DRM Building Blocks - Protecting and Tracking Content Adopted from Chapter 5, Digital Rights...
-
Upload
juliana-henderson -
Category
Documents
-
view
220 -
download
2
Transcript of DRM Building Blocks - Protecting and Tracking Content Adopted from Chapter 5, Digital Rights...
DRM Building Blocks- Protecting and Tracking Content
Adopted from Chapter 5, Digital Rights Management Business and Technology
Outline
A DRM Reference ArchitectureContent serverLicense ServerClient
DRM TechnologiesEncryptionWatermarking…
The DRM Reference Architecture
Three major components of the DRM reference architecture
Content Repository
Product Information
DRM Packager
Rights
Encryption Keys
DRM License Generator
Identities
Content Package
Content
Metadata
DRM Controller
License
Keys
Rights
Rendering Application
Identity
Content Server
License Server
Client
Content Server
Content server is the component that is most likely to locate behind the content provider’s firewall, consistingContent repository
Actual contentInformation about the products or services the content
provider want to distributeDRM packager
Functionality to prepare content for DRM-based distribution
Content Repository
A content provider who implements a DRM solution has a repository of content, and the repository containsContent either in a suitable format for distribution or
can be put into the correct format on demandMetadata
Form a pragmatic viewpoint, the repository would be a file server or a database server
Product Info
Content provider typically have catalogs of product information for their products in physical media.
These contain metadata about products, such as PriceMarketing informationFormatPhysical dimension…
Metadata exist both in content repository and product info databases
DRM Packager
DRM Packager (content packager)Functionality that preparing content for distribution through the
systemThe packager does its job when
Before putting the content into the repository On-the-fly before distribution
In addition to the content, two types of metadata are especially prevalent in DRM packagesIdentificationDiscovery
DRM Packager (cont.)
Tasks of the packagerEncryption (or at least tamperproof)
on the content and the metadataCreate description of the rights to
the content on which the provider allow the users to exercise Modern DRM systems separate rights
information from content packages by encapsulating the former in licenses
Q: Why not bundle rights in with the content package?
• Multiple sets of rights for a given piece of content• A set of rights applied to more than one pieces of content • Certain types of content reside on the server only e.g. streaming media
The License Server
Licenses contain information aboutThe identity of the user or device that want to exercise
rights to contentIdentification of the content to which the rights applySpecifications of those rights
An analogy to DRM licenses in the real world is tickets for plane and trains.
The License Server (cont.)
The license generator takes in the following components to produce the licenseRights specificationsEncryption keysIdentity
From the DRM packager
The Client
The DRM controller does the following things:Receives the user’s request to exercise rights on a
content packageGathers the user’s identity information and obtains a
license from the license serverAuthenticates the application that perform the rights
exercise, such as renderingRetrieve encryption keys from the license, decrypts the
content, and releases it to the rendering application
DRM Events on the Client Side
The DRM controller on the client side has to check the rendering application at some time To avoid making unauthorized copies To check certain rights limits
Content Repository
Product Information
DRM Packager
Rights
Encryption Keys
DRM License Generator
Identities
Content Package
Content
Metadata
DRM Controller
License
Keys
Rights
Rendering Application
Identity
Content Server
License Server
Client
(1) Obtaining the content package
(2) Activating the DRM controller
(3) Sending info to the License Server
(4) Authenticating the client’s identity
(5) Look up rights info.
(6) Financial transactions
(7) Generating the license
(8) Sending back the license
(9) Decrypting the content and releasing it to the rendering application
Rendering Applications
Types of rendering applicationsStand-alone rendering application
Installation and training may stop common usersDistribution can cause problems
Plug-inUsers get it with more motivations and less troubleNot as secure as one that is purpose-built
Java technology No installation is neededThe “write once, run anywhere” promise was never delivered
Identifications
For Users A piece of information that you supply, such as name, E-mail address, ID,
password…etc A piece of information inherent to you, such as a biometric Digital certificate, network passport…
For devices Serial numbers on components, such as IP, MAC address, or serial number
on HDD Considerations
Privacy Dynamic or non-unique nature
Streaming Content
Current low-quality streaming content may not needed to be protectedPoor qualityLarge volume for raw-saved file Packet loss
With the advanced H/W performance and the improved infrastructure, the protection of streaming data will be an important issue
Encryption
Encryption in DRM The most common means for copy protectionThe core technology most closely associated with DRMEveryone has heard about encryption, few people really
understand it Goals of encryption in DRM
To prevent content from being accessible in its native format all the time except when the DRM controller permits it
Strength of Encryption
Strength of EncryptionThe length of time it would take for a cracker to break it using a
brute-force attackKey length
The algorithm’s susceptibility to various clever forms of cryptanalysisHeuristic guessesPatterns of random numbersSystem holesHuman fallibility
Encryption Schemes in DRM
Public-key encryptionToo inefficient to encrypt content E.g.
RSA
Symmetric-key encryptionPopular for content encryption
DESAESMagnolia
Temper-proofing
Hash values (digest) can be used to ensure that contents of the file is not tempered
…We will meet at school on May 31, 2002…
Digest Algorithms Key
71123223234
…We will meet at school on May 31, 2003…
Digest Algorithms Key
12940575753
Digital Certificates
Certificates are important ways of establishing the identities of both users and organizations
CA-the organizations that create, store, and manage digital certificates, have business that fundamentally depend on their being trustworthy
CA will lost its business ifAllowing a user to create a certificate under false circumstancesAllowing a data inside the certificate to be tampered withLeaking the information inside the certificate to the third party
Digital Signatures
Combining both certificates and digestsA digital signature ensures both the content of a
message and the identity of the person who signs itAccording to the Electronic Signature Act signed
into law in 2000, digital signatures are now legally acceptable replacement for handwritten signatures
Usually implemented with public-key encryption
Watermarking
Watermarks are meant to convey some information about a document in a way thatDo not interfere with the appearance or readability of the
documentInextricably bound together with the document
CharacteristicsUndetectability RobustnessCapacitySecurityEfficiency
Watermarks v.s. Encryption
Music
Metadata
Encryption
DRM Packager
Music
Metadata
Decryption Player
Metadata
DRM Controller
DRM Controller
Music
Metadata
Watermark Embedding
DRM Packager
Music
Metadata
Watermark Extraction
Player
MetadataWatermarked File
Watermark and Decryption
DRM Controller
Music
Metadata
Watermark Embedding
DRM Packager
Music
Metadata
Watermark Extraction
Player
Metadata
Watermarked File
EncryptionMusic
Metadata
DecryptionMusic
Metadata