site operated by Nap-
`ster, Inc., of Los Angeles, Calif., RhapsodyTM, the Rhap-
`sodyTM music services operated by RealNetworks, Inc., of
`Seattle, Wash., and the eMusic web site, available from
`eMusic.com, Inc., of New York, N.Y., among others. Such
`digital content stores are now a staple of the Internet and
`have fundamentally altered the way digital content is dis-
`tributed and enjoyed by users everywhere. The iTunes
`Music Store, for example, has already sold more than 1
`billion audio files to users.
`
`[0004] Likewise, digital content units may be transmitted
`across satellite, cable or wireless networks. Digital content
`units may be provided to televisions, radios and stereos, and
`so forth by various content providers. Digital content units
`may, in some cases, be stored locally by a user on a hard disk
`or other storage medium connected to a network. As one
`example, a digital video recorder may be connected to a
`satellite or cable network and store digital content units for
`later review.
`
`[0005] The proliferation of digital content and the ease
`with which it is created, manipulated, copied, and distrib-
`
`uted has led to new challenges for digital content creators,
`owners, and providers. Those having vested interests in the
`content have to be especially careful in determining the best
`means to effectively manage the distribution, use and moni-
`toring of their digital content assets and protect them from
`piracy. Digital content assets are protected by copyright
`laws, but those laws merely punish, not necessarily prevent
`the unauthorized copy, manipulation and distribution of
`digital content.
`
`[0006] To address this concern, content protection tech-
`nologies have to be deployed. Content protection technolo-
`gies are those technologies used to monitor and control
`access to digital content. For example, a digital content store
`such as the iTunes Music Store may deploy these technolo-
`gies to ensure that digital content units obtained from its
`store will not be improperly resold, redistributed or copied
`by unauthorized users. When a user obtains one or more
`digital content units from a digital content store, the digital
`content units may be protected so that only the purchasing
`user is granted the right to access the digital content units.
`Content protection technologies employed by the digital
`content store can prevent the other user from accessing the
`digital content unit. For example, they can prevent the other
`user from listening to an audio file obtained by the purchas-
`ing user.
`
`[0007] Content protection technologies typically use tech-
`nical and legal mechanisms to protect digital content against
`unauthorized use. The technical mechanisms may involve
`cryptographic techniques for securing the digital content,
`rights thereto, and content distribution. They may also
`involve the use of "Digital Rights Management" ("DRM")
`technologies for protecting the rights and interests in dis-
`tributing or accessing the digital content. "Rights" may
`include, for example, the right to view the digital content
`unit, the right to make copies of the digital content unit, the
`right to redistribute the digital content unit, to publicly
`display the digital content unit, to modify or sample the
`digital content unit, to create derivative works of the digital
`content unit, and so forth. Essentially, "rights" as used herein
`may include one or more rights common under United States
`and foreign copyright law. Further, such rights may be
`restricted or unlimited. As yet another example, a right may
`be restricted as to the location in which the right may be
`exercised, the number of times the right may be exercised,
`to a particular timeframe in which the right may be exer-
`cised, the way in which the right may be exercised, and so
`on.
`
`[0008] Cryptographic techniques apply mathematical and/
`or linguistic principles to secure a given digital content unit.
`A digital content unit may be encrypted prior to its distri-
`bution to a user, i.e., converted into an unreadable format,
`and decrypted to recover the digital content in its original
`form for the user to access. The encryption and decryption
`process may be controlled by the use of a key, which dictates
`how the unreadable format is produced and decoded. There
`are three broad types of cryptographic techniques available
`today for protecting digital content: secret key (or symmet-
`ric) techniques, public key (or asymmetric) techniques, and
`hash function techniques. (Although hash techniques are not
`cryptographic techniques per se, they are included herein for
`purposes of the following discussions.) These techniques
`may be used separately or in combination, such as in a public
`key/secret key hybrid technique or a key and hash technique.
`
`Adobe, Exhibit 1008
`
`

`

`US 2007/0233606 Al (cid:9)
`
`Oct. 4, 2007
`
`2
`
`Such techniques may be layered, with credentials at one
`level protecting different credentials at another (lower) level.
