TECHNICAL FIELD This invention relates to a computer-implemented method of setting protection properties for a path with a receive node. The path is arranged to communicate digital content which is subject to digital rights management, DRM. The digital content is provided by a content provider communicating the digital content via the path to the receive node. The receive node is located in a data network via which the receive node is coupled to other network entities.

BACKGROUND The Internet and personal computers have dramatically changed the way digital media content, such as music, films, and books, are produced, distributed and consumed. Downloading encoded files has gained acceptance among Internet users because it provides immediate access to desired content and does not require a trip to a store or reliance on physical media, such as a CD or DVD. However, digital media content that is available for sale on the Internet is still limited, as content owners, artists, and publishers or providers are concerned about protecting their copyrighted works from illegal use. As the market evolves and content owners or providers explore new ways to enable different business models, more premium content will become available on the Internet. Before owners or providers of premium digital media content will offer their valuable content for sale or promotion, a secure e-commerce system that protects digital content from illegal use is needed. A critical component of any such e-commerce system is digital rights management, DRM. DRM is a set of technologies content owners or providers can use to protect their copyrights and stay in closer contact with their customers. In most instances, DRM is a system that encrypts digital media content and limits access to only those people who have acquired a proper license to play the content. That is, DRM is a technology that enables the secure distribution, promotion, and sale of digital media content on the Internet. RELATED PRIOR ART EP 1 271 875 Al discloses a mutual authentication method between two devices coupled in an end-to-end configuration. When transmitting from one device to the other, the method allows to distinguish between a strongly and a weakly protected device by first verifying a certificate with a public key of a certificate authority. If that fails, it verifies using the locally available public key, which is less secure. US 20030084306A1 discloses a DRM architecture with content servers, rendering devices and a license server that distributes digital content to DRM compliant systems only. A type of roaming service is disclosed which allows a license to a piece of content to be bound to a plurality of computers. In the architecture, receivers of digital content need to comply to DRM specific requirements. This prior art document is concerned only with restrictively protecting the digital content in a cascaded end-to-end system configuration wherein digital content can be handed over to a further registered destination application if a proper digital content protection is available. Despite access to licensed digital content from further destination applications is enabled, the access is restrictively protected by the application so as not to open for uncontrolled use by other less secure applications. This results in that options for accessing or manipulating the digital content is limited to the options provided by the application itself. The application is hosted or run by a computer in a network. As is well-known, other less secure applications may be run on the same computer or on other computers in the network. Since the application although validly registered can reside in a hostile environment formed by the computer itself or the network, the application may be exposed to intensive attacks. Additionally, the digital content, license keys or access keys may be exposed to eavesdropping and spoofing. Not seldom, users or network administrators configure their own network in a bad way, for example by forgetting to correctly configure a wireless network. This allows hackers from the Internet as good as free access to their network with access to listen to and spoof messages related to the digital content. Thus, the prior art involves the problem that on the one hand options for accessing the digital content is limited and on the other hand the digital content is exposed to potential hostile actions in a remote network. SUMMARY OF THE INVENTION This problem is solved by means of a computer-implemented method of setting protection properties for a path with a receive node, which is located in a data network via which the receive node is coupled to network entities; the method comprising the steps of retrieving security settings of" the network entities; and from the retrieved security settings of the network entities and a predefined security level specification deducing at which protection level digital content is to be processed on the path, and setting the protection properties for the path to affect that the digital content is protected at the deduced protection level. In this way protection of the digital content is adapted to the settings of the network. Consequently, a user that has acquired access to a piece of digital content can make use of his/hers acquired content in situations that would have been excluded otherwise. Since an encryption level determines the complexity of the effort required for processing encryption and decryption, it is attractive to set the encryption level at a relatively low level when it is deduced that the protection level in the network is relatively high. This adaptation of the processing effort to the deduced protection level is obtained when the digital content is transferred from a content provider to the receive node via the path at an encryption level selected from the deduced protection level. Protection of digital content is of utmost importance to a content provider, and typically a content provider will choose to be on the safe side in respect of protecting the digital content when and if it comes to trading this aspect for other aspects. Therefore a user was previously denied access to the digital content if the users receive conditions did not meet the highest level of content protection. However, in a preferred embodiment of the present invention, the receive node provides an interface to invoke a set of actions operating on the digital content, wherein the invoked set of actions is determined from the deduced protection level. Thereby, a relatively high degree of susceptibility to operations on the digital content can be allowed when it is deduced that the protection level is relatively high, and vice versa. This greatly improves the options available to a user since additionally intermediate levels of operations