Implementing Trusted Terminals with a and SITDRM

AbstractThe SITDRM Enterprise system [N. Sheppard, R. Safavi-Naini “Protecting Privacy with the MPEG-21 IPMP Framework”. International Workshop on Privacy Enhancing Technologies 2006, pp. 152–171] protects private customer data by allowing customers to provide policies in the form of a machine-readable license. When employees of an organization want to use customers' data, they must be forced to abide by the licences provided. Some sort of hardened terminal must be used to ensure that not only the hardware and software will cooperate, but that the user of the terminal will too. We use the Trusted Computing Group's specifications for a trusted platform upon which to build a data user terminal that can be proved to implement correct license-enforcing behavior. A Trusted Platform Module (TPM) and a TPM-using operating system are all that may be required to construct a verifiably secure terminal

Privacy-preserving digital rights management

Digital Rights Management (DRM) is a technology that provides content protection by enforcing the use of digital content according to granted rights. DRM can be privacy-invasive due to many reasons. The solution is not easy: there are econòmic and legitimate reasons for distributors and network operators to collect data about users and their activities, such as traffic modelling for infrastructure planning or statistical sampling. Furthermore, traditional PET -such as encryption, anonymity and pseudonymity- cannot solve all the privacy problems raised by DRM, even if they can help. Privacy and security considerations should be included in th e design of DRM from the beginning, and they should not be considered as a property that can be added on. PET is considered as technology for privacy protection, in different fields. However, PET solutions are not the only ones to be considered useful to complement DRM systems. The contrary is also true: DRM systems are adapted as technical platforms for privacy. In short, there is a deep change in PET related to the web 2.0, and it is also true for P2DRM: transparency and other new techniques are preferred, or at least added, to anonymity, authentication and other traditional protection

Using SITDRM for Privacy Rights Management

SITDRM 1 is a privacy protection system that protects private data through the enforcement of MPEG REL licenses provided by consumers. Direct issuing of licenses by consumers has several usability problems that will be mentioned in this paper. Further, we will describe how SITDRM incorporates P3P language to provide a consumer-centered privacy protection system