SlideShare a Scribd company logo

Icete Secrypt2007 Presentation

Carlos Serrao
Carlos Serrao

This document discusses secure license management in a digital rights management (DRM) environment. It begins with an overview of DRM concepts like rights, rights expression languages, and licenses. It then describes different license typologies and scenarios for using licenses in DRM. A key license management use case is presented involving the definition, creation, download, and enforcement of licenses that contain content encryption keys and are stored outside digital content. The goal is to analyze how DRM solutions manage rights and establish a common model for secure license management across platforms.

Technology
1 of 20
Download to read offline
Secure License Management Management of digital object licenses in a DRM environment *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
Summary Digital Rights Management  What is DRM?  Rights, Rights Expression, Rights Expression Languages  Licenses  Licenses typology  Secure License Management  SLM Use-case  Conclusions and Future work 
DRM concepts DRM involves the:  description, layering, analysis, valuation, trading and monitoring of  rights over an individual or organization's assets, in digital format; DRM is:  the chain of hardware and software services and technologies  governing the authorized use of digital objects and managing any consequences of that use throughout the entire life cycle of the object.
DRM concepts DRM is not (only) Copy-Protection  DRM is used to manage and enforce rights  Copy-protection is used to prevent unauthorised copies  Actual commercial DRM (such as WMRM or Fairplay use  both) to (try) to be more effective
DRM concepts Modern DRM involves several security technologies, such  as: Public-key cryptography  Secret-key cryptography  Digital signatures  Digital certificates  ... and others.   All this keying material should be properly managed, to  avoid security breaches... ... and this brings us to Key Management. 
Key Management What is Key Management?  Key Management is the set of techniques and procedures  supporting the establishment and maintenance of keying relationships between authorized parties. Key Management encompasses techniques and procedures  supporting: Initialization of system users within a domain;  Generation, distribution and installation of keying material;  Controlling the use of keying material;  Update, revocation and destruction of keying material;  Storage, backup/recovery and archival of keying material. 
Key Management in DRM Key Management and DRM  DRM uses keying material in several situations:  Entities (content providers, users, ...) registration and management  Software applications and components registration and management  Content security  Rights management and enforcement (licenses)  
Rights, RM and REL Rights  [...] a right is the legal or moral entitlement to do or refrain  from doing something or to obtain or refrain from obtaining an action, thing or recognition in civil society [...] [...] Rights serve as rules of interaction between people, and, as  such, they place constraints and obligations upon the actions of individuals or groups [...] Rights management  The ability to manage rights 
Rights, RM and REL Rights Expression Languages (REL)  Allow the expression of copyright  Allow the expression of contracts or license agreements  Allow to control over access and/or use  Mostly used to express DRM-governed content licenses  Licenses express how a governed-content can be used  Expressed in a specific format/notation (XML, Text,Graff theory,...)  XrML and ODRL are two of the most used  May contain protected keying material information to be used with the  protected digital content
Licenses Depending on the DRM scenario and implementation  licenses can be used or not This gives 6 different scenarios:  Licenses are used in DRM  License contains CEK  License is inside digital content  License is outside the digital content  License don't have CEK  License is inside digital content  License is outside the digital content  Licenses are not used in DRM  CEK is inside digital content  CEK is not inside the digital content 
License Typology
Licenses and DRM Typical license format:  License = SignLicenseIssuer [UserID,DeviceID,DomainID,ContentID,  Rights, Restrictions, CipherUserPKey{CEK}, Validity,...] The License is signed by the License Issuer to prevent the license  modification and tampering The Content Encryption Keys (CEK) are ciphered with the  recipient Public-key – it could even be the combination of multiple keys (user,device, domain) – depends on implementation
Licenses and DRM Two basic processes involved:  License definition and creation  License download and enforcement 
Secure License Key Management
Use-case/Scenario Licenses are used in DRM  License contains CEK  License is outside the digital content 
License definition
License creation
License download and enforcement
Conclusions and Future Work The goal of the work was to analyse how the different  existing DRM solutions handle and manage rights The different typical rights management scenarios were  identified (license management) Establish a common generic model for secure license  management (fitting to the requirements of the different platforms) A scenario was choose and instanciated on the model  This global license management model, will allow  interoperability at this level, between different DRM solutions Future: instanciate the remaining scenarios on the model. 
Questions Thank you...  Any question? 