`"Credentials" are elements or items used to access protected
`data, be it another credential or digital content. Keys are one
`example of credentials. As used herein, the term "key" is
`understood to have the broader meaning of a credential.
`
`[0009] Secret key techniques involve the use of a single
`and secret key for both encryption and decryption. The
`secret key must be known to both the sender and the
`receiver, which may present a challenge in how the key itself
`is to be distributed and protected from others. Common
`secret key techniques include the Data Encryption Standard
`("DES") and its successor, the Advanced Encryption Stan-
`dard ("AES"), among others.
`
`[0010] Public key techniques involve the use of two
`keys—one for encryption and the other for decryption (cid:9)
`that
`are generally mathematically related so that knowledge of
`one key does not allow the other key to be easily determined.
`One key is designated a public key and may be distributed
`and advertised to anyone while the other key is a private and
`secret key known only to its holder. One advantage of public
`key techniques is that they may be used to authenticate the
`sender of a digital content unit. For example, if Alice
`encrypts a digital content unit using her private key and
`sends the encrypted digital content unit to Bob, Bob may
`decrypt the encrypted digital content unit using only Alice's
`public key, confirming that Alice was the one who sent the
`encrypted digital content unit to Bob. Common public key
`techniques include the Public Key Cryptographic Standards
`("PKCSs") and the RSA algorithm, designed by RSA Secu-
`rity, Inc., of Bedford, Mass.
`
`[0011] Hash techniques are one-way cryptographic tech-
`niques involving the generation of a mathematical function
`derived from the digital content in a given digital content
`unit, referred to as a hash function, that makes it difficult for
`the digital content to be recovered. These techniques are
`typically used to provide a measure of the integrity of a file,
`i.e., to verify whether a given digital content unit has been
`altered. Since two different digital content units typically do
`not generate the same hash function, knowing the hash
`function for a particular digital content permits comparison
`of the hashed content to the unhashed content. This, in turn,
`may give an indication of whether the digital content unit
`has been modified. Hash functions may be used together
`with secret key and public key techniques as a way to further
`ensure the integrity of a digital content unit. Common hash
`functions include the Message Digest ("MD") algorithms
`such as MD2, MD5 and RIPEMD as well as the Secure Hash
`Algorithm ("SHA").
`
`[0012] An example of a common content protection tech-
`nology relying on cryptographic techniques to protect digital
`content includes the Content Protection for Prerecorded
`Media ("CPPM") technology for protecting digital content
`stored on prerecorded digital versatile disks ("DVD").
`CPPM selectively encrypts disc sectors that can only be
`decrypted during playback by licensed products, such as
`DVD players. Critical information, e.g., decryption keys,
`required to unlock the digital content stored in the prere-
`corded DVDs is located in protected regions of the discs
`accessible only to the licensed products and under carefully
`regulated circumstances. Without these keys the encrypted
`digital content is unusable. Performing bit-for-bit duplica-
`
`tion or simply copying files from the protected DVD to a
`writable DVD, hard drive or other storage medium is
`prohibited unless the DVD's key is known. Writable DVD
`products employ several safety safeguards to prevent valid
`decryption keys from ever being written to these discs. In
`addition, software for watching DVDs is generally "trusted,"
`such that it does not allow a user to watch an unauthorized
`copy of a DVD (i.e. one lacking the decryption key).
`
`[0013] Additional examples of common content protec-
`tion technologies relying on cryptographic techniques
`include the "Fairplay" scheme used by digital content stores,
`such as the iTunes Store. Digital content stores may use a
`hybrid of secret key and public key techniques to protect
`their digital content, or may employ multiple keys. They
`may also use hash techniques in combination with, say, a
`hybrid secret key/public key technique.
`
`[0014] For example, in the Fairplay system, two keys are
`used to protect a digital content unit. When a user obtains a
`digital file from the iTunes Store (possibly through pur-
`chase), the user downloads an encrypted audio file that has
`been encrypted with a random key. The random key is stored
`in a header of the digital content unit; this header is
`encrypted with an encryption key specifically linked to the
`user. Thus, the user's key may be used to decrypt the header
`of the digital content unit and retrieve the random key, which
`may then decrypt the remainder of the digital content unit.
