SlideShare une entreprise Scribd logo

Icete Secrypt2007 Presentation

Carlos Serrao
Carlos Serrao

Presentation given in ICETE SECRYPT 2007, Barcelona, Spain

Technologie
1  sur  20
Télécharger pour lire hors ligne
Secure License Management Management of digital object licenses in a DRM environment *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
Summary Digital Rights Management  What is DRM?  Rights, Rights Expression, Rights Expression Languages  Licenses  Licenses typology  Secure License Management  SLM Use-case  Conclusions and Future work 
DRM concepts DRM involves the:  description, layering, analysis, valuation, trading and monitoring of  rights over an individual or organization's assets, in digital format; DRM is:  the chain of hardware and software services and technologies  governing the authorized use of digital objects and managing any consequences of that use throughout the entire life cycle of the object.
DRM concepts DRM is not (only) Copy-Protection  DRM is used to manage and enforce rights  Copy-protection is used to prevent unauthorised copies  Actual commercial DRM (such as WMRM or Fairplay use  both) to (try) to be more effective
DRM concepts Modern DRM involves several security technologies, such  as: Public-key cryptography  Secret-key cryptography  Digital signatures  Digital certificates  ... and others.   All this keying material should be properly managed, to  avoid security breaches... ... and this brings us to Key Management. 
Key Management What is Key Management?  Key Management is the set of techniques and procedures  supporting the establishment and maintenance of keying relationships between authorized parties. Key Management encompasses techniques and procedures  supporting: Initialization of system users within a domain;  Generation, distribution and installation of keying material;  Controlling the use of keying material;  Update, revocation and destruction of keying material;  Storage, backup/recovery and archival of keying material. 
Key Management in DRM Key Management and DRM  DRM uses keying material in several situations:  Entities (content providers, users, ...) registration and management  Software applications and components registration and management  Content security  Rights management and enforcement (licenses)  
Rights, RM and REL Rights  [...] a right is the legal or moral entitlement to do or refrain  from doing something or to obtain or refrain from obtaining an action, thing or recognition in civil society [...] [...] Rights serve as rules of interaction between people, and, as  such, they place constraints and obligations upon the actions of individuals or groups [...] Rights management  The ability to manage rights 
Rights, RM and REL Rights Expression Languages (REL)  Allow the expression of copyright  Allow the expression of contracts or license agreements  Allow to control over access and/or use  Mostly used to express DRM-governed content licenses  Licenses express how a governed-content can be used  Expressed in a specific format/notation (XML, Text,Graff theory,...)  XrML and ODRL are two of the most used  May contain protected keying material information to be used with the  protected digital content
Licenses Depending on the DRM scenario and implementation  licenses can be used or not This gives 6 different scenarios:  Licenses are used in DRM  License contains CEK  License is inside digital content  License is outside the digital content  License don't have CEK  License is inside digital content  License is outside the digital content  Licenses are not used in DRM  CEK is inside digital content  CEK is not inside the digital content 
License Typology
Licenses and DRM Typical license format:  License = SignLicenseIssuer [UserID,DeviceID,DomainID,ContentID,  Rights, Restrictions, CipherUserPKey{CEK}, Validity,...] The License is signed by the License Issuer to prevent the license  modification and tampering The Content Encryption Keys (CEK) are ciphered with the  recipient Public-key – it could even be the combination of multiple keys (user,device, domain) – depends on implementation
Licenses and DRM Two basic processes involved:  License definition and creation  License download and enforcement 
Secure License Key Management
Use-case/Scenario Licenses are used in DRM  License contains CEK  License is outside the digital content 
License definition
License creation
License download and enforcement
Conclusions and Future Work The goal of the work was to analyse how the different  existing DRM solutions handle and manage rights The different typical rights management scenarios were  identified (license management) Establish a common generic model for secure license  management (fitting to the requirements of the different platforms) A scenario was choose and instanciated on the model  This global license management model, will allow  interoperability at this level, between different DRM solutions Future: instanciate the remaining scenarios on the model. 
Questions Thank you...  Any question? 

