Rights management 285 SyncCast central servers Content rights administration Content creation Content distribution Content consumer business rules content file media server SyncCast DRM dashboard License & key database SyncCast DRM Packager stream or download file users requests protected file permission granted Windows Media player SyncCast DRM server protected file Figure 14.11 SyncCast DRM solution.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
from the media, the licensing terms can be changed without the need to encrypt the media file again and then redistribute to the client. Windows Media Rights Manager supports rental or subscription business models. Limited play previews allow the potential purchasers to look before they buy. Windows Media Rights Manager can predeliver licenses. This helps to remove the consumers resistance to the acquisition and playing of secure media files. One feature is silent licensing, which means that a content provider may silently deliver the license to the consumer, without the need for the consumer to intervene. Secure Audio Path One area where content can be stolen is within the user s PC. If the clear audio data passing between the DRM client and the sound card driver is intercepted, then the content easily can be diverted and saved to the disk. To prevent this, Windows Media has a feature called the Secure Audio Path (supported by Windows ME and XP). The DRM is embedded in the OS kernel. Before decryption, the DRM kernel component verifies that the path to the sound card driver is valid and authenticated. If any unauthorized plug-ins exist, then the decryption is barred. This prevents plug-ins on the sound card from copying the audio data. Microsoft certifies valid drivers for security. Controlled Transfer to SDMI Portable Devices Windows Media Device Manager permits the secure transfer of protected media files to Secure Digital Music Initiative (SDMI) portable devices or the removable media for those devices. SyncCast One of Microsoft s partners is SyncCast. They have a suite of products that allow Windows Media content to be distributed as streams or on CD/DVDROMs over intranets or the Internet. To sell content, SyncCast partnered with iBill, a supplier of turnkey e-commerce solutions. Their SyncPack DRM packager is a client application that permits content creators, authors, and distributors to encrypt Windows Media files. SyncCast has adopted the .NET infrastructure to allow the remote administration of content licenses. The digital rights are managed from the Web browser-based DRM Dashboard. From this the administrator can view usage reports, change business rules, add new products, and control users. The business rules and licenses are stored on SyncCast s centralized DRM servers. 284 The Technology of Video and Audio Streaming
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Adult Web Hosting services
Flexible Business Models New licensing rights have been introduced with Windows Media Rights Manager 9 to help enhance the creation of new, innovative business models. Licenses are issued independently of the actual media files. This provides flexibility for the business model and allows wider distribution of content. The Rights Manager checks for the consumer s license every time a media clip is played. If the user does not have a valid license, they are directed back to the registration web page. Because licenses and media files are stored separately Rights management 283 clearing house content server license server portal media player DRM client audio/video content packager transact license deliver key purchase SDMI player stream media post content secure download encrypted content Figure 14.10 Windows Media Rights Manager.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Cheap Web Hosting services
you may be granted the right to view a movie once only, or you may be given the right to print an electronic document. The license is a set of grants and it identifies the principal who issued the license. The grant gives the authorization upon a principal. The rights expression is authenticated by a digital signature. A resource can be digital content: an e-book, a digital image file, or a video clip. It can also be a service like an e-commerce service or a piece of information like an address that is owned by a principal. The condition specifies the terms and conditions of the license. This could be a rental agreement or the terms for outright purchase. XrML has been used for the basis of the MPEG Rights Expression Language, part of the MPEG-21 standard. Examples of DRM products Microsoft In recent years, Microsoft has devoted much attention to security. Their initial focus was on solutions to protect digital entertainment in the form of audio and video files, although they since have added document security. The Windows Media Rights Manager can protect audio-visual content encoded in the Windows Media streaming format. In 2003, Microsoft announced Windows Rights Management Services. Much like Windows Media, a central rights management server stores licenses that control access to protected files. Windows 2000 and XP both offer flexible file security and access control, but only on the corporate network. There is always the constant problem of staff burning copies of files to CD-ROM. Network security and access control lists cannot protect files outside the corporate firewall. Windows Media Rights Manager 9 Microsoft s Windows Media Rights Manager provides a secure end to digital media e-commerce solution for Windows Media. This solution enables both application service providers and Internet content providers to manage, deliver, and sell streaming media. It supports download-and-play and conventional streaming. The Windows Media Rights Manager system is designed to work with third-party credit card software that is compatible with MS Site Server 3.0. The Windows Media Rights Manager allows the publisher to set up the rules for the transaction. The player then uses these rules to open the encrypted content. 282 The Technology of Video and Audio Streaming