`In this manner, each digital content unit is randomly encoded
`throughout the majority of its length with a different random
`key. This makes it difficult for a third party who obtains
`copies of multiple digital content units associated with a
`single, legitimate user to guess or derive that legitimate
`user's personal key. This, in turn, may reduce the unautho-
`rized copying and/or distribution of digital content units.
`
`[0015] Because digital content files may be storage and
`bandwidth intensive, downloads of a digital content unit
`from a digital content store may take substantial time
`depending on the characteristics of the network and user
`demand for the digital content unit during the downloads.
`For example, a 6 gigabyte movie stored on a DVD may
`require multiple hours to download across a typical high-
`speed Internet connection. Users having access to an already
`legitimately-obtained copy of a given digital content unit,
`e.g., Bob in the example above having access to the audio
`file obtained by Alice, may be enticed to find a way to
`circumvent the content protection technologies and illegally
`copy without incurring the costs and download time required
`for purchasing their own copy from the digital content store.
`By contrast, copying one or more digital content units from
`a storage medium (including, for example, a CD, DVD, hard
`disk, flash memory, portable hard disk and so forth) directly
`to a second storage medium associated with a computer is
`typically much faster than downloading the same digital
`content unit(s) across a network connection. Likewise, digi-
`tal content may be rapidly shared between computers across
`a wired or wireless local area network (LAN).
`
`[0016]
`In addition to enhancing currently available con-
`tent protection technologies to protect digital content units
`from illegal break-ins, it would also be desirable to provide
`users having access to already legitimately-obtained copies
`of digital content units a legal right to play, view, or
`manipulate those copies. Besides savings in download times
`(and potentially monetary costs) for those users having
`
`Adobe, Exhibit 1008
`
`

`

`US 2007/0233606 Al (cid:9)
`
`Oct. 4, 2007
`
`3
`
`access to already legitimately-obtained copies, such measure
`may diminish desire to produce illegal copies of digital
`content units obtained from a digital content store.
`
`unauthorized) is particularly simple. Embodiments of the
`present invention may be likewise applicable to this situa-
`tion.
`
`[0017] There is therefore a need to provide systems and
`methods for granting users a legal right to own a copy of a
`digital content unit without having to obtain or download
`another copy of the same digital content unit from a digital
`content store.
`
`[0018] There is yet a further need to provide systems and
`methods for decoupling the purchasing of rights in a copy of
`a digital content unit from the downloading of the digital
`content unit.
`
`SUMMARY OF THE INVENTION
`
`[0019]
`In view of the foregoing, a general object of the
`present invention is to provide systems and methods for
`granting users a right in a copy of a digital content unit
`without having to download another copy of the same digital
`content.
`
`[0020]
`In one aspect, the present invention provides sys-
`tems and methods for transcrypting or converting a digital
`content unit encrypted with a given key into a decryptable
`copy of the digital content unit for a user having a legal right
`to obtain a copy of the digital content unit.
`
`[0021]
`In another aspect, the present invention provides
`systems and methods for decoupling the purchasing of rights
`in a copy of a digital content unit from the downloading of
`the digital content unit.
`
`[0022] These and other aspects of the present invention are
`accomplished by providing systems and methods for
`enabling a user to obtain a right or rights in a legitimate copy
`of a digital content unit without having to download the copy
`from, for example, a digital content store. A digital content
`unit, as generally referred to herein, may be any unit or file
`representing and storing digital content such as plain data,
`audio, video, graphics, or other multimedia content, that
`may be shared across users, devices, and networks. A digital
`content store, as generally referred to herein, may be any
`repository of digital content units available for user access
`often on a per unit fee or subscription basis. Such a store
`may sell, for example, audio, video, combinations of both,
`computer software, databases, and any other data that may
`be digitally stored and transmitted.
