Human Aspects in Digital Rights Management: the Perspective of Content Developers.

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security and law. Most importantly, understanding the perspectives behind the circumvention of content security may have a significant impact on DRM effectiveness and acceptance at the same time. While there has been valuable research on consumer acceptability, (The INDICARE project, Bohle 2008, Akester 2009) there is hardly any work on the human perspective of content creators. Taking video games as a case study, this paper employs qualitative socio-legal analysis and an interdisciplinary approach to explore this particular aspect of content protection

Human aspects of digital rights management: the perspective of content developers. [Conference Paper]

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security and law. Most importantly, understanding the perspectives behind the circumvention of content security may have a significant impact on DRM effectiveness and acceptance at the same time. While there has been valuable research on consumer acceptability (The INDICARE project, Bohle 2008, Akester 2009), there is hardly any work on the human perspective of content creators. Taking video games as a case study, this paper employs qualitative socio-legal analysis and an interdisciplinary approach to explore this particular aspect of content protection

WARP: A ICN architecture for social data

Social network companies maintain complete visibility and ownership of the data they store. However users should be able to maintain full control over their content. For this purpose, we propose WARP, an architecture based upon Information-Centric Networking (ICN) designs, which expands the scope of the ICN architecture beyond media distribution, to provide data control in social networks. The benefit of our solution lies in the lightweight nature of the protocol and in its layered design. With WARP, data distribution and access policies are enforced on the user side. Data can still be replicated in an ICN fashion but we introduce control channels, named \textit{thread updates}, which ensures that the access to the data is always updated to the latest control policy. WARP decentralizes the social network but still offers APIs so that social network providers can build products and business models on top of WARP. Social applications run directly on the user's device and store their data on the user's \textit{butler} that takes care of encryption and distribution. Moreover, users can still rely on third parties to have high-availability without renouncing their privacy

Case Study: DRM-protected Music Interoperability and e-Innovation

This report – representing one of three case studies that are part of a transatlantic research project aimed at exploring the potential relation between ICT Interoperability and eInnovation – examines issues surrounding DRM interoperability within the context of music content. Recognizing that interoperability will likely be defined differently by different stakeholders, we begin by establishing a rough, holistic working definition of interoperability and then assess the implementation of DRM in the music content market and associated problems with regard to interoperability. We then go on to explore the technological, market, and legal environments in their relation to and impact upon the achievement of interoperable DRM systems. In part 2, we analyze potential benefits and drawbacks of an interoperable DRM environment for the music content market. We then evaluate both private and public-initiated approaches towards the accomplishment of interoperability using a series of qualitative benchmarks. Lastly, we conclude by summing up the merits and demerits of the various approaches. Our findings lead us to surmise that normative considerations weigh in favor of greater interoperability in general. The challenge of determining the optimal level of interoperability and the best approach for attaining it, however, points toward consideration of a number of complex factors. We conclude that the best way to determine the optimal level of interoperability and means of accomplishing it is to rely upon economic-based assessments on a case-by-case basis

Content related rights transmission with MPEG-21 in the educational field

One of the main issues affecting educational content distribution and sharing is to ensure that the terms and conditions defined by the content owners are respected by the others, such as distributors and consumers. Authorship and the content integrity are the most basic rights that authors want to preserve in the educational field. To ensure that content and associated rights are protected, cryptographic techniques and mechanisms are applied to content, rights, protection keys and related metadata that are packaged in a digital object. ARMS is a new platform that was developed to preserve author rights in the educational field applying the MPEG-21 standard concepts. A web based services interface is established with the educational Academic Management System of the Academic institution in order to verify the user eligibility in this domain. After obtaining the usage license the user can send the license to other users, if that privilege has been granted. Our proposal uses MPEG-21 concepts in order to enable rights transmission among the main participants in the educational environment but with a mechanism where the inheritance rights established by the author are uphold. Through the integration between ARMS and the Academic Management Information System hosted in the educational institutions, user academic data can be retrieved in order to verify his eligibility.info:eu-repo/semantics/submittedVersio