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
XrML was developed at the Xerox Palo Alto Research Center in the late 1990s as the Digital Rights Property language. The original meta-language was changed to XML in 1999 and renamed. It has now been adopted by leading software developers and publishing houses as a common rights language for digital resources, both content and services. The core concepts of XrML are as follows: Principal Right License Grant Resource Condition The principal is the party who is granting or exercising the rights. The rights detail what action a principal may undertake using a resource. As an example, Rights management 281 perimeter security: firewall, access control network security: LDAP encryption water mark content Figure 14.9 Security shells.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Adult Web Hosting services
Hackers present many threats to a business. It could be through unauthorized access to confidential information or loss of data integrity, where the hacker alters the content, possibly to embarrass the content owner by substituting inappropriate material. The threats Although cracking the encryption may appear to be a common threat, it is difficult and can take a very long time. The more usual threat is theft of the keys. Some licenses are valid for a short time period; one method that has been employed to fool such licenses is to change the computer s date and time. A good DRM plug-in should be resistant to such manipulation. Video and audio content can be copied once in the analog domain. The wires to the loud speakers and the VGA connections to the computer monitor are both easy access points to make analog copies of audio/video content. It is difficult to prevent such attacks, just as it is difficult to stop somebody sitting in a movie theatre with a camcorder. Third-party audit Before investing a considerable sum in a DRM product, find out how secure it really is. Ask to see third-party audits, or instigate your own. Caveats No encryption is proof against determined efforts to crack. DRM makes piracy difficult, but does not prevent it. Other methods of defense of property rights will be necessary. Watermarking aids tracing of stolen content. Some level of theft is inevitable and should be included in the cost of sales. XrML As streamed media is handled by a number of applications during the processes and workflows of authoring and distribution, there is a need to express the content rights and the rules for access in a portable format through the content lifecycle. That means that information can be passed from one application to another without the need to develop custom interfaces. The Extensible rights markup language (XrML) is one such grammar. 280 The Technology of Video and Audio Streaming
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
watermark in an audio file. This uses similar auditory masking processes to those exploited by audio compression schemes. Automatic web spiders continuously can search the web looking for open (unencrypted) content that carries invisible watermarks. A typical example is the MarcSpider from DigiMarc. Persistent watermarks usually should be able to survive copying to be effective. The copies may be compressed using codecs like JPEG or MPEG. There may be intermediate analogue copies. The watermark should survive all this signal processing. There are other watermarking schemes where the mark deliberately is made very fragile. It should not survive the copying process, so if it is missing, that content can be identified as a copy. This is very much the analogue of the bank note. The lack of the watermark would indicate a counterfeit. Unlike data encryption, watermarks can be embedded in the waveform rather than the data. This can be used for images, audio, and video. Spread spectrum techniques can be used to add data in the time domain. These can be thought of as time-delayed echoes. These can be recovered by cepstrum analysis. If video and audio are compressed by a codec like MPEG, the coding thresholds can be modulated with the watermark data. Watermarks are no panacea. They can be defeated, just as encryption can be broken. They form part of an environment where the theft of digital assets is made more difficult and the culprits can be traced more easily. Security Before setting up a secure media distribution system, it is a good idea to look at your goals. What are you trying to protect and how much do you want to spend on security? The security analysis splits into three areas: 1. The content 2. The monetary transaction 3. The server infrastructure DRM gives protection of the content and often includes the monetary transaction. The transaction can use mature technologies from the e-commerce arena. The third area, the server infrastructure, is covered by normal enterprise level computer security (outside the scope of this book). The infrastructure should be protected for several reasons. One is the value of the content asset library; another is that attack could compromise the brand of the publisher, aggregator, or retailer. This attack could be from denial of service or loss of data integrity. Rights management 279
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
