IMTF DRM solution
-
Upload
przemekdabrows3746 -
Category
Documents
-
view
219 -
download
0
Transcript of IMTF DRM solution
-
8/7/2019 IMTF DRM solution
1/23
IMTF DRM SOLUTION
&
Mai 2010
-
8/7/2019 IMTF DRM solution
2/23
Summary
What is IMTF DRM solution ?
Why use IMTF DRM solution ?
How does IMTF DRM solution works? Requierements
Demo (proof of concept)
Questions
2
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
3/23
What is the DRM solution?
IMTF DRM (Digital Rights Management)
On server side :
PDF encryption (RC4, AES, : our choice)
Adding special metadata for DRM such as rights for
printing, saving, print screens,
On client side (Adobe Reader plugin)
Decryption Enable/Disable Adobe Reader features depending on
metadata included in the PDF.
3
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
4/23
Why use DRM solution ? (1)
Prevent documents misuse on client side Keep the documents in the scope of the server
Release the documents out of the scope only when have rights
4
Server Documents
on client side
Server scope
Print right
Save right
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
5/23
Why use DRM solution ? (2)
HS5 actually uses ICE PDF as DRM solution
ICE PDF cannot display correctly ALL documents
Have to wait on bug fixes from ICE soft
New IMTF DRM solution is based on Adobe
Reader
EVERY document will be displayed
if not it means the document is corrupted
5
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
6/23
How does it work?
Client (Web browser) Server
6
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
7/23
How does it work?(1)
Client (Web browser) Server
1. http direct access
Information
Retrieval1. The user clicks on a direct access
link in the portal referencing one or
many documents. A HTTP request issent to Retrieval containing the
document ID(s).
1. The user clicks on a direct access
link in the portal referencing one or
many documents. A HTTP request issent to Retrieval containing the
document ID(s).
7
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
8/23
How does it work? (2)
Client (Web browser) Server
1. http direct access
Information
Retrieval
Metalan
2. Get rights on doc
2. Retrieval asks Metalan for the
rights of the user on the schema towhich belongs the document(s).
(read, print, print copy, save,).
2. Retrieval asks Metalan for the
rights of the user on the schema towhich belongs the document(s).
(read, print, print copy, save,).
8
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
9/23
How does it work? (3)
Client (Web browser) Server
1. http direct accessStyx
Information
Retrieval
Metalan
2. Get rights on doc
3. Ask for doc (with the rights + password)
3. Retrieval asks Styx for
retrieving the
document(s) specifyingthe rights from Metalan
and a temporary
password stored that
will be stored in the
session.
3. Retrieval asks Styx for
retrieving the
document(s) specifyingthe rights from Metalan
and a temporary
password stored that
will be stored in the
session.
9
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
10/23
How does it work? (4)
Client (Web browser) Server
1. http direct accessStyx
Information
Retrieval
EDOC
Metalan
2. Get rights on doc
3. Ask for doc (with the rights + password)
4. Ask for doc
4. Styx asks EDOC for the document(s)4. Styx asks EDOC for the document(s)
10
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
11/23
How does it work? (5)
Client (Web browser) Server
1. http direct accessStyx
Information
Retrieval
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Metalan
2. Get rights on doc
4. Ask for doc
5
5. The document(s) are
going through Styxs
transformers and are
converted into one PDF
5. The document(s) are
going through Styxs
transformers and are
converted into one PDF
11
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
12/23
How does it work?(6)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
6. We apply a last Styxs transformer to the PDF,
which is the Encryptor. It will :
- Encrypt the PDF
- Add some specific metadata :
- URL to the Permission servlet(see after)
- Rights on the document from Metalan
- IMTF Plugin identificator (see after)
- Temporary Password to open the document
6. We apply a last Styxs transformer to the PDF,
which is the Encryptor. It will :
- Encrypt the PDF
- Add some specific metadata :
- URL to the Permission servlet(see after)
- Rights on the document from Metalan
- IMTF Plugin identificator (see after)
- Temporary Password to open the document
12
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
13/23
How does it work?(7)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval7. http response with PDF
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
7. Retrieval returns the PDFin a HTTP response.7. Retrieval returns the PDFin a HTTP response.
13
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
14/23
How does it work?(8)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval7. http response with PDF
Adobe Reader
8. Mime type == PDF
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
8. Browser detects that theHTTP response is a PDF and
call Adobe Reader to open it.
