A digital rights management architecture for securely delivering content
to authorized consumers. The architecture includes a content provider and
a consumer system for requesting content from the content provider. The
content provider generates a session rights object having purchase
options selected by the consumer. A KDC thereafter provides authorization
data to the consumer system. Also, a caching server is provided for
comparing the purchase options with the authorization data. The caching
server forwards the requested content to the consumer system if the
purchase options match the authorization data. Note that the caching
server employs real time streaming for securely forwarding the encrypted
content, and the requested content is encrypted for forwarding to the
consumer system. Further, the caching server and the consumer system
exchange encrypted control messages (and authenticated) for supporting
transfer of the requested content. In this manner, all interfaces between
components are protected by encryption and/authenticated.