Trust in Event Reporting Mechanisms for DRM

Abstract

This paper presents mechanisms to manage and protect notification of events in Digital Rights Management systems. Event notification is an important part within DRM systems that enable the controlled use of multimedia content through the complete digital valued chain, from creation to consumption of digital assets. These modules are responsible for reporting events related to multimedia content and/or peers that interact with them. Then, producers and distributors of multimedia content can be informed of the usage of the multimedia content that they have produced or distributed. In some cases, it is also important to protect the reported data in order to ensure its integrity and authenticity. I. INTRODUCTION Digital Rights Management (DRM) systems enable the creation, distribution and consumption of multimedia content. These systems are made up of different elements that enable the controlled use of multimedia content through the complete digital value chain. Typical components of DRM systems are digital object creators, license creators and interpreters, protection servers, etc. Moreover, something that could help when using multimedia content in a controlled way is the notification of events being done by users of multimedia systems. In this way, distributors of multimedia content can be informed of the usage of the multimedia objects they have provided through a web site, a downloading service or whatever distribution mechanism used. Afterwards, users illegally distributing content could be prosecuted by means of these activity records. By means of the chain of licenses or digital objects defining the contractual relationships between the actors of the value chain, they could be informed of the use of the content that they have created, adapted, distributed, etc. The notification of events could be useful, for example example to monitor the usage of copyrighted material or to know the exact connectivity conditions between two Peers when trying to deliver multimedia content. In the first case, a distributor could specify that, whenever the content that he distributes is rendered, he would receive a notification enabling him to manage his royalties. Then, the Peer would generate a notification, upon the content is rendered, which would be delivered to the distributor. This event notification would contain information about the digital content and the conditions under which it has been rendered. MPEG-21 Event Reporting (1) provides a standardised way for sharing information about events amongst peers and users. Such events are related to multimedia content and/or peers that interact with them. In the MPEG-21 context, the reporting messages that include information about different aspects of media usage are called Event Reports. MPEG-21 Event Reporting had some limitations when trying to manage events in trusted systems. Then, we proposed a way to improve this standard expanding its capabilities. A core experiment was carried out in order to verify the solution we had proposed for the report of events in trusted systems. This paper presents the solution that we proposed and how it was integrated in the MPEG-21 Event Reporting standard. On the other hand, in some of the above situations, especially in non-trusted systems, event notifications should be protected. We should guarantee access and modification only to the users that have permission. MPEG-21 Event Reporting standard initiative does not take into account the security of the events being notified. This specification does not provide a way to ensure integrity and authenticity or protection to the reported data neither to the request data. Usually, it is important to protect the sensible data reported, as the user data and the operations that he/she has performed will be later used to produce usage statistics, billing information, etc. This paper also presents a possible solution to this issue.