Digital Rights Management Systems Research Articles

An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment

AbstractInternet‐based content distribution facilitates an efficient platform to sell the digital content to the remote users. However, the digital content can be easily copied and redistributed over the network, which causes huge loss to the right holders. On the contrary, the digital rights management (DRM) systems have been introduced in order to regulate authorized content distribution. Enterprise DRM (E‐DRM) system is an application of DRM technology, which aims to prevent illegal access of data in an enterprise. Earlier works on E‐DRM do not address anonymity, which may lead to identity theft. Recently, Chang et al. proposed an efficient E‐DRM mechanism. Their scheme provides greater efficiency and protects anonymity. Unfortunately, we identify that their scheme does not resist the insider attack and password‐guessing attack. In addition, Chang et al.'s scheme has some design flaws in the authorization phase. We then point out the requirements of E‐DRM system and present the cryptanalysis of Chang et al.'s scheme. In order to remedy the security weaknesses found in Chang et al.'s scheme, we aim to present a secure and efficient E‐DRM scheme. The proposed scheme supports the authorized content key distribution and satisfies the desirable security attributes. Additionally, our scheme offers low communication and computation overheads and user's anonymity as well. Through the rigorous formal and informal security analyses, we show that our scheme is secure against possible known attacks. Furthermore, the simulation results for the formal security analysis using the widely accepted Automated Validation of Internet Security Protocols and Applications tool ensure that our scheme is also secure. Copyright © 2015 John Wiley & Sons, Ltd.

The HTML 5 as a Digital Rights Management System

The recent features of HTML 5 create a NEW ecosystem for DRMS. The characteristic of this new era is the availability of tools to the interested Companies in order to create their own customized DRM Systems. The innovative spirit can probably be affected by this or similar practices. The work is a revised part of my thesis.

Digital Rights Management Systems and Data Privacy

Data privacy is of high priority in EU Legal structure. The Digital Rights Management Systems can affect the transfer and management of such data. What are the relative provisions of the Data Protection Directive, the Copyright Directive, the Directive on privacy in electronic Communications along with the European Convention on Human Rights?

A more secure digital rights management authentication scheme based on smart card

Digital rights management (DRM) system is a technology based mechanism to ensure only authorized access and legal distribution/consumption of the protected digital content. DRM system deals with the whole lifecycle of the digital content including production, management, distribution and consumption. DRM schemes are effective means for the transfer of digital content and safeguard the intellectual property. Recently, Yang et al. proposed a smart-card based DRM authentication scheme providing mutual authentication and session key establishment among all the participants of the DRM environment. We show that their scheme does not resist threats like smart card attack; fails to provide proper password update facility; and does not follow forward secrecy. To overcome these weaknesses, we propose an improvement of Yang et al.'s scheme. The security of our scheme remains intact even if the smart card of the user is lost. In our scheme, user's smart card is capable of verifying the correctness of the inputted identity and password and hence contributes to achieve an efficient and user- friendly password update phase. In addition, the session keys established between the participating entities are highly secure by virtue of forward secrecy property. We conduct security analysis and comparison with related schemes to evaluate our improved scheme. During comparison, we also highlight the computational cost/time complexity at the user and the server side in terms of the execution time of various operations. The entire analysis shows that the design of the improved scheme is robust enough for the for DRM environment.

Current developments in document delivery in Germany

Purpose – The purpose of the paper is to give an overview about the framework of copyright law and licences as well as the development of German National Library of Science and Technology (TIB) full-text supply services within that framework. The change of German copyright law in 2008 posed a challenge to TIB’s full-text supply services. While TIB can deliver on the basis of a statutory limitation any document to customers within Germany via mail and fax, there are restrictions for electronic delivery. Design/methodology/approach – The article describes the framework of German copyright law and licences for document delivery as well as activities of TIB to continue servicing customers in a best possible way within the existing framework. Findings – Licence agreements with publishers or intermediaries such as Rights Reproduction Organizations are now in place to allow delivery of electronic documents on a wide scale. Within this complicated framework of licence agreements, digital rights management (DRM) systems are a challenge for customers and the delivery service. However, it can be noted, that a simple watermark suffices nearly all publishers in agreements covering pay-per-view delivery of generic digital article files, and only 25 per cent require strict DRM for document delivery scanned from the print. At the same time, TIB looks for more customer-friendly DRM systems. Also, TIB is looking for ways to cooperate with partners to raise efficiency gains and to offer a more convenient service to its customers. Finally, TIB experiences that inadequate copyright law still poses a major hindrance for the international exchange of scientific information being part of its collection. Originality/value – The article describes the development of document supply services of the major TIB publications. It also shows the barriers which inadequate copyright law poses to the exchange of scientific information.

