replication, and more and more attractive contents will well up. The large consumption of digital contents will bring increasing profit to network service providers.
Digital Rights Management Independent of Terminals in Mobile Applications Cheng Yang1, Lihe Zhang2 1. Information Engineering School, Communication University of China, Beijing 100024,China 2. Department of Electronic Engineering, Dalian University of Technology, Dalian 116024, China
Abstract: At present, most mobile terminals haven’t any functions of rights management, and cryptology-based method can’t resolve all the copyright problems in mobile digital distribution service. With the urge demand of digital rights management in digital distribution service, a scheme independent of terminals is proposed in this paper. It integrates watermark and signature techniques. In the paper we mainly discuss the scheme theory, architecture, service process and performance. In the end, the functional relationship between the proposed DRM and cryptology-based OMADRM is given. Analysis shows that the scheme is feasible and secure. Keywords: digital rights management, copyright protection, digital watermarking, mobile distribution service
1. Introduction In a very short time, E-commerce has evolved to a huge business. Digital media distribution plays an important role in business-to-consumer e-commerce. Digital music in particular has become extremely popular. Other media like streaming video and e-books are also becoming increasingly popular and important in terms of revenue. Mobile communication networks facilitate fast accessing to the internet and digital media wherever they are. Download services and message services can greatly meet customers’ demand, and bring fat profit to content creators, content providers and service providers. But a serious problem that faces content providers is the easy replication of digital contents. For right holders, illegal replication implies loss of profit. This accelerates the development of digital rights management(DRM), DRM systems incorporate encryption, conditional access, copy control mechanisms, and content identification and tracing mechanisms[1]. With DRM systems, content providers needn’t worry about the unlawful distribution and replication, and more and more attractive contents will well up. The large consumption of digital contents will bring increasing profit to network service providers. At the same time, DRM systems will also provide more business modes through the right expression[2], benefiting healthy and rapid development of the whole business value chain. DRM is a hot topic in the academy now, it has been
applied to many fields, such as DVD playing in CPTWG[3], music protection in SDMI[4] and e-commerce[5] and mobile video streaming service[6]. In 2001 American M.I.T. listed the DRM as one of the ten greatest innovative technologies changing the future world at the journal of technology review. Many well-known international standard organizations such as 3GPPs, OMA, W3C, OASIS, ITU-T, IETF, ISMA and MPEG have already established some related norms. The norm established by OMA has been widely applied to mobile digital content distribution service now[7,8]. Some terminal device manufacturers like Nokia have already produced mobile phones supporting OMADRM. A key component of OMADRM is the secure subsystem or the DRM agent in mobile terminals. All users’ operations on digital medium in terminals will be fulfilled by the DRM agent. Additionally, the DRM agent can trace digital medium and verify users’ rights of playing, modification and superdistribution and so on. DRM agent is the base of OMADRM. But there are not DRM agents in most users’ terminals yet. Terminals can not achieve copyright protection and rights management. So downloaded digital media contents can be optionally tampered, duplicated and superdistributed. Even if terminals have DRM agents, tampering can’t be completely prevented yet. Because traditional cryptology tachniques only protect the information transmission from end to end. Once users is entitled with using some medium, these medium will be exposed to them without any protections, thus they can be tampered all the same. In order to solve these problems, we proposed a watermark-based rights management scheme. It is a synthetical scheme of watermark[9], encryption[10] and signature. In the scheme secure subsystem of terminals isn’t necessary.Watermarking technique makes up the disadvantage of the existing cryptology-based OMADRM to realize better rights management.
