Imtf DRM Solution: Michael - Faessler@imtf - CH & Przemyslaw - Dabrowski@imtf - CH

IMTF DRM SOLUTION
michael.faessler@imtf.ch
&
przemyslaw.dabrowski@imtf.ch
Mai 2010
Summary
• What is IMTF DRM solution ?
• Why use IMTF DRM solution ?
• How does IMTF DRM solution works?
• Requierements
• Demo (proof of concept)
• Questions
IMTF DRM solution, IMTF 2010

michael.faessler@imtf.ch 2
What is the DRM solution?
• IMTF DRM (Digital Rights Management)
– On server side :
• PDF encryption (RC4, AES, … : our choice)
• Adding special metadata for DRM such as rights for
printing, saving, print screens,…
– On client side (Adobe Reader plugin)
• Decryption
• Enable/Disable Adobe Reader features depending on
metadata included in the PDF.

Why use DRM solution ? (1)
• Prevent documents misuse on client side
– Keep the documents in the scope of the server
– Release the documents out of the scope only when have rights
Server scope
Print right
Server
Documents Save right
on client side

Why use DRM solution ? (2)
• HS5 actually uses ICE PDF as DRM solution
– ICE PDF cannot display correctly ALL documents
Have to wait on bug fixes from ICE soft…
• New IMTF DRM solution is based on Adobe
Reader
EVERY document will be displayed…
…if not it means the document is corrupted

How does it work?
Client (Web browser) Server

How does it work?(1)
1. http direct access
Information
1.
1. The
The user
user clicks
clicks on
on aa « direct
« direct access »
access » Retrieval
link
link in
in the
the portal
portal referencing
referencing oneone or
or
many
many documents.
documents. AA HTTPHTTP request
request is
is
sent
sent toto Retrieval
Retrieval containing
containing thethe
document
document ID(s).
ID(s).

How does it work? (2)
Information
Retrieval
2.
2. Retrieval
Retrieval asks
asks Metalan
Metalan for
for the
the
rights
rights of
of the
the user
user on
on the
the schema
schema toto 2. Get rights on doc
which
which belongs
belongs thethe document(s).
document(s).
(read, Metalan
(read, print,
print, print
print copy,
copy, save,…).
save,…).

3. Ask for doc (with the rights + password)
Styx
Information
Retrieval 3.
3. Retrieval
Retrieval asks
asks Styx
Styx for
for
retrieving
retrieving the
the
document(s)
document(s) specifying
2. Get rights on doc specifying
the
the rights
rights from
from Metalan
Metalan
Metalan and
and aa temporary
temporary
password
password stored
stored that
that
will
will be
be stored
stored in
in the
the
session.
session.

4. Ask for doc Styx
Information
Retrieval
2. Get rights on doc
Metalan
EDOC
4.
4. Styx
Styx asks
asks EDOC
EDOC for
for the
the document(s)
document(s)

4. Ask for doc Styx
Information
Retrieval 5 DOC(s)
5.
5. The
The document(s)
document(s) are are
going
going through
through Styx’s
Styx’s Styx transformer 1
transformers
transformers and and areare
converted
converted into
into one
one PDF PDF Styx transformer n
Metalan
PDF
EDOC

