DRM(Digital Right Management)

Among them, encryption and decryption technologies are key technology that protects from illegal copy and distribution of multimedia content. The encrypted content requires certain key of authorized user for decryption and operation. The current contents protection system is operated by inputting of user ID & Password that has a loophole because it does not support any protections if ID & Password being lost or shared by among users for illegal use. Thus, constant change of user ID method of system, use PKI or private key of customers was introduced to reduce such problem.

For instance, a unique number of user's computer that is composed of HardDisk number or CPU number may used for encrypting digital content, however, this lacks in terms of security wise because it gets hacked easily. For that reason, DRM encryption method improves its previous level of security by using its private key (PKI) internally. Beal Screamer proclaiming MS-DRM had been hacked in Oct. 2001 became a hot topic, which he had found the method to extract a key at hidden key module of MS-DRM. Therefore, using user's unique key for encryption give advantage by disallowing key sharing and terminates the 3rd party access of the content. For this reason, DRM system offers reliable and safe protection against illegal copy and distribution of multimedia contents.

Another unique characteristic of DRM is that it controls and manages each content differently according to assigned rules. It can control the content specifically to its payment terms, content quantity, usable time period, and file sharing. In addition, integration with payment system and customer management system are important factors of successfully incorporating DRM.

[Figure 1] DRM (Digital Rights Management)

[Figure 1] shows the case of contents distribution service using DRM, CP (Contents Provider) provides contents as a encrypted format connected with billing system. Seeing in order, user requests image, audio or video in network and go through payment, billing system informs payment approval. It delivers encrypted contents to only an authorized user through network.

Not only downloading but also streaming could deliver image, audio and video, and a certain browser provided by CP should be installed in PC or PDA to enjoy image, audio and video. Controlling user rule such as prevention of illegal copy or limit the number of play of contents should be done by the browser. Holding password-controlling program, the browser should need high security is the key issue for success in DRM system. Recently tempering technology which is to restore source code by making execution file implemented backward has been developed, Temper-proofing technology is needed to prevent it. It is no exaggeration to say that security of DRM system depends on security of the browser.

DRM seems to be a simple system having a browser; it is implemented with several systems being integrated. For delivering contents as users' request, it is necessary to have KMS(Key Management System), Payment Gateway, Contents Management DB and Super Distribution server for transferring contents using authority.

KMS has a role for checking user ID and password that allows registered users to access and prevent illegal users from accessing to the system. Payment Gateway connects various payment methods such as credit card, electric purse, cyber money and automatic depositor and payment approval should be done before delivering contents. Issuing coupons or operating mileage program as purchasing records by users could be made at need and there would be event management for promotion. Contents stored in Contents Management DB are transferred to appropriate ID at user requests. They are encrypted by a code or compressed for speeding communication up. For instant, audio file is compressed to MP3, AAC or WMA and it plays when decompressed in browser.

Contents are, in general, encrypted with user password or ID in server and delivered to user. De-encryption is executed when contents play through the browser installed in user computer. From short ago, there was criticism on security of encryption algorithm and several algorithms, however, has been proved in security and announced to public recently, it isn't full of disputes in security of DRM algorithm.