`
`[0023] The present invention is equally applicable to situ-
`ations where a user has obtained a digital content unit and
`one or more rights therein, and wishes to copy the digital
`content unit as provided for within those rights. For
`example, a user may wish to (and have the right to) make a
`copy of a CD or DVD, perhaps for backup or archival
`storage. As yet another example, a user may obtain a CD,
`DVD, or digital content unit stored on a hard disk or flash
`memory from the digital content unit's owner, and be asked
`to make a copy of the digital content unit for the owner.
`Generally, many digital content units stored on CDs, DVDs,
`and other storage media are difficult to copy due to copy
`protection schemes, even if such copying is permitted by the
`user's rights.
`
`[0024] Further, in some cases, such digital content units
`are not copy-protected, and so making copies (authorized or
`
`[0025] The digital content store may have a digital content
`distribution system for handling the distribution of digital
`content units to users on various user devices capable of
`accessing the digital content represented in the digital con-
`tent units for the users to enjoy. The user devices may be, for
`example, computer desktops, laptops, set-top boxes, enter-
`tainment units, personal digital assistants ("PDAs"), wire-
`less telephones, digital music players, and other portable
`devices capable of playing, displaying, and performing other
`actions on the digital content represented in the digital
`content units. A user device may have a digital content user
`system capable of receiving digital content units from the
`digital content store and enabling its users to enjoy the
`digital content represented in the digital content units.
`Accordingly, the digital content distribution system in the
`digital content store communicates with the digital content
`user system in the user device to transmit/receive digital
`content unit information to/from users.
`
`[0026]
`In one exemplary embodiment, content protection
`technologies applying cryptographic techniques are
`employed by the digital content distribution system in the
`digital content store to protect the digital content units
`available therein for access by users. The content protection
`technologies generally involve encrypting each digital con-
`tent unit with an encrypt key to generate an encrypted digital
`content unit for access by a user. The user may access the
`encrypted digital content unit by paying a monetary fee for
`the digital content unit or as part of a subscription in which
`the user has access to a given number of digital content units
`for a prescribed period of time within a given subscription
`fee. The user may also be granted access to the digital
`content unit without having to pay any fees. The encrypt key
`may be related to the digital content unit, associated with the
`user authorized to access the encrypted digital content unit
`and/or associated with the digital content store. The content
`protection technologies employed by the digital content
`store may involve a combination of secret key, public key
`and/or hash techniques to protect the digital content units
`available therein.
`
`[0027] According to this exemplary embodiment, the user
`accessing an encrypted digital content unit may download
`the encrypted digital content unit to a user device. The
`digital content user system in the user device may include a
`trusted software, e.g., a trusted client software, that is able
`and authorized by the digital content store to access the
`digital content in the digital content unit. A trusted software,
`as generally referred to herein, may be any software that
`operates as expected within its design and policy and is
`intended for authorized and trusted users only. A trusted
`user, as generally referred to herein, may be a user autho-
`rized to use the trusted software and who does not and is not
`able to make unauthorized use of the software, make unau-
`thorized attempts to break into the trusted software or offer
`it illegally to other untrusted users.
`
`[0028] The digital content in the digital content unit may
`be accessed with the trusted software by first decrypting the
`digital content unit with a key authorized only for that user.
`The key may be a secret key associated with the user and/or
`a key associated with the software authorized for use only by
`
`Adobe, Exhibit 1008
`
`

`

`US 2007/0233606 Al (cid:9)
`
`Oct. 4, 2007
`
`4
`
`that user. For example, the user may download the encrypted
`digital content unit to devices such as computer desktops,
`laptops, set-top boxes, entertainment units, personal digital
`assistants ("PDAs"), wireless telephones, digital music play-
`ers, and other portable devices capable of playing, display-
`ing, and performing other actions on the digital content
`represented in the digital content unit. Each device may be
`equipped with a software capable of accessing the digital
`content unit only by the user authorized and entitled to do so,
`e.g., the user who obtained and downloaded the digital
`content unit from the digital content store.