A protocol for machine-readable cache policies in OGC web services: Application to the EuroGeoSource information system

An efficient access to the contents provided through OGC web services, widely used in environmental information systems, is usually achieved by means of caching strategies. Service-owners may be interested in expressing the conditions required to allow for this. If these conditions are expressed in a machine-readable way, automatic harvesters can be programmed to follow them.This paper proposes a protocol to specify and follow cache policies for OGC web services expressed in a machine-readable language. A preliminary implementation of this protocol has been tested in the EuroGeoSource project, where a number of Web Feature Services providing mineral deposits and energy resources are periodically cached to improve the efficiency and availability of several applications. The protocol addresses a nowadays common case, and can possibly be extended to allow for more detailed policies. Further work will help to determine how it could be integrated into a full Digital Rights Management system.

Application of Digital Rights Management in Library

Digital rights management (DRM) is emerging as a formidable new challenges and focuces on security like encryption and watermarking. It is a type of access control technology that is used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content. Libraries may license resources, such as images and videos, which may require a DRM system to protect the files from copying or misuse. The DRM technology is used to limit copying, printing and sharing of e-books. A properly managed DRM system could assist libraries in managing these services. DESIDOC Journal of Library & Information Technology , 2014, 34(1), pp. 11-15. http://dx.doi.org/10.14429/djlit.34.5940

Copyright and the Commons: Eileen Simpson and Ben White’s <em>Struggle in Jerash</em> (2009)

David Joselit's After Artis devoted to analyzing scale and speed at which proliferate today as well as ways in which these trajectories have been taken up in recent artistic practice. In midst of a discussion of work of Pierre Huyghe, an artist who has dealt extensively with issues of intellectual property, a footnote with an at best tenuous relationship to body of text rather perplexingly deems a discussion of copyright beyond scope of book.1 As that body of laws that serves to regulate scale and speed at which may legally proliferate, one might assume that considerations of copyright would play a significant role in Joselit's text. But it is this exclusion that allows Joselit to set up what is perhaps book's grounding opposition, between what he terms the free 'neoliberal' circulation of images and a fundamentalist attitude that posits that art and architecture are rooted to a specific place.* There is no question as to where Joselit locates his own allegiances in this conflict: for him, neoliberal circulation proposes exciting new forms of connectivity, while fundamentalists cling to rather unfortunate privileging of discrete objects and fail to recognize that contemporary existence is characterized above all by ecstatic mobility. Despite centrality of logic of privatization to economic philosophy of neoliberalism, privatization of visual culture through aggressive enforcement of copyright nowhere enters into Joselit's application of this term to realm of images.Copyright's absence here takes on a strategic importance, as it allows Joselit to map an opposition of present/past onto that of neoliberal movement/fundamentalist stasis and make an epochal claim for ours as a time of unfettered transmission and networked relationality. A consideration of copyright law, and particularly extent to which it has rigidified over last twenty years, would temper apparent freedoms of neoliberal circulation thatjoselit values by introducing a discussion of a pervasive form of control irreducible to fundamentalism he can so easily dismiss as oldfashioned. During this period, aggressive legislation and prosecution, copyright enforcement robots, and digital rights management systems have transformed a set of laws originally formulated to stimulate creativity into a framework for profit-motivated policing. In particular, Digital Millennium Copyright Act (DMCA) of 1998, passed by a unanimous vote in U.S. Senate, heralded a new era of extremism.3 But for Joselit, an assessment of realities of copyright in post-DMCA context would reveal its ability to render sclerotic connective circuits he holds so dear.Such an affirmation of unbridled circulation is exemplary of a pervasive tendency among artists and critics engaging with contemporary mobility of images, though it is seldom expressed as explicitly as it is in After Art. It is a tendency that cuts across a wide variety of aesthetic and political investments to celebrate promiscuous circulation as sine qua non of contemporary visual culture, often implicidy replaying long-standing but spurious association of digital technology with freedom, democracy, and user autonomy. However, just as it is necessary to recognize Internet as a technology of both freedom and control, so too is it imperative that contemporary circulation of is understood as both more unmoored and more restrained than ever before. In 1994 John Perry Barlow, founder of Electronic Frontier Foundation, wrote that Intellectual property law cannot be patched, retrofitted, or expanded to contain digitized expression any more than real estate law might be revised to cover allocation of broadcasting spectrum-and yet this is exactly what has occurred.4 Though such revisions are certainly not watertight, they cannot be ignored. Moreover, this development is not particularly surprising; after all, history of copyright legislation is nothing other than history of grappling with technological innovations that challenge it. …

