Research on Digital Content Copyright Protection System WANG Yun-Cai Chinese People's Public Security University, Beijing 100038, China Corresponding author: +86 010 13261923909 E-mail address:
[email protected]
NIU Ju-Fen Hebei University, Baoding 071002, China E-mail address:
[email protected]
Abstract: This article studies copyright protection system, and generalize system framework, Firstly, it introduces the technological base of digital copyright protection systems, outlined several digital content encrypting algorithms and one-way hash function; Secondly, it introduces system design, security requirements and working principle. Finally, it introduces digital copyright protection system framework, and designs a secure transaction system for digital content. Keywords: digital resources management (DRM), copyright protection system, encryption, decryption, secure transaction system
1. Introduction
safety technology in use, was divided into cryptographic
With the rapid development of the Internet and digital
techniques oriented DRM systems and digital watermarking
technology, the digital content which trade and diffuse
technology oriented DRM systems, as well as the DRM
online, such as e-books, music, movies, pictures, games and
systems combined both above. Although there existed
software, becoming more and more. Web publishing and
difference in the protected objects, supported business
traditional works digitization are inevitable. Nevertheless,
models and adopted techniques, the DRM system hold the
the easiness of copy, modification and dissemination lead to
same core idea, that is to protect the digital content through
a lot of piracy and infringement, Users, copy and paste the
the use of digital content permission. [2]
value
2. The technology base of digital content copyright
information
intentionally
or
unintentionally,
especially the unaccounted secondary spread, such as disk
protection
replication, network sharing, etc., which just waste potential
2.1 Cryptography theory
consumer resources with the geometric speed and cause
Modern cryptography includes four parts:
great loss, frustrate the enthusiasm of using Internet, and
Clear text: the original information can be read may be
holdback the information dissertation, Traditional copyright
a bit sequence, a text file, bitmap, digital voice sequence or
protection of digital content can no longer satisfy the needs
digital video images sequence.
of digital content copyright protection.
[1]
So that, it is
Cipher text: after encrypted, the clear texts become
necessary to manage and protect various digital content,
unable-read text.
integrate digital content copyright protection technology,
Encryption Algorithm: mathematical formulas which
business models and the existing legal system according to
used for the clear text to cipher text and cipher text to clear
the characteristics of digital content, and construct the
text.
Digital Rights Management System structure.
Secret key: the key used for encryption and
Currently, there are a lot of DRM systems in the
decryption.
market, which, according to the protected object, was
Modern encrypting techniques can be divided into
divided into DRM systems correspond to software and
three categories: the private key cryptography, public key
DRM systems correspond to e-books, streaming media and
cryptography and one-way hash function.
other digital content; according to the special hardware
2.2 Private key encrypting technology
weather in use, was divided into hardware-based DRM
Private key encrypting technology, also known as a
systems and software-only DRM systems; according to the
symmetric single key cipher system which indicates that the
___________________________________ 978-1-4244-4900-2/09/$25.00 ©2009 IEEE
1050
encrypting key is the same with decrypting key or one can
system is often used to encrypt the core of confidential data,
be derived from the other known key. Symmetric key
while the symmetric cipher system is often used to encrypt
algorithm can be encrypted faster for the key being short, it
large amounts of data.
suits the encryption for a large number of data. But it also
2.4 One-way hash function
revealed the inherent disadvantage of the code mechanism:
(1) One-way hash function [3]
it is difficult to keep secrecy; the key is in too large number
One-way hash function H (M), acting on message M
to manage, for example, N users may generate N * (N-1) / 2
with arbitrary length, return a fixed-length hash value h0. h
key; user authentication issues is unresolved. The general
= H (M)> h,the length is ma, there are many functions
[2, 3, 4, 5, 6, 7]
which input arbitrary-length value and output fixed-length
symmetric encryption algorithms are as following: Key
Data block-
Application
value. However, one-way hash function has the following
bit-long
long
examples
characteristics:
DES
56
64
DEM,SNMPv2
Triple DES
112
64
PEM
Algorithms
Given M, it is easy to calculate h0 Given h, it is hard to calculate M according to H (M) = h. Given M, it is hard to find another message M 'and meet
IDEA
128
64
PGP
the demand H (M) = H (M').
