Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
Towards a general framework for Digital Rights Management (DRM)
Digital rights management (DRM) can be defined as a technology that enables persistent access control. The common understanding of DRM is that of a technology that enables means to thwart piracy of digital multimedia through limiting how the media is used by the consumer. It can be observed that man...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Computer Science
2024
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613236093779968 |
|---|---|
| access_status_str | Open Access |
| author | Arnab_A |
| author2 | Professor Andrew Hutchison |
| author_browse | Arnab_A Professor Andrew Hutchison |
| author_facet | Professor Andrew Hutchison Arnab_A |
| author_sort | Arnab_A |
| collection | Thesis |
| description | Digital rights management (DRM) can be defined as a technology that enables persistent access control. The common understanding of DRM is that of a technology that enables means to thwart piracy of digital multimedia through limiting how the media is used by the consumer. It can be observed that many of these restrictions can be applied to any type of data. Therefore, it should be possible to create a two part DRM system - a common DRM system that enforces the basic access controls (such as read, write and execute) and an application specific DRM system that enforces the application specific access controls (such as print and play). The aim of this dissertation is to create such a framework for distribution independent DRM systems. Most vendors promote DRM as a copyright protection mechanism. and thus consumers expect a number of rights that are allowed by copyright legislation. but which are not available for the DRM protected media. However. DRM is not an enforcement of copyright law, but rather an enforcement of a licensing regime. Thus, there is incorrect (and possibly false) marketing of DRM enabled media from the vendors of DRM enabled media, leading to dissatisfied consumers. We think that one of the main reasons for the current situatiotl, is that there is no defined legal framework governing the operation of DRM systems. In this dissertation, we address this gap. by developing a legal framework for DRM systems as one of the components of our DRM framework. Negotiation can be defined as the process which leads to the conclusion of a contract Since DRM is the enforcement of licensing agreements. there is a need to cater for negotiation protocols in DRM systems. Negotiations provide the consumer with the power to request different rights packages, especially when consumers have a legitimate need for rights not granted normally to other consumers (for example, disabled consumers have needs that may not be met with standard rights set). Negotiations also allow the possibility for the licensors to extract the maximum value from the consumers. For this reason. the inclusion of negotiation protoi can swners. conswners. defined as a teclmollo~ i current S1U13.UOD, is to is a reason, Thc~t:ore it is no del1ncKt we aa(lI"el~S our a contract llC4:nsOrs to extract -.-iicols in DRM systems can become a powerful tool, and in this dissertation we present the first negotiation protocols for DRM systems. Even though the definition of DRM as an access control model has existed since at least 2002, there has been no formal description of DRM as an access control model. Thus, there are no formal models for any of the rights expression languages which express DRM access control policies, and various authors have commented on ambiguities present in interpretation and enforcement of licenses expressed in these languages - a result of a lack of formal definition of these languages. In this dissertation, we develop a formal model for a Licensing Rights Expression Language (LiREL), which is designed to provide a mechanism to express access control policies which are also sound legal license documents. Our formal model also discusses the enforcement of the access control policies, and is thus the first formal model for DRM as a mechanism for access control. Access control is a two part process: authentication of the parties involved and authorisation of the parties to access the resources. Authorisation in DRM provides some unique challenges: there is a need to support multiple platforms, without guaranteed network connectivity and minimal trust between the parties involved. For this reason, the associated authentication framework becomes more complex. While many access control models define user management as part of their model, we have taken a different approach, and removed user management from the core DRM system. Instead, our authorisation process requires a trusted verification of the user's credentials and then decides on the access control request. For this reason, our user authentication framework is ticket based, and shares similarities to K.erberos tickets. DRM also requires a strong data identity management. However, all the current identity systems for data do not provide verification service for data identity. For this reason, we developed Verifiable Digital Object Identity (VDOI) System, to address this gap. These components are combined towards a general framework for digital rights management that advances the understanding, organisation and implementation of DRM compared to approaches or solutions which are currently available. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/39907 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:32:56.154Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2024 |
| publishDateRange | 2024 |
| publishDateSort | 2024 |
| publisher | Department of Computer Science |
