Most real-life systems delegate responsibilities to different authorities. We apply this idea of delegation to a digital rights man-agement system, to achieve high flexibility without jeopardizing the security. In our model, a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of control, identity-attribute-rights, and allows flexible rights control over content. Typical security objectives, such as identification, authentication, authorization and access control can be realized. Content keys are personalized to detect illegal super distribution. We describe a working prototype, which we develop using standard techniques, such as standard certificates, XML and so forth. We present experimental results to evaluate the scalability of the system. A formal analysis demonstrates that our design is able to detect a form of illegal super distribution.
展开▼