See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/236108550

Digital Rights Management

Article · October 2012

CITATIONS READS

7 10,042

2 authors, including:

Abouzar Abbaspourghomi
University of Tehran
5 PUBLICATIONS   19 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Abouzar Abbaspourghomi on 21 May 2014.

The user has requested enhancement of the downloaded file.

 2nd International & 6th National
Conference on Management of Technology

Digital Rights Management

Abouzar Abbaspour Ghomi1,* , Alireza Azimi2
student MSc of software eng. ,University Of Tehran International Campus, abbaspourghomi@ut.ac.ir
Department of computer eng. ,Islamic azad university,sari,iran, azimi@iausari.ac.ir

Abstract
Online digital contents distribution environment lead to the need for a system to protect digital
intellectual property. Digital Rights Management (DRM) is the system built to protect and control
distribution and use of those digital contents.
The present paper is a review of the current state of DRM, focusing on architectural design,
security technologies,and important DRM deployments. Followed by various technical measures
employed by DRM systems are discussed. These technical measures include variety of methods
including execution techniques, encryption and other techniques. We also present DRM ecosystem
as providing a better understanding of what is currently happening to content rights Management
from a technological point of view. we will point out the issues within this technology and
proposed efforts to solve those issues and the basic functions and processes of the DRM solutions
are identified.

Keywords: Digital Rights Management, intellectual property rights, DRM information model and
architecture.

1. Introduction
Content is increasingly in digital form and is distributed using the Internet. The ease of copying
has created a need to develop a means to protect it. Digital rights management (DRM) tries to find a
solution to this problem inside a triangle set by technology, economics and law. The optimal solution
is a compromise between technological possibilities, cost, ease of use, privacy and rights defined in
law. The proposed DRM architecture uses some technological methods as well as threats of financial
losses to protect the content.
The objective of DRM technologies is to provide a mechanism for the complete content
management lifecycle, focusing on aspects that deal with and include the management of rights
information and usage control. More formally, DRM involves the description, layering, analysis,
valuation, trading, and monitoring of the rights over an enterprise’s assets, both in physical and digital
form and of tangible and intangible value. DRM covers the digital management of rights, be they
rights in a physical manifestation of a work or rights in a digital manifestation of a work (Iannella,
2001). The functional DRM architecture can be divided in three areas: content creation, content
management and content usage. Content creation includes the creation of the media and defining the
rights. Content management is about content distribution and trading of the rights. Finally, content
usage is used to enforce that rights are adhered to and to track content usage.
Many digital service providers already assume selling their digital content over computer
networks. However, without serious protection and management of digital rights, digital content can
be easily illegally copied, altered, and distributed to a large number of Internet users. In response to
these threats, to protect digital content intellectual property, rights management systems are needed to
prevent unauthorized access to digital content and manage content usage rights. By looking at Digital
Rights Management specifications [3][4][5], a DRM system must offer a persistent content protection
against unauthorized access to content, and permitting access only to authorized users.

1,*
Abouzar Abbaspour ghomi, research fields: Social networks, privacy, DRM
2
Alireza Azimi, MSc of software eng., research fields: SOA, WorkFlow engine with webservice,WSFL