Table 1 general symmetric encryption algorithms
At present, the commonly used hash functions are MD5
2.3 Public key encrypting technology
and SHA. (2) MD5 [10]
Public key encrypting technology, also known as public key asymmetric cipher system, which indicates that
MD5 algorithm is a kind of message-decomposed
the encrypting key is different from the decrypting key, and
function and one-way mathematical function, which can
the mutual calculation is not practicable. Each user of
extract any information for a large number. It has a high
Public key cipher system has a pair of key: private key and
safety, and any information can be expressed as a 128-bit
public key. Public-key cipher system can make up for the
digital. Meanwhile MD5 is a one-way mapping function.
shortcomings of symmetric key system, simplify key
Some information can be generated the corresponding MD5
management, and make digital signature. However,
code, but it is difficult to resume the same information from
Public-key cipher system has disadvantages, such as low
MD5 code. The outstanding nature of MD5 code has been
operation speed, impacts network performance. The general
widely used in a variety of data protection occasions.
asymmetric encryption algorithms are as following
[8, 9]
:
(3) American National Institute of Standards and
Algorithm
Function
Applications examples
Technology and the National Security Agency designed
RSA
digital
PEM, PGP
Secure Hash Algorithm (SHA), for Digital Signature [3]
. SHA generates a 160-bit hash value, longer
signatures,
Standard
encryption
than the MD5.
DSA
digital signature
DSS
Diffie-Hellman
Key Exchange
Omitted
(4) Message authentication code MAC MAC is a certificating mark, also known as the checksum, which is a hash function with private secret key.
key exchange
It is the result that certain algorithm and key act on specified
Table 2 general asymmetric encryption algorithms
information. Information reception calculates the MAC with
In practical applications, it is important to make
the same algorithm and key, if the result is sameness with
advantage of both above respects, take symmetric cipher
the reception, it reveals that information is not tampered in
system to encrypt files, take asymmetric cryptosystem to
the process of transmission, contrarily, the information is
encrypt systems, which is hybrid encryption system. It
regarded tampered. MAC is the best way to avoid
solves the problem of computing the speed of key
encrypting bit stream modified maliciously.
distribution and management. Therefore, public-key cipher
1051
(5) HMAC
to B. Conversely, if B forged M to M', then B can't present
HMAC is authentication method based on message
DSKA (M), it proves that B forges message. 2. 6 DRM Right Description Language
integrity, the security on the base of the hash algorithm, requires the two sides share communication the key and the
DRM rights description language is a kind of method
agreement algorithm, carry out the hash computing on
to describe the author or digital publications, through which,
message, such as MD5, SHA, RIPEMD etc. So it forms a
DRM systems can describe a particular number of
fixed-length authentication code. Both the communicating
publications or documents flexibly, include: licenses, rights,
sides determine the legality of message through the check
restrictions, obligations, employing agreement etc. So,
authentication code to. This agreement can be used for
Right description language should have the character of
encryption, digital signatures, message authentication and
flexibility, general purpose, scalability and so on. At present,
so on.
there are many organizations and research institutions are
2.5 Digital signature technology
working in this area, and developed some language with
Digital Signature Technology is data that attached to the data unit or the password change of data units.
[11]
characteristics
It has
and
Language Competence
certification: [12]
Extensible
Markup
, Open Digital Rights Language,
three functions: information receiver can confirm the
Extensible Access Control Markup Language [13], Extensible
identity of the information sender: Information sender
Media Commerce Language, MPEG Rights Expression
should not deny have sent message; information receiver or
Language and so on.
the illegal should not be forged or distort information.
2. 7 DRM meta-data DRM meta-data is data on data, which can identify and
(1) Digital Signature Technology
describe the actual content-related information except the
First of all, signers employ one-way hash function to
[14]
. The metadata attached to digital products
digest the messages. Secondly, the signer encrypts the
content itself
digest message with public key encrypting system, to
enable us to understand digital products better.
generate the so-called "digital signature". After received the
At present, the best digital product identifying system
document, receiver identify digital signature, disengage
is the DOI(Digital Object Identifier)which is developed by
"digital signature" message with the signatory's public key,
IDF(International DOI Foundation). IDF was founded in
get hold of the message digest, then use the same one-way
1998, is a non-profit organization whose purpose is to
hash function calculate message digest, compare the results.
develop and promote the digital object identifier system as a
If the results match entirely, then the integrity and
common basis. The DOI system is such system for the
correctness of the document contents and the authenticity of
intellectual property rights markup and exchange, the latest
signatures have been guaranteed.
version 2.3.0 released in August 2002.
