digital rights management in digital delivery le chen 1 2010

Digital Rights Managementin Digital Delivery

Le Chen

1 2010

Company Confidential

Mobile Internet Next Major Computing Cycle

2 © 2010 DRM in Digital Delivery/Le Chen


Increase in consumption of Digital Content

• Improvements in social networking and mobile computing platforms are fundamentally changing ways people communicate with each other and ways developers / advertisers / vendors reach consumers.

• Mobile devices will evolve as remote controls for ever expanding types of real-time services, including emerging category of location-based services, creating opportunities and dislocations, empowering consumers in unprecedented and transformative ways.

• Users Tend to ‘Pay’ on Mobile Internet Digital Content (Wallpaper, Ringtone, Downloadable Game, Music, Video...)



Digital Delivery Process



Challenges in Digital Delivery

• Ensuring the origin and integrity of downloaded content to prevent issues like

• Faulty download package, i.e. because of user or system mistake• Incompatible package with the device• Missing supporting software component• Failure in activation of download package• Malicious software like viruses

• Securing the involved parties and control of transaction to prevent issues like

• Payment information leak out• Downloading without payment

• Preventing the authorized use of delivered content like• Reverse engineering• Forwarding to others



DRM

• DRM, Digital Rights Management, is a term used to describe a range of access control techniques that publishers and copyright holders use to restrict usage of digital media or devices. It manages copyright material and the terms and conditions on which the digital content is made available to users.

• DRM had traditionally been focused on security and encryption as a means to solve Intellectual Property (IP) management. It aimed to lock the content and limit its distribution to only those who pay

• DRM is now being defined to cover the description, identification, trading, protection, monitoring and tracking of all forms of rights permissions, constraints, and requirements over both tangible and intangible assets including management of rights holders’ relationships.



DRM standards

• Open Mobile Alliance (OMA) DRM

• Windows Media DRM 10

• Real Networks Helix DRM

• Apple FairPlay

• Sony OpenMG

• DRM Opera

• ISO MPEG-21



Mission of DRM Standards

• Provide interoperability between infrastructure, terminals and services • Support healthy competition and cooperate between content owners,

delivery service provider and developers resulting in better consumer propositions

• Require lower cost when introducing new services • Support fast global service deployment• Provide enriched user experience and compelling new mobile services

across service providers

The focus of DRM should not be only restricting all unlawful duplication, but also

seeking a good balance between security and “user friendliness”.



OMA DRM

• Open Mobile Alliance (OMA), as one of the mostly used DRM standards in mobile industry, has the members representing the key players of the value chain.

• Its members include mobile phone manufacture like Nokia and Samsung, mobile network system manufacturers like Ericsson and Nokia Siemens Networks, operators like Vodafone and Orange, and IT companies like IBM and Microsoft.

• OMA DRM follows the common DRM practices and takes into account the special requirements and characteristics of the mobile domain, and has been implemented in many mobile phone models already. It is recognized as the standard which different stakeholders will contribute and follow continuously in mobile community.



OMA DRM v1.0• Right Expression Language



OMA DRM v1.0

• Forward lock


• Combined Delivery

• Separate Delivery


OMA DRM v1.0

• Super Distribution


It can be noticed that OMA DRM v1.0 lacks the mechanisms of• Secure delivery of rights• Authentication of devices and rights issuers• Revocation method


OMA DRM v2.0

• Enhanced security with PKI mechanism



OMA DRM v2.0

• ROAP• A 4-pass protocol for registration of a Device with an RI• Two protocols by which the Device requests and acquires Rights

Objects (RO). • The 2-pass RO acquisition protocol encompasses request and delivery of an RO• The 1-pass RO acquisition protocol is only a delivery of an RO from an RI to a

Device (e.g. messaging/push)

• 2-pass protocols for Devices joining and leaving a Domain



OMA DRM v2.0

• CMLA


For compliance assurance CMLA provisions keying material to client adopters with which to manufacture devices or applications, and service providers with which to provision rights

DRM Release 2.0 technology specifications come from OMA

OMA DRM protected content/rights are served to compliant devices


OMA DRM v2.0

• Domains• Domains allow a Right Issuer to bind rights and content encryption keys to

a group of DRM Agents instead of just a single DRM Agent• Unconnected Device Support

• OMA DRM enables a Connected Device to act as an intermediary to assist an Unconnected Device to purchase and download content and Rights Objects

• Export• DRM Content may be exported to other DRM systems, for use on devices

that are not OMA DRM compliant but support some other DRM mechanism• Streaming of DRM Content

• In OMA DRM v1.0, the digital content is packaged and delivered in its entirety. Alternatively, in v2.0, content may be packetized and delivered as a stream.



OMA DRM v1.0 Infrastructure Requirements





Client side:




Server side:


DRM Service/Server Integration Architecture Scenario



Initiative of Case Study in RTS server Design

• According to OMA DRM specifications, DRM content is protected with DRM Content Encryption Key (CEK) embedded in Right Object (RO) which is then encrypted with device public keys. This is needed to prohibit forward copying of the content.

• If a customer’s mobile device needs to be repaired for certain reasons, the care service provider should be able to repair the terminal and return it in working condition after the service, or give replacement terminal to the customer if a terminal is in a non-repairable condition. In both cases DRM protected content must be returned to the customer in working condition.

• The capability to backup, restore and transfer encryption keys is needed to be able to restore or move the content of consumers in case of device replacement, upgrade sales or hardware repair for OMA DRM complaint mobile devices.



Use Case Design for RTS server:


Help-desk user

Service Personnel

Search Archived Operation

Unlock Operation (Change Operation State)

Cancel Operation

Search Active Operation

<<uses>>

<<uses>>


Replacement

• Generate Password



Replacement

• DRM Right Data Transfer



Exception Flow

• Bad Package



Exception Flow

• HSM not available



Exception Flow

• Bad acknoledgement



RTS Protocol

• Unpack RTS Request



RTS Protocol

• Pack RTS Request



Logical view Design


• Presentation layer• Business Logic Tier (EJBs)• Integration Tier (DAOs)• Resource Tier


Operation



Deployment view



Key Issues in Design

• The authentication requirement between Rights Issuer and receiving devices is one of the key improvements in OMA DRM v2.0, so when design application following OMA DRM v2.0 standards, authentication process needs to be included in the design

• OMA DRM v2.0 includes Public Key Infrastructure (PKI) security in the specification, so encryption and decryption process, and protection and distribution of keys needs to be considered the design

• The tiered design approach should be used to avoid tight coupling between components. This will facilitate the future development and bug fixing.



Future Development Areas for DRM

• Improving the usability to provide ease of use to consumers. This can be achieved by better technical DRM solution or by different business model

• Balancing between the user friendliness and the functionality of DRM standards

• Supporting Interoperability of different DRM standards


digital rights management in digital delivery le chen 1 2010

Documents

company confidential

focus of drm

digital deliveryle chen

digital rights management

usage of digital media

company confidential

mobile devices

content owners