Recommandé

Iadis Tns2007 Presentation
Iadis Tns2007 PresentationIadis Tns2007 Presentation
Iadis Tns2007 Presentation
Carlos Serrao
 
Paper id 2120145
Paper id 2120145Paper id 2120145
Paper id 2120145
IJRAT
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
Symantec APJ
 
Ppt
PptPpt
Ppt
Nidhi Bansal
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft Private Cloud
 
Wifi
WifiWifi
Wifi
nil65
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014
Ravindran Vasu
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
Andrew Wong
 

Recommandé

Iadis Tns2007 Presentation
Iadis Tns2007 PresentationIadis Tns2007 Presentation
Iadis Tns2007 Presentation
Carlos Serrao
 
Paper id 2120145
Paper id 2120145Paper id 2120145
Paper id 2120145
IJRAT
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
Symantec APJ
 
Ppt
PptPpt
Ppt
Nidhi Bansal
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft Private Cloud
 
Wifi
WifiWifi
Wifi
nil65
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014
Ravindran Vasu
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
Andrew Wong
 
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private DataIntroduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
IDES Editor
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overview
gtbsalesindia
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
IJERD Editor
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
DocuSign
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Easy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementEasy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplement
Spinoza77
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?
John ILIADIS
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?
Carlos Serrao
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
Ulf Mattsson
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking Services
Carlo Pelliccioni, CISSP
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
frontone
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
Entrust Datacard
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
Giuseppe Paterno'
 
Thought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking ApplicationsThought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking Applications
Infosys Finacle
 
DRM_Interoperability_Final
DRM_Interoperability_FinalDRM_Interoperability_Final
DRM_Interoperability_Final
Sanjeev Verma, PhD
 
Digital Rights Management PPT
Digital Rights Management PPTDigital Rights Management PPT
Digital Rights Management PPT
Suresh Khutale
 

Contenu connexe

Tendances

Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overview
gtbsalesindia
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Easy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementEasy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplement
Spinoza77
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking Services
Carlo Pelliccioni, CISSP
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
frontone
 

Tendances (20)

Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private DataIntroduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overview
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Easy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementEasy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplement
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking Services
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
 
Thought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking ApplicationsThought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking Applications
 

Similaire à Icete Secrypt2007 Presentation

Digital Rights Management PPT
Digital Rights Management PPTDigital Rights Management PPT
Digital Rights Management PPT
Suresh Khutale
 
DRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and BitmovinDRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and Bitmovin
Bitmovin Inc
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
Giuseppe Paterno'
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 

Similaire à Icete Secrypt2007 Presentation (20)

DRM_Interoperability_Final
DRM_Interoperability_FinalDRM_Interoperability_Final
DRM_Interoperability_Final
 
Digital Rights Management PPT
Digital Rights Management PPTDigital Rights Management PPT
Digital Rights Management PPT
 
What is DRM, Types of DRM
What is DRM, Types of DRMWhat is DRM, Types of DRM
What is DRM, Types of DRM
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
Vdrm presentation
Vdrm presentationVdrm presentation
Vdrm presentation
 
What is Digital Rights Management System and How does it work : Ameva Tech
What is Digital Rights Management System and How does it work : Ameva TechWhat is Digital Rights Management System and How does it work : Ameva Tech
What is Digital Rights Management System and How does it work : Ameva Tech
 
DRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and BitmovinDRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and Bitmovin
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing Base
 
Anajli_Synopsis
Anajli_SynopsisAnajli_Synopsis
Anajli_Synopsis
 
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Encryption Alone Isn't Enough - Next Gen Digital Security Revealed
Encryption Alone Isn't Enough - Next Gen Digital Security RevealedEncryption Alone Isn't Enough - Next Gen Digital Security Revealed
Encryption Alone Isn't Enough - Next Gen Digital Security Revealed
 
Digital rights management an essential feature in the digital era
Digital rights management an essential feature in the digital eraDigital rights management an essential feature in the digital era
Digital rights management an essential feature in the digital era
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 

Plus de Carlos Serrao

Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
Carlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
Carlos Serrao
 
Principios básicos de segurança on-line
Principios básicos de segurança on-linePrincipios básicos de segurança on-line
Principios básicos de segurança on-line
Carlos Serrao
 
OWASP presentation on FISTA2011
OWASP presentation on FISTA2011OWASP presentation on FISTA2011
OWASP presentation on FISTA2011
Carlos Serrao
 
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesOwasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Carlos Serrao
 

Plus de Carlos Serrao (20)

Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
 
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
 
A OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a WebA OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a Web
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
OWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a WebOWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a Web
 
Principios básicos de segurança on-line
Principios básicos de segurança on-linePrincipios básicos de segurança on-line
Principios básicos de segurança on-line
 
OWASP presentation on FISTA2011
OWASP presentation on FISTA2011OWASP presentation on FISTA2011
OWASP presentation on FISTA2011
 
Análise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web NacionalAnálise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web Nacional
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.
 
