Rights and services interoperability for multimedia content management

The main goal of the work presented in this thesis is to describe the definition of interoperability mechanisms between rights expression languages and policy languages. Starting from languages interoperability, the intention is to go a step further and define how services for multimedia content management can interoperate by means of service-oriented generic and standardised architectures. In order to achieve this goal, several standards and existing initiatives will be analysed and taken into account. Regarding rights expression languages and policy languages, standards like MPEG-21 Rights Expression Language (REL), Open Digital Rights Language (ODRL) and eXtensible Access Control Markup Language (XACML) are considered. Regarding services for content management, the Multimedia Information Protection And Management System (MIPAMS), a standards-based implemented architecture, and the Multimedia Service Platform Technologies (MSPT), also known as MPEG-M standard, are considered. The contribution of this thesis is divided into two parts, one devoted to languages interoperability and the other one devoted to services interoperability, both addressed to multimedia content management. They are briefly described next. The first part of the contribution describes how MPEG-21 REL, ODRL and XACML can interoperate, defining the mapping mechanisms to translate expressions from language to language. The mappings provided have different levels of granularity, starting from a mapping based on a programmatic approach coming from high-level modelling diagrams done using Unified Modelling Language (UML) and Entity-Relationship (ER). The next level of mappings includes specific mappings between MPEG-21 REL and XACML and ODRL and XACML. Finally, a more general solution is proposed by using a broker. Part of this work was done in the context of the VISNET-II Network of Excellence and the AXMEDIS Integrated Project. The findings done prove the validity of the interoperability methods described. The second part of the contribution describes how to describe standards based building blocks to provide interoperable services for multimedia content management. This definition is based on the analysis of existing content management use cases, from the ones involving less security over multimedia content managed to the ones providing full-featured digital rights management (DRM) (including access control and ciphering techniques) to support secure content management. In this section it is also presented the work done in the research projects AXMEDIS, Musiteca and Culturalive. It is also shown the standardisation work done for MPEG-M, particularly on elementary services and service aggregation. To demonstrate the usage of both technologies a mobile application integrating both MPEG-M and MIPAMS is presented. Furthermore, some conclusions and future work is presented in the corresponding section, together with the refereed publications, which are briefly described in the document. In summary, the work presented can follow different research lines. On the one hand, further study on rights expression languages and policy languages is required as new versions of them have recently appeared. It is worth noting the standardisation of a contract expression language, MPEG-21 CEL, which has also to be further analysed in order to evaluate its interoperability with rights and policy languages. On the other hand, standard initiatives must be followed in order to complete the map of SB3's, considering MPEG standards and also other standards not only related to multimedia but also other application scenarios, like e-health or e-government

Hybrid Fixed-Mobile P2P Superdistribution

The Internet and the cellular telephony system are the two most influential communication systems of the last years. The arrival of the IP Multimedia Subsystem (IMS) promises to help service providers to deploy a complete array of real-time, customized business and consumer multimedia services over any access network. IMS is an integrated solution that defines a generic architecture for offering Voice over IP (VoIP) and advanced multimedia services. This project describes a hybrid fixed-mobile peer-to-peer superdistribution system deployed over an IMS platform. This superdistribution service is aligned with the current interests of telecommunication operators that desire to offer services with large user acceptance and that involve a massive access to the service without collapsing their network infrastructure. Operators can increase their revenues for connectivity and Digital Rights Management (DRM)-based license distribution of the multimedia content, depending on the content and on the desired business model

Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too.Digital Rights Management; consumers; Intellectual property; business models

