Towards Trust in Digital Rights Management Systems

  • Jürgen Nützel
  • Anja Beyer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)


Digital transactions are usually based on mutual trust. In case of DRM (Digital Rights Management) this initial trust is missing on both sides. Neither do the content providers trust their clients – therefore DRM was established. Nor do the clients trust the content providers and react with not using these systems. The release of an open DRM standard by the Open Mobile Alliance (OMA) was a first step to increase the trustworthiness of DRM. But from the content providers’ perspective a secure implementation for PC Platforms was missing. Especially the mechanisms to obfuscate and install the device private key which is the security anchor were not established there. This paper shows a software solution for that. A more riskless way to solve this problem is the involvement of Trusted Computing which is also shown by the authors. Finally the authors claim the necessity not to leave the users’ security behind.


Content Provider Certification Authority Trusted Platform Module Digital Right Management Third Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ausge. Ergeb. der Online-Umfrage IZV7, Inst. f. Wirtschaftspolitik u. Wirtschaftsforschung, Universität Karlsruhe (2004),
  2. 2.
    Singh, S., Jackson, M., Waycott, J., Beekhuyzen, J.: Downloading vs Purchase: Music Industry vs Consumers. In: Safavi-Naini, R., Yung, M. (eds.) DRMTICS 2005. LNCS, vol. 3919, pp. 52–65. Springer, Heidelberg (2006), CrossRefGoogle Scholar
  3. 3.
    Petrovic, O., Fallenböck, M., Kittl, C., Wolkinger, T.: Vertrauen in digitale Transaktionen. WIRTSCHAFTSINFORMATIK 45(1), 53–66 (2003)Google Scholar
  4. 4.
    Pfitzmann, A., Pfitzmann, B., Schunter, M., Waidner, M.: Trustworthy User Devices in Multilateral Security in communications. In: Technology, Infrastructure, Economy, vol. 3, Addison Wesley, München u.a (1999)Google Scholar
  5. 5.
    Website of the Open Mobile Alliance,
  6. 6.
    Iannella, R.: Digital Rights Management (DRM) Architectures. DRM 2001 7(6) (2001),
  7. 7.
    OMA Digital Rights Management V1.0, DRM Specification, Approved Enabler (release Date: June 25, 2004),
  8. 8.
    Website of the ODRL initiative,
  9. 9.
    OMA Digital Rights Management V2.0, DRM Specification, Candidate Enabler (release Date: September 15, 2005),
  10. 10.
    Rosenblatt, B., Trippe, B., Mooney, S.: Digital Rights Management. Business and Technology. M&T Books, New York (2002)Google Scholar
  11. 11.
    Nützel, J., Beyer, A.: How to Increase the Security of Digital Rights Management Systems Without Affecting Consumer’s Security. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 368–380. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Website of the Trusted Computing Group (TCG),
  13. 13.
    Eilam, E.: Reversing: Secrets of Reverse Engineering. Wiley Publishing, USA (2005)Google Scholar
  14. 14.
    Cerven, P.: Crackproof Your Software. No Starch Press, San Francisco (2002)Google Scholar
  15. 15.
    Website of Microsoft’s Windows Vista,
  16. 16.
    TPM v1.2 Specification Changes (October 2003),
  17. 17.
    TCG Specification Architecture Overview, Specification Revision 1.2 (April 28, 2004),
  18. 18.
    TCG Infrastructure Workgroup, Subject Key Attestation Evidence Extension, V1.0, Rev. 7 (June 16, 2005),
  19. 19.
  20. 20.
    World of warcraft hackers using Sony BMG rootkit, HYPERLINK,
  21. 21.
    Website of Common Criteria,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jürgen Nützel
    • 1
  • Anja Beyer
    • 1
  1. 1.Institut für Medien und KommunikationswissenschaftTechnische Universität IlmenauIlmenauGermany

Personalised recommendations