Is the Web at Risk?
Is the Web at Risk?Is the Web at Risk?
Is the Web at Risk?
 
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesOwasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidades
 
OWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHPOWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHP
 
OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010
 
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHP
 
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP PortugalOWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Dernier (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Icete Secrypt2007 Presentation

  • 1. Secure License Management Management of digital object licenses in a DRM environment *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
  • 2. Summary Digital Rights Management  What is DRM?  Rights, Rights Expression, Rights Expression Languages  Licenses  Licenses typology  Secure License Management  SLM Use-case  Conclusions and Future work 
  • 3. DRM concepts DRM involves the:  description, layering, analysis, valuation, trading and monitoring of  rights over an individual or organization's assets, in digital format; DRM is:  the chain of hardware and software services and technologies  governing the authorized use of digital objects and managing any consequences of that use throughout the entire life cycle of the object.
  • 4. DRM concepts DRM is not (only) Copy-Protection  DRM is used to manage and enforce rights  Copy-protection is used to prevent unauthorised copies  Actual commercial DRM (such as WMRM or Fairplay use  both) to (try) to be more effective
  • 5. DRM concepts Modern DRM involves several security technologies, such  as: Public-key cryptography  Secret-key cryptography  Digital signatures  Digital certificates  ... and others.   All this keying material should be properly managed, to  avoid security breaches... ... and this brings us to Key Management. 
  • 6. Key Management What is Key Management?  Key Management is the set of techniques and procedures  supporting the establishment and maintenance of keying relationships between authorized parties. Key Management encompasses techniques and procedures  supporting: Initialization of system users within a domain;  Generation, distribution and installation of keying material;  Controlling the use of keying material;  Update, revocation and destruction of keying material;  Storage, backup/recovery and archival of keying material. 
  • 7. Key Management in DRM Key Management and DRM  DRM uses keying material in several situations:  Entities (content providers, users, ...) registration and management  Software applications and components registration and management  Content security  Rights management and enforcement (licenses)  
  • 8. Rights, RM and REL Rights  [...] a right is the legal or moral entitlement to do or refrain  from doing something or to obtain or refrain from obtaining an action, thing or recognition in civil society [...] [...] Rights serve as rules of interaction between people, and, as  such, they place constraints and obligations upon the actions of individuals or groups [...] Rights management  The ability to manage rights 
  • 9. Rights, RM and REL Rights Expression Languages (REL)  Allow the expression of copyright  Allow the expression of contracts or license agreements  Allow to control over access and/or use  Mostly used to express DRM-governed content licenses  Licenses express how a governed-content can be used  Expressed in a specific format/notation (XML, Text,Graff theory,...)  XrML and ODRL are two of the most used  May contain protected keying material information to be used with the  protected digital content
  • 10. Licenses Depending on the DRM scenario and implementation  licenses can be used or not This gives 6 different scenarios:  Licenses are used in DRM  License contains CEK  License is inside digital content  License is outside the digital content  License don't have CEK  License is inside digital content  License is outside the digital content  Licenses are not used in DRM  CEK is inside digital content  CEK is not inside the digital content 
  • 12. Licenses and DRM Typical license format:  License = SignLicenseIssuer [UserID,DeviceID,DomainID,ContentID,  Rights, Restrictions, CipherUserPKey{CEK}, Validity,...] The License is signed by the License Issuer to prevent the license  modification and tampering The Content Encryption Keys (CEK) are ciphered with the  recipient Public-key – it could even be the combination of multiple keys (user,device, domain) – depends on implementation
  • 13. Licenses and DRM Two basic processes involved:  License definition and creation  License download and enforcement 
  • 14. Secure License Key Management
  • 15. Use-case/Scenario Licenses are used in DRM  License contains CEK  License is outside the digital content 
  • 18. License download and enforcement
  • 19. Conclusions and Future Work The goal of the work was to analyse how the different  existing DRM solutions handle and manage rights The different typical rights management scenarios were  identified (license management) Establish a common generic model for secure license  management (fitting to the requirements of the different platforms) A scenario was choose and instanciated on the model  This global license management model, will allow  interoperability at this level, between different DRM solutions Future: instanciate the remaining scenarios on the model. 
  • 20. Questions Thank you...  Any question? 