Error! No Text of Specified Style in Document. . a NEW SOLUTION for a DIFFICULT PROBLEM

Keywords: Content, access, license, user, SIM, home, NFC, DRM, device, network, authentication

Abstract:

1 INTRODUCTION 5. Samme, om du skriver litt på konklusjon så kompletterer jeg med DRM ting her… - Kommentarer: hmm 1. Jeg snakker lite (ingenting) om 6. Forslag til figur 1: Hadde det vært en ide å autentisering. Vet ikke helt hvordan vi skal kalle sikkerhetsnivåene for low, medium sy delene våre sammen… Helt på slutten og high? Low = no security i praksis… av DRM kapittelet evt i konklusjon Hvordan brukes passordet på ”medium” kommer jeg vel til å kort nevne nivå? – jeg brukte ”nice to know”, ”need fordel/mulighet for bruk av smartkort som to know” and ”have to know”, as they are sikker enhet til å lagre lisens… more specific than ”low”, ”medium”, ja, det høres fornyftig ut.: mitt forslag: ”high”. (sømløss) autentisering gjennom mobilen 7. Helt på slutten har du ”Open issues” DRM er en videre bruk, ”enhet til å lagre Ønsker du å detaljere, eller skal vi bare lisens” fjerne? – ok, kan fjernes 2. I begynnelsen av kapittel 2 sier du at ”In 8. Referanser: (OMA, 2006) eller [OMA, this paper we focus on methods for using 2006]. Jeg tror det var første versjon () different identification mechanisms …” 9. References: Update ”Somogyi” (not ’u’) Kanskje endre til ”In this chapter we …” -ok 3. Tilsvarende i seksjon 2.4 står det at ”This paper investigates in further details the split of RF and ID” Tja, vet ikke helt hvor vi gjør det… - vi gjør det ikke enda, men beskriver funksjonaliteten. et videre steg er å definere grensesnitt bedre. så jeg 4. Hvis du kunne klare å skrive noe om DRM specific issues hadde det vært flott, jeg har veldig knapt med tid. Kanskje vi kan droppe denne seksjonen? -– hmm – ok, done 3.1 xxxxx are also coined self-protecting documents), or may be contained in an individual license. The actual The suggested NFC2SIM protocol has to secure content is often cryptographically protected, with the communication between the NFC module and decryption keys and -attributes residing in the the smartcard. Application keys like access or license. In turn, the license therefore also needs to be licensing keys are stored on the SIM, and are protected both during transfer and storage. accessed through the NFC radio. The following paragraph will address DRM specific issues in this solution. 4.1 Mobile Licensing

3.2 DRM specific issues Many DRM systems have been proposed over the years; a few of the more recent DRM products This paper postulates the split of licensing keys which are used for online distribution of protected and content in a DRM management system. Such a content in mobile environments include Apple's solution will enable the user to carry his content FairPlay system used in iTunes and the iPod audio rights wherever he goes, and allows content access player, Microsoft Windows Media DRM both on all media players. It will be more convenient [WinDRM,WinDRMD] and OMA DRM [OMA for the user, and enhance the acceptance for 2006] by the Open Mobile Alliance. These systems licensing. all support protection of audio/video content for Typical application areas are: mobile devices / media players. One notable  Usage of content on any media player able difference between these systems is that while to handling the media format FairPlay incorporates licensing information into the  Purchase of licenses through mobile music file itself, Windows Media DRM and OMA channels, e.g. SMS DRM keep REL-defined licenses separately from  Distribution of gift licenses  Permanent of time-limited transfer of content. While self-protecting documents can be licenses from one user to another convenient and hassle-free from a distribution point-  Backup/update/restore of license keys of-view (since the license is always present together with the document itself), maintaining licenses The next chapter will analyze the current DRM separately from the content ultimately provides a mechanisms and state their weakness with respect to greater flexibility with regards to license updates, as license transfer. licenses (if allowed by the policy) may be renewed or forwarded without also having to download the entire content once again. 4.DIGITAL RIGHTS 4.2 License transfer/backup MANAGEMENT The ability to carry out proper data backups is a The purpose of DRM (Digital Rights Management) fundamental security requirement and principle. systems is to ensure that digital objects and However, many DRM systems by their very nature resources can only be accessed in an authorised prevent duplication of digital objects and more manner. DRM systems are seen as an important specifically their associated licenses/rights, thereby enabler for electronic distribution of digital content precluding individuals and organisations from such as audio, video, text documents, software implementing a proper backup policy. In other applications, and have therefore received much words there is a specific and quite difficult challenge attention in the recent years. DRM systems making DRM solutions compliant with ordinary data implement and enforce mandatory access control backup principles. To what extent do common DRM [Gasser, 1988], typically granting access on a per- technologies such as FairPlay, OMA DRM and content basis, often extended with further limitations Windows Media DRM accommodate and allow for e.g. to allow access for a limited timeframe only or content and license backup and –recovery? What to a specific number of views or runs. RELs (Rights happens when the content and/or license is lost? Expression Languages) such as OMA REL OMA, What mechanisms may be devised in order to 2006 and XrML, 2001 are used to state these reconcile the conflicting requirements from DRM access conditions. The REL specification may be systems and backup-needs? These questions and embedded in the document itself (such documents issues are addressed in the remainder of this chapter, indicating the need for a new method of license reinstantiated as the result of restoring a backed-up management. Rights Object. In addition the security model ensures that Rights Objects are protected and can Cuts from other documents: (Jeg kommer til å only be accessed by the intended DRM Agent / ekstrahere deler av dette) Domain.