4. Ask for doc Styx
Information
Retrieval 5. DOC(s)
Styx transformer 1
Styx transformer n
Metalan
6.
6. We
We apply
apply aa last
last Styx’s
Styx’s transformer
transformer to to the
the PDF,
PDF, PDF
which
which isis the
the Encryptor.
Encryptor. ItIt will
will ::
-- Encrypt
Encrypt the
the PDF
PDF EDOC 6.
Encryptor
-- Add
Add some
some specific
specific metadata
metadata :: Transformer
-- URL
URL to to the
the Permission
Permission servlet
servlet (see
(see after)
after)
-- Rights
Rights onon the
the document
document from from Metalan
Metalan
-- IMTF Encrypted
IMTF Plugin
Plugin identificator
identificator (see
(see after)
after) PDF +
-- Temporary
Temporary Password
Password to to open
open the
the document
document Metadata
(Rights)
4. Ask for doc Styx
Information
7. http response with PDF
Retrieval 5. DOC(s)
Styx transformer 1
7.
7. Retrieval
Retrieval returns
returns the
the PDF
PDF 2. Get rights on doc
in
in aa HTTP
HTTP response.
response. Styx transformer n
Metalan
PDF
EDOC 6.
Encryptor
Transformer
Encrypted
PDF +
Metadata
(Rights)
4. Ask for doc Styx
Information
8. Mime type == PDF 7. http response with PDF
Retrieval 5. DOC(s)
Styx transformer 1
Adobe Reader 8.
8. Browser
Browser detects
detects that
that the
the 2. Get rights on doc
HTTP
HTTP response
response is
is aa PDF
PDF and
and Styx transformer n
call Metalan
call Adobe
Adobe Reader
Reader to to open
open it.
it.
PDF
EDOC 6.
Encryptor
Transformer
Encrypted
PDF +
Metadata
(Rights)
4. Ask for doc Styx
Information
Retrieval 5. DOC(s)
Styx transformer 1
Adobe Reader 9.
9. Adobe
Adobe Reader
Reader detects
detects 2. Get rights on doc
that
that the
the PDF
PDF is
is encrypted
encrypted Styx transformer n
9. PDF encrypted  read
and
and reads
reads the
the metadata
metadata totoMetalan
metadata  select
select the
the decryption
decryption plugin
plugin PDF
use IMTF Plugin
which
which isis IMTF
IMTF Plugin
Plugin (see
(see
step
step 6)
6) EDOC 6.
Encryptor
Transformer
IMTF Plugin
Encrypted
PDF +
Metadata
(Rights)
4. Ask for doc Styx
Information
Retrieval 5. DOC(s)
10. IMTF Plugin reads
10. IMTF Plugin reads the the
metadata
metadata for for the
the URL
URL (see
(see Styx transformer 1
Adobe Reader 2. Get rights on doc
step
step 6)6) of
of the
the Permission
Permission
Servlet
Servlet and and sends
sends aa HTTP
HTTP Metalan Styx transformer n
9. PDF encrypted  read authentification
authentification request request to to
metadata  PDF
use IMTF Plugin itit (protocol
(protocol is is to
to be
be
specified)
specified) EDOC 6.
Encryptor
Transformer
10. http authentification
IMTF Plugin request
Permission Encrypted
Servlet PDF +
Metadata
(Rights)
4. Ask for doc Styx
Information
Retrieval 5. DOC(s)
Styx transformer 1
Styx transformer n
Metalan
metadata  PDF
use IMTF Plugin
11.
11. Permission
Permission Servlet
Servlet
returns
returns an authentification EDOC
an authentification 6.
Encryptor
http
http response
response (protocol
(protocol to to Transformer
IMTF Plugin be
be specified)
specified)
10 http request «DocPerm»
Servlet PDF +
response Metadata
(Rights)
4. Ask for doc Styx
Information
12.
12. IMTF
IMTF Plugin
Plugin receives
receives Retrieval 5. DOC(s)
the
the HTTP
HTTP response
response ::
-- Check Styx transformer 1
Adobethe
Check the server
server
Reader 2. Get rights on doc
authentification
authentification Styx transformer n
-- Decrypts
Decrypts the the PDF
PDF Metalan
-- Enable
Enable
metadata Adobe
Adobe Reader’s
Reader’s
use FileOpen PDF
features
Plugin
features depending
depending on on the
the
rights
rights inin the
the document.
document. EDOC 6.
Encryptor
Transformer
IMTF Plugin request
12. Enable Adobe Reader Servlet PDF +
allowed features and display 11. http authentification
the PDF. response Metadata
(Rights)
4. Ask for doc Styx
Information
Retrieval 5. DOC(s)
Styx transformer 1
Styx transformer n
Metalan
metadata  Let’s
Let’s have
have aa closer
closer look
look on
on PDF
use IMTF Plugin
authentification
authentification protocol…
protocol…
EDOC 6.
Encryptor
Transformer
IMTF Plugin request
12. Enable Adobe Reader Servlet PDF +
allowed features and display 11. http authentification
the PDF. response Metadata
(Rights)
IMTF PLUGIN PERMISSION SERVLET
ENC_SERVER_KEY (hard coded) ENC_SERVER_KEY (hard coded)

ENC_CLIENT_KEY (hard coded) ENC_CLIENT_KEY (hard coded)
Password (encrypted in document) Password (in http session)

URL to the server (from document)
1. Encrypt password (got from session)
1. Generate random RSA private/public with public key
keys (SSL) 2. Remove password from session
2. Send public key to server 3. Send encrypted password to plugin
4. Decrypt password with private key
5. Decrypt document with the password
and display it.

Requirements?(14)
1. Internet Explorer 6 or later
2. Adobe Reader/Acrobat 7 or later
3. Plugin installed on every client using the portal
and accessing without the save right.

Demo

Questions


Imtf DRM Solution: Michael - Faessler@imtf - CH & Przemyslaw - Dabrowski@imtf - CH

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Imtf DRM Solution: Michael - Faessler@imtf - CH & Przemyslaw - Dabrowski@imtf - CH

Uploaded by

Copyright:

Available Formats

IMTF DRM SOLUTION

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

2. Get rights on doc

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

ENC_SERVER_KEY (hard coded) ENC_SERVER_KEY (hard coded)

Password (encrypted in document) Password (in http session)

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

IMTF DRM solution, IMTF 2010

You might also like