Digital Rights Management
Dr. Tarek Gaber
Faculty of Computers & Informatics
Suez Canal University , Ismailia, Egypt
and
SRGE (www.scienceegypt.net)
Email: tmgaber@gmail.com
Digital Content and its Characteristics
Before the digital era, one's ability to do various things with content were limited.
The Internet (digital age) makes it possible to nearly do anything with digital content.
Digital Content and its Characteristics
Digital contents, e.g. Music, Movies, documents, are:
very easy and cheap to copy
Essentially no “resistance” from duplication
This led to:
Loss of billion dollars a year for world trade.
Solutions
Cryptographic Techniques could help but not enough
DRM and Copyright Protection
Can content be protected even after its decryption?
Copying by persistent pirate would always be succeed.
Current technology can potentially minimize the scale of copying:
“keeping honest people honest”
Digital Rights Management (DRM) technologies can be help in this issue.
What is DRM?
It is a set of technologies (encryption, watermarking, hash function, signature, etc.) enabling content owners to identify and control:
the access to their content and
the conditions under which this access is given.
What is DRM? Cont.
DRM includes:
Persistent Protection: License to be always checked before using a content
Access tracking: Capability of tracking access to and operations on content
Rights licensing: Capability of defining specific rights to content and making them available by contract
Who Could Use DRM?
DRM System Framework
DRM Benefits
DRM Benefits
DRM can be integrated with content management (collection, managing, and publishing of information in any form or medium) to ensure:
Proper business practices
Implementation of new business models
Compliance with regulatory requirements in industries such as financial services, healthcare, and government
Control Access During Workflow by DRM
The process of drafting a law is circulated among committee members (e.g. judges and lawyers).
Using DRM technology, this becomes a closed circulation.
Also, the drafting law is in a tamper-proof format, with
print-only user-rights,
limited to a pre-determined timeframe, after which the draft is withdrawn and replaced by the final law.
The judges and lawyers can
withdraw, alter, or grant permissions related to the content at any time.
Modification of Rights Over Time by DRM
Systems should be able to update rights and usage as needed to accommodate new distribution models,
E.g. allowing content to be accessed by to 2, 3, or 5 devices
Otherwise cost a lot of money and be a disincentive to customers.
DRM, in such case, can facilitate
collaboration, by creating the ‘trusted environment’
by persiste
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Drm digital rights managment-june2014-tarek gaber
1. Dr. Tarek Gaber
Faculty of Computers & Informatics
Suez Canal University , Ismailia, Egypt
and
SRGE (www.scienceegypt.net)
Email: tmgaber@gmail.com
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
2. Before the digital era,
one's ability to do various
things with content were
limited.
The Internet (digital age)
makes it possible to
nearly do anything with
digital content.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
3. Digital contents, e.g. Music,
Movies, documents, are:
very easy and cheap to copy
Essentially no “resistance” from
duplication
This led to:
Loss of billion dollars a year for world
trade.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
4. Cryptographic
Techniques
could help but
not enough
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
4
5. Can content be protected even
after its decryption?
Copying by persistent pirate would
always be succeed.
Current technology can potentially
minimize the scale of copying:
“keeping honest people honest”
Digital Rights Management (DRM)
technologies can be help in this issue.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
6. It is a set of technologies (encryption,
watermarking, hash function, signature,
etc.) enabling content owners to identify
and control:
the access to their content and
the conditions under which this access is given.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
7. DRM includes:
Persistent Protection: License to be always checked before
using a content
Access tracking: Capability of tracking access to and
operations on content
Rights licensing: Capability of defining specific rights to
content and making them available by contract
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
8. Government Agencies
• Interested in controlled viewing and sharing of highly secure and
confidential documents, audio and video data.
Private Corporations
• Want to limit the sharing of their proprietary information
• Track accesses and any modifications made to it.
• E.g. news agencies like Reuters
Owners of commercial content
• Content owners, artists, and publishers want to gain revenue
through sale and promotions
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
9. 2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
10. DRM can help to ensure companies that:
• Rights are tracked at consumption
• Access is controlled during production processes
• Protection for the content extends throughout
product lifecycles
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
11. DRM can be integrated with content
management (collection, managing, and
publishing of information in any form or
medium) to ensure:
Proper business practices
Implementation of new business models
Compliance with regulatory requirements in
industries such as financial services, healthcare,
and government
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
12. The process of drafting a law is circulated among
committee members (e.g. judges and lawyers).