1
 2nd International & 6th National
Conference on Management of Technology

Another important feature of DRM is format flexibility: a flexible DRM system should be able to
manage usage rights for different kinds of digital content (digital books, multimedia files, multimedia
streams, images, etc).
Todays DRM solutions have different implementation with different names to DRM components,
workflows, usage rules, etc. But with all these different names and components most of them fall into
the very basic DRM components and processes. On the other hand, DRM interoperability is one of the
hottest topics in both academic and industarial research fields. The current products lack
iteroperability and the content is usually locked to a terminal, which prevents the user from consuming
the content using different terminals. This restricts what the users can do with the content and lowers
the user experience. Some of DRM systems use rights expression languages to define the user rights.
The current rights expression language restricts the user by allowing him to use content only in the
ways defined in the license. This often violates the rights the user would have according to the law.
Each DRM system has its own drawbacks, but most of them are similar at one weak point , once the
protection on the content is broken , it can be distrubuted all over the world, using peer-to-peer (P2P)
networks. Using legal measures is one way to try to fight back against this kind of piracy, as it is
usually a small group of people who share most of the pirated content and others are only downloading
it. As the piracy cannot be removed entirely, only solution is to convince users to use legal content by
making it easier and cheap for users to buy legal content than to download it illegally.
The paper overviews the current state in DRM systems. It contains 7 sections starting with the
introduction (section 1) and reaching conclusions in section 7. Section 2 we will talk about the security
by obscurity and we will continue with DRM key concepts in section 3 in section 4 we will study
some of the popular current DRM systems, in section 5 we will discuss general vulnerabilities of
DRM systems and in the section 6 we will propose a blended framework and section 7 is the
conclusion.
2. Security by Obscurity
On what does current DRM security rest? The theme of this paper is that the strongest security
measures currently available for DRM rely on “security by obscurity” as opposed to any sound
theoretical basis. Worse yet, some systems make no serious attempt at “security by obscurity”, instead
they essentially depend on the honor system. Such a system can only enforce security on the most
naive users, while giving a false sense of security to those who rely on the system to protect valuable
content. Perhaps due to their reliance on weak or nonexistent security measures, DRM companies are
reluctant to make details of their systems public. This is understandable since many systems would
likely be exposed as borderline fraudulent while even those that make a serious effort at security might
risk weakening the system’s already limited security.
In the field of security, experience has taught that full disclosure is essential. For example,
cryptographers do not trust a cryptosystem until it has been publicly vetted and subject to intense
scrutiny by the cryptographic community. This reluctance to accept cryptographic algorithms at face
value comes from the long list of “secure” algorithms that have been shown to be insecure—knapsack
cryptosystems are one interesting example (Odlyzko,1990). In DRM there is, as yet, no such
imperative to make the workings of systems, even in a general form, available for study. At the very
least, this tends to suggest that the level of security actually provided by current DRM systems is
suspect, since those making the security claims have a financial interest in boosting their perceived
level of security.
In the next section we will study DRM key concepts and next we will talk about some DRM
systems that are being used by millions of users and proven to have enough interoperability to stay in
this risky business.
3. DRM key concepts
Based on definition: “DRM covers the description, identification, trading, protection, monitoring
and tracking of all forms of rights usages over both tangible and intangible assets including
management of rights holders relationships” [1], DRM systems must manage two elementary content
constraints:

2
 2nd International & 6th National
Conference on Management of Technology

 Rights Management - legal rights holders need to identify their content, collect the metadata, assert
what are the rights on the content and provide business models for distribution. And a survey for clients
to access the content.
 Rights Enforcement - rights holders also need to enforce their rights and rules for their content usage.
Ensuring this feature for DRM solutions is one the most challenging task being also primary to the
DRM goal. And it will be thoroughly discussed later.
With minor differences, digital media distribution systems (multimedia, documents, music, etc)
involve four major actors [2]:
 Creator – creator and legal owner of the content (documents,video,music,etc).
 Producer – makes the digital content product, wraps and protect this product.
 Distributor – promotes and sells the digital content product to customers.
 Consumer – the client for digital content that pays user fees and consumes the product.
In some cases some of these actors may embody one single entity, for example the first two entities in
some implementations often reffered as content provider.
With introducing these entities ,digital content delivering system needs a new subsystem: the licensing
subsystem. License server have two components : the licensing service (LS) is responsible for issuing
rights for each consumer that uses the content and client components which have the role to enforce
those use rights.

Figure 1. Data flow in a typical DRM system

During data flow in a typical DRM system as shown in Fig. 1, four major phases can be identified :
content creation, content distribution, rights distribution and content consumption.
After issuing the rights encapsulated with other system specific information (encryption keys,
metadate, etc) as a license, it will be delivered to client component (also referred as DRM agent) ,
DRM client component must ensure client submission to the rules and rights expressed in the license.