2. Watermark based scheme The scheme makes use of watermark techniques to embed copyright information, purchaser information and other additional information into digital multimedia contents imperceptively. The watermark information is used to protect original rights and trace contents’ usage
1 2
Cheng Yang(1974‐), Ph.D., graduate from Beijing University of Post and Telecomms. Lihe Zhang(1976‐), Ph.D., graduate from Beijing University of Post and Telecomms.
timely. 2.1 WDRM System Architecture Watermark-based digital rights management(WDRM) is a network side scheme. It is a synthetical solution including digital watermark technique and cryptology technique. The kernel technique is watermark. It will guarantee the content consistency during the course of downloading, superdistribution and uploading. From the architecture we see that when users download and superdistribute digital contents, mobile operator network will forward users’ requests to DRM server, the latter decides to agree or refuse users’ applications according to predefined strategies and resend the response to mobile operator network, mobile operator network will send contents and billing to users if DRM server agrees, otherwise inform users of request failure. The figure shows us the basic information flows, and it also implies where to locate DRM server when deploying network topology in the future. It should be integrated into multimedia message service center(MMSC) that is the kernel of MMS server, because both need frequently exchange message. The kernel of DRM server is digital rights management center(DRMC), it has the functions of right register, verification and management.
Fig. 1 System architecture
In order to decrease MMS server’s burthen and to facilitate management, there are possibly several MMS servers in a region. Out of the same aim, according to actual condition of every region, there are also possibly several DRM servers to be deployed in a region. Every DRM server distributed among districts is an independent system. When multimedia message(MM) is submitted between two users who are in different regions, MM is firstly submitted to originator MMS server and the originator DRMC will validate sender’s rights, only when sender has valid rights, can MM be forwarded to recipient MMS server, the recipient DRMC is responsible to validate receiver’s rights. 2.2 Inner theory structure Inner theory structure of DRMC is shown in Fig. 2. It mainly consists of four modules, they are Register Module, Verification Module, Rights Database and State Count
Module. Register Module receives requests from service providers(SP), and verify their identities, then resends SP the contents that have been encapsulated rights information. Rights encapsulation is realized by robust watermark algorithms against some intentional and involuntary attacks. The most familiar involuntary attack is content adaption, because there are many different style mobile terminals that have different screen dimensions or different colour depth and so or. When MMS contents are superdistributed from one terminal to another different style terminal, those contents are usually processed to adapt to recipient terminal attribute. The input parameters of Register Module are MMS contents that SP submitted to Register Module, SP’s copyright information obtained from Rights Database and some correlative secret keys. Its output parameter is the marked MMS contents. Verification Module mainly detects and validates right information during the course of multimedia message service flow. Firstly, it analyzes MMS contents submitted to DRMC, and gets their format and type information. Then according to format information system adopt corresponding algorithms to validate right. Finally the results are submitted to State Count Module. The input parameters of Verification Module are MMS contents that SP or MMS terminals forward to DRMC, secret keys that used to detect copyright information, and correlative rights information in the Rights Database. Its output parameter is the detection result. The right rules and copyright information of all contents are saved in the Rights Database, they are used to control the usage of the corresponding digital contents. Distribution system decides users how to use a certain digital content according to its rights information extracted by verification algorithms. If users don’t meet the demand, the system will refuse their request, otherwise the system will forward the content to users. State Count Module records and updates rights information such as using times and deadline, etc. When users want to superdistribute the watermarked contents, the system will charge them according to charging modes defined in rights expression. In the whole course, the control center is responsible for managing all the entities. WDRM doesn’t need the terminals’ support, and it utilizes signature techniques to enhance efficiency. The watermark information is embedded into multimedia content C to produce C’, then hash operation is applied to C’ to get eigenvalue Hash(C’), encrypt the value into EC’, thus EC’ may be look as the signature of C’.
modified such as resizing and file format change, the extracted sequence possibly has some error bits. But if only the error code percent is in the scope of error-correcting, all of error bits can be corrected. Finally, using the watermark sequence as index number search the database for corresponding rights information. 2.3 Service Process
Fig. 2 Inner theory structure
DRMC establishes and manages two databases, Copyright Database including Content Providers’ ID(CPID) and Hash(C’), Use Right Database including mobile terminals’ ID(MSID), Receiving Right and Sending Right. Both of them use Rights Index and Hash(C’) as index entry. Fig. 3 shows the theory of rights register and rights verification. 1. Rights Register We establish rights information database, using index number of rights information as its corresponding watermark bit sequence. This operation aims at compressing the payload of watermark algorithm. The sequence is encoded using the error-correcting codes, forming the encoded sequence. Finally, watermark embedding algorithms embed the encoded sequence into digital contents, forming the watermarked contents. In the experiment, we select the (31,6) BCH error-correcting algorithm. It can correct twenty percent random error bits and thirty five percent burst error bits. To images, we proposed a quantification modulation watermarking algorithm in DCT domain. To video sequences, we embed watermark into motion information with statistic method[11]. Then the watermarked contents can be treated in manners described in other parts of this paper.