accessible to a user can be granted. In a preferred embodiment the actions are invoked by network entities via the network. This is possible since the retrieved security settings can provide a complete image of the protection level the network provides. It should be noted that the actions can be invoked by the content receiver itself. In some events a content provider may have or generate a range of different versions of a digital content production. The range of different version can be generated at different levels of quality measured by e.g. temporal or spatial resolution, signal-to-noise level or by other more or less technical quality measures. The content may also be generated at different levels of content expansion etc. According to a preferred embodiment, the deduced protection level is communicated to a content provider which is arranged to select which piece of digital content to communicate to the receive node, where the digital content to select is determined by the deduced protection level. Thereby it is possible to select which content to distribute to a given receiver depending on which how vulnerable the receiver's network is. Thereby a receiver with a vulnerable network can be entitled to receive less valuable content, whereas a receiver with a sufficiently secured network can be entrusted to receive more valuable content. Consequently, more options are provided by allowing a user to be able to receive at least some digital content as opposed to being completely denied access to digital content. Preferably, a content provider provides services associated with a piece of digital content, which services are adopted to the deduced protection level. When the method further comprises the step of backwards deducing which security settings that are required to obtain a predefined protection level, a user is provided with a tool that assists in reconfiguring the network to adapt the network to a desired piece content. Typically, this is applicable when a user desires to increase the protection level to be able to receive content which represents a value which is larger than the value of content that the present network settings allows to receive. In an expedient embodiment, the security settings are retrieved by querying network entities by means of the Universal Plug and Play Protocol, UPnP. This protocol is wide-spread and thus increases the versatility of applications utilizing the present invention. The present invention also relates to a computer-readable medium which when executed on a computer makes the computer execute the method as set forth above. Moreover, the invention relates to a component for setting protection properties for a path with a receive node, which is located in a data network via which the receive node is coupled to network entities; wherein the component comprises a query component arranged to retrieve security settings of the network entities; and an inference engine arranged to deduce at which protection level digital content is to be processed and/or transmitted on the path by making a deduction from the retrieved security settings of the network entities and a predefined security level specification, and setting the protection properties for the path to affect that the digital content is protected at the deduced protection level. Still moreover, the invention relates to a computer system comprising a component as defined in the above paragraph.

BRIEF DESCRIPTION OF THE DRAWING Several embodiments of the invention will be described in the following with reference to the drawings in which: fig. 1 shows a computer network infrastructure; fig. 2 shows a block diagram according to the invention; and fig. 3 shows a flowchart according to the invention.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT Fig. 1 shows a device network infrastructure. In the shown configuration the infrastructure comprises a path 110 that extends between and comprises two nodes which are formed by a content provider 101 and a content receiver 104. In terms of digital content the content receiver 104 is also denoted a receive node. A typical device network, for instance a home network, includes a number of devices, e.g. a radio receiver, a tuner/decoder, a CD player, a pair of speakers, a television, a VCR, a tape deck, one or more personal computers, and so on. These devices are usually interconnected to allow one device, e.g. the television, to control another, e.g. the VCR. One device, such as e.g. a personal computer, a tuner/decoder or a set top box (STB), is usually the central device, providing central control over the others. Content, which typically comprises things like music, songs, movies, TV programs, pictures, games, books and the likes, but which also may include interactive services, may enter the network through a variety of sources. For example, it could be received through a residential gateway or set top box. It could be downloaded on the personal computer from the Internet, e.g. from a peer-to-peer network or from a server. Content could also enter the home via storage media like discs or using portable devices. One or more of the devices in the network could be connected to a broadband cable network, an Internet connection, a satellite downlink and so on. The receive node 104, which is a portion of the path 110 can be in the foπn of a certain scope of a software application or of a certain scope or partition of a computer. The path 110 extends from a first network 109 to a second network 108 via gateways 102 and 103 belonging to the respective networks. The path is arranged to communicate digital content or digital media content which is subject to digital rights management, DRM. The receive node 104 is located in the second network 108 and by means of connections in the network 108 the receive node 104 is coupled to other network entities. Such other network entities can be e.g. access points 107 and gateways 106. According to the invention, the receive node is configured with a query interface which is arranged to query such network entities in respect of their security settings. The network entities are arranged to reply to a query by providing its security settings or a representation of its security settings back to the receive node 104. Thereby, the security settings of the network entities are retrieved. In addition thereto and in accordance with the invention, the receive node can set protection properties for the path 110 wherein it is comprised. In an alternative embodiment, the security settings can be retrieved from a list 105 which holds security settings for the network entities at a central place. The list can be maintained by requesting security settings from the network entities either at request or at predetermined intervals. Fig. 2 shows a block diagram