Digital Rights Management(DRM) Using XrML



Similar documents
Digital Rights Management for the Online Music Business

Digital Rights Management (DRM) in Education - The Need for Standardisation

Digital Rights Management

Experimental DRM Architecture Using Watermarking and PKI

Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop Presented by An In seok

Digital Rights Management - The Difference Between DPM and CM

Mobile Digital Rights Management

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Towards A Digital Rights Management Framework

Workflow description of digital rights management systems

Content management and protection using Trusted Computing and MPEG-21 technologies

Intellectual Property Management and Protection in MPEG Standards

Enterprise content management solutions Better decisions, faster. Storing, finding and managing content in the digital enterprise.

NONIUS: IMPLEMENTING A DRM SYSTEM

PDF security - a brief history of development

Security Issues for the Semantic Web

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

The Technology of Rights: Digital Rights Management

DRM Digital Rights Management

ATSC Standard: ATSC Security and Service Protection Standard

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

Digital Rights Management

DIGIMARC CORPORATION 9405 SW Gemini Drive Beaverton, Oregon

Alcatel-Lucent Multiscreen Video Platform RELEASE 2.2

Digital Rights Management for E-Commerce Systems

Adaptive HTTP streaming and HTML5. 1 Introduction. 1.1 Netflix background. 1.2 The need for standards. W3C Web and TV Workshop, 8-9 February 2011

Key Management Interoperability Protocol (KMIP)

Digital Signing without the Headaches

Key Management Interoperability Protocol (KMIP)

Module 1: Facilitated e-learning

Enterprise effectiveness of digital certificates: Are they ready for prime-time?

Enterprise Data Protection

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Developing accessible portals and portlets with IBM WebSphere Portal

Securing your Online Data Transfer with SSL

Content Protection in Silverlight. Microsoft Corporation

PrivyLink Cryptographic Key Server *


IBM Data Security Services for endpoint data protection endpoint encryption solution

Last Updated: July STATISTICA Enterprise Server Security

Secure Semantic Web Service Using SAML

I D C V E N D O R S P O T L I G H T

PowerKey Conditional Access System Phase 1.0. System Overview. Revision 1.0

Rights Management Services

Introduction to Service Oriented Architectures (SOA)

File Formats. Summary

Business Object Document (BOD) Message Architecture for OAGIS Release 9.+

Nonius: Implementing a DRM Extension to an XML Browser

The Comprehensive, Yet Concise Guide to Credit Card Processing

EMC PERSPECTIVE. Understanding Content Management and Digital Asset Management Functionality

E-Business Technologies for the Future

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

What is an SSL Certificate?

What is Digital Rights Management (DRM) for Documents?

TechNote 0006: Digital Signatures in PDF/A-1

Retailer Operating Manual for e-books

HEALTH INFORMATION MANAGEMENT ON SEMANTIC WEB :(SEMANTIC HIM)

SDSD-CPRM: Flexible Protection for Digital Content

Beyond the Hype: Advanced Persistent Threats

Test Plan Security Assertion Markup Language Protocol Interface BC-AUTH-SAML 1.0

Internet Technologies for Digital Libraries

Network Working Group

DCML - The Standard that Enables ITIL Compliance

VoiceXML Data Logging Overview

Digital Rights Management

White Paper on CLOUD COMPUTING

Research on the Model of Enterprise Application Integration with Web Services

Introduction to SAML

Information and documentation The Dublin Core metadata element set

A Robust Multimedia Contents Distribution over IP based Mobile Networks

Electronic Records Management Guidelines - File Formats

White Paper. IP Datacasting Bringing TV to the Mobile Phone

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Middleware- Driven Mobile Applications

Billing and Payment with the Elastic Path Ecommerce Platform

Checklist and guidance for a Data Management Plan

Transcription:

Digital Rights Management(DRM) Using XrML Heng Guo Helsinki University of Technology Department of Computer Science and Engineering hguo@cc.hut.fi Abstract This paper describes Digital Rights Management(DRM) and XrML. They are posing their increasingly importance in today s e-commerce. Based on recent evolution of DRM, this paper describes DRM entities involved model, rights model, technical issues, etc. Then, XrML, a XML based right language of DRM is introduced. Finally in conclusion, DRM and XrML future development are prospected. 1. Introduction DRM and XrML are both newly emerging things. DRM(Digital Rights Management) is a key point in e-commerce systems on the market of digital content. It permits the smooth, secure, trusted movement of digital works from creators and publishers to retailers and consumers. XrML(eXtensible rights Markup Language) is a type of language for DRM. It is a key element of ContentGuard DRM solutions. It is an XML-based language that assigns usage rights to content. It is a right management language for describing specifications of rights, fees and conditions for using digital contents(or properties), together with message integrity and entity authentication. Now it has been supported by some leading technology providers 2. Background One of the fastest growing and most profiting sectors of today s economy is information industry. Its success has in short time brought new opportunities to do business with digital information products. [12] New technologies like telecommunications, Internet, etc. is now enabling a new business models --- e-commerce. On the market of digital content, this results in information prosperity and provides new distribution channels, lower costs and fewer barriers. But for a long time, the perfect market for digital content was only a dream for publishers and distributors. Distributing information in digital forms presents 1