A privacy enabling content distribution framework for digital rights management

Digital rights management (DRM) technology has been employed to prevent illegal content consumption/redistribution. However, to achieve secure and authorised content distribution, DRM systems lose flexibility and create a serious threat to privacy. Additionally, traditional DRM models are two level distribution systems, which do not facilitate scalable content distribution. In this paper, we will propose a new content distribution framework for multiparty multilevel DRM system by employing the facility location technique. In it, authentication and payment is handled by the distributor while license server generates the license. This alleviates the license server workload and provides the opportunity to the distributor to create offers, promotions and discounts to promote the content. The adoption of independent payment collection and license generation authorities provides the way to monitor the correctness of content sell. Furthermore, the use of ring signature and pseudonym token in content distribution, protect users’ privacy without violating accountability parameters.

A Traceable and Fair Transaction Mechanism for Digital Rights Management on P2P Networks

In recent years, more and more people use Internet and with the improvements of communication technology, information sharing trends has surged over Internet. Peer-to-Peer (P2P) networks have become the main stream of file-sharing platform. However, many digital contents, which do not get permission to be copied or delivered, are privately spread by uploading to servers or P2P networks. The piracy issue seriously hurts license owners' deserved profits and potential market. For this reason, digital rights management (DRM) is considered as a general preventive measure to avoid copyright infringement. However, a conventional DRM system is only suitable for client-server architecture, and its implementation on P2P network would be quite difficult. This research plans to develop a novel traceable and fair transaction mechanism which not against the sharing purpose of P2P networks and protecting digital rights of digital contents.

Truly-Protect: An Efficient VM-Based Software Protection

We present Truly-Protect that is a software protection method. Previously published protection methods relied solely on obscurity. Rolles proposed a general approach for breaking systems that are based on obscurity. We show that, under certain assumptions, Truly-Protect is resistant not only to Rolles' attack but also to any other attacks that do not violate the assumptions. Truly-Protect is based on a virtual machine that enables us to execute encrypted programs. Truly-Protect can serve as a platform for preventing software piracy of obtaining unlicensed copies. Truly-Protect by itself is not a digital rights management system but can form a basis for such a system. We discuss several scenarios and implementations and validate the performance penalty of our protection. A preliminary version of this paper appeared in the 5th International Conference on Network and System Security (NSS2011). It was extended by expanding the system's description, adding more efficient parallel implementation, just-in-time decryption, and a comprehensive performance analysis. It also contains all the necessary proofs.

A Robust Combination Of Watermarking and Cryptography For Video Sequence

For effective digital right management (DRM) of digital multimedia, both watermarking technique and cryptography technique are required. However, general DRM system is achieved with individual function modules of cryptography and watermarking. Therefore, it has a problem that all original digital contents without watermarking information are temporarily disclosed with perfect condition via decryption process at user-side. This paper proposes a robust combination of watermarking and cryptography approach (CWCA) for video sequence. Experimental results with simulation confirmed that proposed CWCA keeps compatibility with multimedia data, and revealed that it is suitable for DRM in the network distribution system.