The service flow diagrams of rights register, content download and content superdistribution are given as follows. Rights Register: S=(CPID, Registered Mark, Rights Index) C’=EncodeMark(C,S,Key) I=(Hash(C’),CPID) Rights register is fulfilled by Register Module according to the request of CP, there are two registration styles, online registration and offline registration. Before CP issues plenty of MMS contents in its gateway network, these contents will be offline registered through special channel. When contents that are circulating round MMS network need to be registered, offline registration will be adopted. The basic processes of two kinds of registration are the same, the concrete offline registration process is as follows, 1. CP submits digital content C to MMSC for registration, MMSC forwards C to DRMC, Verification Module of DRMC first checks whether C is registered or not. 2. Verification Module tries to extract watermark. If watermark exists, it indicates that C has already been registered. Verification Module submits detection result to CP via MMSC and exits. Otherwise, Register Module generates registration information S and embeds S into C using a private key by robust watermark algorithm. The result is C’. 3. Save Hash(C’) and CPID into Copyright Database, Save Hash(C’), MSID, Receiving Right and Sending Right into Use Right Database. 4. DRMC sends C’ back to CP and exits.
Fig. 3 Theory of right register and right verification
2. Rights Verification Watermark extraction algorithms extract watermark sequence (encoded sequence) out of digital contents. Then the extracted sequence is error-correcting decoded to get watermark sequence. If some digital contents have been
Fig. 4 Rights register message flow chart
Content Download: When user wants to download contents from content server, CP will forward user’s request to MMSC. Then MMSC submits right verification request to DRMC. DRMC will process digital contents
according to their right expression. If DRMC validates that C’ has been registered, it will further search Use Right Database using Hash(C’) as index to decide whether users are entitled to receive the digital contents or not. The concrete process is as follows, 1. After DRMC receives users’ request for downloading C’, Verification Module will sign up C’ getting Hash(C’). 2. Search Copyright Database for CPID of C’ using Hash(C’) as index, verify whether C’ is registered or not. If yes, produce the charging record. 3. Search Use Right Database for users’ receiving right using Hash(C’) as index. If users can download C’, the Register Module will encrypt Hash(C’) into EC’, together with C’ is sent back to users. If uses can not download it, DRMC will send refusing request information to users.
search Use Right Database for related rights of A and B, and search Copyright Database to for CPID of M using Rights Index. If watermark is invalid, refuse User A’s request and exit. 2. If User A has the right of distribution and User B has the right of receiving M, then MC’ combined with EMC’= Encrypt(Hash(MC’))will be sent to User B. During the course of superdistribution, the system knows the origin of digital content all the time. Thus CP can attain profits essentially belonging to him. And according to Use Right Database, CP can specify some rights for certain users. There are two methods to get CPID from content M: (1) Extract signature MH and decrypt it, then search Copyright Database for CPID. (2) Extract watermark information including CPID. If the digital contents are tampered during the course of transmission, the CPID obtained by means of the first method is possibly inaccurate, thuswise we must adopt the second method. 2.4 The characteristics of algorithms
Fig. 5 Content downloading flow chart
EC’=Encrypt(Hash(C’)) Content Superdistribution: To current MMS network system, MMSC can’t trace digital contents’ origin during the content superdistribution, it is unable to pay copyright fee to CP. If we combine WDRM with current system, it can properly charge users for superdistribution according to contents’ rights information. Let us suppose that User A wants to distribute content M to User B. The concrete process is as follows,
Fig. 6 Content superdistribution message flow chart
M=MC’+MH DC=Decrypt(MH) W=DecodeMark(MC’) 1. After DRMC receives User A’s request of superdistibution. The Verification Module extracts signature MH from M, and verifies the validity of MH. If decrypted MH equal to the signature of MC’, search two Database by DC to get the receiving and sending right of A and B, and CPID of M. If not equal, the Verification Module tries to extract watermark S. If watermark is valid,