numerous legal concerns, especially on the Internet. The Internet was originally designed on an open architecture. It enables more and more new business opportunities but is vulnerable to the unauthorized use of information. It is difficult for the information providers to control what the others do with the information. For example, the publishers headache --- illegal copying and spreading, it is very easy to reproduce digital information and the quality is as good as the originals. This results in significant losses for authors, publishers and those legal customers. Now industry is demanding urgently an efficient mechanism for e-content protection. Digital rights management(drm), what we are talking about in this seminar paper is proposed for this purpose. 3. Digital Rights Management(DRM) Digital Rights Management poses greatest challenges for content communities. It will enable the growth and success of the e-content market. 3.1 What is DRM? Unfortunately, so far there exists no agreeable definition for DRM among those consortia which are now developing DRM systems. W3C (World Wide Web Consortium) has arranged a DRM workshop in January, 2001. The workshop brought together 65 leading DRM practitioners to discuss and debate DRM in general. The W3C is now considering whether and in what role it should take in this increasingly important area. The DRM suggested in W3C is the "digital management of rights", not the "management of digital rights"[3]. It covers the description, identification, trading, protection, monitoring and tracking of all forms of rights usages over contents, and the management of rights holders relationships as well. The first-generation of DRM Digital Rights Management (DRM) focused on security and encryption solving the issue of unauthorized copying by locking the content and limiting its distribution to only those who pay. It represented a substantial narrowing of broader capabilities of DRM. The second-generation of DRM takes the focus away from the current security/encryption/enforcement views and extends its capabilities to management issues. DRM has many benefits: For authors, publishers and retailers, DRM enhances marketing, targeting and understanding of consumer usage; provides greater security, track, persistent protection of content; guarantees the copyright compliance. For consumers, DRM improves products and services; provides access to higher quality content and a wealth of digital works; enhances user experience and convenience; saves time and money.for economy and market, DRM provides new business models. That is, sell individual components, pay per transaction or volume based, super distribution, etc. DRM increased productivity. 2

3.2 Entities Involved There are three core entities involved in Digital Rights Management: Users, Content and Rights. The Users can be any type of user like publishers, record companies, movie studios, corporate enterprises, end-user customers, etc. This entity creates the Content and uses the Content. The Content is any type of content at any level of aggregation. The Rights are the permissions, constraints, and obligations which are over the Content and would be granted to the Users[13]. It is described in detail in next section. Their relationship is shown in Figure 1. Rights Own Over Users Create/Use Content Figure 1: Core entities and their relationship 3.3 Rights Model The Rights entity allows expressions to be made about the allowable permissions, constraints, obligations, and any other rights-related information about Users and Content. Rights expressions can become complex quite quickly. Because of that, they are also modeled to understand the relationships within the rights expressions. This has been evidenced in the Open Digital Rights Language and a paper by Carl A. Gunter et al. [13] The Rights Model is shown in Figure 2. Count Time Territory Pay Tracking Loyalty Points Obligations Rights Holders Constraints Usage Permissions Play Print Reuse 3

Figure 2: The Rights Model As shown in Figure 2, rights expressions should consist of : [13] Permissions (i.e., usages) - what you are allowed to do Constraints - restrictions on the permissions Obligations - what you have to do/provide/accept Rights Holders - who is entitled to what 3.4 Digital Rights Management Features DRM includes features[12]: Set and refine rights management policies. An entity should define and continuously improve action on how to manage its rights in information products as part of its intellectual asset management strategy. Make and manage agreements. DRM should make agreements on rights in information products, and make contract management related to those agreements. Manage information on acquired rights. When some rights are acquired from other entities, it is important to know from whom those rights were received, how broad the rights are, how much and when the entity must pay for the rights, and so on. Control and enforce licenses. In most cases, reasonable business requires that a company licenses some rights to other entities. Therefore it is essential that the company is able to control what the others do with its products and enforce the terms of license agreements if necessary. Support marketing. DRM activities need to be flexible enough to support whatever marketing methods an entity decides to use. Support revenue collection and sharing. DRM should provide a way to be able to collect, account and share revenues from the users of the information within commercial entities. Risk management. Risks involved in DRM are future possible losses related to information in digital form so it would be better to manage those risks in advance. 3.5 Technical Issues The central area to build a working DRM system is the combination of rights model, rights management, and tools. Rights model need to be full understood in order to build rights management on top of it. Tools need to be treated and designed carefully in order to perform rights management. It could be divided into legal tools and technical tools. Legal tools are the set of tools that a legal system provides to protect one s legal rights. The tools include law enforcement, litigation, arbitration, and execution of court s rulings, etc[12]. They are not discussed further in this paper. Technical tools are meant to perform DRM. There are some technical issues which are considered to be important. Standardization. Now the e-content industry faces an important hurdle ---- a lack of standards to enable participants systems to work together and create a seamless 4

