iDRM – Interoperability Mechanisms for Open Rights Management Platforms

iDRM – Interoperability mechanisms for
Open Rights Management platforms
Ph.D. Dissertation Lecture

Professor Jaime Delgado*, Professor Miguel Dias** Carlos Serrão
*UPC/AC/DMAG, Barcelona, Spain
*IUL-ISCTE/DCTI/ADETTI, Lisboa, Portugal *cserrao@ac.upc.edu
**carlos.serrao@iscte.pt
carlos.j.serrao@gmail.com

*http://www.upc.edu
UPC - Universitat Politecnica de Calalunya **http://www.iscte.pt
3rd. December, 2008

Summary
  Context and State of the Art
  Specific Contributions
  Rights Management interoperability and SOA
  Using PKI towards Rights Management interoperability
  Open Rights Management as a mean for interoperability
  Secure Key and License management for open RM platforms
  The OpenSDRM open RM platform
  Wallet Rights Management interoperability middle-ware
  License Templates
  OpenSDRM use-cases and experiences
  Conclusions and Future Work
  Questions

2 [iDRM] - Ph.D. Lecture Dissertation 3rd. December 2008

Content

Compression
Content


Content
  Advantages and Opportunities
  Better content
  New and better delivery channels
  New customers
  Fast delivery
  ...
  Disadvantages and Challenges
  Piracy and Uncontrolled distribution
  ...


Content
  Answer from content industry
  Digital
  Rights
  Management
  and
  Copy
  Protection/Prevention


DRM interoperability
  DRM involves the:
  description
  layering
  analysis
  valuation
  trading
  and monitoring of rights
  over an individual or organization's assets, in digital format.


Digital Content Value-Chain

Creator Publisher Aggregator Distributor Retailer Consumer

Content Creation, Capture
Content Rights Establishment
Content Rights Validation
Content Packaging
Content Repository
Content Trading
Content Distribution

Content Trading
Content Distribution
Content Payment Content Trading
Permission Management


remixed
r/w
culture


Digital Content Value-Chain

Creator Publisher Aggregator Consumer is PublisherConsumer is
Consumer is Distributor is Aggregator Consumer is
Creator
Consumer Retailer Consumer
Distributor Retailer

  Consumers are “active” not “passive”
  Consumers take other roles on DCVC
  Changes the established rights management logic


interoperability

Digital Rights Management
  DRM 1.0 failure
  Vulnerable DRM systems
  Limitations to user experience
  Limited availability
  Offer limited protection
  Imposition to end-users
  Lack of interoperability

  DRM 2.0 must solve these issues


DRM 1.0 DRM 1.5 DRM 2.0


  DRM Layers

Rights Management

Rights Enforcement

Copy Protection


  DRM Layers – non-interoperable

Rights Management X Rights Management
DRM A

DRM B
Rights Enforcement X Rights Enforcement
Copy Protection X Copy Protection


  DRM Layers - interoperable

Rights Management Rights Management

Rights Enforcement Rights Enforcement

Copy Protection Copy Protection


  Interoperability strategies (International Standards):
  Full format interoperability
  Connected interoperability
  Configuration driven interoperability

[Koenen et al., 2004] [Kalker et al., 2007]

DRM 1.0 DRM 1.5 DRM 2.0

Interoperability


Contributions
  Motivations/Objectives
  Study the applicability of SOA to the creation of interoperable rights
management services
  Use PKI-based solutions to create common trust environments between
different RM solutions/services
  Design and implement an open, distributed, service-based architecture for
interoperable rights management infrastructure
  Based on the key management life cycle, create a generic model for secure
license and key management for rights management solutions
  Create an open and interoperable RM services-based platform (OpenSDRM)
  Study and develop a mechanism to provide interoperability between different
content rendering applications and abstraction from REL
  Evaluate the flexibility and adaptation of OpenSDRM to multiple use-cases and
scenarios


Rights Management Interoperability and Service
Oriented Architectures

Contributions

RM interoperability and SOA
  SOA and Web-Services allow an easy and standard decoupling
mechanisms for application integration
  This decoupling works based on three pillars:
  Service Provider (WSDL)
  Service Requester (SOAP)
  Service Broker (UDDI)
  Allows the distribution of services through an open network,
using open standards – such as HTTP