Recommended

Iadis Tns2007 Presentation
Iadis Tns2007 PresentationIadis Tns2007 Presentation
Iadis Tns2007 Presentation
Carlos Serrao
 
Paper id 2120145
Paper id 2120145Paper id 2120145
Paper id 2120145IJRAT
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
Ppt
PptPpt
Ppt
Nidhi Bansal
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft Private Cloud
 
Wifi
WifiWifi
Wifinil65
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014Ravindran Vasu
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 

Recommended

Iadis Tns2007 Presentation
Iadis Tns2007 PresentationIadis Tns2007 Presentation
Iadis Tns2007 Presentation
Carlos Serrao
 
Paper id 2120145
Paper id 2120145Paper id 2120145
Paper id 2120145IJRAT
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
Ppt
PptPpt
Ppt
Nidhi Bansal
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft Private Cloud
 
Wifi
WifiWifi
Wifinil65
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014Ravindran Vasu
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private DataIntroduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
IDES Editor
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.comIJERD Editor
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
DocuSign
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Easy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementEasy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementSpinoza77
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?
John ILIADIS
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?
Carlos Serrao
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
Ulf Mattsson
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesCarlo Pelliccioni, CISSP
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
frontone
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
Entrust Datacard
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
Giuseppe Paterno'
 
Thought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking ApplicationsThought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking Applications
Infosys Finacle
 
DRM_Interoperability_Final
DRM_Interoperability_FinalDRM_Interoperability_Final
DRM_Interoperability_FinalSanjeev Verma, PhD
 
Digital Rights Management PPT
Digital Rights Management PPTDigital Rights Management PPT
Digital Rights Management PPTSuresh Khutale
 

More Related Content

What's hot

Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private DataIntroduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
IDES Editor
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
DocuSign
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Easy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementEasy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementSpinoza77
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?
John ILIADIS
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?
Carlos Serrao
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
Ulf Mattsson
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesCarlo Pelliccioni, CISSP
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
frontone
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
Entrust Datacard
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
Giuseppe Paterno'
 
Thought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking ApplicationsThought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking Applications
Infosys Finacle
 

What's hot (20)

Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private DataIntroduction of a New Non-Repudiation Service to Protect Sensitive Private Data
Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overview
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Whitepaper: Secure By Design
Whitepaper: Secure By DesignWhitepaper: Secure By Design
Whitepaper: Secure By Design
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Easy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplementEasy signature 21 cfr part 11 supplement
Easy signature 21 cfr part 11 supplement
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking Services
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
 
Thought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking ApplicationsThought Paper: Overview of Banking Applications
Thought Paper: Overview of Banking Applications
 

Similar to Icete Secrypt2007 Presentation

Digital Rights Management PPT
Digital Rights Management PPTDigital Rights Management PPT
Digital Rights Management PPTSuresh Khutale
 
What is DRM, Types of DRM
What is DRM, Types of DRMWhat is DRM, Types of DRM
What is DRM, Types of DRM
Jarom Joseph
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
Vdrm presentation
Vdrm presentationVdrm presentation
Vdrm presentation
RanjithaS25
 
What is Digital Rights Management System and How does it work : Ameva Tech
What is Digital Rights Management System and How does it work : Ameva TechWhat is Digital Rights Management System and How does it work : Ameva Tech
What is Digital Rights Management System and How does it work : Ameva Tech
Ameva Tech
 
DRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and BitmovinDRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and Bitmovin
Bitmovin Inc
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
Flexera
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
Ameva Tech
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing Base
Sajid Marwat
 
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
Bitmovin Inc
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
Mukesh Chinta
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 
Encryption Alone Isn't Enough - Next Gen Digital Security Revealed
Encryption Alone Isn't Enough - Next Gen Digital Security RevealedEncryption Alone Isn't Enough - Next Gen Digital Security Revealed
Encryption Alone Isn't Enough - Next Gen Digital Security Revealed
Andrew J. Polcha
 