A proposal of digital rights management based on incomplete cryptography using invariant Huffman code length feature

Digital rights management (DRM) system is a promising technique to allow copyrighted content to be commercialized in digital format without the risk of revenue loss due to piracy. However, traditional DRMs are achieved with individual function modules of cryptography and watermarking. Therefore, all digital contents are temporarily disclosed in perfect condition via decryption process in the user-side risking illegal redistribution. This paper describes the basic idea of a novel DRM method composed of an incomplete cryptography using invariant Huffman code length feature and the user identification mechanism to control the quality of digital contents. The proposed incomplete cryptography consists of two processes: the incomplete encoding and the incomplete decoding. These processes are presented by randomly selecting the coefficients that belong to the same category or different category of Huffman code. In our scheme, the copyright information is embedded into the decoded content during the decoding process, and the size of digital contents are invariant during the process. Experimental results with simulation confirmed that the modified codes are compatible with standard JPEG format, and revealed the proposed method to be suitable for DRM in the network distribution system.

Security analysis of digital rights management system based on usage control

Through the research and analysis about the security mechanisms of the existing Digital Rights Management(DRM),a fine-grained Usage Control(UCON) plan separated rights from content was proposed in order to avoid being cracked now and then.Firstly,based on the concept of secret division,digital license has been divided into two sections to realize the separation of authentication and authorization management.Then temporary permission files were fine-grainedly granted to ensure that digital content can be dedicatedly controlled in usage.Finally integrity checks were used to improve the ability of anti-tampering attacks.The model checking results show that this plan and its policy can realize the design requirements and fairly satisfy the security requirements of DRM.

Verifiable Threshold Authorization for Scalable and Secure Digital Rights Management

With fast development of network computing and storage technologies, it became more and more convenient to share and spread digital resources through kinds of network services, however without protection and constraint of copyright, digital content can be illegally copied, altered and distributed, which could cause revenue loss to commercial digital resource providers, to solve this problem, digital rights management(DRM) is adopted to control copyrights of digital resources in a reasonable degree. Most of current DRM systems were built up in centered authorization mode which can work efficiently in normal case, but once the DRM administrator is unauthentic or the server collapsed, it will not provide authentication and authorization service again. In this paper, a verifiable threshold authorization scheme (VETAS) based on ellipse curve cryptosystem (ECC) and Lagrange polynomial is adopted for scalable and robust digital rights management, in which authorization was based on t-out of n qualified members, less than t members cannot implement authorization, and the system can still work well once part of the members are unauthentic. The advantage of the VETAS scheme is that it works in a “mutual authentication and threshold authorization” mode, thus end-user and the authorization center can authenticate each other to enhance security of corresponding identity, another advantage of the VETAS scheme is it can provide real-time rights management with fairly good robustness and reliability in a threshold authorization mode.

Effectiveness of anti-piracy technology: Finding appropriate solutions for evolving online piracy

Trends in online piracy have reached record levels and threaten traditional industry supply chains. Music, motion pictures, print media, and software are some of the most vulnerable content pirated online. Recent increases in piracy can be historically traced to the digital revolution, introduction of the World Wide Web, and growth of broadband technologies, rather than a sudden shift in consumer behavior. The digital and Internet paradigm shifts have fundamentally changed supply chain ecosystems, as well as opened the door to greater acts of piracy. Under these new ecosystems, digital rights management (DRM) has proven ineffective at stopping piracy. Furthermore, DRM systems have been shown to discourage legitimate buyers. A new approach to piracy is needed to account for recent changes in supply chain ecosystems. Several industry leaders demonstrate effective solutions combining technology and innovative business models that encourage consumers toward legitimate consumption while leveraging piracy. Given these examples, industries can address online piracy by combining appropriate technology, innovative business models, and piracy analytics in the evolving supply chain ecosystems.

Managing Digital Rights for P2P Live Broadcast and Recording on the Internet

Live broadcast over a peer-to-peer (P2P) network imposes a unique set of challenges to a digital rights management (DRM) system. Highly correlated service request arrivals at the start of a live event require peak-load provisioning if clients acquire licenses at playback time. Distributing the license management load across a P2P network requires the digital rights management system to ensure the integrity of both digital rights, the protection of client privacy and, at the same time, system scalability. In this paper we describe the requirements imposed on a digital rights management system in distributing live broadcast over a P2P network and present our design of such a system to meet the above challenges. We discuss the system's operation under a number of threat models and how to extend the system to further improve scalability and support network digital video recording (DVR). We close the paper after presenting some scalability results collected from a production P2P live broadcast network using our DRM design.

Can hyperlinks and digital rights management secure affordable access to information?