Authorisation Issues for Mobile Code in Mobile Systems

This thesis is concerned with authorisation issues for mobile code in mobile systems. It is divided into three main parts. Part I covers the development of a policy-based framework for the authorisation of mobile code and agents by host systems. Part II addresses the secure download, storage and execution of a conditional access application, used in the secure distribution of digital video broadcast content. Part III explores the way in which trusted computing technology may be used in the robust implementation of OMA DRM version 2. In part I of this thesis, we construct a policy-based mobile code and agent authorisation framework, with the objective of providing both mobile devices and service providers with the ability to assign appropriate privileges to incoming executables. Whilst mobile code and agent authorisation mechanisms have previously been considered in a general context, this thesis focuses on the special requirements resulting from mobile code and agent authorisation in a mobile environment, which restrict the types of solutions that may be viable. Following the description and analysis of a number of architectural models upon which a policy-based framework for mobile code and agent authorisation may be constructed, we outline a list of features desirable in the definitive underlying architecture. Specific implementation requirements for the capabilities of the policy and attribute certificate specification languages and the associated policy engine are then extracted. Candidate policy specification languages, namely KeyNote (and Nereus), Ponder (and (D)TPL) and SAML are then examined, and conclusions drawn regarding their suitability for framework expression. Finally, the definitive policy based framework for mobile code and agent authorisation is described. In the second part of this thesis, a flexible approach that allows consumer products to support a wide range of proprietary content protection systems, or more specifically digital video broadcast conditional access systems, is proposed. Two protocols for the secure download of content protection software to mobile devices are described. The protocols apply concepts from trusted computing to demonstrate that a platform is in a sufficiently trustworthy state before any application or associated keys are securely downloaded. The protocols are designed to allow mobile devices to receive broadcast content protected by proprietary conditional access applications. Generic protocols are first described, followed by an analysis of how well the downloaded code is protected in transmission. How the generic protocols may be implemented using specific trusted computing technologies is then investigated. For each of the selected trusted computing technologies, an analysis of how the conditional access application is protected while in storage and while executing on the mobile host is also presented. We then examine two previously proposed download protocols, which assume a mobile receiver compliant with the XOM and AEGIS system architectures. Both protocols are then analysed against the security requirements defined for secure application download, storage and execution. We subsequently give a series of proposed enhancements to the protocols which are designed to address the identified shortcomings. In the final section of this thesis, we examine OMA DRM version 2, which defines the messages, protocols and mechanisms necessary in order to control the use of digital content in a mobile environment. However, an organisation, such as the CMLA, must specify how robust implementations of the OMA DRM version 2 specification should be, so that content providers can be confident that their content will be safe on OMA DRM version 2 devices. We take the requirements extracted for the robust implementation of the OMA DRM version 2 specification and propose an implementation which meets these requirements using the TCG architecture and TPM/TSS version 1.2 commands

Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too

Optimizing IETF multimedia signaling protocols and architectures in 3GPP networks : an evolutionary approach

