A basic DRM reference architecture is presented in [2]. There are three major components: the content server, the license server, and the client. These major components are consisting of many sub-components. It not only describes the detail working flow of the DRM system, but also compares many methods and techniques to explain the reason why this paper chooses its method. Furthermore, it introduces and discusses the two most prevalent core technologies involved in DRM implementation:
encryption and water marking.
[5] presents an open and secure DRM solution which is named Open SDRM. It deploys the traditional DRM architecture and is based on open-source components. Its architecture is started from the OPIMA international specifications, the MPEG-4 IPMP Extensions and the emerging MPEG-21 IPMP architecture.
A careful idea about the flexible management control flow of certificates and authorities is proposed in [6]. There are two innovations here. 1) It combines the identity, attribute and rights to allow for maximum flexibility. 2) The digital licenses are generated on demand after the identity and the security attributes have been verified. It also explains the difference between the public key certificate, attribute certificate and digital license by mapping them into the relations among the passport, visa and residence permit in the work flow of the immigration. There two features in this security attribute based digital rights management system. 1) It use the public key certificate, attribute certificate, content identification and a secure of randomness to generate a secret, unique, personalized content key. 2) A hierarchy of authorities, for example, JI (identity) is a computer engineer (attribute) and he is only allowed to enter the system by a dedicate computer (attribute) and he can modify the source code (rights) and print (rights) it. It develops a prototype which is called SUMMER, a
secure distributed multimedia database management system, and the future work in the client-side component of this architecture is to build an independent application in order to interface to arbitrary Render Application via smaller plug-ins. It plans to solve the problem that the Renders and plug-ins run in an unsafe environment by using tamper resistant hardware with watermarking techniques. It uses a SPIN model to test their prototype against the ability that can prevent digital content from super re-distribution and find that the drawback of this work to catch the thief is the high price of caching all license keys. It may use an appropriate hashing technique to solve this problem, but the falls positives problems will be induced. A web content protection system, WebGuard, is proposed in [7]. It provides the digital rights management for off-the-shelf Web browsers and browser plug-ins by a serious of verification process to trust an application at call-time, a trusted content handler and a user interface control module.
The secure architecture that is allowing digital rights management in home networks which is consisting of consumer electronic devices is described in [8]. The main idea is that allows devices to establish dynamic groups, so called “Authorized Domains”, in order to allow the acquired rights content legally can move from device to seamlessly. This “Authorized Domain” is consisting of licensing organization, manufacturers, content providers, compliant devices, authorized domain manager device, and content manager devices. The security architecture is based on a novel compliance checking protocol which allows relying on public key certificates issued by a license organization. The great advantage of this architecture is that the public key operation is required seldom. Another advantage is that only the device that stores the device master key need tamper-resistant memory. One limitation of this architecture is that it still needs the public key authentication for device registration.
the maximum number of the devices in the domain. The maximum domain size is restricted by the given storage constraints with devices.
There is a different view point of the DRM system proposed by [9]. It divides the DRM system into three blocks of layers like that the OSI layered model and the TCP/IP protocol divide the process of the data communications into layers. It indicates that the Rights Expression and Interpretation is the key node when communicating upper with lower layers by mapping the DRM system into an hourglass structure like the IP in the TCP/IP protocol. The advantage of this layered approach is that it separates rights enforcements from services. Thus it allows development separately and independently in these areas. Furthermore, the effect that it will not disturb other layers when changing or adding functions into some layers is happened. The work in [10] is adding the communications between layers. It also proves that this layered approach is a helpful method to analyze the interoperability in a DRM system by mapping the Microsoft DRM 10 architecture into the layered DRM framework.
The sun’s corporation is developing an open DRM system which is called DReaM [4]. This architecture is based on open-standards-based-solutions and supports both of the Conditional Access System (CAS) and the Digital Rights Management (DRM) models. The goals of this DReaM are that it wishes to work with any content type, multiple file formats and codec and can work cross the device types and operation systems. It also wishes to control the access to content regardless of the delivery media, whether it is a physical or a digital medium and can support widespread business models to provider the flexibility.
[11] describes a case study that incorporates an effective DRM system with previously deployed DRM system at the Greek Orthodox Archdiocese of America
content and the container using encryption, watermarking, specific file format, time lock, tamper proofing, obfuscation and implementing itself in kernel level and how to incorporate with previously DRM systems at the GOA.
Our main ideas is that we wish our User Wrapper can work without considering the types of content and the COTS Readers via small DLL plug-ins. This combines the goals of the DReaM, the future work in client side of SUMMER and concept of the verifying the rendering applications.
WebGuard (2001) SUMMER(2002) OpenDReaMS Wrapper
Rights implementation Windows message Windows message Win32 API function
Conditions No No Yes
policy dynamic Unknown dynamic
Type Plug-in Plug-in Plug-in
Apply scope Web browser Adobe Acrobat COTS Reader
Table 2-1 A comparison between WebGuard, SUMMER and our wrapper
2.2. System Call Intercepting Techniques
[12] proposes a generic software wrapper system for hardening COTS software.