4. Current DRM systems

In this section we will present three DRM systems in the industry , and we will generally study
how they bring DRM to life.

4.1 OMA DRM

In OMA DRM 2.0 system [3] content issuer packages and protects media objects, scrambling
them with a 128-bit AES symmetric Content Encryption Key (CEK). The rights issuer describes
associated content usage rights via Open Digital Rights Language (ODRL) [4] in chime with content
owner rights definition. These usage rights are then packaged together with CEK into a rights object.
The rights object is cryptographically bound with the content it specifies and is associated to one DRM
agent it’s addressing. The DRM agent is a trusted entity that is executed on the mobile appliance
receiving DRM content and rights object (license). Every OMA DRM agent has a public/private key

3
 2nd International & 6th National
Conference on Management of Technology

pair with a certificate delivered by a CA. The certificate, in addition to typical PKI (Public-Key
Infrastructure), carries also information on the characteristics of the DRM agent.
Based on this, the rights issuer may decide if to accept rights object issuing and delivery to a
given DRM agent. Furthermore, rights issuer encrypts the rights object only for the expected DRM
agent, signing every rights object it issues. When trying to access the protected content, the DRM
agent opens the associated rights object (only possible if the rights object was generated for it). The
rights management layer parses the ODRL expression inside rights object extracting permissions and
constraints. At this step, the right enforcement layer ensures obedience to these constraints and passes
CEK to the content protection layer that descrambles the content.
In OMA DRM there are several ways to deliver liscense and content to client . The rights can be
delivered to the consuming device by downloading them together with the content or by sending the
rights object separately from content (Figure 2. ). The former case (combined delivery) is simpler
whereas the latter case (separate delivery) provides more security by making it more difficult to steal
the content. However, a complete DRM technology, including strong security between the consuming
devices and content providers is not in the scope of OMA Download. The OMA Digital Rights
Management follows common DRM practices taking into account the special requirements and
characteristics of the mobile domain in order to support basic functionality with some level of security.
This specification defines also a “forward-lock” special case of combined delivery where the DRM
message does not contain a rights object. In that case a set of default rights apply for the media object
[3].

Figure 2. OMA DRM methods

4.2 Fairplay
FairPlay is a digital rights management (DRM) technology created by Apple Inc., based on
technology created by the company Veridisc. FairPlay is built into the QuickTime multimedia
software and used by the iPhone, iPod, iPad,Apple TV, iTunes, and iTunes Store and the App Store
[9].
FairPlay-protected files are regular MP4 container files with an encrypted AAC audio stream.
The audio stream is encrypted using the AES algorithm in combination with MD5 hashes. The master
key required to decrypt the encrypted audio stream is also stored in encrypted form in the MP4
container file. The key required to decrypt the master key is called the "user key". Each time a new
customer uses iTunes to buy a track, a new random user key is generated and used to encrypt the
master key. The random user key is stored, together with the account information, on Apple’s servers,
and also sent to iTunes. iTunes stores these keys in its own encrypted key repository. Using this key
repository, iTunes is able to retrieve the user key required to decrypt the master key. Using the master
key, iTunes is able to decrypt the AAC audio stream and play it. When a user authorizes a new
computer, iTunes sends a unique machine identifier to Apple’s servers. In return it receives all the user
keys that are stored with the account information. This ensures that Apple is able to limit the number

4
 2nd International & 6th National
Conference on Management of Technology

of computers that are authorized and makes sure that each authorized computer has all the user keys
that are needed to play the tracks that it bought.
When a user deauthorizes a computer, iTunes will instruct Apple’s servers to remove the unique
machine identifier from their database, and at the same time it will remove all the user keys from its
encrypted key repository. The iPod also has its own encrypted key repository. Every time a FairPlay-
protected track is copied onto the iPod, iTunes will copy the user key from its own key repository to
the key repository on the iPod. This makes sure that the iPod has everything it needs to play the
encrypted AAC audio stream. FairPlay does not affect the ability of the file itself to be copied. It only
manages the decryption of the audio content.
the Tables and Figures must be in the center of the page. Tables and figures should be cited
consecutively in the text. Title of the Tables must be in the top center of the Table and the title of
Figures must be in below of them at center. Before and after the Tables and Figures, an empty line
must exist (Times New Roman 11pt. Normal). Table 1 is an example for the authors, that shows the
necessary information to write papers.

