781 research outputs found

    Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

    Get PDF
    The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too.Digital Rights Management; consumers; Intellectual property; business models

    From OPIMA to MPEG IPMP-X: A standard's history across R&D projects

    Get PDF
    This paper describes the work performed by a number of companies and universities who have been working as a consortium under the umbrella of the European Union Framework Programme 5 (FP5), Information Society Technologies (IST) research program, in order to provide a set of Digital Rights Management (DRM) technologies and architectures, aiming at helping to reduce the copyright circumvention risks, that have been threatening the music and film industries in their transition from the “analogue” to “digital” age. The paper starts by addressing some of the earlier standardization efforts in the DRM arena, namely, Open Platform Initiative for Multimedia Access (OPIMA). One of the described FP5 IST projects, Open Components for Controlled Access to Multimedia Material (OCCAMM), has developed the OPIMA vision. The paper addresses also the Motion Pictures Expert Group—MPEG DRM work, starting from the MPEG Intellectual Propriety Management and Protection—IPMP “Hooks”, towards the MPEG IPMP Extensions, which has originated the first DRM-related standard (MPEG-4 Part 13, called IPMP Extensions or IPMP-X) ever released by ISO up to the present days.2 The paper clarifies how the FP5 IST project MPEG Open Security for Embedded Systems (MOSES), has extended the OPIMA interfaces and architecture to achieve compliance with the MPEG IPMP-X standard, and how it has contributed to the achievement of “consensus” and to the specification, implementation (Reference Software) and validation (Conformance Testing) of the MPEG IPMP-X standard.info:eu-repo/semantics/acceptedVersio

    iDRM - Interoperability Mechanisms for Open Rights Management Platforms

    Get PDF
    Today’s technology is raising important challenges in the Intellectual Property (IP) field in general and to Copyright in particular [Arkenbout et al., 2004]. The same technology that has made possible the access to content in a ubiquitous manner, available to everyone in a simple and fast way, is also the main responsible for the challenges affecting the digital content IP of our days [Chiariglione, 2000]. Technological solutions and legal frameworks were created to meet these new challenges. From the technological point of view, Rights Management Systems (RMS) and Copy Protection Systems (CPS) have been developed and deployed to try to cope with them. At first, they seemed to work however, their closed and non-interoperable nature and a growing number of wrong strategic business decisions, soon lead to a strong opposition. One of the strongest negative points is the lack of rights management interoperability [Geer, 2004]. The work presented on this thesis primarily addresses the RMS interoperability problems. The objective of the thesis is to present some possible mechanisms to improve the interoperability between the different existing and emerging rights management platforms [Guth, 2003a]. Several different possible directions to rights management interoperability are pointed in this thesis. One of the most important is openness. Interoperability between different rights management mechanisms can only be achieved if they are open up to a certain level. Based on this concept, an open rights management platform is designed and presented in this thesis. Also, some of the interoperability mechanisms are presented and explained. This platform makes usage of the emerging service-oriented architectures to provide a set of distributed rights management services. Rights management solutions rely heavily on the establishment of authenticated and trust environments between its different elements. While considering different RMS, the establishment of such trust environments can be somehow complex. This thesis provides a contribution to the establishment of interoperable RMS trust environments through the usage of Public-Key Infrastructure (PKI) mechanisms. Modern rights management systems have to handle with both keying material and licenses which are used mostly to define how content is governed by the system. Managing this is a complex and hard task when different rights management solutions are considered. This thesis presents and describes a generic model to handle the key and license management life cycle, that can be used to establish a global interoperable management solution between different RMS

    Audit-based Compliance Control (AC2) for EHR Systems

    Get PDF
    Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

    Rights management technologies: A good choice for securing electronic healthrecords?

    Get PDF
    Advances in healthcare IT bring new concerns with respect to privacy and security. Security critical patient data no longer resides on mainframes physically isolated within an organization, where physical security measures can be taken to defend the data and the system. Modern solutions are heading towards open, interconnected environments where storage outsourcing and operations on untrusted servers happen frequently. In order to allow secure sharing of health records between different healthcare providers, Rights Management Techniques facilitating a datacentric protection model can be employed: data is cryptographically protected and allowed to be outsourced or even freely float on the network. Rather than relying on different networks to provide confidentiality, integrity and authenticity, data is protected at the end points of the communication. In this paper we compare Enterprise/Digital Rights Management with traditional security techniques and discuss how Rights Management can be applied to secure Electronic Health Records
    • …
    corecore