  Idea/Objective
  Identification of most relevant rights management services
  “Abstract” its proprietary implementation, through a well-defined
and public interface using WSDL
  Interaction between services, can be performed via:
  Proprietary communication channels, if they are internal to the same rights
management solution
  Open SOA channels, if they are to be interoperable between different rights
management solutions


  Service decoupling Service
Broker

Request
service

WSDL Service Other
Service proprietary internal
Interface implementation Proprietary Services
communication
Services
Open communication
services (SOAP/HTTP)‫‏‬

WSDL Service Other
Service proprietary internal
Interface implementation Proprietary Services
communication
Services

UDDI
Service
Broker Publish the RM
Ask for service service description
location and description

SOAP Communication
with the specific RM service
DRM
Governed
content

  Relevant papers
  Serrão C., Dias M., Delgado J., “Using Service-oriented Architectures
towards Rights Management interoperability”, in Proceedings of the
International Joint Conferences on computer, Information and Systems
Sciences and Engineering (CISSE06), University of Bridgeport, USA, 4-14
December, 2006
  Serrão C., Fonseca P., Dias M., Delgado J., “The Web-Services growing
importance for DRM interoperability”, in Proceedings of the IADIS
International Conference WWW/Internet 2006, Múrcia, Spain, 5-8 October,
2006
  Serrão C., Dias M., Delgado J., “Using Web-Services to Manage and Control
Access to Multimedia Content”, in Proceedings of The 2005 International
Symposium on Web Services and Applications (ISWS05), Las Vegas, USA,
2005


Using PKI towards Rights Management
interoperability

Contributions

PKI and RM interoperability
  From a security point of view, two major aspects need to be
considered in any DRM solution:
  the digital object protection, in which the digital object is
packaged in a specific container that is locked, preventing non-
authorized copies or modifications, making usage of strong
cryptographic algorithms.
  and the fact that through the entire object life cycle a trustworthy
environment must be established between the different actors,
devices and software components.


  Trust Environment
  In a common DRM system, trust must be established between the
different elements
  The way this trust environment is accomplished differs from DRM
implementation to implementation
  There is no common trust system
  This creates interoperability problems


Users Content Users Content Users Content Users Content

DRM A DRM B DRM C DRM D

Trust Trust Trust Trust
Mechanism A Mechanism B Mechanism C Mechanism D

Non-Interoperability points

  Public-Key Infrastructures (PKI) are important for trust
environment establishment
  PKIX (PKI for X.509) is currently one of the most deployed
PKI technologies, present in many security solutions
  PKI offers functions/services that are crucial to the
establishment of trust environments:
  Certification Authority
  Registration Authority
  Repository
  Archive


  PKIX supports most of the security and trust functions that
DRM needs
  DRM systems can “deliver” their security and trust
requirements “in the hands” of an underlying PKIX system
  This would simplify the task of DRM interoperability


  Two approaches for DRM interoperability through PKI:
  Use a single PKI service shared by all DRM systems;
  Each DRM use their own PKI service, and brokering mechanisms are
used between them



All the different DRM
systems use the same PKI
solution, to establish the
necessary trust
environment between the
different actors, devices or
software components.



The different DRM systems have
their own PKI, and a PKI broker
is used to build interoperable
trust environments between the
different actors, devices and
software components of the
different DRM systems.


  1st Scenario
  The same PKI offers to the different DRM components, trust
credentials, that can be immediately trusted between different DRM
systems

  This is however a low probability scenario. DRM systems will adopt
their own PKI solutions


  2nd Scenario
  Reflects what is happening now – each DRM chooses its own PKI
solution
  “Local” and “External” interoperability
  “Local” - the internal components of a DRM system rely on the trust
provided by their own PKI
  “External” - the components of different DRM systems, have to build trust
relationships using a PKI broker


  Serrão C., Torres V., Delgado J., Dias M., “Interoperability Mechanisms
for registration and authentication on different open DRM
platforms”, in International Journal of Computer Science and
Network Security, Vol. 6, Number 12, Pages 291-303, December, 2006
  Serrão, C., Serra A., Dias M., Delgado J., “PKI as a way to leverage
DRM interoperability”, In Proceedings of the IADIS International
Conference on Telecommunications, Networks and Systems 2007
(TNS2007), Lisboa, Portugal, 3-5 July, 2007