Digital rights management an essential feature in the digital era
Digital rights management an essential feature in the digital eraDigital rights management an essential feature in the digital era
Digital rights management an essential feature in the digital era
Kishor Satpathy
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
TranVu383073
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
Amr Salah
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 

Similar to Icete Secrypt2007 Presentation (20)

DRM_Interoperability_Final
DRM_Interoperability_FinalDRM_Interoperability_Final
DRM_Interoperability_Final
 
Digital Rights Management PPT
Digital Rights Management PPTDigital Rights Management PPT
Digital Rights Management PPT
 
What is DRM, Types of DRM
What is DRM, Types of DRMWhat is DRM, Types of DRM
What is DRM, Types of DRM
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
Vdrm presentation
Vdrm presentationVdrm presentation
Vdrm presentation
 
What is Digital Rights Management System and How does it work : Ameva Tech
What is Digital Rights Management System and How does it work : Ameva TechWhat is Digital Rights Management System and How does it work : Ameva Tech
What is Digital Rights Management System and How does it work : Ameva Tech
 
DRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and BitmovinDRM Basics With Irdeto and Bitmovin
DRM Basics With Irdeto and Bitmovin
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing Base
 
Anajli_Synopsis
Anajli_SynopsisAnajli_Synopsis
Anajli_Synopsis
 
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
DRM Workflows: How to Provide Protected Content to Desktop, Mobile, TVs, & St...
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Encryption Alone Isn't Enough - Next Gen Digital Security Revealed
Encryption Alone Isn't Enough - Next Gen Digital Security RevealedEncryption Alone Isn't Enough - Next Gen Digital Security Revealed
Encryption Alone Isn't Enough - Next Gen Digital Security Revealed
 
Digital rights management an essential feature in the digital era
Digital rights management an essential feature in the digital eraDigital rights management an essential feature in the digital era
Digital rights management an essential feature in the digital era
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
 
Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)Introduction to Security (Hardware, Software, Data & Policies)
Introduction to Security (Hardware, Software, Data & Policies)
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 

More from Carlos Serrao

Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Carlos Serrao
 
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
Carlos Serrao
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
Carlos Serrao
 
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Carlos Serrao
 
A OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a WebA OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a Web
Carlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisCarlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisCarlos Serrao
 
OWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a WebOWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a Web
Carlos Serrao
 
Principios básicos de segurança on-line
Principios básicos de segurança on-linePrincipios básicos de segurança on-line
Principios básicos de segurança on-lineCarlos Serrao
 
OWASP presentation on FISTA2011
OWASP presentation on FISTA2011OWASP presentation on FISTA2011
OWASP presentation on FISTA2011Carlos Serrao
 
Análise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web NacionalAnálise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web Nacional
Carlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
Carlos Serrao
 
OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.
Carlos Serrao
 
Is the Web at Risk?
Is the Web at Risk?Is the Web at Risk?
Is the Web at Risk?
Carlos Serrao
 
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesOwasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesCarlos Serrao
 
OWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHPOWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHP
Carlos Serrao
 
OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010
Carlos Serrao
 
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
Carlos Serrao
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHP
Carlos Serrao
 
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP PortugalOWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
Carlos Serrao
 

More from Carlos Serrao (20)

Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
 
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
 
A OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a WebA OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a Web
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
OWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a WebOWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a Web
 
Principios básicos de segurança on-line
Principios básicos de segurança on-linePrincipios básicos de segurança on-line
Principios básicos de segurança on-line
 
OWASP presentation on FISTA2011
OWASP presentation on FISTA2011OWASP presentation on FISTA2011
OWASP presentation on FISTA2011
 
Análise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web NacionalAnálise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web Nacional
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.
 
Is the Web at Risk?
Is the Web at Risk?Is the Web at Risk?
Is the Web at Risk?
 