8. Browser detects that theHTTP response is a PDF and
call Adobe Reader to open it.
14
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
15/23
How does it work?(9)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval7. http response with PDF
Adobe Reader
IMTF Plugin
8. Mime type == PDF
9. PDF encrypted read
metadata
use IMTF Plugin
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
9. Adobe Reader detectsthat the PDF is encrypted
and reads the metadata to
select the decryption plugin
which is IMTF Plugin (see
step 6)
9. Adobe Reader detectsthat the PDF is encrypted
and reads the metadata to
select the decryption plugin
which is IMTF Plugin (see
step 6)
15
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
16/23
How does it work?(10)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval
Permission
Servlet
7. http response with PDF
Adobe Reader
IMTF Plugin
8. Mime type == PDF
9. PDF encrypted read
metadata
use IMTF Plugin
10. http authentification
request
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
10. IMTF Plugin reads the
metadata for the URL (see
step 6) of the Permission
Servletand sends a HTTP
authentification request to
it (protocol is to be
specified)
10. IMTF Plugin reads the
metadata for the URL (see
step 6) of the Permission
Servletand sends a HTTP
authentification request to
it (protocol is to be
specified)
16
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
17/23
How does it work?(11)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval
Permission
Servlet
7. http response with PDF
Adobe Reader
IMTF Plugin
8. Mime type == PDF
9. PDF encrypted read
metadata
use IMTF Plugin
10 http request DocPerm
11. http authentification
response
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
11. Permission Servlet
returns an authentification
http response (protocol tobe specified)
11. Permission Servlet
returns an authentification
http response (protocol tobe specified)
17
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
18/23
How does it work?(12)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval
Permission
Servlet
7. http response with PDF
Adobe Reader
IMTF Plugin
8. Mime type == PDF
9. PDF encrypted read
metadata use FileOpen
Plugin
10. http authentification
request
12.Enable Adobe Reader
allowed features and display
the PDF.
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
12. IMTF Plugin receives
the HTTP response :
- Check the serverauthentification
- Decrypts the PDF
- Enable Adobe Readers
features depending on the
rights in the document.
12. IMTF Plugin receives
the HTTP response :
- Check the serverauthentification
- Decrypts the PDF
- Enable Adobe Readers
features depending on the
rights in the document.
18
11. http authentification
response
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
19/23
How does it work?(13)
Client (Web browser) Server
1. http direct accessStyx
Encryptor
Transformer
Information
Retrieval
Permission
Servlet
7. http response with PDF
Adobe Reader
IMTF Plugin
8. Mime type == PDF
9. PDF encrypted read
metadata
use IMTF Plugin
10. http authentification
request
12. Enable Adobe Reader
allowed features and display
the PDF.
Styx transformer 1
Styx transformer n
EDOC
DOC(s)
PDF
Encrypted
PDF +
Metadata
(Rights)
Metalan
2. Get rights on doc
4. Ask for doc
5.
6.
19
11. http authentification
response
Lets have a closer look on
authentification protocol
Lets have a closer look on
authentification protocol
3. Ask for doc (with the rights + password)
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
20/23
How does it work?(14)IMTF PLUGIN
ENC_SERVER_KEY (hard coded)
ENC_CLIENT_KEY (hard coded)
Password (encrypted in document)
URL to the server (from document)
1. Generate random RSA private/public
keys (SSL)
2. Send public key to server
4. Decrypt password with private key
5. Decrypt document with the password
and display it.
PERMISSION SERVLET
ENC_SERVER_KEY (hard coded)
ENC_CLIENT_KEY(hard coded)
Password (in http session)
1. Encrypt password (got from session)with public key
2. Remove password from session
3. Send encrypted password to plugin
IMTF DRM solution, IMTF 2010
-
8/7/2019 IMTF DRM solution
21/23
Requirements?(14)
1. Internet Explorer 6 or later
2. Adobe Reader/Acrobat 7 or later
3. Plugin installed on every client using the portal
and accessing without the save right.
IMTF DRM solution, IMTF 2010
[email protected]@imtf.ch
-
8/7/2019 IMTF DRM solution
22/23
Demo
22
IMTF DRM solution, IMTF 2010
[email protected]@imtf.ch
-
8/7/2019 IMTF DRM solution
23/23
Questions
23
IMTF DRM solution, IMTF 2010
[email protected]@imtf.ch