experience for both content providers and end users. So it is very important to ensure the adequate interoperability of the DRM systems. A good first step for DRM standardization is digital rights language. Next chapter in this paper introduces XrML, together with ODRL(Open Digital Rights Language), XMCL(eXtensible Media Commerce Language), etc. are efforts for this purpose. Security. DRM needs a Trust Infrastructure. A Rights Language and an architectural model shall be able to connect to the Trust-Systems developed elsewhere. To summarize a few concerns about Trust infrastructures from the W3C Workshop: What will "it" look like? Who should manage trust? How will trust be "interoperable? What are the social/legal issues (eg liability)? How to deal with trusted components (hardware/software)? But the issue of PKI and trust-structures is not a special case of DRM. E-Commerce and all kinds of services in the digital world depend on trust structures. Trust-structures are actually such a big task, that they should be considered outside a DRM-Activity[3]. It is not discussed further in this paper. 3.6 DRM system Implementation Examples At present, on the market of DRM systems, there exists various program decisions and services intended to spread the digital content and manage their rights. The most active ones are developed by the companies Adobe Systems, Glassbook, Softlock, InterTrust, ContentGuard, etc. Adobe Systems has developed a special technology Web Buy and PDF Merchant for selling the electronic publications in PDF format. Glassbook and Softlock have developed their own decisions for controlling electronic content and its rights. Product family includes Glassbook Reader / Glassbook Content Server and network system of selling the electronic documents in the format PDF e-merchandising. InterTrust has developed a general purpose DRM platform, Rights System, to serve as a foundation. The Rights System platform consists of DRM Software and Technology, Professional Services, and MetaTrust Utility Services. ContentGuard, founded in April 2000 by companies Xerox and Microsoft on the base of subdivision Xerox Rights Management Group. It is created for developing a DRM system which can control a spreading variety of digital content, including electronic books, digital audio and video. One of the key elements of the system is the XrML(extensible right MarkUp Language) which will be described in next chapter. 4. extensible rights Markup Language(XrML) 5

DRM covers a broad technical space. Its standardization is now occurring in a number of open organizations. There are several consortia hosting activities that will influence the field. For example, MPEG-4: IPMP (Intellectual Property Management and Protection), MPEG-7 Multimedia Description Schemes and Systems Layer, MPEG-21 Digital Item Identification and Description, W3C: XML-signatures, XML-encryption, XML-protocol, W3C: RDF, DAML and other "Semantic Web" projects, OpenEBook Forum: Previous EBX work on trust infrastructure and current "Rights & Rules WG"[3]. But, none of these activities solves the DRM interoperability and standardization problem. In particular, none of these deals with what we think of as the essential first step for the Web: the simple expression and communication of IPR information and policies. ODRL, XrML and XMCL have done something in this area. XrML is a language in XML (extensible Markup Language) for describing specifications of rights, fees and conditions for using digital contents (or properties), together with message integrity and entity authentication. XrML documents are XML conforming so they are readily viewed, edited, and validated with standard XML tools for example XML SPY. It is intended to support commerce in digital contents, and also intended to support specification of access and use controls for secure digital documents in cases where financial exchange is not part of the terms of use. In additionally, XrML supports and accommodates other industry standard, such as SSL, public/private key encryption and the DOI initiative. XrML describe rights, fees and conditions appropriate to commerce models they select, provide standard terms for usage rights with useful, concise and easily understandable meanings, offer vendors operational definitions of trusted systems for compliance testing and evaluation, provide extensibility to new language features without compromising XrML s other goals, provides an open architecture, scalability, customization, extensibility and the capacity to integrate with both existing systems and new ones as they are developed. 4.1 XrML Evolution ContentGuard, Inc. is committed to promoting a standard language that will express rights and specifications that can be universally interpreted by trusted systems technology platforms. To facilitate this common standard, ContentGuard has developed the XrML Specifications for DRM software (based on extensive research conducted at the Palo Alto Research Center - PARC) and desires to license the use of the XrML Specifications royalty-free. XrML is developed by the group of specialists under the direction of Mark Stefik in Xerox Palo Alto Research Center (PARC). The base to creation of XrML is the Digital Property Rights Language (DPRL) that was developed by the same group during 1990-1999[6]. Version 1 of DPRL (1994-1996), Xerox, which is focus on machine enforceable rights. Version 2 of DPRL( 1997-1999), Xerox. It is XML based syntax that enables you to specify rights information (fees, terms, and conditions) for documents. 6

