rights expression languages in digital rights management xin wang contentguard, inc. october 19,...
TRANSCRIPT
Rights Expression Languages in Digital Rights Management
Xin WangContentGuard, Inc.October 19, 2006
Outline
Concepts and purpose of DRM License-based DRM Systems Roles of RELs in DRM Business models Supported by RELs Conclusions
DRM Concepts
Digital Assets Any resources, contents and services in digital domain
Digital Rights Privileges for creating, distributing, using and managing
digital assets Digital rights are not just copyrights – e.g., meta-rights
Licenses Digital expressions or objects that carry information about
digital rights Digital Rights Management (DRM)
A unified approach to specifying, interpreting, enforcing and managing digital rights
Content protection and watermarking technologies are supporting ones to make DRM more effective and robust.
DRM Purposes
Not just prevent illegal access and sharing of digital assets
But, more importantly, allow authorized access and enjoyment to more high quality assets in more convenient fashions
and, at the same time, create more markets and businesses for creating, distributing and consuming digital assets
DRM in Multimedia Commerce
Consumer
Protectedcontent
Rights &
Conditions
Prices &
Business models
Author / Artist
Originalcontent
Create Package Sell Play
Retailer
Protectedcontent
Rights &Conditions
Publisher
Protectedcontent
Rights &Conditions
Prices &Business models
ClearRights &PaymentDistributeAggregate
License-Based DRM
Consumer
Protectedcontent
Author / Artist
Originalcontent
Create Package Sell Play
Retailer
Protectedcontent
Publisher
Protectedcontent
ClearRights &Payment
DistributeAggregate
License server
License
Rights &Conditions
Prices &Business models
Rights &
Conditions
Prices &
Business models
Rights &Conditions
Prices &Business models
License-Based DRM Systems To use content, one needs to have a valid license to grant
usage and possibly provide crypto key and other information for authorized usage of content
Characteristics Licenses are associated with content, but can be separated entities
with their own life cycle issuance, distribution, consumption, revocation and expiration
Licenses specify who have what rights over what resource under what terms and conditions
play, print, adapt, … Licenses also provide information for implementing business
models, rather than applications hard code it preview for 3 times, rent for a week, …
Licenses also carry information for content protection and trust management
encrypted content decryption key, license issuance and revocation, … Licenses can be defined using Rights Expression Languages (REL)
ISO MPEG REL, OMA DREL, XrML, XMCL, …
Rights Expression Language (REL)
A standard language used to specify rights and their terms and conditions in the form of licenses for distributing and using digital assets
Provide an authorization model to determine if a principal has the right to perform an action on a resource according to licenses within a given system context
Support flexible business models in the end-to-end distribution value chain
Enables trusted systems to exchange digital contents and interoperate for end-to-end DRM
Development History of RELs
95 06
96 97 98 99 00 01 02 03 04 05
Nov 01XrML 1.2.1
Nov 01XrML 2.0
Apr 2000XrML 1.0
Mar 04MPEG REL
Mar 96DRPL 1.0
Nov 98DPRL 2.0
Nov 01ODRL 1.0
Jun 00XrML 1.03
Aug 00ODRL 0.5
Aug 02ODRL 1.1
Jun 04OMA DREL 1.0
Jun 01XMCL
Latest Development of RELs
MPEG REL ProfilesMAM (Mobile And optical Media)DAC (Dissemination And Capture)OR (Open Release)
OMA REL Broadcast profile China AVS DREL
MPEG REL Data Model
License
Grant Issuer
Principal Right Resource Condition
A license conveys that an issuer authorizes rights in the forms of grants.
A grant specifies that a principal has a right over a resource under certain conditions.
