Icete Secrypt2007 Presentation
Click here to load reader
-
Upload
carlos-serrao -
Category
Technology
-
view
327 -
download
0
description
Transcript of Icete Secrypt2007 Presentation
*Carlos Serrão, *Miguel Dias and **Jaime Delgadocarlos.serrao,miguel.dias {@iscte.pt}, [email protected]
Secure License ManagementManagement of digital object licenses in a DRM environment
*ISCTE/DCTI/ADETTILisboa, Portugal
**UPC/AC/DMAGBarcelona, Spain
Summary
Digital Rights Management What is DRM? Rights, Rights Expression, Rights Expression Languages Licenses
Licenses typology Secure License Management SLM Use-case Conclusions and Future work
DRM concepts
DRM involves the: description, layering, analysis, valuation, trading and monitoring ofrights over an individual or organization's assets, in digital format;
DRM is: the chain of hardware and software services and technologiesgoverning the authorized use of digital objects and managing anyconsequences of that use throughout the entire life cycle of theobject.
DRM concepts
DRM is not (only) Copy-Protection DRM is used to manage and enforce rights Copy-protection is used to prevent unauthorised copies
Actual commercial DRM (such as WMRM or Fairplay useboth) to (try) to be more effective
DRM concepts
Modern DRM involves several security technologies, suchas: Public-key cryptography Secret-key cryptography Digital signatures Digital certificates ... and others.
All this keying material should be properly managed, toavoid security breaches...
... and this brings us to Key Management.
Key Management
What is Key Management? Key Management is the set of techniques and proceduressupporting the establishment and maintenance of keyingrelationships between authorized parties.
Key Management encompasses techniques and proceduressupporting: Initialization of system users within a domain; Generation, distribution and installation of keying material; Controlling the use of keying material; Update, revocation and destruction of keying material; Storage, backup/recovery and archival of keying material.
Key Management in DRM
Key Management and DRM DRM uses keying material in several situations:
Entities (content providers, users, ...) registration and management Software applications and components registration and management Content security Rights management and enforcement (licenses)
Rights, RM and REL
Rights [...] a right is the legal or moral entitlement to do or refrainfrom doing something or to obtain or refrain from obtaining anaction, thing or recognition in civil society [...]
[...] Rights serve as rules of interaction between people, and, assuch, they place constraints and obligations upon the actions ofindividuals or groups [...]
Rights management The ability to manage rights
Rights, RM and REL
Rights Expression Languages (REL) Allow the expression of copyright Allow the expression of contracts or license agreements Allow to control over access and/or use
Mostly used to express DRM-governed content licenses
Licenses express how a governed-content can be used Expressed in a specific format/notation (XML, Text,Graff theory, ...)
XrML and ODRL are two of the most used May contain protected keying material information to be used with theprotected digital content
Licenses
Depending on the DRM scenario and implementationlicenses can be used or not
This gives 6 different scenarios: Licenses are used in DRM
License contains CEK License is inside digital content License is outside the digital content
License don't have CEK License is inside digital content License is outside the digital content
Licenses are not used in DRM CEK is inside digital content CEK is not inside the digital content
License Typology
Licenses and DRM
Typical license format:
License = SignLicenseIssuer [UserID,DeviceID,DomainID,ContentID,Rights, Restrictions, Cipher
UserPKey{CEK}, Validity,...]
The License is signed by the License Issuer to prevent the licensemodification and tampering
The Content Encryption Keys (CEK) are ciphered with therecipient Public-key – it could even be the combination ofmultiple keys (user,device, domain) – depends on implementation
Licenses and DRM
Twobasic processes involved: License definition and creation License download and enforcement
Secure License Key Management
Use-case/Scenario
Licenses are used in DRM License contains CEK
License is outside the digital content
License definition
License creation
License download and enforcement
Conclusions and Future Work
The goal of the work was to analyse how the differentexisting DRM solutions handle and manage rights
The different typical rights management scenarios wereidentified (license management)
Establish a common generic model for secure licensemanagement (fitting to the requirements of the differentplatforms)
A scenario was choose and instanciated on the model This global license management model, will allowinteroperability at this level, between different DRMsolutions
Future: instanciate the remaining scenarios on the model.
Questions Thank you...
Any question?