It implements this wrapper in kernel level by a loadable kernel module and designing a Wrapper Definition Language (WDL) to listen for specified events to wrapper the specified system calls. The key element of the WDL is to augment the system call API with semantic information by using tag process. It can allow wrappers to refer to the system calls easily and isolate the wrapper writer from low-level details. This wrapper is efficient and protected because of no context-switch overhead and executing in kernel space. The limitation is that events occurs at the application level,
at the system call level, are difficult to sense in the low-level system calls stream. [13]
inherits and extends this work. It improves the Software wrapper and makes use of it to do intrusion detection by using the Generic Software Wrapper Toolkit (GSWTK).
If this kind of software wrapper be compromised, it will cause devastating damages because that it is implemented in kernel space.
An open-source binary interception tool, detours, that has been developed by Microsoft Research is a library for instrumenting Win32 functions on x86 machines [14]. It can monitor the target function and replace the first instruction of it with unconditional jump, which points to the detour functions that the user provides. Users can do their works in these detour functions. The instructions replaced from the target function are keep in a corresponding trampoline function. If the target function is called, the control of this process will jump to the user-provided detour function.
Finally, the detour function can recall the trampoline function or return to the caller.
2.3. Rights Expression Languages
The MPEG-21 REL [15] developed by the standardization committee, the Moving Picture Experts Group, is designed for content owners to specify the usage grants for consumers, that is, the content owner can limit his content used by someone with some rights, restrictions or conditions using the functions supported by the MPEG-21 REL. It also allows consumers to set up secure personal parameters to protected individual privacy. The Open Digital Rights Language (ODRL) [16] is designed for the DRM to provide flexible and interoperable mechanisms to support clear and creative usage of digital resources. This is also based on XML grammar. It focuses on the definition of elements in the data dictionary and the semantics of using these elements. [3] introduces the REL, MPEG-21 REL and the ODRL and proposes
developing a tool, Distributed Multimedia Application Group (DMAG), to generate and check licenses describing by both RELs. Our License Server is based on this tool.
The rights expression language of the Rights Enforcing Access Protocol (REAP) [17] is generated from modifying the ODRL. It needs the entire ODRL language as input leading to two situations. It is aimed to demonstrate that how to publish the intellectual property in the Internet by digital libraries according to the copyrights laws. It is able to interpret all rights expressions in ODRL or to ignore parts of rights expressions in ODRL that it could not interpret correctly. The REAP rights language only can describe the usage rights like print, execute and play and the language doesn’t have a security model. It is not as flexible as the ODRL language, but it is easier to understand.
An open-source PARMA is proposed in [18] for network and mobile applications based on ODRL. The PARMA REL is an extension of ODRL designed by them, so it is compatible with OMA REL which is used in mobile applications because that the OMA REL is also based on ODRL. Therefore, PARMA REL is compatible with current DRM system integrated with mobile phones. There is an issue that when we want to add a new rights specific call to specify the rights object, we need to modify the source code traditional, but this way of doing is inflexible and will increase the working load of the application developers. It solves this issue by the concept of Aspect-Oriented using an Aspect Oriented Software Development (AOSD) tool.
2.4. Existing DRM systems
Microsoft Windows Rights Management consists of three components, Windows Rights Management (RM) technology, Windows Rights Management Services (RMS),
[19]. It provides a complete rights management system for the enterprise. [20]
explains the Rights Management Add-on (RMA) for Internet Explorer, the .rmh (RMH) file format, and the Rights-Managed HTML (RMH) SDK and specifies how an organization can protect their sensitive information by using these technologies and the Microsoft Windows rights management technologies. The major differences between our DRM system and the Microsoft RMA/RMH is that the Microsoft RMA/RMH can only controls the specific file format but our DRM system will control the COTS Readers, that is, we can do the rights enforcement independent of the file formats.
TrustView developed by [21] is a powerful DRM system. It supports the content protection, security policy classification, using RSA 256-bit AES encryption, and can trace and control the content event if it obtained by some other people. Now it can support for Pro/E, PDF, Office and Web.
SecureAttachment [22] is an on-line service with the Adobe DRM for securing the Distribution Chain of Digital Documents in e-mail. It supports various rights protection policy consisted of rights and conditions. If a document, for example Office Word, is created, the owner can configure its DRM-policy when he wants to email it to other people. If the receiver has rights to view this attached document, then this file will be opened in Acrobat.
Windows Media DRM is a DRM service for securing delivery of audio and/or video content. It was using a combination of elliptic curve cryptography key exchange, DES block cipher, a custom block cipher, RC4 stream cipher and the SHA-1 hashing function in early version. It is designed to be renewable on-line based on the important assumption that it will be cracked [23].