4.3 playReady
PlayReady is a Digital Rights Management (DRM) from Microsoft for portable devices. The main
differences relative to previous DRM schemes from Microsoft are [10]:
Some popular features that were already present in other DRM schemes in the market have been
added; these include the concept of domain (group of devices belonging to the same user which can
share the same licenses), Embedded Licenses (licenses that are embedded in the content files, avoiding
a separate step for license acquisition) and envelopes (the ability to DRM arbitrary, potentially non-
media content). It is also the protection scheme for IIS Smooth Streaming, Microsoft's adaptive
streaming technology.
It is platform independent: unlike other Microsoft DRM schemes like Janus, PlayReady can be
ported to any kind of portable device, even if it uses non-Microsoft technology (OS, codecs, media
player, etc.). But Microsoft has never developed or released a version of its PlayReady DRM for any
Linux distribution. PlayReady competes with other proprietary DRM schemes and even more with
DRM-free software, most notably Apple's FairPlay introduced in iTunes and Quicktime. There are
several other DRM schemes that are competing to become the dominant DRM technology (e.g. OMA
DRM). Microsoft released the first version of the PlayReady suite (Porting Kit for devices, PC SDK
and runtime, Server SDK) in June 2008. Silverlight 2.0, released in October 2008, supports content
restricted with PlayReady. As of Silverlight 4.0, the implementation of Microsoft PlayReady in
Silverlight supports offline content (via persisted license), subscription scenarios (via chained licenses)
and online, streaming-only content (via simple non-persistent licenses). Output protection support was
also added in Silverlight 4.0. PlayReady is supported on the Silverlight implementation of Windows
Phone 7. Fair play can be used to help content producers deliver audio and video content that is secure
and protected from unauthorized capture and redistribution. This protection can be integrated into a
variety of business scenarios that include:
I. Online Scenarios: These scenarios require users to be online while they play back the media
content:

 Live Streaming: Live streaming (also known as "true streaming") sends content directly
to the computer or device without saving the file to a hard disk. A live stream is only
available while it is being broadcast. Internet television and radio are examples of live
streaming.

 Progressive Download: Progressive download lets users play back the media while it is
downloading. The main difference between progressive download and live streaming—
from a user's point of view—is that progressively downloaded content is stored on the
user's computer or device, at least temporarily.

5
 2nd International & 6th National
Conference on Management of Technology

II. Offline Scenarios: These scenarios allow users to be offline while they play the content. They
do require the offline Silverlight runtime to be installed on a user's computer or device, and
they do require the user to be online—at least intermittently—in order to initially download
the content and renew subscriptions.

 Download File Offline (onetime purchase): The user downloads the content from the
Internet and later plays it by using an offline Silverlight player. For example, an online
video store charges customers to download a video file, which users can play back in an
offline Silverlight player whenever they want. The DRM software can restrict
redistribution of the video file to one or more devices .

 Rental: You can specify time limits in your DRM licenses in order to limit playback of
content. For example, an online video store might offer their videos for rent. Once the
rental is purchased and the license downloaded, the license will expire 30 days after it is
issued or 24 hours after content is first played, whichever occurs first.

 Subscription: You can enable customers to playback content based on a subscription

model. For example, customers of the online video store pay a monthly fee to watch up
to 100 hours of television content online and download up to 20 episodes. In order to
renew their subscription, they need to pay the monthly fee and connect to the service at
least once a month because the subscription license expires every 45 days.

4.3.1 Silverlight DRM content playback

The following diagram summarizes the processes that are needed for Silverlight to play back DRM
content online as well as the client/server interactions that are needed to facilitate those processes.
Later, each of these steps is discussed in much more detail.

