Case Study of a DRM Server

This article makes a case to build an industry-standard DRM Server as an open source project.


Goals and Non-Goals:

1. Why a DRM Server?

Digital market-place is inevitable. As the market-place mechanism for digital content establishes itself, the privacy and rights debates in the industry will have to eventually sort it out. It is highly likely that eventually, a level of DRM that is considered acceptable to both the content providers and the users will emerge.

Given that a DRM Server is an enabling piece of software for digital market-place, this is an attempt to study the building blocks for such a server.


2. Choice of DRM Standards to include in our case study:

The state of this technology is continually evolving and the industry is publishing standards at a rapid pace. There are standards from organizations like OMA that set standard for mobile DRM. The majority of the deployed DRM solutions and standards have come from a few leading industry players such as, Adobe, Microsoft and Apple.

A recent standard from Open Mobile Alliance or OMA provides some guidance on digital rights for streaming content to mobile platforms. This standard is known as the "Smartcard DRM profile".


3. Analysis to scope out the requirements:

Our initial focus is to analyze existing standards such as the Smartcard DRM profile as well to study the basic building blocks needed for our DRM server.

The early goals are to study and build prototypes for the various building blocks of a DRM server. The driving goal is to arrive at a set of high-level requirements that our DRM server will eventually satisfy.

High-Level Functional blocks of a DRM Server

In this section, we highlight the high level building blocks of a DRM Server.

1. Key Management Infrastructure

A DRM Server makes use of ciphers, which are algorithms that use cryptographic keys to scramble the content. These keys are required to descramble the content.

Since cryptographic keys play such an important role in a DRM Server application, key management is a central building block of a DRM Server. This system deals with the creation and management of cryptographic keys. The following figure outlines what could be a high-level overview of modules present in a key management System.



A brief explanation of each function is in order and is provided here,

1. Key storage or Key Vault

The main job of a key vault is to safely store and provide access to the keys used by the crypto. Engine. This is perhaps a vital piece of the DRM server design.

2. Key Manager

The key manager is an interface that manages the creation, deletion and updates of keys in the key vault. Naturally, it follows that when a key manager retires a key and activates a new key, the data has to be re-encrypted using the newly active primary key.

This is a very sensitive administrative function that must be performed by a cryptographic officer. It follows that the key manager has well-defined access control policies.

3. Crypto Engine

This is a critical piece of the DRM server, as it provides the basic crypto operations, including encryption, decryption, signing and verification. The crypto engine has access to the Key Vault. The providers and the key manager may have access to a crypto engine.

4. Key Manifest

This is a function that acts as the bridge between the keys stored in the key vault and their selection to encrypt the content. It deals with the key families and aliases. This function can also manage the key life cycle.

5. Provider

Provides a level of abstraction between the client and the crypto engine. It verifies a client request for encryption or decryption or other operation and selects the correct key aliases and any other additional parameters to satisfy the request. It passes the results back to the consumer.

6. Consumer

This is the contact point for an application that wishes to make use of the key management system. The consumer is aware of key families as well as receipts of encryption.

2. Key or License Distribution Protocols

When a user wants to use the content he or she purchased, a DRM Server must deliver licenses to the client system. These licenses contain the keys required to use the content on the client system. Key delivery protocols deal with the transfer of the purchase information and content licenses between a client and a DRM server.

The client and server may need to mutually authenticate each other and most of the standards leverage other industry standards to accomplish this function.

3. Content Management Server

If the KMS is part of our DRM Server, then the content management server needs to interact with the KMS to protect the content. The content is usually assigned a unique ID and this Identifier is tied to the Key set used to encrypt the content.

Using Google Analytics to Tune your Site.

A few weeks back, I signed up for google analytics. This is a tool that analyses the web traffic that passes through your website. We will call it GA in short form and hope no one objects. If you wish to make your website profitable, then you have a good reason to read on.

As a newbie to the tool, it took me an 8 minute video with some highlights to get interested in the tool. Then, this was followed up by a small copy procedure that connects my web site to GA, which then starts gathering the data and starts analyzing my website.

EARLY GOALS: When I started out, my goals were simple. Install the tool and wait for the tool to turn in something meaningful. Once, it reports something useful, will consider digging deeper into it.


INFORMATION STARTS TO FLOW:

1. Customer Base - The first Surpise: It took only a week for the tool to smash my view of the customer base for my website. The tool simply told me, I have visitors from 24 more countries than my imagination would allow.