Open Rights management as a mean for
interoperability

Contributions

Open RM and Interoperability
  “open” is an important key in interoperability
  “open”, in RM has three dimensions
  open specifications
  open interfaces
  open-source


  Open-source DRM platforms
  Media-S
  OpenIPMP
  DReaM
  Chillout
  OpenSDRM
  Open-specification DRM platforms
  MIPAMS
  OMA-DRM


  Open-source DRM platforms comparison
  Organisation
  License
  Activity
  Base components
  Development status
  Deployment
  Number of Developers
  Fields of Applicability
  REL Support
  Content Support


  Open RM SWOT analysis


  Two dimensions for the Interoperability problem:
  DRM complexity:
  protection (encryption, decryption, watermarking, key distribution, etc.);
  authorization based on licenses (rights expressions, verification, license distribution, etc.);
  Metadata;
  Enforcement;
  Governance;
  Authorities;
  and others.
  How we try to get interoperability -> definition of different DRM interoperability levels:
  Proprietary systems;
  Standards and architectures;
  Software framework based;
  Open Source.


  Broker-based open RM interoperability


  Serrão C., Torres V., Delgado J., Dias M., “ How Open DRM platforms
can shape the future of DRM”, in IEEE Multimedia
  Serrão C., Marques J., Dias M., Delgado J., “Open-Source Software as
a Driver for Digital Content E-Commerce and DRM
interoperability”, in Proceedings of the Europe-China Conference on
Intellectual Property in Digital Media – Optimisation of Intellectual
Property in Digital Media (IPDM06), Shangai, China, 18-19 October,
2006


Secure Key and License Management for open
Rights Management platforms

Contributions

Secure key and license management
  Some of the functions of modern DRM involves the use of
several security technologies:
  Public-key cryptography
  Secret-key cryptography
  Digital signatures
  Digital certificates
  ... and others.
  All this keying material should be properly managed, to avoid
security breaches...
  ... and this brings us to Key Management.

  Key Management Life Cycle


  Key Management Life Cycle
  It is important to study on the different DRM solutions handle this
functionalities
  Establish a common secure license and key management life-cycle
  Implementing a broker-based interoperable key management system
  As a mechanism for DRM interoperability


  Key Management and DRM
  DRM uses keying material in several situations:
  Entities (content providers, users, ...) registration and management
  Software applications and components registration and management
  Content security
  Rights management and enforcement (licenses)


  Rights Expression Languages (REL)
  Allow the expression of copyright
  Allow the expression of contracts or license agreements
  Allow to control over access and/or use
  Mostly used to express DRM-governed content licenses
  Licenses express how a governed-content can be used
  Expressed in a specific format/notation (XML, Text, Graph theory, ...)
  XrML and ODRL are two of the most used
  May contain protected keying material information to be used with
the protected digital content


  Depending on the DRM scenario and implementation licenses can
be used or not
  This gives 6 different scenarios:
  Licenses are used in DRM
  License contains CEK
  License is inside digital content
  License is outside the digital content
  License don't have CEK
  License is inside digital content
  License is outside the digital content
  Licenses are not used in DRM
  CEK is inside digital content
  CEK is not inside the digital content


  License topology


  Analysis of key management in open RM platforms


  Serrão, C., Serra A., Dias M., Delgado J., quot;Key Management in open DRM
Platforms”, in the Proceedings of the 3rd. International Conference of
Automated Production of Cross Media Content for Multi-channel
Distribution (AXMEDIS2007), Barcelona, Spain, 28-30 November, 2007
  Serrão, C., Serra A., Dias M., Delgado J., “Secure License Management -
Management of Digital Object Licenses in a DRM environment”, In
Proceedings of the International Conference on Security and Cryptography
(SECRYPT2007), Barcelona, Spain, 28-31 July, August, 2007
  Serrão, C., Serra A., Dias M., Delgado J., quot;Protection of MP3 Music Files
Using Digital Rights Management and Symmetric Cipheringquot;, in the
Proceedings of the 2nd. International Conference of Automated Production
of Cross Media Content for Multi-channel Distribution (AXMEDIS2006),
Leeds, United Kingdom, 13-15 December, 2006