fingerprint is akin to the serial number of the copy. If a clear copy is found, the fingerprint identifies the copy that was compromised. Originally, a watermark was a faint imprint from the mould used to make high quality paper. We are all familiar with the use of watermarks in bank notes. In this application, the watermark is part of a number of measures used to indicate that the note is genuine rather than a counterfeit, to authenticate the note. A watermark can be highly visible, like an embossed logo. This often is used for preview copies of still images or video, where its role is partly to brand the content. Something subtler is needed for the full-resolution content, just like the watermark on a piece of paper or bill. An invisible identifier can be hidden in the video files, using the techniques of steganography (from the Greek, meaning hidden writing). The identifier can be extracted or detected by a software agent. Watermarking does not have to be a visual; there are schemes that embed a 278 The Technology of Video and Audio Streaming digital video file Shared key content server media player encrypt decrypt Public integer numbers: P, G E = GX mod P Public key F = GY mod P Public key K = FX mod P Shared key K = EY mod P Shared key Y E F K K Key exchange Private key X Private key clear or plaintext clear or plaintext encrypted or ciphertext Figure 14.8 The Diffie Hellman key agreement.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Adult Web Hosting services
The standard for shared secret cryptography is the DES algorithm (Data Encryption Standard). The problem with a secret key is the secure distribution from one party to the other. Different methods can be used to deliver the key. One is the secure courier. Another is the telephone callback. One party phones the other, and says call me back. The other party calls back to an unlisted phone number; now the original party has authenticated they have the wanted party and can divulge the key. The courier is not a viable option for e-commerce systems. Pay-per-view conditional access uses a smart-card in the set-top box, plus a phone link to connect to the box. Each box is uniquely accessible, so can be shut down by the subscriber management center. The media player in a PC is a much more open system than the proprietary hardware in the set-top box. There is also consumer resistance to the use of a smart-card, although such systems exist. The alternative is an electronic version of the telephone callback. This uses the digital signature security standard (DSS). Once the rights server has authenticated the client from the digital signature, the secret key can be exchanged. One algorithm that has proved popular is the Diffie Hellman key exchange. It starts with two publicly available integers, P and G. Each party, the rights server and the client, generate private keys, X and Y. The Diffie Hellman algorithm then is used to generate public keys, E and F, which the two parties exchange. Each party then uses the other s public key, their own private key, and the public number P to generate a common number. This common number K is now a secret shared by both parties. Note that at no time has this shared secret key been exchanged over the Internet. This shared key then can be used to encrypt the media file. This description is somewhat simplified; the full description can be found in the IETF RFC 2631: Diffie Hellman Key Agreement Method. Note that the Diffie Hellman key agreement can be intercepted by a man-inthe- middle attack, because there is no authentication between the two parties. Such authentication could involve the prior exchange of digital signatures. Watermarking In the digital domain, watermarking embeds a persistent signature that identifies the source of the content or the client copy. The latter is often called fingerprinting. For a content provider to trace the sources of piracy, two clues are necessary. The first is a means of identifying the owner of the stolen content, and the second is a trace of the client that compromised the security. These clues can be introduced as a watermark to identify the owner of the stolen content and as a fingerprint to identify the instance that was copied. The Rights management 277
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP Web Hosting services
Encryption Cryptography has two uses within DRM. The first is to encrypt content for confidentiality or protection of the owner s rights. The second is for the protection of the certificates that are used for authentication and for access control (authorization). There are two families of cryptography: shared secret and public/private key. A shared secret key (also called a symmetric) uses the same key to encrypt the content and then to decrypt it at the receiving end. In cryptography the clear file is called plaintext and the encrypted version is called ciphertext. The scrambled ciphertext feasibly can be decoded only with the key. One way to crack the encryption is to try many different keys until you chance upon the correct one. The more characters in the key, the longer it will take, on average, to find the key. This cracking can be made more difficult by changing the key at certain intervals. Shared key encryption is efficient and suited to large files just like media files. An example of a shared secret is a personal identification number (PIN) used to withdraw cash with an automated teller machine. The PIN is used to verify the physical credit card. The PIN is a secret shared by the bank computer and the authorized holder of the card. 276 The Technology of Video and Audio Streaming clear or plaintext clear or plaintext encrypted or ciphertext shared key digital video file content server media player encrypt decrypt Figure 14.7 The secret shared encryption key.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Cheap Web Hosting services