Figure 3. silverlight DRM content playback

1.Silverlight Client Accesses Content

The user attempts to play some DRM-protected content in a Silverlight application that is stored on the
distribution server (a distribution server, usually a Web server, is used to distribute your content). The

6
 2nd International & 6th National
Conference on Management of Technology

Silverlight client downloads the content (or some of the content, in the case of streaming) and the
header.

2.Is the User’s Computer Individualized?

Before Silverlight requests the license to decrypt the content, Silverlight must first determine whether
the user’s computer has the appropriate DRM software installed. This software is called the
individualized black box (IBX) and is the client component of DRM that is required before any
protected content can be played. The individualization component software enables the client
computer to request and use a DRM license. It also helps protect sensitive data that is used in the
decryption process. If the appropriate individualized component software is not already on the client,
the client automatically requests the component from the Microsoft Individualization Service. The
process of obtaining the individualized component software is called individualization. Silverlight
individualizes the user's computer by sending information to the Microsoft Individualization Service.
The user can block this information from being sent. After a valid individualization component is
installed, the client usually does not need to individualize again. An exception to this is if the
PlayReady license server SDK (run by a third party) refuses to issue licenses to a given IBX version. If
refusal occurs, the update is automatically initiated by the client.

3.Silverlight Requests License

When valid individualization component software exists on the client, it is ready to play DRM. When
the user initiates playback of the protected content for the first time, the Silverlight client contacts the
PlayReady License Server to obtain a license (the License Server is controlled by producer or
producer’s service provider). If the License Server approves the request, it issues a license that is used
by the client to decrypt the particular media file. The content can then be played.

4.Client Needs to Join Domain? (Optional)

Managing the computers on which a user can play back DRM-protected content is called
"Domain Management." Managing domains can be useful in both online and offline scenarios. The
functionality that is provided by the Microsoft PlayReady Domain feature is intuitive from an end-user
experience: the service provider allows the user to designate a group of computers as a domain.
If a computer has a domain-bound license for the content, any computer on the domain can
consume Microsoft PlayReady-protected content that is acquired by any other computer in the domain.
The user may easily add or remove computers from the domain, as long as the total number of
computers in the domain does not exceed the limit defined by the service. Domain management is
facilitated through a PlayReady domain server (domain controller server), which you provide.

5. Copy License to Persistent Licence Store (Optional)

The ability to store a license was added in the Silverlight 4 release. The license server can decide
to either issue a license that is "use once" or one that is persisted on the client. Licenses persisted on
the client are stored in a persistent license store, which is created on the client during individualization.
Storing a license on a user’s client is particularly useful in offline scenarios.

6. Play Back Content

If the license that is used to play back the content is valid, playback commences.

4.3.2 Root Licenses, Leaf Licenses, and License Chains

A license is a data file that holds a decryption key for an asset (another license or a piece of
content). It also contains DRM rights and restrictions that define how the content that it gives access to
can be used. Licenses come in three varieties:

7
 2nd International & 6th National
Conference on Management of Technology

 Simple License: A PlayReady License that is delivered from an application that is built by
using the PlayReady Server that contains rights and restrictions along with a key for the
associated piece of content.
 Root License: A license that controls one or more leaf licenses. The leaf licenses control
playback of specific pieces of content while the root license controls all of them. For
example, in a subscription model, the root license may have an expiration date while the
leaf licenses do not. When the root license expires, the leaf licenses are unusable until a new
root license is acquired.

 Leaf License: A simple license that is dependent on a root license.

Figure 4. leaf licenses controlled by a single root license

Let’s say that the user has a subscription and has downloaded several videos to play back later offline .
For each video, there is a leaf license that specifies the allowable usage for that video. In this case,
let’s assume that the leaf license says that the user can play the video anytime. However, PlayReady
ensures that there is a valid root license before allowing playback. If the root license has expired
(perhaps because users allowed their subscriptions to expire), the leaf license, does not allow playback.
In this way, the root license can be used to control the entire subscription (all the leaf licenses on the
user’s device).