The OpenSDRM open rights management
platform

Contributions

OpenSDRM
  What is OpenSDRM?
  Distributed DRM architecture
  Each of the functionalities is implemented has an independent
distributed service
  There can exist multiple instances of the same service provided by
different entities

  incorporate the previous contributions


OpenSDRM
  OpenSDRM is open:
  open-source
  open specifications
  open interfaces
  open to different types of content
  open to support many different business models
  open to interoperability


OpenSDRM


OpenSDRM
  Serrão C., Dias M., Kudumakis P., “From OPIMA to MPEG IPMP-X - A
standard’s history across R&D projects”, in Special Issue on European
Projects in Visual Representation Systems and Services, Image
Communications, Volume 20, Issue 9-10, Pages 972-994, Elsevier, 2005
  Serrão C., quot;Open Secure Infrastructure to control User Access to
multimedia contentquot;, in Proceedings of the 4th. International Conference on
Web Delivering of Music (WEDELMUSIC2004), Barcelona, Spain, 2004
  Serrão C., Neves D., Kudumakis P., Barker T., Balestri M., quot;OpenSDRM – An
Open and Secure Digital Rights Management Solutionquot;, in Proceedings of
the IADIS International Conference e-Society 2003, Lisboa, Portugal, 3-6
June, 2003


Wallet Rights Management interoperability
middleware

Contributions

Wallet RM interoperability middle-ware


  DRM-governed content life cycle


  Serrão C., Dias M., Delgado J., “Digital Object Rights Management –
Interoperable client-side DRM middleware”, In Proceedings of the
International Conference on Security and Cryptography
(SECRYPT2006), Setúbal, Portugal, 7-10 August, 2006
  Serrão C., Dias M., Delgado J., “Bringing DRM interoperability to
digital content rendering applications”, in Proceedings of the CISSE05
– The International Joint Conferences on Computer, Information, and
System Sciences, and Engineering, Springer, ISBN: 978-1-4020-5260-6,
University of Bridgeport, USA, 10-20 Dezembro, 2005


License Templates

Contributions

License Templates
  Complex RM environments
  Content Provider - License Provider - User CRA
  Support for multiple license format is *not* assured

  Possible solutions
  REL translation
  License in one format is translated to other format

  Templates
  Specific REL license templates created “a priori”, and instantiated when the
license is to be issued


License Templates
  License template definition process


License Templates
  Serrão C., Dias M., Delgado J., “Using ODRL to express rights for
different content usage scenarios”, in Proceedings of the ODRL2005
– 2nd International ODRL Workshop 2005, Lisboa, Portugal, 7-8 July,
2005
  Serrão C., Dias M., Delgado J., “Bringing DRM interoperability to
digital content rendering applications”, in Proceedings of the CISSE05
– The International Joint Conferences on Computer, Information, and
System Sciences, and Engineering, Springer, ISBN: 978-1-4020-5260-6,
University of Bridgeport, USA, 10-20 Dezembro, 2005


OpenSDRM experiences and use-cases

Contributions

  OpenSDRM usage cases:
  Digital Music, MOSES FP5-IST project, Music-4You.com
  JPEG2000 digital images, HICOD2000 ESA RTD project
  Video-Surveillance, WCAM FP6-IST project
  Home Networking Digital Music, MediaNet FP6-IST project


  Serrão C., “Music-4you.com – Digital Music E-Commerce Case Study”, in IADIS
International Journal on Internet/WWW, Volume 3, Issue 1, ISSN 1645-7641,
2005
  Carvalho H., Serrão C., Serra A., Dias M., “Flexible Access to ESA Earth
Observation data using JPEG2000 and DRM”, in Proceedings of the Fourth
Conference on Imaging Information Mining (ESA-EUSC2006), Madrid, Spain,
27-28 November, 2006
  Serrão, C., Dias M., Serra A., Carvalho H., quot;Accessing Earth Observation data
using JPEG2000quot;, in Proceedings of the Symposium on Computational
Modelling of Objects Represented in Images (CompImage2006), Coimbra,
Portugal, 20-21 October, 2006
  Serrão, C., Dias L., Serra A., Dias M., quot;JPEG2000 Image Compression and
Visualization for Desktop and Mobile Clientsquot;, in Proceedings of the Atlantic
Europe Conference on Remote Imaging and Spectroscopy (AECRIS2006),
International Journal of Internet Protocol Technology, Preston, United Kingdom,
11-12 September, 2006