according to the invention. The block diagram illustrates components of the path comprised of the receive node 217, the communications link 209 and a content provider node 204. Additionally, the block diagram illustrates a network entity in the form of an access point 210 and 218, where the access point 201 is shown in greater detail. The receive node 217 comprises a query interface 210, which is arranged to query the network entities 210 and 218 as to how they are configured with regard to security. The configuration of security settings can be stored in a settings memory 202 wherefrom they are retrieved and supplied to the receive node 217 when the query interface 203 of the network entity 204 is queried by the receive node 217. Likewise, the security configuration of the network entity 218 is retrieved. At the receive node 217 a predefined security level specification is stored in memory 211. This specification can define different levels of security. The specification can comprise a mapping between different security configurations or settings of the network and different protection levels that are prerequisites for transferring digital content to the receive node. An inference engine 216 is arranged to deduce at which protection level digital content is to be processed on the path. Depending on the deduced protection level an adequate encryption protocol is selected from a set of protocols 214. An identifier of the selected encryption protocol is transmitted to the content provider node 204, wherefrom digital content can be streamed or downloaded to the receive node 217. The received digital content is stored in content memory 213. Alternatively, or in addition, a set of actions performing operations on the digital content can be determined from the deduced protection level. Thereby, a relatively high degree of susceptibility to operations on the digital content can be allowed when it is deduced that the protection level in the network is relatively high, and vice versa. This greatly improves the options available to a user since additionally intermediate levels of operations accessible to a user can be granted. Such actions are enabled via an interface 215. The interface 215 can enable the actions to entities in the network or to applications within the scope of the receive node. Whether the network entities or applications within the scope of the receive node are provided access to the actions can be determined in response to the deduced protection level. At the provider node 204 digital content is stored in content memory 206. Encryption protocols are stored in memory 207. A predefined security level specification is stored in memory 208, wherefrom it can be distributed to receive nodes. Fig. 3 shows a flowchart according to the invention. The flowchart illustrates the operation of a computer-implemented method of setting protection properties for a path on which digital content is distributed. In step 301 the method is started and subsequently in step 302 security settings are retrieved from entities in the network. In the following step 303 it is deduced whether the retrieved network security settings complies with a predefined security level specification. If they do, (Y), step 304 guides the method to one of the steps 305, 306 or 307 in which protection properties for the path is set in dependence on the previous positive deduction. In step 305 an encryption protocol for the transmission of the digital content is selected. In step 306 the digital content is selected. In step 307 a set of actions performing operations on the digital content can be determined from the previous deduction. The present invention encompass different embodiments of setting protection properties. For instance protection properties can be set by any one of step 305 or step 306 or step 307. Additionally, protection properties can be set by any two of the steps or any three of the steps 305, 306 and 307. In case the retrieved network security settings do not comply with a predefined security level specification, (N), step 304 guides the method to one of the steps 308, 309 or 310 in which protection properties for the path is set in dependence on the previous negative deduction. In step 308 an encryption protocol for the transmission of the digital content is selected. In step 309 the digital content is selected. In step 310 a set of actions performing operations on the digital content can be determined from the previous deduction. Also in case the deduction had a negative outcome, the present invention encompass different embodiments of setting protection properties. For instance protection properties can be set by any one of step 308 or step 309 or step 310. Additionally, protection properties can be set by any two of the steps or any three of the steps 308, 309 and 310. When the protection properties have been set, transmission of digital content from a provider node to a receive node can be executed. In an embodiment of the invention, the content provider is instructed to provide services that is adopted to the deduced protection level. This service setting is performed in step 313. The method ends in step 314. Further, the method can comprise the step 311 of backwards deducing which security settings that resulted in the deduced protection level. Retrieval of the security settings of the entities in the network can be carried out in connection with devices that conform to a so-called universal plug-and-play (XJPnP) protocol or interface, where a controllable device makes itself known through a set of predefined processes. Alternatively, or additionally, one or more proprietary protocols can be supported. Thus one way to analyze security settings is to query the device using UPnP (Universal Plug and Play). Specifically the UPnP IGD (Internet Gateway Device) and AP (Access Point) specifications can be used for this. In addition, many vendors have proprietary protocols that allow querying of current security parameters. The UPnP architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPnP architecture leverages TCP/IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between. UPnP technology can be supported on essentially any operating system and works with essentially any type of physical networking media - wired or wireless - providing maximum user and developer choice and great economics (Source: WWW.UPnP.ORG) . Despite the versatility of the UPnP protocol this is only one of various protocols; thus, in the likely event communication with a controllable device which does not support UPnP is required, an interface compatible with the device must be selected at the control computer. It should be noted that the above-mentioned embodiments illustrate rather than, limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.