Signaling in Next Generation IP-based networks heavily relies in the family of multimedia signaling protocols defined by IETF. Two of these signaling protocols are RTSP and SIP, which are text-based, client-server, request-response signaling protocols aimed at enabling multimedia sessions over IP networks. RTSP was conceived to set up streaming sessions from a Content / Streaming Server to a Streaming Client, while SIP was conceived to set up media (e.g.: voice, video, chat, file sharing, …) sessions among users. However, their scope has evolved and expanded over time to cover virtually any type of content and media session. As mobile networks progressively evolved towards an IP-only (All-IP) concept, particularly in 4G and 5G networks, 3GPP had to select IP-based signaling protocols for core mobile services, as opposed to traditional SS7-based protocols used in the circuit-switched domain in use in 2G and 3G networks. In that context, rather than reinventing the wheel, 3GPP decided to leverage Internet protocols and the work carried on by the IETF. Hence, it was not surprise that when 3GPP defined the so-called Packet-switched Streaming Service (PSS) for real-time continuous media delivery, it selected RTSP as its signaling protocol and, more importantly, SIP was eventually selected as the core signaling protocol for all multimedia core services in the mobile (All-)IP domain. This 3GPP decision to use off-the-shelf IETF-standardized signaling protocols has been a key cornerstone for the future of All-IP fixed / mobile networks convergence and Next Generation Networks (NGN) in general. In this context, the main goal of our work has been analyzing how such general purpose IP multimedia signaling protocols are deployed and behave over 3GPP mobile networks. Effectively, usage of IP protocols is key to enable cross-vendor interoperability. On the other hand, due to the specific nature of the mobile domain, there are scenarios where it might be possible to leverage some additional “context” to enhance the performance of such protocols in the particular case of mobile networks. With this idea in mind, the bulk of this thesis work has consisted on analyzing and optimizing the performance of SIP and RTSP multimedia signaling protocols and defining optimized deployment architectures, with particular focus on the 3GPP PSS and the 3GPP Mission Critical Push-to-Talk (MCPTT) service. This work was preceded by a detailed analysis work of the performance of underlying IP, UDP and TCP protocol performance over 3GPP networks, which provided the best baseline for the future work around IP multimedia signaling protocols. Our contributions include the proposal of new optimizations to enhance multimedia streaming session setup procedures, detailed analysis and optimizations of a SIP-based Presence service and, finally, the definition of new use cases and optimized deployment architectures for the 3GPP MCPTT service. All this work has been published in the form of one book, three papers published in JCR cited International Journals, 5 articles published in International Conferences, one paper published in a National Conference and one awarded patent. This thesis work provides a detailed description of all contributions plus a comprehensive overview of their context, the guiding principles beneath all contributions, their applicability to different network deployment technologies (from 2.5G to 5G), a detailed overview of the related OMA and 3GPP architectures, services and design principles. Last but not least, the potential evolution of this research work into the 5G domain is also outlined as well.Els mecanismes de Senyalització en xarxes de nova generació es fonamenten en protocols de senyalització definits per IETF. En particular, SIP i RTSP són dos protocols extensibles basats en missatges de text i paradigma petició-resposta. RTSP va ser concebut per a establir sessions de streaming de continguts, mentre SIP va ser creat inicialment per a facilitar l’establiment de sessions multimèdia (veu, vídeo, xat, compartició) entre usuaris. Tot i així, el seu àmbit d’aplicació s’ha anat expandint i evolucionant fins a cobrir virtualment qualsevol tipus de contingut i sessió multimèdia. A mesura que les xarxes mòbils han anat evolucionant cap a un paradigma “All-IP”, particularment en xarxes 4G i 5G, 3GPP va seleccionar els protocols i arquitectures destinats a gestionar la senyalització dels serveis mòbils presents i futurs. En un moment determinat 3GPP decideix que, a diferència dels sistemes 2G i 3G que fan servir protocols basats en SS7, els sistemes de nova generació farien servir protocols estandarditzats per IETF. Quan 3GPP va començar a estandarditzar el servei de Streaming sobre xarxes mòbils PSS (Packet-switched Streaming Service) va escollir el protocol RTSP com a mecanisme de senyalització. Encara més significatiu, el protocol SIP va ser escollit com a mecanisme de senyalització per a IMS (IP Multimedia Subsystem), l’arquitectura de nova generació que substituirà la xarxa telefònica tradicional i permetrà el desplegament de nous serveis multimèdia. La decisió per part de 3GPP de seleccionar protocols estàndards definits per IETF ha representat una fita cabdal per a la convergència del sistemes All-IP fixes i mòbils, i per al desenvolupament de xarxes NGN (Next Generation Networks) en general. En aquest context, el nostre objectiu inicial ha estat analitzar com aquests protocols de senyalització multimèdia, dissenyats per a xarxes IP genèriques, es comporten sobre xarxes mòbils 3GPP. Efectivament, l’ús de protocols IP és fonamental de cara a facilitar la interoperabilitat de solucions diferents. Per altra banda, hi ha escenaris a on és possible aprofitar informació de “context” addicional per a millorar el comportament d’aquests protocols en al cas particular de xarxes mòbils. El cos principal del treball de la tesi ha consistit en l’anàlisi i optimització del rendiment dels protocols de senyalització multimèdia SIP i RTSP, i la definició d’arquitectures de desplegament, amb èmfasi en els serveis 3GPP PSS i 3GPP Mission Critical Push-to-Talk (MCPTT). Aquest treball ha estat precedit per una feina d’anàlisi detallada del comportament dels protocols IP, TCP i UDP sobre xarxes 3GPP, que va proporcionar els fonaments adequats per a la posterior tasca d’anàlisi de protocols de senyalització sobre xarxes mòbils. Les contribucions inclouen la proposta de noves optimitzacions per a millorar els procediments d’establiment de sessions de streaming multimèdia, l’anàlisi detallat i optimització del servei de Presència basat en SIP i la definició de nous casos d’ús i exemples de desplegament d’arquitectures optimitzades per al servei 3GPP MCPTT. Aquestes contribucions ha quedat reflectides en un llibre, tres articles publicats en Revistes Internacionals amb índex JCR, 5 articles publicats en Conferències Internacionals, un article publicat en Congrés Nacional i l’adjudicació d’una patent. La tesi proporciona una descripció detallada de totes les contribucions, així com un exhaustiu repàs del seu context, dels principis fonamentals subjacents a totes les contribucions, la seva aplicabilitat a diferents tipus de desplegaments de xarxa (des de 2.5G a 5G), així una presentació detallada de les arquitectures associades definides per organismes com OMA o 3GPP. Finalment també es presenta l’evolució potencial de la tasca de recerca cap a sistemes 5G.Postprint (published version