OMA DRM Kevin Liu Advisor Prof. Hsing Mei Web Computing Laboratory Graduate Institute of Applied Science and Engineering, Fu Jen Catholic University March 15, 2008 Outline • Introduction • DRM System Overview • Three DRM V1.0 methods • • • • – Combined delivery – Forward-Lock – Separate delivery Introduction of DRM V2.0 DRM Website Conclusion Reference 2 OMA DRM • OMA:Open Mobile Alliance – 正式成立於2002年6月初,其前身為:Open Mobile Architecture Initiative Supporters 和WAP Forum。後續有一些組織加入了OMA. • DRM:Digital Rights Management – Is the means to control the usage of the media object once it has been downloaded. 3 Preface • Without protection and management of digital rights, – Digital content can be easily copied, altered, and distributed to a large number of recipients, which could cause revenue loss to media companies. • There is a need for content providers and operators to control the usage of downloaded media objects. • To protect commercial digital intellectual property and avoid digital piracy, – we need a system that prevents unauthorized access to digital content and manages content usage right. 4 Introduction of DRM • A content provider can grant a user the rights to preview media objects for free and charge the user only for the full usage rights. • The value lies in the rights and not in the media object itself • DRM makes it possible to sell the rights to use the media object, rather than selling the media object itself. 5 Introduction of DRM • A DRM system should offer a persistent content protect against unauthorized access to the digital content , – limiting access to only those with the proper authorization. • DRM enables content providers to define rules (rights) for how the media object should be used. – the ability to preview DRM content – to prevent downloaded DRM content from being illegally forwarded (copied) to other users 6 Introduction • The rights can be delivered to the consuming device by downloading them together with the content or by sending the rights object separately from content. 7 DRM System Overview License Server Paying royalty fees Usage rules Content Provider Digital License Requiring license and paying Paying distribution Protected Content Consumer Protected content Content Server 8 Three DRM V1.0 Methods • Forward-Lock • Combined delivery • Separate delivery 9 Forward-lock (FL) • A special case of combined delivery method where the DRM message does not contain a rights object. • The device is allowed to render the content but not to forward it to other devices. 10 Forward-lock (FL) • The Content Provider, using a DRM Packager, packages the media object into one DRM Message and makes the URL available to the device (e.g. by publishing it on a Web page). • HTTP Download is used to deliver the DRM Message. • The User is using the media object. • The DRM agent ensures that the media object is not copied to another device, via IrDA or Bluetooth, or sent from the device in an MMS or email. 11 Combined delivery (CD) • Delivery of the rights object and content together in a single message. • The DRM message includes the media object and a rights object. • The device may render the content according to the rights object. • If the device supports the “combined delivery” method it MUST also support the “forward-lock” method. 12 Combined delivery (CD) • The Content Provider, using a DRM Packager, packages the media object and the rights object into one DRM Message. • The DRM Message is made available to the device (e.g. by publishing it on a Web page). • To download the DRM Message (media object + rights object). • The User is using the media object. The DRM agent ensures that the media object is used according to the rights. 13 Separate delivery (SD) • Delivery of the rights object and content via separate transports. • If the device supports the “separate delivery” method it MUST also support the “combined delivery” and “forward-lock” methods. • If there are no rights objects associated with a piece of DRM content the device MUST NOT consume the content. 14 Separate delivery • In the separate delivery method the content provider needs to convert the plaintext media object into DRM content format (DCF). • This conversion includes symmetric encryption of the content making the DRM protected content object useless to parties not having access to the Content Encryption Key (CEK). • The content in DRM format may be distributed via an insecure transport whereas a more secure transport (from DRM point of view) is used to deliver the rights object with the CEK. 15 Separate delivery • In the separate delivery method the media object is always encrypted and converted into the DCF format. • When a media object is distributed in encrypted form, the key is with the rights object. • The device should allow to forward the DCF file to another device. • The device must not forward rights objects from the device. 16 Separate delivery • The media object is allowed to pass from mobile device to mobile device through any channel, with the rights object being obtainable from the Rights Issuer. 17 DRM V1.0 Use Case 18 Introduction of DRM V2.0 • 更進一步加密權限物件 • 藉由使用裝置的公開金鑰(public key)做為 內容物件加密的金鑰 – 將它們結合於目標裝置,來加強安全性。 • 整合的保護內容及權限物件,可減少被濫 用的風險 • 除了加強安全性,亦加入信任的元件(trust element) 19 The Trust Element of DRM V2.0 • DRM Agent • Content Issuer • Rights Issuer 20 DRM Agent • 此元件內嵌入一個信任的實體(trusted entity) • 負責執行DRM 內的許可權限及限制 • 控制對DRM 內容的存取 21 Content Issuer • 負責傳遞DRM 內容 • OMA DRM 中有定義DRM 內容的格式以傳 遞至DRM Agent • 亦定義使用不同傳遞機制由Content Issuer 傳遞至DRM Agent • 可以確實地將DRM 內容包裝好或是可接收 已包裝好的內容 22 Rights Issuer • 對DRM 內容分配許可權限及限制的一個實 體 • 產生權限物件Rights Objects • 一個權限物件是一份XML 文件,表達出對 相關DRM 內容的許可權限及限制 • 權限物件管理DRM 內容如何被使用 23 DRM Website 24 DRM Website 25 Conclusion • 所謂的DRM乃是藉由電腦程式,以軟體或硬體方 法限制數位內容使用方式的系統通稱 • 一種機密保護機制,防止被複製,或防止在傳遞 時被攔截轉拷 • 在「複製」所費不貲的年代中,出版商持有了複 製所需的資源及技術,壟斷了複製的權利,藉以 保障其利潤,這便是著作權的由來。 • 「合理使用」的權利會被 DRM 吞噬 • 使用者還是得接受大財團的剝削,讓自己的權益 平白受損。 26 Reference • OMA Digital Rights Management V1.0 Approved Enabler • Digital Rights Management (OMA-Download-DRM-V1_020040615-A.pdf) • Download Architecture(OMA-Download-ARCH-V1_0-20040625A.pdf) • Introduction to DRM - Digital Right Management • DRM Website • 再論DRM 27 Q&A 28