`[0029]
`In another exemplary embodiment, each encrypted
`digital content unit may include an unencrypted header
`therein. In this exemplary embodiment, each digital content
`unit in the digital content store is encrypted with a unique
`key based on the header and a secret key associated with a
`user. The unique key may be, for example, a cryptographic
`hash of the header and the secret key associated with the
`user. The digital content in the encrypted digital content unit
`may be accessed by the user authorized to do so by first
`generating a decrypt key based on the header and the secret
`key associated with the user. The decrypt key may be, for
`example, generated as the cryptographic hash of the header
`and the secret key associated with the user. Because the
`header is unique to each digital content unit, each digital
`content unit is encrypted with a unique key, even for the
`same user.
`[0030]
`In this embodiment, the digital content user system
`residing in the user device authorized by the digital content
`store to access the digital content in the encrypted digital
`content unit may include an untrusted software, e.g., an
`untrusted client software. An untrusted software, as gener-
`ally referred to herein, may not guarantee that all of its users
`are trusted users, that is, the untrusted software may not
`guarantee that it is fully protected against unauthorized use,
`distribution, break-ins and other unauthorized actions. In
`this case, encrypting each digital content unit with a different
`key, regardless of whether it is for a single user, may further
`protect the encrypted digital content unit from being prey to
`unauthorized uses of the untrusted software.
`[0031] Each time a user purchases and/or downloads an
`encrypted digital content unit, a different decrypt key is
`generated. The decrypt key, which may be generated as the
`cryptographic hash of the header associated with the
`encrypted digital content unit and the secret key associated
`with the user, may be generated by the digital content store
`and provided to the user authorized to download the digital
`content unit together with the encrypted digital content unit
`or it may generated by the untrusted software residing in the
`user device authorized by the digital content store to access
`the digital content in the digital content unit.
`[0032]
`In both these exemplary embodiments, i.e., in the
`case of a trusted software or an untrusted software, a user
`having access to a copy of an encrypted digital content unit
`intended for another user, e.g., a purchasing user, may be
`granted a legal right to access the copy without having to
`download another copy of the encrypted digital content unit
`from a digital content store. The user having access to the
`copy of the encrypted digital content unit may be able to
`access the digital content therein by requesting permission to
`do so from the digital content store wherefrom the encrypted
`digital content unit was obtained by the other user, e.g., the
`purchasing user.
`
`[0033] For example, the digital content store may offer
`users the right to purchase a legitimate copy of a digital
`content unit without downloading it. The users having
`access to a copy of an encrypted digital content unit may
`purchase (or otherwise legitimately obtain) such right from
`the digital content store in order to access the digital content
`in the copy. Because the encrypted digital content unit was
`encrypted and authorized solely for the user purchasing
`and/or downloading it from the digital content store, the user
`merely having access to a copy of that encrypted digital
`content unit may, when purchasing the right to access the
`digital content therein, purchase the right to decrypt the copy
`for his/her own use. This way, if Alice, for example, pur-
`chases an encrypted digital content unit from the digital
`content store and Bob has access to a copy of the encrypted
`digital content unit obtained by Alice, Bob will be able to
`obtain from the digital content store the legal right to access
`the copy. Bob will be able to decrypt the copy of the
`encrypted digital content unit for his enjoyment even though
`the encrypted digital content unit was encrypted with a key
`associated with Alice. Bob will be able to access the digital
`content in the copy without having to download another
`copy from the digital content store.
`
`[0034] In the one exemplary embodiment involving a
`trusted software, a user having a trusted client software in a
`user device and having access to a copy of an encrypted
`digital content unit is given the right to decrypt the copy of
`the encrypted digital content unit with the key able to
`decrypt the encrypted digital content unit. The key able to
`decrypt the encrypted digital content may be, for example,
`a key associated with the user who purchased and/or down-
`loaded the encrypted digital content unit from the digital
`content store. Because this decrypt key is known to the
`digital content store, the trusted client software may, for
`example, retrieve the decrypt key from the digital content
`store, decrypt the copy with the decrypt key and re-encrypt
`the copy with a key associated to the user having access to
`the copy. In the Alice-Bob example above, with Alice
`pur