| publisherStr | Department of Computer Science |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/39907 Towards a general framework for Digital Rights Management (DRM) Arnab_A Professor Andrew Hutchison Computer Science Digital rights management (DRM) can be defined as a technology that enables persistent access control. The common understanding of DRM is that of a technology that enables means to thwart piracy of digital multimedia through limiting how the media is used by the consumer. It can be observed that many of these restrictions can be applied to any type of data. Therefore, it should be possible to create a two part DRM system - a common DRM system that enforces the basic access controls (such as read, write and execute) and an application specific DRM system that enforces the application specific access controls (such as print and play). The aim of this dissertation is to create such a framework for distribution independent DRM systems. Most vendors promote DRM as a copyright protection mechanism. and thus consumers expect a number of rights that are allowed by copyright legislation. but which are not available for the DRM protected media. However. DRM is not an enforcement of copyright law, but rather an enforcement of a licensing regime. Thus, there is incorrect (and possibly false) marketing of DRM enabled media from the vendors of DRM enabled media, leading to dissatisfied consumers. We think that one of the main reasons for the current situatiotl, is that there is no defined legal framework governing the operation of DRM systems. In this dissertation, we address this gap. by developing a legal framework for DRM systems as one of the components of our DRM framework. Negotiation can be defined as the process which leads to the conclusion of a contract Since DRM is the enforcement of licensing agreements. there is a need to cater for negotiation protocols in DRM systems. Negotiations provide the consumer with the power to request different rights packages, especially when consumers have a legitimate need for rights not granted normally to other consumers (for example, disabled consumers have needs that may not be met with standard rights set). Negotiations also allow the possibility for the licensors to extract the maximum value from the consumers. For this reason. the inclusion of negotiation protoi can swners. conswners. defined as a teclmollo~ i current S1U13.UOD, is to is a reason, Thc~t:ore it is no del1ncKt we aa(lI"el~S our a contract llC4:nsOrs to extract -.-iicols in DRM systems can become a powerful tool, and in this dissertation we present the first negotiation protocols for DRM systems. Even though the definition of DRM as an access control model has existed since at least 2002, there has been no formal description of DRM as an access control model. Thus, there are no formal models for any of the rights expression languages which express DRM access control policies, and various authors have commented on ambiguities present in interpretation and enforcement of licenses expressed in these languages - a result of a lack of formal definition of these languages. In this dissertation, we develop a formal model for a Licensing Rights Expression Language (LiREL), which is designed to provide a mechanism to express access control policies which are also sound legal license documents. Our formal model also discusses the enforcement of the access control policies, and is thus the first formal model for DRM as a mechanism for access control. Access control is a two part process: authentication of the parties involved and authorisation of the parties to access the resources. Authorisation in DRM provides some unique challenges: there is a need to support multiple platforms, without guaranteed network connectivity and minimal trust between the parties involved. For this reason, the associated authentication framework becomes more complex. While many access control models define user management as part of their model, we have taken a different approach, and removed user management from the core DRM system. Instead, our authorisation process requires a trusted verification of the user's credentials and then decides on the access control request. For this reason, our user authentication framework is ticket based, and shares similarities to K.erberos tickets. DRM also requires a strong data identity management. However, all the current identity systems for data do not provide verification service for data identity. For this reason, we developed Verifiable Digital Object Identity (VDOI) System, to address this gap. These components are combined towards a general framework for digital rights management that advances the understanding, organisation and implementation of DRM compared to approaches or solutions which are currently available. 2024-06-19T07:11:07Z 2024-06-19T07:11:07Z 2007 2024-06-18T13:04:21Z Thesis / Dissertation Doctoral PHD http://hdl.handle.net/11427/39907 eng application/pdf Department of Computer Science Faculty of Science |
| spellingShingle | Computer Science Arnab_A Towards a general framework for Digital Rights Management (DRM) |
| thesis_degree_str | Doctoral |
| title | Towards a general framework for Digital Rights Management (DRM) |
| title_full | Towards a general framework for Digital Rights Management (DRM) |
| title_fullStr | Towards a general framework for Digital Rights Management (DRM) |
| title_full_unstemmed | Towards a general framework for Digital Rights Management (DRM) |
| title_short | Towards a general framework for Digital Rights Management (DRM) |
| title_sort | towards a general framework for digital rights management drm |
| topic | Computer Science |
| url | http://hdl.handle.net/11427/39907 |
| work_keys_str_mv | AT arnaba towardsageneralframeworkfordigitalrightsmanagementdrm |