FairPlay will allow a protected track to be used Skal også beskrive metode for å oppnå mulighet in the following ways: for backup / restore av lisenser…  The protected track may be copied to any Hvordan er veien videre? number of iPod portable music players. This paper suggest a licensing mechanism, which  The protected track may be played on up to five releases the cotent form the DRM management. (originally three) authorized computers Similar to the authentication, where we suggest to simultaneously. bring the id into the SIM card, we suggest that  The protected track may be copied to a standard CD audio track any number of times. licensing keys should be kept in the user device, but  The resulting CD has no DRM and may be be made available to the media player through the ripped, encoded and distributed like any other near field communications. CD. However, as the CD audio still bears the artifacts of compression, converting it back into CONCLUSIONS a lossy format such as MP3 may aggravate the sound artifacts of encoding (see transcoding). The mobile phone can be used for physical  A particular playlist within iTunes containing a access (admittance) and service access using near protected track can be copied to a CD only up to field communication (NFC),: It may act as the seven times (originally ten times) before the security device in wireless network access, using playlist must be changed. EAP/SIM and Bluetooth, or using the SIM  FairPlay does not affect the ability of the file credentials for VPN and Mobile Commerce itself to be copied. It only manages the applications. The paper extends the seamless access decryption of the audio content. into the digital rights management, suggestion  An intentional limitation of Fairplay is that it methods on how the rights key can be managed the prevents iTunes customers from using the SIM card, while content is distributed on the purchased music on any portable digital music customer devices. player other than the Apple iPod. This paper suggests to base both network access, How does Windows Media DRM handle backup service access and rights management on the SIM and -recovery? According to WinFAQ, backup of card of the mobile phone. With faster access digital media files is allowed through traditional networks, digital content does not longer need to be backup mechanisms. Licenses may be backed up carried around, only the access rights have to follow and restored on a different computer. Upon restore, a the user. The scenario used in this paper is the access Microsoft fraud detection service ensures that the to home content, which contains the following customer's backup/restore system is not abused by elements: The home content storage, the media digital media pirates. Content owners may disable player, the personal device and the network elements the Microsoft backup and restore process and interconnecting the devices. manage restores at their own clearance web sites. NFC is introduced to exchange information Of the three, OMA appears to be the most including NFC as communication medium, and restrictive. According to OMADRM, DRM NFC2SIM as protocol for exchange of information Content can be stored safely on removable media, in between the NFC and the SIM card. Application a network store, or in some other form of storage. keys like access or licensing keys are stored on the DRM Content is stored in encrypted form, and so SIM, and are accessed through the NFC radio. While can only be accessed by a particular target DRM current DRM systems implement and enforce Agent. mandatory access control for a limited number of Rights Objects (licenses) can be stored for devices, our solution suggests to let license keys backup purposes but it should be noted that the being handled from a central user device, allowing replay cache mechanisms ensure that Rights Objects every media player to play the content. This solution containing stateful permissions can not be provides a greater flexibility with regards to license updates, as licenses (if allowed by the policy) may be renewed or forwarded without also having to download the entire content once again.

REFERENCES

ContentGuard, XrML – eXtensible rights Markup Language, 2001, http://www.xrml.org/ Morrie Gasser, Building a Secure Computer System, ISBN 0-442-23022-2, Van Nostrand Reinhold, 1988 Lopez Calvet, J.C., 2005. The role of RFID in the mobile phone, Telektronikk 3/4.2005, pp. 131-142 Microsoft Corporation, Windows Media DRM, http://www.microsoft.com/windows/windowsmedia/h owto/articles/drmarchitecture.aspx Microsoft Corporation, A Technical Overview of Windows Media DRM 10 for Devices, September 2004, http://go.microsoft.com/fwlink/?linkid=40518 Microsoft Corporation, Windows Media DRM FAQ, http://www.microsoft.com/windows/windowsmedia/f orpros/drm/faq.aspx Noll, J., 2005. Service development in the home - Eurescom project OSIAN, EURESCOM mess@ge, issue 2/2005 (June 2005), pp 16-17, ISSN 1618-5196 Noll, J. Lopez Calvet, J.C., 2005. SIM-card enabled Seamless Access in Mobile and Broadband Access Networks, Proceedings of the WWRF #15 meeting, Paris, 8.-9.12.2005 Noll, J., Ribeiro, V., and Thorsteinsson, S.E., 2005. Telecom perspective on Scenarios and Business in Home Services, Proc. Eurescom Summit 2005, Heidelberg, Germany, 27.-29.4.2005, pp. 249-257 Open Mobile Alliance, DRM Architecture, Version 2.0, March 2006, http://www.openmobilealliance.org/ release_program/drm_v2_0.html Somogyui, E, 2006. Seamless access to structured home content. Mastertthesis Budapest University of Technology,Jan 2006 (Masterthesis or Master Thesis?)