(2) The basic process of digital signature
Standardized meta-data format is a most promising
A sender use the key SKA to decrypt the message M, get
technology for the solution of DRM mutual operation. So
DSKA (M), then use public key PKB to carry out encryption,
that, the study of digital products definition and
get EPKB (DSKA (M)), then send it to the recipient B, B take
identification based on the DOI identification system is one
decrypt operations with private SKA, get DSKA (M), then
researching hotspot.
take public key PKA take encrypting operation, restore a
3. Design Idea of Digital Rights Management System
clear text EPKA (DSKA (M)) = M0. During this process, no
A integrate DRM system should have the following functions [15], as is shown in Figure 3-1:
other people except A has decrypting key SKA, so no other people except A can generate cipher-text DSKA (M), thus
(1) Intellectual Property Initialization
message M has been a signature. If A deny sending
How to manage knowledge content, how to enable
messages to B, B can present M and DSKA (M) to public
asset product become the assets and carry out the
notary, to identify with PKA that A does send a message M
transaction secure and easy, it is as the following respects:
1052
*
competence recognizing:
to
ensure
that
the
The common function achieved by general DRM
intellectual content have gained from the knowledge content
system attribute to the above-mentioned system, but it is not
with legitimate competence.
perfect due to the technical limitations and other conditions. 4.
* competence creation: Allow rights assigned to new
The
security
requirements of
Digital
Rights
Management System
content, for example, to designate rights holder and permit
Authentication: it includes the mutual authentications
utilization license. competence workflow: is the series of
between service-provider and client.
work processes of knowledge content become assets. (2) IP asset management
Safe transfer of contents: it aims to prevent the theft of
How to manage content and carry out knowledge
attacker. Content authentication: it aims to authenticate digital
transaction,the following includes: * The repository functions: store knowledge and allow
works from tampering through forgery.
the access of database. Changing meta-data include the
Controlled use of the content: that is, users only carry
copartner, the powers of the authors and works description
out authorized action. For example, prevent illegal copying
etc.
and printing etc. * The transaction functions: complete the assets trading
Different security levels: adopt different requirements
process of the intellectual content, pay the cost to
and different levels of security environment.
knowledge-holder. The concrete process is to encrypt the
Privacy: as far as possible to ensure that the privacy of
package, and decrypt after finishing payment, to protect the
information and user purchasing behavior. [16]
intellectual property rights.
5. The Working Principle of Digital Rights Management System
(3) IP assets employment How to manage the content trading, it includes the
The typical digital rights management system is the
following respects:
combination of the following technologies: encryption,
* License Management: take the environment relevant
public key / private key, digital certificates, digital
to the permission and knowledge content. For example, only
watermarks,
permit users to view, not to print.
communication protocols, secure content storage, right
access
control,
authentication,
secure
specification language etc. [17]
* Tracking management: monitor and control the use of
Employing DRM technology, digital content producers
knowledge content, for example, issue a permitting card for
can control access to digital content by encrypting
ten times to users.
technology. Distributors provide private key to end-users, enable them to look at or listen to digital content, meanwhile, limit copy, printing and re-distribution of an end-users. When a user downloads a set of documents, DRM software checks the user's identity, calculate the cost and assign the private key. Publishers can take various measures to restrict the accessing rights. For example, whether or not allow printing, copying and utilization during the period etc. DRM not only provides users with legitimate accessing rights effectively, but also ensures that everyone can get
Fig. 1 DRM system function
paid from the creation, production and distribution process.
1053
(5)the users decrypt the media data using decrypting
End-to-end solution will trace the payment process all the time.
key, access and use the media data.
6. The Framework of Digital Rights Management
6.4 The system analysis
System
The core of digital copyright protection is the
6.1 the construction of system
authorizing center, it takes cryptography technology,
The general digital right protection system includes four
through the encryption, authorization and authentication to
major sections: the digital content owner, media authorizing
protect the digital content. The success of copyright
center, the media distribution server and the authorized
protection depends on the key safety, the key was delivered
users.
to authorized users to decrypt the media content. It can be seen from the above, the general digital copyright protection system takes into account the security of storage and transmission for the prevention of network eavesdropping and invaders, but does not take into account a number of adverse authorized users can easily decrypt the digital content, and engages in illegal dissemination. At present, there are different DRM systems for various applications, mainly include: e-book
media
Fig.2 the general application framework of digital
[19]
[18]
, streaming
, electronic documents. In the respect of copyright
protection of these systems, they generally use the above
copyright management system
6.2 The working principle of system
framework, includes: Microsoft Windows Media DRM,
On the server side, the digital content was encrypted by
Microsoft DAS, Adobe Content Server, MPEG4, IPMP, etc.,
symmetric key encryption algorithm, then it was set in the
can effectively prevent the destruction from unauthorized
content licenses through XML description, and encrypt
users.
content licenses after get users public key. Finally, transfer
7. The general shortcomings of the copyright protection
the encrypted digital content and content license to the
system
users.
