Digital Right Management (DRM)

Abstract'Digital Right Management (DRM) is a system for
protecting the digital rights of the copyrighted data which is
widely distributed through the internet or other means of digital
media by permitting secure distribution and preventing from
illegal distribution of the copyrighted data. Cloud computing is
an emerging technology where a huge amount of data is stored
from all around the world, from different countries and
Organizations. Thus it is important to secure and protect the
confidentiality of this data and also to preserve the privacy of the
user who is using this technology, so that no one can reveal their
personnel information and identity even their own Cloud Service
Provider (CSP). In This Paper a comparative analysis of the
various schemes is presented, most of them rely on a Trusted
Third Party (TTP), but even the TTP can be malicious. To
overcome the drawbacks an enhanced scheme is proposed which
preserve both the digital rights of the content and privacy of the
user without relying on TTP. Comparative analysis shows that
proposed scheme is better than other techniques which are
mentioned in this paper & suitable for upcoming Cloud based

Keywords'Digital rights management; cloud computing;
privacy; security; Trusted Third Party
With the increased use and sharing of the digital
information in today's world of networking and media
technology the security of this digital data has become a very
serious problem [3]. With the invent of the cloud computing
technology where a huge amount of information is stored
together from different sources the problem of preserving the
digital rights and privacy of the user has become a crucial
problem[6][8][20]. Moreover the Digital content can be easily
used and can be copied easily as well and it is possible for the
CSP to generate the personnel information of the user which is
involved in the transaction of the data. The concept of digital
rights management was introduced to protect the digital data
security and to preserve the privacy of the user [1-4, 18]. DRM
is a content protection technology that prevents illegal use,
copy and distribution of digital content. In DRM environment,
only legitimate users are allowed to access and to use the
copyrighted data and content technology [2]. DRM not only
protects the piracy, but it also protects the interest of copyrights
related parties. In essence, the intellectual property right
is exercise by permitting an authorized use of the copyrighted
work. Thus the copyright holders started to use the digital
rights management as the defense to the piracy or illegal use of
their copyrighted data.
This paper is organized as follows: Various Schemes and
Literature survey are discussed in section II, proposed scheme
is discussed in section III, comparative analysis of different
schemes is conducted in section IV and section V gives the

This section describes the various existing schemes which
are compared in this paper [10][15-18].
A. License Management Scheme with Anonymous Trust
License acquisition and usage tracking is a scheme which is
based on Elliptic Curve Diffie-Hellman (ECDH) key
agreement to ensure the security and privacy of the data
transferred between the communication channel between DRM
System and client preventing against malicious attacker and
protects user privacy [18]. LMSAT allows the user to
anonymously access the content's anywhere, anytime and on
any compliant devices. For accessing the digital content the
user request license of that content. When the user inputs the
Anonymity ID and corresponding password the DRM system
will charge the user secret account for the equivalent contents.
LMSAT protects the user's privacy and allow the user an
ubitious access of the content on compatible devices using his
Anonymity ID and token. The vital information including
decryption key usage rules and other data in the license are
encrypted by user's Anonymity ID and Content ID. Hence only
the user with a correct Anonymity ID can compute the correct
key according to his Anonymity ID and Content ID. The
attacker fails to decrypt the vital information in the license
even if he gets the license and content. The Anonymity ID
represents an anonymous account so even if the user distributes
his Anonymity ID to others the DRM system will charge the
2014 Fourth International Conference on Communication Systems and Network Technologies
978-1-4799-3070-8/14 $31.00 ?? 2014 IEEE
DOI 10.1109/CSNT.2014.142
anonymous account for accessing the content. Thus restricting
the user from sharing his Anonymity ID with others and
protecting illegal distribution of data [18].
B. A Ticket Based Digital Rights Management
Designed a protocol and used the concept of ticket for
anonymous consumption and protection against malicious
servers. The protocol generates a ticket for the user which is
required to obtain content license and is based on maitland et
al.'s restrictive partially blind signature. It is not possible to
detect the identity of the original owner of ticket although the
server has all information of the protocol suggested in this
scheme [15]. Thus the user gets the license without revealing
his own identity and personnel information. This scheme also
overcomes the problem of malicious server by providing a
content key management protocol which prevents the
malicious server from getting a complete content key
C. TTP-Free Revocation in Anonymous Authentication
Privacy-Enhanced Revocation with Efficient Authentication
scheme PEREA without Trusted Third party is a scheme in
which the time complexity of authentication at the service
provider is independent of the size of the blacklist. PEREA
uses accumulators as a blacklist; the user presents a ticket
which is a one-time token generated by the user and give the
desired unlink ability across authentication. As the user can
generate any number of new tickets PEREA overcome this
problem by eliminating the previous number of tickets from the
accumulator. PEREA is the first scheme which is independent
of the size of the computation at the service provider [16]. It
blacklist the users who try a number of authentication attempts
by using the concept of revocation window giving efficient
solution and comparatively shows that it outperforms the
Blacklistable Anonymous Credentials BLAC.
D. Anonymous and Accountable Authentication Framework
In this a framework is suggested which is a combination of
protocols which efficiently provides privacy, security and
content usage for communications in wireless mesh networks.
The framework provides an anonymous mutual authentication
protocol by which only valid users can establish connection to
the network from anyplace without revealing their identity and
getting tracked. But in this framework the network operator or
any other authority can infringe the privacy of a user.
Users connect to the WMN using an anonymous mutual
authentication protocol based on group signatures [10] where
both signature generation and verification operations are
efficient. Since the signature scheme is anonymous and
unlinkable it is not possible to identify and track users, thus
providing them with strong privacy. User accountability is
achieved through an efficient user revocation protocol that can
be executed only by a coalition of certain semi-trusted noncolluding
parties. The revocation protocol can also be used for
the users whose subscriptions expire while the backward
security is guaranteed for users who are revoked [10].
E. Privacy-Enhanced Superdistribution of Layered Content
Suggested a mechanism that super distributes the content
through an encrypted layer and make it easy for the user to
decrypt and access the content at any level also it prevents the
information of the content package from the merchant, i.e.
which package is exactly access by the consumer thus ensuring
better consumer privacy. This scheme also make use of the
trusted access control, which avoids the consumer from
randomly copying and redistributing the decryption keys or
even the decrypted content, thus accomplishing a type of
digital rights management for the digital content[9].
Various digital rights management schemes are discussed
in the above section this section focuses on the enhanced
scheme which overcomes all the drawback of previous
schemes. Privacy enabled digital rights management
mechanism without using the trusted third-party assumption is
proposed [2]. The proposed scheme supports both
accountability and privacy. In which simple primitives of
cryptography such as blind decryption and hash chain are used
to construct the system. This scheme also provides a privacy
preserving revocation mechanism which preserves a nonanonymous
authentication, denotes authentication with the real
identity of a user. To prevent impersonation or masquerading
by entities, a user has to reveal his identity credential for
verification at the time of user registration. In content
distribution mechanisms, the distributors purchasing the
redistribution licenses may not be interested in revealing the
details of the content in order to prevent leaking of information
about their business strategy to their contender or even to the
vendor [7]. End user clients are concerned about their loss of
privacy as their purchasing patterns may be used to infer their
A trusted third party (TTP) is an entity that facilitates the
communication between the two parties who have mutual trust
on the third party. In TTP models, this trust is used to secure
the communication between the two relying parties. However,
in real life a TTP can become untrusted or malicious. This is
one of the problem on which the proposed scheme is focused.
Most traditional DRM systems use conventional
authentication mechanisms based on Public key Certificates. In
such DRM systems, Attribute-Based Credentials such as
Attribute Certificates are issued after the validation of the
Public Key Certificate [6]. The Attribute Certificate will be
associated with the Public Key Certificate and the attribute
keys. These certificates are required to be present to the party
requesting the authentication which may expose the identity
information of the User (e.g., name and age) due to linking of
the Attribute Certificate with the Public key Certificate.