The WDRM as a practical DRM scheme in mobile digital distribution service has some system characteristics as follows. Therefore the watermark algorithms must also satisfy these characteristics. 1. Real time property. In order to offer high quality of service, the course of rights management mustn’t spend so much time as to serious propagation delay and receiving delay, and stream medium have been extended to mobile network gradually, this demands WDRM should have higher efficiency and lighter burden. 2. High robustness. Robustness is used to scale tamperresistibility of watermark algorithms. It is the base to offer secure and reliable protection to digital medium. In mobile network, terminals can simply process downloaded medium, such as rotation, resizing and writing characters on pictures. Watermark algorithms adopted in WDRM must be immune to those operations. 3. Rights management in mobile network has unique features different from other application domains, such as small medium and huge quantities of data. These must be considered when establishing WDRM, and watermark robustness is in contradiction to watermark capacity, therefore watermark information must be short enough to be embedded into small medium. 4. Strong security. In WDRM, secret key is used to embed watermark and verify signature. The security of secret key is the base of the security of WDRM. Some mature key management techniques, such as public key infrastructure, should be incorporated in WDRM so as to offer a trusty third party.
2.5 Performance Analysis The system performance analysis is considered from efficiency and security aspects. Efficiency: Digital contents will undergo many operations such as encryption, decryption, abstract extraction, database searching and watermark extraction during the course of rights management. Watermark extraction is done only when the signature is invalid, thus avoid frequently performing low efficient watermark extraction operation to a great extent. On the other hand, we may enhance the real-time property of WDRM from other aspects such as parallel searching, code optimization and multithread process. Security: For rights register, digital contents are transmitted to WDRM through the special channel, security problem in the course doesn’t belong to the category of this paper. According to the MMS transmission protocols, digital contents will be adjusted to be fit for terminals’ display attribute such as dimension and color deep, etc. and users may also process digital contents in mobile phones or in person computers. Whether natural process or vicious process, the system security lies on the security and robustness of watermark algorithms. If copyright information can be correctly extracted from tampered digital contents, we consider that those contents still belong to their authorships. As viewed from management, the security of WDRM lies on the security of watermark algorithm management and key management. If only one of them is revealed, the system is still secure. When both of them are revealed, we considered the system insecure. At this time, we must replace algorithm and key. To protect them we should adopt some effective algorithm management and key management techniques. More importantly, we should establish a integrated security framework. But it comes down to some non-technology factors. 2.6 Key and Algorithm Management In order to enhance watermark security, watermark is embedded with secret key. When registering rights, WDRM will produce a secret key Key, and put it into the Copyright Database including CPID, Hash(C’) and Key. We use kc as its index number in the database. The first watermark algorithm will embed right information including CPID and other information into digital contents to produce C’ using Key, then the second watermark algorithm will embed information including kc, Registered Mark and algorithm number An into C’ to produce C” with a fixed key. While verifying digital contents, WDRM will execute the second algorithm to extract kc and then execute the first algorithm to extract relevant rights information
with Key that is obtained by searching database using kc as index. Even though some attackers can extract the second watermark, they can not get the rights information without Key. Thus different digital content may use different secret key, avoiding frequently changing secret keys. Only when cost of losing secret key exceeds receptivity, we will replace the old secret key. Algorithm number An is used to manage watermark algorithms.