2. Tuning your site's Content - Second Surprise: When you design a web application or a website's information architecture, the only way to know its effectiveness is to deploy and study it.

Now, GA has a report that shows a click picture overlayed on my site's pages. If my interpretation of this report is accurate, it starts to give some clues on the behaviours of the users around the content of your web site. You may be surprised to know some of the content that you thought were right on the money are the ones that are left untouched by the users.

As good as the software is, you cannot rule out bugs etc. or your own misinterpretation of the data presented. It is often a good idea to cross-verify the information with another source, before taking any decision on moving out some or most of the content.

3. Traffic Shaping: GA reported that my site had a suprisingly high number of direct visitors followed by search engine directed traffic. Now, I considered that a bonus.

Tools like GA get you to focus on your strategies, goals and to fine tune your web applications and content. If you can bear with the small learning curve, you can put it to good use.

Online Radio Users are more valuable!

Have you listened to an online radio in the past week?

A consumer study from Arbitron/Edison Research done in 2006 indicates nearly 1 in 5 Americans of the age group, 18 - 34 years listen to an online radio program every week. You find a few other interesting pieces of information,

1. The weekly internet audience increased by 50% from 2005 to 2006.
2. A quarter of the studied users say they return every day to the web radio site. The rest revisit at least once a week.

A few caveats to be aware of,

a.) This study appears to be a sampling of US Audience.
b.) The study was done in 2006 and may still provide some useful insights.

Rest of the study is here... Arbitron/Edison Study on Online Radio

Browser Tech., JSP library called Prototype.

As an engineer that works for a mobile devices company, sometimes, I feel it is easy to miss some of the web inventions and technology actions. Fortunately for me, I have a sports website where I can tinker with some of the emerging technologies and new ideas on how to put them to good use.

Recently, I saw a demo. of a client-side technology called "prototype". See for yourself on how you can have a window transition from lying dormant in your web page into an user interactable object on the browsing page.


The library claims to take care of cross-compatibility issues across the two browser goliaths, IE and Netscape. However, an interesting test on my Palm PDA that runs the browser Opera-mini couldn't work the magic. All this bodes well for the web based User Interfaces that are likely to become richer and richer. Hopefully we will see some useful widgets coming out soon.

Reader Responses to the Information Explosion Question!

Many an excellent view point was expressed on how people deal with the information explosion. Here are some of those responses, paraphrased,

• People advocate situation appropriate technology use. Anything else leads to disaster.


• People lament the lack of standards and state that the demand for smarter devices will eventually pickup leading to the development of newer technologies and standards.


• There is an answer that warns of excessive dependency on devices and expresses apprehension that eventually devices may take over our lives, if not already.


• Suggestion for categorized knowledgebase is advocated to overcome the raw explosion of Information.


• Privacy concerns as devices get smarter and start to figure out how to help humans. Protection from information gathered going into wrong hands is expressed.

The sheer variety of the thoughts expressed was representative of the enthusiasm from the readers and goes to show, how one can cultivate creative and diverse opinions, by asking the right questions. This topic may well suit those doing requirements gathering, as it emphasizes proper questioning to elicit and gather the right requirements.

Information explosion - are we doomed?

A few weeks back, this question was posted by me to Linked In (social networking site) users.

"The trend is to connect everything, toaster, cell phone, people, pagers, PCs. The grand march is towards making more information available at an average user's finger tips, whether they need it or not. Does this in any way help simplify your life?

I am not against technology, as that would put me out of a job. However, I find it annoying that my phone doesn't understand that I am busy and not taking calls. My car knows that I am speeding, but won't warn me, as it assumes, I know that already. Will these devices ever get smart enough to understand the simple needs of humans? What will it take to move us towards information simplification?

NOTE: Please note that the opinions expressed here are mine and does not in any way represent any company that I may be employed with."

The reader response had many an excellent view point on how people deal with the information explosion and as technologists what can we do about it. Aim to provide a summary in my next post.

Nifty Challenges from Stanford pages.

If you are looking to test your knowledge of different data structures, I recommend checking out Prof. Nick Parlante's Stanford pages, where he has, what he calls a Nifty assignment archive.

Nifty Challenges

The thing you have to like about these assignments is, these are practical, real-world problems. for e.g., "catching Plagiarism in a given set of documents". The target for this solution could easily be a book publishing house that wants to use your progam.

If nothing else, it helps think about the different data structures that you can apply to the problems to resolve them.