Figure1.Content Distribution Architecture
The content distribution Architecture is shown in Fig.1
which consists of N number of Distributor at each level and the
number of levels are L.The end users are the clients who gets
content from the distributor at any level.
In the proposed system, a User gets the attribute keys and a
blindly decrypted token after validation of their Public key
Certificate by the Owner. At the license acquisition step, the
User needs to submit the anonymous token to the Content
Provider (the party requesting the authentication) for
authentication, instead of submitting the Public Key Certificate
and the attribute keys. Therefore, the proposed mechanism
does not expose the link between the attribute keys, the User,
and the content purchased, thereby unrevealing the identity
information of the User. The proposed scheme solves both the
problem of reliance on a TTP and preserving the privacy of the
There are various schemes which are proposed for
preserving the digital rights of the data and user privacy [1-
2][7][13][17]. In some of them basic encryption and decryption
techniques are used other approaches rely on third party [17]
while some are able to achieve the similar results without
relying on a third party [2][7].
The digital content can be transmitted to any level, means
at multilevel consisting of multiple parties as the digital content
can be used to any extent.[14] but as the transmission consist of
multiple parties it consumes some extra time for transmission.
The digital rights management not only protects the digital data
from illegal user but also from the malicious servers. For this
purpose protocols are designed and used which consist of ticket
for anonymous consumption at multiple level of content
distribution [14]. As the digital content can be used anytime,
anywhere, and on any compliant devices anonymously for this
purpose powerful and flexible license acquisition and usage
tracking scheme is developed [16] in which the user can
request the license of the digital content by providing
Anonymity ID and corresponding Password according to the
requirements of DRM system, and then the DRM system will
charge the anonymous account for their corresponding content.
New anonymous authentication scheme are also developed
in which bottleneck computation is independent of the size of
the revocation list. Authentication in such schemes requires
users to send Service providers their pseudonyms encrypted
with the trusted third parties key; Service Providers can present
a misbehaving user's escrowed identity to the TTP as part of a
complaint procedure [16]. Some other schemes are also
developed for providing, privacy, security and account of
content usage for communications .The framework Suggested
in [10] provides an anonymous mutual authentication protocol
with the help of which only users having correct attributes can
connect to network from anyplace without revealing their
The supported features and comparison between different
schemes is illustrated in the Table-1
Features [18] [15] [16] [10] [17] Proposed
accountability Y N Y N Y Y
Resistant to
collision of
DRM servers
tracking &
No reliance
on TTP Y Y Y Y N Y
sharing of
anonymity ID
No extra
for user in
In this paper a comparative analysis of various schemes is
given based on their features and briefly describes the different
schemes of digital rights management which shows that the
proposed scheme overcomes the limitations of other schemes;
solve the problem of reliance on TTP and preserving privacy of
the user. An extension to this paper will be published showing
the results and evaluation using above mentioned parameters in
Table-1 of the proposed scheme.

Source: Essay UK -

About this resource

This Information Technology essay was submitted to us by a student in order to help you with your studies.

Search our content:

  • Download this page
  • Print this page
  • Search again

  • Word count:

    This page has approximately words.



    If you use part of this page in your own work, you need to provide a citation, as follows:

    Essay UK, Digital Right Management (DRM). Available from: <> [05-06-20].

    More information:

    If you are the original author of this content and no longer wish to have it published on our website then please click on the link below to request removal: