当前位置:首页 >> 自然科学 >>

A Survey on Digital Rights Management Technologies_图文

A Survey on Digital Rights Management Technologies
DRM Working Group NDAP Research & Development of Technology Division Mar. 29, 2005

Outline
? Introduction ? Components in DRM ? DRM Standards ? Commercial Solutions & Case Study

What is DRM?
? DRM is the chain of hardware and software services and technologies governing the authorized use of digital content and managing any consequences of that use throughout the entire life cycle of the content [IDC 2001] ? The technology for protecting files via encryption and allowing access to them only after the entity desiring access has had its identity authenticated and its rights to that specific type of access verified [Rosenblatt & Dykstra, 2003]

DRM

[Source: MarkAny.com]

? Content management
– Cryptography

? Policy management
– Policy: access rules for content – Authoring, distributing, evaluating policy expressions

Why DRM?
? To approximate content distribution model in physical world, and to invent new ones
– Ex: Buying a book at a bookstore
? Read, give, sell, lend ? Copy, change, embed

? To prevent unauthorized copying, usage, or redistributing of content
– Copying of digital files costs almost nothing – Different privileges needed for different users

Evolutions of DRM Systems
? 1st generation of DRM:
– Focused on security and encryption – Prevent unauthorized copying

? 2nd generation of DRM:
– Covers the description, identification, trading, protection, monitoring, and tracking of all forms of rights usages over contents, including management of rights holders relationships – Digital Management of Rights, not Management of Digital Rights

Reasons for Slow Growth
? Users find it inconvenient to go through registration or authentication procedures ? Publishers have not built the internal systems necessary to manage content ? DRM systems are not interoperable with each other or with back-end systems
– Lack of technology standards

A Typical DRM Model
ex:

ex:

ex: Please refer to p.5 of the DRM Technical Survey for more details

Some Commercial DRM Solutions
? Adobe Acrobat Reader ? Microsoft Windows Rights Management Services (RMS) ? InterTrust Rights|System

Please refer to pp.6-11 of the Technical Survey for more details

DRM in Digital Libraries
? Public/educational/promotional/research use vs. product sales ? Group users vs. individual user ? Expressiveness of rights
– “Lending” a book, – “Fair use”

? NetLibrary (a division of OCLC Online Computer Library Center)
– http://www.netlibrary.com/

? OnDisC Alliance (Online Distributed Content)
– http://www.ondisc.ca/

Main Components in DRM
? Cryptography ? Digital Watermarking ? Rights Model & Rights Expression Language

Different Levels of Protection
? System Security
– – – Authentication
? Password ? Access rights for (object, people, location, time) ? Event logging

Access Control Auditing

To prevent unauthorized copying To make unauthorized copy useless

?

Data Security
– – –

Encryption

Fingerprinting/Watermarking Rights enforcement Cryptography Tracking

? Key management

? For embedding rights information ? For enforcing embedded rights information

?

Network Security
– –
? Confidentiality ? Non-repudiation

To provide evidence for illegally redistributing or owning objects

Cryptography
? To ensure the confidentiality, integrity, authenticity, availability, non-repudiation, and access control of digital objects

Cryptography
? Encryption (lock)
– Symmetric: 1 key
? Ex: DES, AES, … ? Key management (secret sharing)

– Asymmetric: 2 keys (public, private)
? Ex: RSA, … ? Public key cryptography

Watermarking
Visible watermark

[Source: http://www.dlib.org/dlib/december97/ibm/12lotspiech.html]

Examples of Digital Watermarking

[Source: DigiMarc.com]

Watermarking
? To embed a digital code (or mark) into images, audio, video, or printed documents that is readable by computers
– – – – – – Transparency: visible, invisible Security: location of marks cannot be derived Unambiguous: uniquely identifying the owner Robustness: tolerance to attacks Capacity: amount of information embedded Blindness: reference to the source image

Please refer to pp.12-14 of the Technical Survey for more details

Traitor Tracing
? To make each copy unique by embedding marks into each copy
– To discourage piracy by enabling the merchant to identify the traitor

? Watermarking ? Fingerprinting

Functional Architecture for DRM Systems
? Intellectual Property (IP) Asset Creation and Capture
– Rights Validation, Creation, Workflow

? IP Asset Management
– Repository, Trading functions

? IP Asset Usage
– Permissions, Tracking Management

Core Entities Model
Rights Own Over Users Create/Use Content

IFLA Content Model
Item Manifestation
Embodied in Realized by Instantiated by

Expression Manifestation Expression

Item

Work

Example of IFLA Content Model
? Work: “The Name of the Rose” by Umberto Eco ? Expressions:
– Original text – English translation – Screenplay – Hardcover – Paperback – Digital audio book

? Manifestations of English translation

? Items

– A hardcover book purchased from Barnes-and-Nobles – A digital file purchased from Amazon

Identifying and Describing Entities
? Rights
– URI (Uniform Resource Identifiers) – DOI (Digital Object Identifiers) – ISTC (International Standard Text Code) – ONIX for books – IMS for educational learning objects – vCARD (RFC 2426) for people and organizations – MARC Relators code list for roles

? Contents ? Users

Rights Expressions
? Rights Model
– Schemes for specifying rights to a piece of content that a user can obtain in return for some consideration, such as registering, payment, or allowing her usage to be tracked.

? Types of Rights
– Render Rights: Print, View, Play – Transport Rights: Copy, Move, Loan – Derivative Work Rights: Extract, Edit, Embed

Possible Types of Rights

Please refer to p.16 of the Technical Survey for more details

Rights Expressions (cont.)
? Rights expressions should consist of:
– – – – Permissions: what you’re allowed to do Constraints: restrictions on permissions Obligations: what you have to do/provide/accept Rights holders: who is entitled to what

? Example:
– ODRL (Open Digital Rights Language) – XrML (eXtensible rights Markup Language)

Rights Expression Model
Count Time Territory Constraints Constraints Play Obligations Obligations Permissions Permissions Print Reuse Rights Holders

Pay Tracking Loyalty Points

Digital Object Identifier (DOI)
? http://www.doi.org/ ? A digital identifier for any object of intellectual property ? DOI provides a means of persistently identifying a piece of intellectual property on a digital network and associating it with related current data in a structured extensible way ? An implementation of URI

eXtensible rights Markup Language (XrML)
? http://www.xrml.org/ ? XrML is a general-purpose, XML-based specification grammar for expressing rights and conditions associated with digital content, services, or any digital resource ? A direct descendent of Stefik’s DPRL (Digital Property Rights Language) ? XrML 2.0 by ContentGuard, Nov. 2001

An Example XrML License
? Licenses: policy statements
– Issuer authorizes principal to exercise a right with respect to a resource subject to (zero or more) conditions.

Licenses
? Multiple authorizations from the same issuer may be grouped into a single license
– John says, “Bill has the right to print the book.”

? Grants may be chained either through direct trust of the issuer or transitively through licenses that grant rights to issue other licenses
– Alice says, “Bob has the right to issue a license to anyone to print the book.” – Bob says, “Carol has the right to print the book.”

XrML 2.X Licenses
? Patterns, variables, and quantifiers
– Alice says, “Anyone who can read the book has the right to print the book.”

? Prerequisite rights that condition the grant contained within the license
– Alice says, “Bob has the right to read the book if Bob is a member of the book club.” – “Compliance checking” algorithm for XrML 2.X is more complicated than simple “chain walking”.
? DAG (Direct Acyclic Graph)

Open Digital Rights Language (ODRL)
? http://odrl.net/ ? by R. Iannella, specification version 1.1 freely available

DRM Standards
? MPEG-21 ? CPPM/CPRM (Content Protection for Prerecorded/Recordable Media) ? DTCP (Digital Transmission Content Protection)

Please refer to pp.18-20 of the Technical Survey for more details

Rights Usage Tracking
? To track the usage statistics of each object
– All accesses to the object have to be recorded
? Online checking: download, play, print, … ? OS support: copy

? To provide evidence for illegally redistributing or owning objects ? It’s highly related to content dissemination

Tracking Techniques
? Registration-based
– Signature registration: checksum, hash value (MD5) – Signature matching

? Embedding-based
– Signature embedding: fingerprinting, watermarking, digital signature – Signature extraction

Tracking from Different Media

spider Tracking Agent query

Web

Peer-to-peer Networks

Case Study
? Corbis
– Business Model
? Thumbnail, watermarked Web image, Web image ? Royalty-free, rights managed

– Protection Mechanism
? Watermarking: Digimarc Digital Watermark ? Spidering: Digimarc MarcSpider Please refer to pp.20-21 of the Technical Survey for more details

Commercial DRM Solutions

DRM Classification
? Multimedia Protecting
– MP3 DVD VCD

? Confidential Information Protecting
– eBook Digital Images

Commercial DRM Solutions
Company Alpha-Tec LTD
(www.alphatecltd.com)

Product A series of watermarking tools A series of watermarking tools
(adopted by Corbis)

Description EIKONAmark Authentication Check AlphaCrawler digital watermarking Digimarc MarcSpider? Image-Seek is a content-based visual search and retrieval software. It Combines visual & keyword search RMS for Windows Server 2003 is information protection technology help to safeguard digital information from unauthorized use. Windows RMS enables protection of sensitive information, such as Web content, documents, and e-mail, through the creation and enforcement of persistent policies that live with the information—no matter where it goes. PicScout provides its customers with a total copyrights enforcement service. PicScout uses its robust engine to crawl various media channels, track image piracy and pursue legal enforcement.

Digimarc

(www.digimarc.com)

LTU

(www.ltutech.com)

Image Seeker

(adopted by Corbis, Live Visual Search Demo: http://corbis.ltutech.com/)

Microsoft (www.microsoft.com)

Windows? Rights Management Services

PicScout

(www.picscout.com)

PicScout

Commercial DRM Solutions
? (http://www.ccl.itri.org.tw/) ? ? ? ? ? USB Key ? ? ? Reader ? ? eGATE ? ?? (Authentication) (Confidentiality) ? ? ?
(www.trustview.com.tw)

?
(www.oiprint.com.tw)

? ? ?

USB Key ? ? ? ? ? ? ? (Integrity) (Non-Repudiation)

?

?

(www.esecure.com.tw)

TrustServer TrustView ( for Office, PDF, and Web )

<Permissions Management> 256-bit AES(Advanced Encryption Standard) PKI X.509 certificates? TrustView Client Plugin Office Adobe PDF Server <Tracking Management> ? ? ? Microsoft

?

Case Study: Corbis

Overview of Corbis
? Corbis is a leading provider of image-licensing solutions and services to creative professionals and companies dealing in image-based consumer products. ? With 25 million images, it is the leading provider of digital images to both the consumer and creative professional markets ? It provides imagery to creative professionals in magazine, book and newspaper publishing, advertising and graphic design, and Internet and new media publishing. ? The company uses its extensive Internet technology to allow customers to quickly and conveniently access and purchase images and related products.

Digital Images on Corbis Web Site
? Thumbnail:
– Smaller than 128*128 pixels – they can be browsed by all users. – Smaller than 640*640 pixels – Containing the letter of Corbis on it – They can be browsed by all users. – Same resolution with Watermarked Web Image but the perceptible watermark has been removed. – User can browse them on the web site after registration.

? Watermarked Web Image:

? Web Image:

Business Model
The Corbis collection can be divided into two sections: ? (1) Rights Managed
– licensed for specific predefined usages – Client identifies how, where, and to what extent they would like to use an image(s) and the agency provides permission to reprint the image – The usage fees are based on the usage as requested – Clients are typically granted one-time usage rights – Not allowed to edit or alter the images unless authorized.

Business Model
? (2) Royalty-Free
– The Royalty-Free license grants you non-exclusive use of the image or CD you select – Available digitally for direct purchase and download – Once you purchase an image, it is pre-cleared and ready to use in a variety of ways – To alter an image and create unique works of your own is allowed – Individually priced based on creative image selection, and resolution.

Copyright Protection Mechanism
? Corbis was an early adopter of Digimarc digital watermarking solutions since 1996. ? Digimarc digital watermarking
– Add a unique image ID to images, and to track those images as they were distributed digitally.

? Digimarc MarcSpider?
– Searcheing more than 50 million images on the web a month to determine where digitally watermarked images have been

Tracking Results
? Identifies up to 50 commercial infringement cases a month ? Provides information and evidence used by Corbis to capture licensing revenue that would otherwise have been lost ? Contributes to compliance revenue that Corbis recovers each year (over $1 million in 2003)

Thanks for Your Attention!