XrML 1.0 (2000), ContentGuard.Com. It is extension of DPRL 2.0, introduce generic principals and named principals, message and entity integrity, location and tracking conditions. Compare with previous versions, it is uniform, flexible, and extensible. 4.2 XrML Lifecycle In application, publishers need not learn the rights markup language any more than they need to learn Postscript. Publishers do need to know the different kinds of rights, conditions, and billing approaches that are appropriate for their purpose. The rights language is chiefly intended to be machine readable. Publishers would use publishing systems to import digital works into a trusted system and to assign rights using a graphical user interface. Typically, the interface would provide standard digital boiler-plate or defaults reflecting their typical sales approaches. [11] The XrML lifecycle is shown in Figure 4. Figure 4: XrML Lifecycle 4.3 XrML Structures. XrML documents are specified using the element/attribute markup model of extensible MarkUp Language(XML). It is in hierachical structure. Elements are represented in CAPITAL which may contain other elements. This section provides an overview of XrML syntax, introducing some elements, details and features. To get a complete reference of XrML, please refer to the XrML specification by ContentGuard. 4.3.1 Top-Level Structure The following is the Top-Level Structure of XrML files. Character? denotes that the element is optional. <XrML> <BODY> (ISSUED)? 7

(TIME)? (DESCRIPTOR)? (ISSUER)? (ISSUEDPRINCIPALS)? (WORK)? (AUTHENTICATEDDATA)? </BODY> (SIGNATURE)? </XrML> File 1: XrML Top-Level Skeleton[11] XrML is the root element. It contains a mandatory element BODY and an optional element SIGNATURE. The SIGNATURE element is the digital signature of the former used to ensure its integrity. The BODY element is an optional description of a digital work and some optional meta information about this XrML document. It contains several optional elements: ISSUED is the time moment at which this document is issued. TIME is a time interval in which this XrML document is valid. DESCRIPTOR is a description of this document. ISSUER is a principal who issues this XrML document. ISSUEDPRINCIPALS is a list of principals this document is issued to. WORK defines a digital work and its usage rights. AUTHENTICATEDDATA captures data that is provided to an application which processes this XrML document. 4.3.2 Work-Level Structure WORK is a very important element of XrML. XrML documents are applied to arbitrary digital content in the form of WORK. The following is Work-Level Structure. Character? denotes that the element is optional. Character + denotes one or more. Character * denotes zero or more. Character are used to indicate alternative expressions. <WORK> (OBJECT) (DESCRIPTION)? (CREATOR)* (OWNER)? (DIGEST)* (PARTS)? (CONTENTS)? (COPIES)? (COMMENT)? (SKU)? (RIGHTSGROUP REFERENCEDRIGHTSGROUP )+ </WORK> File 2: XrML Work-Level Skeleton[11] The root element is WORK. It contains: OBJECT is the object that can be used to identify the work. DESCRIPTION is a description of the work. CREATOR is the creator of the work. OWNER is the owner of the work; it may or may not be same as the creator. DIGEST is cryptographic digest value of the work; it is used to ensure the integrity of the work. PARTS lists all parts of the work that may have different usage rights, fees and conditions; each part is a work itself. CONTENTS is an indicator of where the content is within a digital work; this is useful 8