5. General Vulnerabilities
Typically the license-evaluating engine executes on a computing platform that is under the control of
the licensee, as opposed to the licensor. Since the licensee can potentially be an adversary, we must
rely on the security of the platform to ensure that the content is used in accordance with its associated
license. To prop the security of this platform we may employ tamper-resistant hardware or software
components. However, there is no widely deployed trusted platform technology that has sufficient
security guarantees, and it is widely accepted within the security community that such platforms can
and will be broken by determined adversaries.
Without authentication, an attacker could attempt to deceive the license evaluation engine into
thinking that a different, authorized user is attempting to use the content. While authentication systems
are well understood, they are not infallible, and thus provide another target for circumventing the
system. In general, the adversary may attempt to spoof other characteristics that the license evaluation
engine uses to make its decision [11].

6.proposed blended framework

Our proposed blended framework as we call it, contains same basic actor with similar common
operation and it is obvious till now that most of DRM systems [3],[4],[8] follow the same pattern.
From architectural point of view, there is a PKI infrastructure to provide capability of effective
protection and authentication functionality.
In the overall architecture, shown in Fig. 5, content providers (CP), distribution services (DS), license
servers (LS), certification authorities (CA) and client (C) interact together driven by specific DRM
protocols following the design patterns described in previous sections. The content provider creates
the content and distributes it to distribution service using some secure channels. Because this is usually
achieved in a secure environment (private or not exposed network communications or secured delivery
as SSL, HTTPS, SRTP, FTPS, etc), neither content provider to licensing service nor content provider
to distribution service will be treated form a security perspective.

8
 2nd International & 6th National
Conference on Management of Technology

Figure 5. DRM Overall Architecture

Starting from the functional architecture description, we synthesize DRM transactions in several
phases (Fig.6):
 Creating content, content rights, metadata and container
 Generating keys
 Content request
 Authorizing the client
 Licensing information and rights-object distribution
 Licenses acquisition, license interpretation, license utilization
 Content consumption

Figure 6. DRM – functional workflow

At the last phase content consumption, After all necessary information (keys, usage rights, and
content) is acquired final content usage takes place. At this phase important security measures must be
implemented inside client subsystem while content is being decrypted and rendered. In this ecosystem
the client component security leaks can compromise the entire content protection measures. Having
this risks in mind, the solution for any DRM enabled content delivery system should include security
mechanism to deal with client component corruption. As a framework for developing DRM

9
 2nd International & 6th National
Conference on Management of Technology

architecture to business specific environment we have proposed PKI usage to provide cryptographic
support for entities authentication and usage rights protection through asymmetric encryption of
license object. Protecting license objects, which are issued dedicated to every specific user request
with license issuer private key, can also be used to guarantee service non-repudiation. Users are
discouraged from sharing their private keys and certificates, as keys can be used by other parities to
purchase content on charge of original user. an important contribution to the overall DRM system is
materialized by the DRM component interactions. We consider as essential the existence of interaction
policies guided by so called “middleware”. From a security perspective, this entity has the
responsibility to signal delivery and licensing services ensuring that only legitimate users can access
the system. We can put the middleware component as a cloud based service to be approachable by
user anywhere by any devices. And a unique clients system such as his personal computer as a
distribution service provider to his domain of devices this way we can limit the need of being
connected to the internet. Dealing with every user and content request autonomously, the protocol
described previously in this section and depicted in Fig. 5, provides a great security advantage in what
concerns user and content management [7].