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesOwasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidades
 
OWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHPOWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHP
 
OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010
 
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHP
 
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP PortugalOWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 

Icete Secrypt2007 Presentation

  • 1. Secure License Management Management of digital object licenses in a DRM environment *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
  • 2. Summary Digital Rights Management  What is DRM?  Rights, Rights Expression, Rights Expression Languages  Licenses  Licenses typology  Secure License Management  SLM Use-case  Conclusions and Future work 
  • 3. DRM concepts DRM involves the:  description, layering, analysis, valuation, trading and monitoring of  rights over an individual or organization's assets, in digital format; DRM is:  the chain of hardware and software services and technologies  governing the authorized use of digital objects and managing any consequences of that use throughout the entire life cycle of the object.
  • 4. DRM concepts DRM is not (only) Copy-Protection  DRM is used to manage and enforce rights  Copy-protection is used to prevent unauthorised copies  Actual commercial DRM (such as WMRM or Fairplay use  both) to (try) to be more effective
  • 5. DRM concepts Modern DRM involves several security technologies, such  as: Public-key cryptography  Secret-key cryptography  Digital signatures  Digital certificates  ... and others.   All this keying material should be properly managed, to  avoid security breaches... ... and this brings us to Key Management. 
  • 6. Key Management What is Key Management?  Key Management is the set of techniques and procedures  supporting the establishment and maintenance of keying relationships between authorized parties. Key Management encompasses techniques and procedures  supporting: Initialization of system users within a domain;  Generation, distribution and installation of keying material;  Controlling the use of keying material;  Update, revocation and destruction of keying material;  Storage, backup/recovery and archival of keying material. 
  • 7. Key Management in DRM Key Management and DRM  DRM uses keying material in several situations:  Entities (content providers, users, ...) registration and management  Software applications and components registration and management  Content security  Rights management and enforcement (licenses)  
  • 8. Rights, RM and REL Rights  [...] a right is the legal or moral entitlement to do or refrain  from doing something or to obtain or refrain from obtaining an action, thing or recognition in civil society [...] [...] Rights serve as rules of interaction between people, and, as  such, they place constraints and obligations upon the actions of individuals or groups [...] Rights management  The ability to manage rights 
  • 9. Rights, RM and REL Rights Expression Languages (REL)  Allow the expression of copyright  Allow the expression of contracts or license agreements  Allow to control over access and/or use  Mostly used to express DRM-governed content licenses  Licenses express how a governed-content can be used  Expressed in a specific format/notation (XML, Text,Graff theory,...)  XrML and ODRL are two of the most used  May contain protected keying material information to be used with the  protected digital content
  • 10. Licenses Depending on the DRM scenario and implementation  licenses can be used or not This gives 6 different scenarios:  Licenses are used in DRM  License contains CEK  License is inside digital content  License is outside the digital content  License don't have CEK  License is inside digital content  License is outside the digital content  Licenses are not used in DRM  CEK is inside digital content  CEK is not inside the digital content 
  • 12. Licenses and DRM Typical license format:  License = SignLicenseIssuer [UserID,DeviceID,DomainID,ContentID,  Rights, Restrictions, CipherUserPKey{CEK}, Validity,...] The License is signed by the License Issuer to prevent the license  modification and tampering The Content Encryption Keys (CEK) are ciphered with the  recipient Public-key – it could even be the combination of multiple keys (user,device, domain) – depends on implementation
  • 13. Licenses and DRM Two basic processes involved:  License definition and creation  License download and enforcement 
  • 14. Secure License Key Management
  • 15. Use-case/Scenario Licenses are used in DRM  License contains CEK  License is outside the digital content 
  • 18. License download and enforcement
  • 19. Conclusions and Future Work The goal of the work was to analyse how the different  existing DRM solutions handle and manage rights The different typical rights management scenarios were  identified (license management) Establish a common generic model for secure license  management (fitting to the requirements of the different platforms) A scenario was choose and instanciated on the model  This global license management model, will allow  interoperability at this level, between different DRM solutions Future: instanciate the remaining scenarios on the model. 
  • 20. Questions Thank you...  Any question? 