(1) Weak prevention measure of illegal acts
On the client side, after authorized user access to
From above, the general copyright protection system
encrypted digital content and contents licenses encrypted by
framework described the end-to-end secure communications.
their own public key, they decrypt the contents with their
As long as the encryption algorithm accords the strength
own private key to get content key, once they get the
and security requirements, it can achieve the secure content
content key, users factually get the content.
delivery. It is no doubt that encrypting technology in the
6.3 The process of system operation
framework of the protection plays an important role in
(1)the system establishes media authorizing access,
anti-piracy. For example, the transmission of music and
the purpose is to preserve the decrypting key and identify
video content through internet probably leads to copy and
users and make authorization.
tamper. So these data transmission needs encrypted
(2)the media owners make and encrypt media data.
protection.
(3)the media owners send encrypted data to media
(2) Take public key recognizing system
distribution server. At the same time, send the decrypting
From general framework description of the copyright
key to digital media centers for secure storage.
protection system, we know that the system general take
(4)the users were authorized decrypting key from
public key recognizing model to identify users and control
media center, and gain the requested data from media
rights. Especially, in the stage of right control, it is
distribution server.
important to take public key encrypt and private key decrypt,
1054
private key sign and public key certificate, so to ensure the
technology for various domains, not deal with and protect
license safe transmission and data integrity .
copyright of e-book, multimedia, electronic documents etc.,
The use of public key recognizing system exist
thus it causes the lack of versatility. 8. Conclusion
shortcomings. First, it is difficult to eliminate the
At present, there are different DRM systems for various
anonymous purchase behavior. Second, the mechanism only suit to the large users. To many small users, they do not like
applications,
it
includes:
e-book,
streaming
media,
to register for one digital product.
electronic documents etc. But these copyright protection
(3) The digital content lack versatility
systems aim to specific applications, not integrate all the
Currently, there are different DRM systems for various
applying technology to deal with and protect the copyright
applications, main include: e-book, streaming media,
of e-book, multimedia, electronic documents, so it leads to
electronic documents etc. But these copyright protection
the lack of versatility.
systems are only for specific applications, not integrate References [11] Zhang Yan, On digital signature technology [J]. The
[1] YU Yin-Yan, TANG Zhi. A Survey of the Research on
computer age, 1998, (5): 20-22
Digital Rights Management [J]. Chinese journal of
[12] WANG Xiao-bin, HUANG Shao-Kuan. Digital copyright
computer. 2005(12)
management and XrML [J], knowledge of Library and
[2] CASE J, MC. Cloghrie K,Rose Metal. Protocol operations
Information Service, 2003, (4) : 48-51
for Version 2 of the Simple Network Management Protocol
[13] OAS1S.Extensible Aeeess Control Markup Language
(SNMPv2).RFC1905.1996-01 [3] YANG Yi-Xian, a new theory of modern password [M],
(XACML) Version1.0. OASIS Standard,http://www.oasisopen.org/xaeml/, 2002-02-18
Beijing: Science Press, 2002
[14] Hurwitz Group. Enterprise Metadata Management [R].
[4] LI Ke-Hong, Wang Da-Ling etc. Practical Cryptography
Hurwitz Group Balanced View RePort,1998
and security of computer data [M], Shenyang: Northeastern
[15] ZHANG Xue. Digital rights management system and
University Press, 1997
information structure analysis [J]. Information technology,
[5] ERIK ZEGW AART. Privacy Enhanced Mail in More
2002, (6) : 26-27
Detail. Computer Networks and ISDN Systems 25 (Suppl.2)
[16] Sand win, BAI Shuo. A kind of Internet content copyright
1993, SS63-S71
protection and its implementation mechanism model [J].
[6] CHEN Lu-sheng, SHEN Shi-yi. Modern Cryptography [M],
Computer engineering and should be Used, 2002, 38
Beijing: Science Press, 2002
(6):195-198
[7] LICQUIA J. PGP frequently asked questions with answers.
[17] John S , Eriekson. Information objects and rights
Partl-Part3,Internet Draft,June 1995. [8]
CHAN
Xue,
encryption
and
management: a mediation-based approach to DRM
decryption—software
protection technology and complete solutions [M], Beijing:
interoperability[J].D-Lib Magazine,2001,7(4) [18] Association of American Publishers. Digital rights
Publishing House of Electronics Industry, 2001
management for e-books: publisher requirement version1.0
[9] Er, M.C. Decision Support System. A Summary, Problem and
Future
Trends,
Decision
Support
System,
2000,(11).http://www.publisher.Org/home/drm.pdf [19] FAN Zhi-yong. Streaming media streaming media systems
1998,4(3):355-363.
and digital rights management technology [C]. Northeastern
[10] HE Jun-Jie, LI Guang-Xi. MDS encryption algorithm used
University, 2003
to protect the user password [J]. Computer Engineering, 2000, (10): 27-280
1055