7. Conclusion
Bettors at the horse races like to say: “You can beat the race, but you can’t beat the races.” With
any combination of current DRM technology, it is possible for a skilled attacker to “beat the race”, that
is, to defeat the persistent protection applied to a given piece of digital content. Of course, certain
combinations of the techniques will provide more of a challenge than others. However, at the current
evolutionary stage of DRM there appears to be no escape from the dubious concept of “security by
obscurity.” Consequently, once a dedicated attacker has gone through the (perhaps tedious) process of
removing the obscurity, the security vanishes as well. Furthermore, it appears that for nearly all
systems currently on the market, “beating the race” is equivalent to “beating the races”. If DRM is to
be successful in software-based systems, perhaps the best hope lies in the realm of software
uniqueness. If each instance of a particular DRM software product includes some degree of uniqueness
then an attack that succeeds against one will not necessarily succeed against all. Thus, “beating the
race” would not automatically “beat the races.” In fact, the problem of defeating all instances of
unique software is potentially many orders of magnitude more difficult than defeating a single
instance. Of course, much depends on how and where the uniqueness is employed [14].
It is conceivable that the idea of uniqueness could take software-based DRM beyond its current level
of hype—which is bound to disappoint as fielded systems continue to fail—to a level where a slow
leak of protected content is an accepted fact, but complete and total failure of systems is a rarity.

References
[1] R. Iannella, “Digital Rights Management (DRM) Architectures”, DLib
Magazine, 7(6), 2001.
[2] J.M. Boucqueau, “Digital Rights Management”, IEEE Emerging Technology Portal [Online]. Available:
http://www.ieee.org/portal/site/emergingtech/techindex.jsp?techId=67
[3] Open Mobile Alliance Digital Rights Management V2.0 [Online].
Available: http://www.openmobilealliance.org/
[4] MPEG-4, IPMP-X (Intellectual Property Management and Protection Extension) [Online]. Available:
http://www.mpeg.org/
[5] IETF Internet Digital Rights Management (DRM) Working Group, http://www.ietf.org/
[6] Open Digital Rights Language [Online]. Available: http://odrl.net/
[7] Victor-Valeriu PATRICIU, Ion BICA, Mihai TOGAN, Stefan-Vladimir GHITA, “A Generalized DRM
Architectural Framework”, Advances in Electrical and Computer Engineering, Volume 11, Number 1, 2011
[8] Objectlab, OpenIPMP [Online]. Available: http://objectlab.com/ openIPMP.html.
[9] wikipedia, Fairplay , Available : http://en.wikipedia.org/wiki/FairPlay
[10] microsoft PlayReady, Available: msdn.microsoft.com/en-us/library/cc838192(v=VS.95).aspx

10
 2nd International & 6th National
Conference on Management of Technology

[11] Stuart Haber, Bill Horne, Joe Pato, Tomas Sander,Robert Endre,Tarjan “If Piracy is the Problem, Is
DRM the Answer?”, HP Laboratories Cambridge, may 27th, 2003
[12] Chang H. and M. J. Atallah, “Protecting software code by guards,” Security and Privacy in
Digital Rights Management, ACM CCS-8 Workshop DRM 2001, Philadelphia, PA, USA, November
5, 2001, Revised Papers. Lecture Notes in Computer Science 2320, T. Sander (Ed.), Springer-Verlag,
Heidelberg, Germany, pp. 160-175, 2002.
[13] Digital Rights Management Approved Version 1.0 – 15 Jun 2004
Available: http://www.openmobilealliance.org/
[14] Mark Stamp, ”DIGITAL RIGHTS MANAGEMENT: THE TECHNOLOGY BEHIND THE HYPE”,
Computer Science Department, San Jose State University
[15] B. A. LaMacchia, “Key challenges in DRM: An industry perspective”, Proceedings of Digital
Rights Management Workshop, pages 51–60, 2002.
[16] F.A.P. Petitcolas. “Watermarking schemes evaluation” IEEE Signal Processing,
vol. 17, no. 5, pp. 58–64, September 2000.
[17] C. Shapiro and H. Varian, Information Rules, Harvard Business School Press,
1999.
[18] O. Sibert, D. Bernstein and D. Van Wie. “Digibox: A self-protecting container
for information commerce,” Proceedings of the 1st USENIX Workshop on
Electronic Commerce. New York, New York, July 1995.

11

View publication stats