Conclusions
  The objective of this work was to present several mechanisms
to improve the RM non-interoperable panorama
  Some specific mechanisms were selected to study its
applicability to RM interoperability
  RM interoperability is not an easy problem
  This thesis does not solve it!!!
  However, it contributes with some mechanisms to make the problem
less complex.
  But, more work needs to be done!


Conclusions
  Rights Management and Service-Oriented Architectures
  SoA has a huge impact on the software and service distribution
(SaaS)
  RM can benefit from service distribution, to create heterogeneous
RM environments
  RM providers decouple RM services
  Published, and promoted on UDDI repositories
  Approach followed on the OpenSDRM implementation


Conclusions
  PKI and rights management interoperability
  RMS systems need to establish trust environments and to handle
cryptographic material
  Most current RM solutions do not rely on existing PKI services –
they implement their own proprietary services
  Contributed with PKI-based interoperability solution to establish
trust – PKI-broker to establish trust between different RM solutions
  Design and establishment of protocols to create trust environments
between different RM solutions


Conclusions
  Open rights management towards interoperability
  Commercial RM solutions are vertical, closed and non-interoperable
– alternative is an open model
  Open RM solutions were identified, classified and included in three
categories: open-source, open specifications and open interfaces
  A SWOT analysis was conducted to identify the major advantages
and drawbacks of having open RM solutions


Conclusions
  Secure key and license management for open rights
management
  Security is central to RM systems
  Appropriate secure management of rights and key management are of
extreme importance
  Scenarios between the REL, the digital object and the CEK were
identified
  Description of the license management life cycle
  Identify how the different RM handle the key management life cycle
  Lack of support behind the pre-operational and operational stages
  Proper key management is crucial for security management


Conclusions
  OpenSDRM open rights management architecture
  Design and implementation of an open RM platform
  Based on a service oriented approach
  E2E RM services for the DCVC
  Detailed security mechanisms and protocols


Conclusions
  Wallet rights management interoperability middle-ware and
license templates
  Establishment of a client-side RM middle-ware to provide
interoperability between different CRA
  Abstraction layer between the CRA and DRM regime
  Request authorizations to the RM layer to render content
  Creation of and usage of license rights templates to offer RM
interoperability between multiple content providers, license
providers and user-devices
  Expression of particular business model using different license templates
  Facilitate the interoperation between different REL


Conclusions
  OpenSDRM use-cases
  Demonstrate the OpenSDRM applicability, adaptability and
interoperability to:
  Multiple business models
  Multiple content types
  Multiple CRA


Conclusions
  Using of SoA to enable the RM services interoperability
  Establishment of common trust environments, using PKI mechanisms, to
provide interoperability
  Analyse how open RM can contribute to RM interoperability and define an
approach for open RM platforms based on SWOT analysis
  Define how to manage securely both keys and licenses throughout their
life-cycle, across open RM platforms
  Creation of an open and services based RM platform that enables
interoperability between different scenarios
  Design of an abstraction mechanism between content rendering and RM,
and abstraction mechanism between the content provider business model
and the REL used
  Evaluate the usage of contributed mechanisms on different usage scenarios


Conclusions


Conclusions
  Future work
  Interoperable RM brokerage
  Economic impact of OpenSDRM disintermediation
  Key and license management on super-distribution
  OpenSDRM development and improvement


Questions

Thank you for your time and your patience…

iDRM – Interoperability Mechanisms for Open Rights Management Platforms

Recommended

Recommended

More Related Content

Similar to iDRM – Interoperability Mechanisms for Open Rights Management Platforms

Similar to iDRM – Interoperability Mechanisms for Open Rights Management Platforms (20)

More from Carlos Serrao

More from Carlos Serrao (20)

Recently uploaded

Recently uploaded (20)

iDRM – Interoperability Mechanisms for Open Rights Management Platforms