Digital Rights Management Systems (DRMs) related control mechanism, which are analogous to and augment the exclusive rights, have been the subject of debate since the early 1980s. DRMs, which function like an electronic security guard that ‘never leaves its post, never takes a break and never sleeps,11Cameron, Alex, Digital Rights Management: Where Copyright and Privacy Collide (2004) 2 Canadian Privacy Law Review 14, p. 17. can invade the privacy of individuals, prevent competition and/or control access to a work that is not or is no longer copyright protected. Hyperlinks are citations of an electronic address, but when clicked they navigate the user to the source of further information, including codes circumventing DRMs. This article accepts that the excesses of DRMs can outreach copyright and/or contract law, but argues that DRMs provide an opportunity for innovative business models, which can both protect digital works and promote free use of hyperlinks. Part 1 outlines the background and legislative provisions related to DRMs. It contrasts the WIPO Copyright Treaty (WCT) 1996,22The WCT, (and the WIPO Performances and Phonograms Treaty – WPPT, containing similar provisions), are available at http://www.wipo.int/treaties/en/ [22/04/2012]. Articles 11 and 12, with corresponding provisions found in the implementing legislation of the US Digital Millennium Copyright Act (DMCA) 1998,33Digital Millennium Copyright Act, 1998 at http://copyright.gov/legislation/hr2281.pdf [18/04/2012]. and the EU Copyright Directive (EUCD) 2001.44[Copyright] Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, Official Journal L 167, 22/06/2001 P. 0010–0019. It also examines the intellectual property aspects of the Trans-Pacific Partnership (TPP) and Europe's Anti-counterfeiting Trade Agreement (ACTA).55The TPP, also known as the Trans-Pacific Strategic Economic Partnership Agreement, which came into effect on 28 May 2006 and was initially between Singapore, New Zealand, Chile and Brunei is currently negotiated by other countries in the region including Australia, Canada, Japan and United States; negotiations are conducted in secret and the text is not publicly available.ACTA is between the EU and Australia, Canada, Japan, Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the US and is available at http://register.consilium.europa.eu/pdf/en/11/st12/st12196.en11.pdf [26/6/2012]. Part 2 debates opposing academic opinion and comments on case law relating to DRMs, including the use of hyperlinks as a way of trafficking circumvention technology and/or facilitating unauthorised access to a copyright work. It assesses the extent to which DRMs might inhibits the development of new products, prevents competition, or invades the privacy of individuals, and points to the opportunities a consumer group-rightholder negotiated model end user licence can offer. Part 3 concludes that DRMs bolsters the clutches of the rightholder, but reduce unauthorised access to information thus minimising revenue loss, which can make hyperlinked ‘consumer’ access to information ‘affordable,’ or even free.

Digital rights management system with user privacy, usage transparency, and superdistribution support

SUMMARYIn the modern world, digital content has been massively produced, distributed, and consumed by human beings; consequently, how to protect the rights and benefits of content consumers, producers, and distributors has become a crucial issue. One promising solution is to design a full‐fledged digital rights management (DRM) system. In this study we introduce a new design on the digital rights management system providing user privacy, usage transparency, and superdistribution. A comprehensive set of DRM processing functions and corresponding mechanisms are developed in our system to support various business process requirements. Superdistribution support is embedded in our system design. A prototype is implemented to verify our system design. To protect consumer privacy, a temporary identity is generated for each consumer using the KryptoKnight protocol. Elliptic curve cryptography‐based encryption scheme is adopted for messages transmitted among servers and client over an unsecure communication channel. For usage transparency, a user‐friendly DRM client package (software) is introduced in the proposed DRM system to achieve content protection and support user convenience in usage.Copyright © 2012 John Wiley & Sons, Ltd.

Trust Enforcing and Trust Building, Different Technologies and Visions

Concern about vulnerabilities of IT systems is growing together with attention to risks of intrusive cyber-control over personal activities and data. This article discusses some new technologies that are being integrated into computing devices for realizing so-called Trusted Computing and Digital Rights Management systems, which can remotely attest their current hardware/software state and can enforce external policies to access protected content. These technologies are then confronted with distributed Trust Management systems, which realize access control for local resources on the basis of delegation of access rights according to local trust decisions. Both technologies are discussed from various points of view: architecture, vision, ethics, politics and law.