Using DRM technology, this becomes a closed
circulation.
Also, the drafting law is in a tamper-proof format, with
print-only user-rights,
limited to a pre-determined timeframe, after which the draft
is withdrawn and replaced by the final law.
The judges and lawyers can
withdraw, alter, or grant permissions related to the content
at any time.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
13. Systems should be able to update rights and usage as
needed to accommodate new distribution models,
E.g. allowing content to be accessed by to 2, 3, or 5 devices
Otherwise cost a lot of money and be a disincentive to
customers.
DRM, in such case, can facilitate
collaboration, by creating the ‘trusted environment’
by persistently protecting critical Intellectual Property (IP).
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
14. Piracy, whether of software, music, images, or text,
costs billions of dollars each year.
It takes time and resources to detect and deter
theft.
This could lead to counterproductive to developing
new business models for digital content.
DRM could also help to provide protection
throughout the distribution and consuming of
content.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
15. Licensing
The process of packaging and delivering protected
bits with un-forgeable terms of usage (“digital
license”) useable only by authenticated
user/environment
Enforcement
The process of insuring that the use of the digital
work adheres to enumerated use, privacy and
operating restrictions stated in a digital license
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
16. Content is encrypted
So, unusable without authorization
Content license
Specifies authentication information, DRM client and OS.
Specifies usage/access control rules
Contains the “sealed” key for the content.
Content License 938473
Machine 02345 Running
Program 1 (with hash 0x7af33)
Can view Document 3332 on 2014-20-01
Sealed Key: 0x445635
Signed by ACCD Company
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
17. At initialization, Trusted Program says:
1. Isolate me from other rendering programs
2. Authenticate me
After Initialization completes successfully, Bob’s PC
1. Makes Private key available for use
When consuming content, Trusted Program:
1. Retrieves license and encrypted content file
2. Authenticates license by checking digital signature
3. Checks rule compliance (e.g. out-of-date)
4. Uses private key to unseal the content key
5. Decrypts and uses content within Trusted Program
Bob’s PC
Trusted Program
Authenticating Public Key
(“Root of Trust”)
0x7af33 PK: 8374505
Bob’s PC
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
18. License Server
2) Response
Here’s your license
Content License 938473
Machine 02345 Running
Program 1 (with hash 0x7af33)
Can view Document 3332
on 2014-20-01
Sealed Key: 0x445635
Signed ACCD Company
1) Request
I want document 2346.
Here’s my Machine License
to show you can trust my
machine
Machine License 83874
Machine 02345 Running
Program 1 (with hash 0x7af33)
Has access to a private key
Whose public key is 0x2231
Signed Microsoft
1 2
Bob’s PC
Customer benefits
Licenses can be used offline
Simple management of authorization (no central authority)
Very simple and flexible distribution (a server can distribute to “any” client)
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
19. Each “rights expression” may specify a
combination of rules such as:
what rights are available,
for whom,
for how many times,
within what time period,
under what access conditions,
for what fees,
within which territory, and
with what obligations,
Etc.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
20. • Mass Market Content
• Books
• Audio
• Video
• Software
• Much more flexible use and better content
management
– But there are “Fair Use” and privacy concerns which
can be mitigated … maybe
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
21. Premium releases
Price discrimination
I hear it. I want it. I get it.
Lower manufacturing costs
More variety?
Most popular use of DRM
I don’t get it
Library/archive
Roaming
“Active” content
Pay per view
movies
Web distributed
songs
Ring tones
E-Books
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
22. Windows Media Player
Apple DRM
Macrovision
LexMark
Xbox
Sony Playstation
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
23. Break Once Break Everywhere
Degree of isolation
Transducer Problem
I/O
Privacy and Interoperability
Flexibility (transfer, etc)
Multiple devices
Multiple users
Migration
User Control/Backup
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
24. • “Fair Use”
• Monopoly “Lock-in”
• Erosion of copyright in favor of “contracts”
• Archive
• “Information wants to be free”
• Consumer expectations
• severe licensing policies
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
25. It is essential for DRM systems to provide
interoperable services.
DRM could enable a big amounts of new content to
be made available in safe, open, and trusted
environments.
DRM can be expected to be heavily used in the
future to support
digital library collections,
code and software development,
distance education, and
networked collaboration, among other applications.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
26. Thanks
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014