3. The relationship between WDRM and OMADRM 3.1 Feasibility OMADRM is a copyright protection and right management scheme based on cryptology, such as AES and PKI. The secure subsystem, DRM agent, must be established on the users’ terminals. But at present, almost all users’ terminals have not supported this subsystem. At the same time, WDRM does not rely on secure subsystems or agents. There is no change in current user’ terminal. Under the request for copyright protection, WDRM can be used in mobile network right now to protect the copyright of digital content and also offer a mechanism to manage user’s right to treat the media, such as download, superdistribution. OMADRM is a right management system based on the DRM agent. It controls all users’ treatment of downloaded digital content according to the right rules defined by service provider and content provider. The kernel of OMADRM is to incarnate the value of media content by the defined rights and rules. Only when users pays for the rights, they will be authorized to use digital content. The different right endows users with different ability to treat the media. Meanwhile, the kernel of WDRM is to incarnate the value of media content by the media itself. WDRM emphasizes to control the right during the distribution of digital content without the support from user’s terminal. And because WDRM adopts digital watermarking technique, when dissension occurs, the watermark will be extracted and serve as copyright proof. 3.2 Security OMADRM offers a basic security on the application layer. The rights are managed by DRM agent. The OMADRM consider there are no vicious attacks on digital medium from users. While WDRM offers a higher security on the application layer. The security offered by WDRM does not rely on the trust in users. Ideally, WDRM is robust to all possible attacks, including vicious attacks. In addition, according to the robustness of watermark algorithms and
the security of keys, the extracted watermark can be also used as copyright proof in the lawcourt. The combination of WDRM and OMADRM will be a more perfect solution. OMADRM can offer more reliable safeguard for the security of WDRM. For example, OMADRM adopts AES and PKI technique to forbid unauthorized access and tampering. This decreases dangers of unauthorized tampering with data, thereby increases the security of watermark. WDRM has coordinative architecture as OMADRM, the Register Module is equal to the Package Server of OMADRM, the Rights Database is equal to the Rights Issue Server, the State Register is equal to the Status Report Server. All of these guarantee smooth upgrade from WDRM and OMADRM to the combined solution, decreasing update costs and complexity as much as possible.
4. Conclusions Because there is no secure environment in users’ terminals at present, it is impossible to adopt OMADRM to protect copyright and manage rights, and the cryptology-based solution can’t completely resolve the facing problems. Under this situation, we propose the watermark-based solution combined with signature technique. WDRM is an integrated architecture for copyright protection and rights management designed for the mobile network. From above analysis we can conclude that WDRM is secure and feasible. Acknowledgements This study is supported by National Natural Science Foundation of
China.
References 1] Camp L J. First principles of copyright for DRM design. IEEE Internet Computing, 2003, 7: 59-65 2] Wang Xin, DeMartini T, Wragg B. et al. The MPEG-21 rights expression language and rights data dictionary. IEEE Transactions on Multimedia, 2005, 7(3): 408-417. 3] Bell A E. The Dynamic Digital Disk. IEEE Spectrum, 1999, 36(10):28-35. 4] Secure Digital Music Initiative. pdwg99070802, SDMI Portable Device Specification Version 1.0. 1999 5] Hartung F, Ramme F. Digital rights management and watermarking of multimedia content for e-commerce applications. IEEE Communications Magazine, 2000, .38(11):78-84 6] Gunhce K, Dongkyoo S, Dongil S. Intellectual property management on MPEG-4 video for hand-held device and mobile video streaming service. IEEE Transactions on Consumer Electronics, 2005, 51(1):139-143.
7] Open Mobile Alliance. Digital Right Management Version 1.0. [2004-05-10]. http://www.openmobile -alliance.org. 8] Thull D, Sannino R. Performance considerations for an embedded implementation of OMA DRM 2. Proceedings Design, Automation and Test, 2005, 3:46-51 9] Cox I J, Miller M L, Bloom J.A. Digital Watermarking. USA: Morgan Kaufmann Publishers, 2002. 10] Schneier B. Applied Cryptography-Protocols, algorithms and source code in C, 2nd ed. USA: John Wiley & Sons, 1996. 11] Zhang Li-he, Yang Cheng, Kong Xiang-wei. Video watermarking synchronization based on motion vector statistic. Journal of Optoelectronics . Laser. (in Chinese) (in press)
