Technical implementation of digital rights management (DRM)


Digital rights management (DRM) systems implement the concept of access control to digital content using cryptographic techniques. Without a valid license related to digital content, the user can purchase the device or disk, but cannot access the content.

The content server manages the protected digital content and encrypts it using the DRM packager for use in a DRMS, so the content is unreadable.

The license server generates the necessary licenses on request together with the corresponding keys for user authentication and content decryption, which are calculated from the corresponding identifiers (user or device ID, content ID) and the descriptions of rights.

Authenticity and integrity of the reproduction program are verified, the contents  are decrypted with the key in the license.

Emerging technologies of trusted computing can be used to ensure compliance with the rights.

Functional reference model

Digital rights management (DRM) should take priority to the dissemination of and access to digital content on open platforms to control. DRMS should provide particular functions to access and use control.

Both features use license data defining the necessary rights in different granularity.

DRMS can support revenue models by providing a payroll function. The usage data collected by means of the accounting function, and can then be collected by a billing system of some kind (such as a micro-payment system) for further processing.

On the other hand, can support a group or even personal rights and differentiation of prices, the already mentioned use control.

Access control

For the identification of the user, there are different approaches: the spectrum of methods ranging from passwords (eg software ID), or hardware authentication (eg X.509 or CPU) to biometrics.

Although password-based systems are easy and inexpensive to implement, but are not reliable due to the possibility of passing the password for the identification of a user.

More sophisticated methods, to the biometrics, although the increase implementation costs, but provide for a more reliable way to authenticate users, the disadvantages of biometric methods must not be ignored.

Extent of the rights granted a DRMS

The enforcement of a license must be guaranteed even after a successful access authorization. The programs used to access the protected content must therefore understand a description of the authorized disposal forms (license) and can be adapted to enforce.

The rights model shown at right may grant the following three fundamental forms available:

Reproduction right (print, view and play)
Transport Law (copy, distribute and borrow)
To create law, create derivative works (extract, edit and paste)

Thus for example the printing and issuing of a document on the screen allowed (as a positive reproduction right), but the transfer be stopped by a local memory protection (as limiting the rights of transportation).

In its simplest form, comprise control systems that use a simplistic copy protection mechanisms (such as the “digital audio tape” (DAT) or in the DVD standard). In general, however, it is not the aim to prevent the copying entirely, but being able to control copying in the sense of copy control.

About the Author

Leave A Response

You must be logged in to post a comment.