A Simple MPEG REL License<license xmlns="urn:mpeg:mpeg21:2003:01-REL-R-NS"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:mx="urn:mpeg:mpeg21:2003:01-REL-MX-NS" profileCompliance="urn:embedded:rel-profile">
<grant> <keyHolder licensePartID="Alice">
<info><dsig:KeyValue> <dsig:RSAKeyValue><dsig:Modulus>oRUTUiTQk … </dsig:Modulus> <dsig:Exponent>AQABAA==</dsig:Exponent></dsig:RSAKeyValue> </dsig:KeyValue></info>
</keyHolder><mx:play/><mx:diReference> <mx:identifier>urn:PDQRecords:song:WhenTheThistleBlooms.mp3</mx:identifier></mx:diReference><validityInterval> <notBefore>2003-02-13T15:30:00</notBefore> <notAfter>2003-03-13T15:30:00</notAfter></validityInterval>
</grant> <issuer licensePartID=“PDQRecords”> <dsig:Signature><dsig:SignatureValue>zIRYaxl5EX … </dsig:SignatureValue> <dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>yQ== … </dsig:Modulus><dsig:Exponent>AQAB==</dsig:Exponent></dsig:RSAKeyValue> </dsig:KeyValue></dsig:KeyInfo></dsig:Signature> </issuer></license>
“PDQ Records grants Alice the right to play a
song for a month.
Authorization in DRM
“Can Alice play this .mp3 file?”
“Under what condition?”
“Accordingto whom?”
License-Based Authorization
RELAuthorization
Engine
“Current time is 2003-12-21T10:00:00”
“anyone can play mySong.mp3 in Dec
2003”, Bob says.
AuthorizationQuery
AuthorizationResponse
ContextInformation
“Can Alice playmySong .mp3?”
“Yes, accordingto Bob.”
RELLicenses
Generic DRM Flow
usage tracking& reporting
REL-basedauthorization
contentdecryption
watermarkdetection
authenticationuser
interactioncapability
presentation
contentrendering
exceptionhandling
eventreporting
“play, save, email …” “I want to play” “who are you?” “do you have right to play?”
“you’ve played …” “playing …” “Watermark presents?” “decrypt using AES…”
“player crashed …”“playing is authorized …”
Typical REL Licenses
End-user license rights to play, print, modify, …
Attribute license right to possessProperty
Distribution license right to issue other rights
Offer license right to obtain other rights
Revocation license right to revoke other rights
Hybrid licenses condition prerequisite on other licenses
Advanced REL Features
Variable Flexibility to specify an element instance at the time of
exercising right, but not at the time of issuing the license Convenience for a collection of elements with common
properties Pattern
Capability of specifying a set of element instances according to some rules
Service Reference Encapsulation of information necessary to interact with a
service Support interoperability for stateful conditions
Delegation Allowance and control on how rights can be delegated and
transferred
Business Models
Unlimited usage Flat fee sale Pay per view Preview Promotion Subscription/Membership Transfer Gifting Personal lending Library loan
Site/volume license Rent Territory restricted Component based model User types based model Payment to multiple
rights Holders Super-distribution Multi-tier models Composite content
Example Business Models
Fixed subscription Monthly or annually charge (e.g., $19/month for any songs in
subscription) Limited subscription
Monthly charge with fixed amount of content consumption (e.g., $9/month, up to 35 movies each month)
Event or transaction based charging Pay per view, per file, or per message (e.g., 10¢ per message) Burn to CD, output to portable device (e.g., 69¢ to listen a song,
but 99¢ to burn to CD) Session-based charging
Charged according to amount of time or data traffic used, (e.g., 2¢ per minute or KB)
Multi-tier models Fixed subscription for Gold members, limited subscription for
regular members 2 or more levels of limited subscription (e.g., $9/m for 35 movies,
$19/m for 100)
Subscription and Domain Management
Subscription management Subscriber license
“Alice is a subscriber until Dec 31, 2006, issued by provider P” Subscription license
“Anyone X can play a collection of content, provided X has a valid subscriber license issued by provider P”)
Domain management Domain-device license
“Desktop PC Z is a device of domain Y, issued by domain manager M”
Domain license “Any device X can play a collection of content, provided X has
a valid domain-device license issued by domain manager M”
Conclusions
License based DRM systems support more flexible business models, via use of licenses
RELs are languages used to specify rights and their terms and conditionsprovide the authorization function to grant
rightssupport flexible business models in the end-
to-end distribution value chainenables trusted systems to exchange digital
contents and interoperate for end-to-end DRM