Centre for Information Security and Cryptography
Digital Rights Management (DRM) systems ensure the ownership rights of content authors, owner, distributor and users are preserved during the life time of a digital object. Compared to a traditional access control system, DRM systems not only provide a finer level of access control but also ensure protection is provided throughout the lifetime of the object. The protection for data is provided by making access according to the stated policy of the rights holder. Modern DRM systems use a *license* to encapsulate the policy attached to a data object. This allows separation of the distribution channels for licenses and the actual data: data objects are encrypted and super-distributed, and users pay for a set of access rights (e.g., play 5 times). A license is a written in a machine readable and enforceable rights expression language (e.g, XrML, ODRL). The content player takes the encrypted object and the license and plays the content ensuring the stated rights are enforced. DRM systems have found wide application in entertainment, game industry and document management for businesses.
We are researching user centered methods of secure content distribution and in particular providing support for content sharing. This includes secure sharing within an organization, across organizations and in homes. We have developed a testbed for implementing and experimenting new designs based on well established frameworks (MPGE 21 and OMA)