when the content covered by the usage rights is embedded within a digital work. COPIES is the number of copies of the work that are specified. COMMENT is a field for any comment on the digital work and its usage rights. SKU is a Stock Keeping Unit, which is used for extensibility to allow people to identify this work in their own stock. RIGHTSGROUP is a rights group that defines all usage rights associated with the work. REFERENCEDRIGHTSGROUP is a reference rights group of the work. 4.4 Other Main DRM Languages ODRL(Open Digital Rights Language) and XMCL(Extensible Media Commerce Language) are two other main DRM languages under developing besides XrML. The Open Digital Rights Language (ODRL) provides the semantics for a Digital Rights Management expression language and data dictionary pertaining to all forms of digtial content. The ODRL is a vocabulary for the expression of terms and conditions over digital content including permissions, constraints, obligations, conditions, and agreements with rights holders. The ODRL is positioned to be extended by different industry sectors (eg ebooks, music, audio, mobile, software) and to be a core interoperability language and has no license requirements. [5] XMCL is announced by RealNetworks, Inc. and a host of industry leaders On June 20, 2001. It is an open XML-based language designed to establish industry-wide standards for Internet media commerce. By standardizing the language for business rules, XMCL will enable content to be managed in a way that is independent of codecs, digital rights management systems, and e-commerce systems. XMCL will greatly simplify deployment and accelerate the market for digital media commerce over the Internet. RealNetworks intends to submit the XMCL proposal to the appropriate standards organization, and will work with other industry leaders to ensure the initiative evolves into a widely accepted standard. [7] 4.5 XrML, ODRL and XMCL Current Situations According to ContentGuard, now more than 2000 companies and organizations have licensed XrML since April 2000. The actual number of Licensees as of 2/28/01 was 2031. More than 20 industry leaders, including Adobe Systems, Barnes & Noble, Glassbook, Hewlett Packard Company, Lightning Printing, Microsoft, Preview Systems, Reciprocal, Softlock, Time Warner Trade Publishing, Thomson Publishing and Xerox have already support XrML, hold XrML in high regard and believe that it will make a major contribution to the e-content market. For instance, Accenture and ContentGuard are collaborating to meet clients digital content distribution needs by offering customized packages of ContentGuard s RightsEdge technology and services. Adobe Acrobat/PDF is also integrated with XrML. Microsoft is developing its rights management system based on XrML. ContentGuard and Microsoft have an research and technology exchange program. Wordplay Inc. and ContentGuard extend the potential market reach of digital content providers to 90 countries and 130 currencies, with WorldPay's guarantee of secure transactions. Sandlot and ContentGuard enable content owners to manage the delivery and subscription process for digital content, including ebooks, music and video, just as effectively as they do for paper newspapers and magazines. ODRL supporters include Purplecast, Iprsystem, ARPA, Simpsons Solicitors, WI, Pipers, Authors, etc. [5] 9

XMCL is supported by a broad array of industry-leading technology and media companies including: Abril Group, Accenture, Adobe Systems, Anystream, America Online, Artesia Technologies, Avid Technology, Bertelsmann, British Telecom's BTopenworld, Clear Channel, Context Media, EMI Recorded Music, emotion, IBM, IFILM, InterTrust, MGM, Napster, RealNetworks, Rightsline, Sony Pictures Digital Entertainment, Starz Encore Group, Sun Microsystems, Tiscali, Viant, and Virage. [7] 5. Conclusions DRM is an increasingly important area. The New generation of DRM takes the focus away from the security issues and extends its capabilities to management issues. The current situation is: variety of companies and organizations are under developing their own DRM systems. Industry and users are now demanding standards to be developed to allow interoperability so as not to force content owners and managers to encode their works in proprietary formats or systems. XrML is a type of right management language for this purpose. Now it is licensed and supported by many companies and organizations. In the market, there exist other languages like ODRL, XMCL, etc. It is still early to say which one could be DRM standard language in the future. But undoubted, they will be contributed to DRM language standardization and foster the rapid growth of digital content economy. 6. References [1] Ross Anderson, Security Engineering, Wiley 2001, 561p [2] Open ebook Forum Working Groups <http://www.openebook.org> [3] W3C Workshop on Digital Rights Management for the Web: Workshop Report, 2001 [4] Intertrust <http://www.intertrust.com/> [5] Open Digital Rights Language <http://odrl.net/> [6] ContentGuard <http://www.contentguard.com/> [7] extensible Media Commerce Language <http://www.xmcl.org/> [8] Bradley L.Jones, webxml: The extensible Rights Markup Language(XrML), earthweb, 3/15/2001 [9] Robin Cover, The XML Cover Pages: Extensible Rights Markup Language(XrML), OASIS, 9/21/2001 [10] Robin Cover, The XML Cover Pages: XML and Digital Rights Management(DRM), OASIS, 6/27/2001 [11] Wang. X, XrML: Extensible rights Markup Language, 6/23/2000 10

[12] Olli Pitkänen, Mikko Välimäki, Towards a Framework for Digital Rights Management, 2000 [13] Renato Iannella, Digital Rights Management (DRM) Architectures, D-Lib Magazine, June 2001 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information