White-box implementation to advantage DRM

Digital Rights Management (DRM) is a popular approach for secure content distribution. Typically, DRM encrypts the content before delivers it. Most DRM applications use secure algorithms to protect content. However, executing these algorithms in an insecure environment may allow adversaries to compromise the system and obtain the key. To withstand such attack, algorithm implementation is modified in such a way to make the implementation unintelligible, namely obfuscation approach. White-box cryptography (WBC) is an obfuscation technique intended to protect secret keys from being disclosed in a software implementation using a fully transparent methodology. This mechanism is appropriate for DRM applications and able to enhance security for the content provider. However, DRM is required to provide a balanced protection for the content provider and users. We construct a protocol on implementing WBC to improve DRM system. The system does not only provide security for the content provider but also preserves privacy for users

Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too.Digital Rights Management; consumers; Intellectual property; business models

Unified Model for Data Security -- A Position Paper

One of the most crucial components of modern Information Technology (IT) systems is data. It can be argued that the majority of IT systems are built to collect, store, modify, communicate and use data, enabling different data stakeholders to access and use it to achieve different business objectives. The confidentiality, integrity, availability, audit ability, privacy, and quality of the data is of paramount concern for end-users ranging from ordinary consumers to multi-national companies. Over the course of time, different frameworks have been proposed and deployed to provide data security. Many of these previous paradigms were specific to particular domains such as military or media content providers, while in other cases they were generic to different verticals within an industry. There is a much needed push for a holistic approach to data security instead of the current bespoke approaches. The age of the Internet has witnessed an increased ease of sharing data with or without authorisation. These scenarios have created new challenges for traditional data security. In this paper, we study the evolution of data security from the perspective of past proposed frameworks, and present a novel Unified Model for Data Security (UMDS). The discussed UMDS reduces the friction from several cross-domain challenges, and has the functionality to possibly provide comprehensive data security to data owners and privileged users

Rights and services interoperability for multimedia content management

The main goal of the work presented in this thesis is to describe the definition of interoperability mechanisms between rights expression languages and policy languages. Starting from languages interoperability, the intention is to go a step further and define how services for multimedia content management can interoperate by means of service-oriented generic and standardised architectures. In order to achieve this goal, several standards and existing initiatives will be analysed and taken into account. Regarding rights expression languages and policy languages, standards like MPEG-21 Rights Expression Language (REL), Open Digital Rights Language (ODRL) and eXtensible Access Control Markup Language (XACML) are considered. Regarding services for content management, the Multimedia Information Protection And Management System (MIPAMS), a standards-based implemented architecture, and the Multimedia Service Platform Technologies (MSPT), also known as MPEG-M standard, are considered. The contribution of this thesis is divided into two parts, one devoted to languages interoperability and the other one devoted to services interoperability, both addressed to multimedia content management. They are briefly described next. The first part of the contribution describes how MPEG-21 REL, ODRL and XACML can interoperate, defining the mapping mechanisms to translate expressions from language to language. The mappings provided have different levels of granularity, starting from a mapping based on a programmatic approach coming from high-level modelling diagrams done using Unified Modelling Language (UML) and Entity-Relationship (ER). The next level of mappings includes specific mappings between MPEG-21 REL and XACML and ODRL and XACML. Finally, a more general solution is proposed by using a broker. Part of this work was done in the context of the VISNET-II Network of Excellence and the AXMEDIS Integrated Project. The findings done prove the validity of the interoperability methods described. The second part of the contribution describes how to describe standards based building blocks to provide interoperable services for multimedia content management. This definition is based on the analysis of existing content management use cases, from the ones involving less security over multimedia content managed to the ones providing full-featured digital rights management (DRM) (including access control and ciphering techniques) to support secure content management. In this section it is also presented the work done in the research projects AXMEDIS, Musiteca and Culturalive. It is also shown the standardisation work done for MPEG-M, particularly on elementary services and service aggregation. To demonstrate the usage of both technologies a mobile application integrating both MPEG-M and MIPAMS is presented. Furthermore, some conclusions and future work is presented in the corresponding section, together with the refereed publications, which are briefly described in the document. In summary, the work presented can follow different research lines. On the one hand, further study on rights expression languages and policy languages is required as new versions of them have recently appeared. It is worth noting the standardisation of a contract expression language, MPEG-21 CEL, which has also to be further analysed in order to evaluate its interoperability with rights and policy languages. On the other hand, standard initiatives must be followed in order to complete the map of SB3's, considering MPEG standards and also other standards not only related to multimedia but also other application scenarios, like e-health or e-government