The thesis is concerned with Digital Rights Management (DRM),and in particular with DRM for networks of devices owned by asingle individual. This thesis focuses on the problem ofpreventing illegal copying of digital assets withoutjeopardising the right of legitimate licence holders totransfer content between their own devices, which collectivelymake up what we refer to as an authorised domain.An ideal list of DRM requirements is specified, which takesinto account the points of view of users, content providers andcopyright law. An approach is then developed for assessing DRMsystems based on the defined DRM requirements; the most widelydiscussed DRM schemes are then analysed and assessed, where themain focus is on schemes which address the concept of anauthorised domain. Based on this analysis we isolate the issuesunderlying the content piracy problem, and then provide ageneric framework for a DRM system addressing the identifiedcontent piracy issues. The defined generic framework has beendesigned to avoid the weaknesses found in other schemes.The main contributions of this thesis include developing fournew approaches that can be used to implement the proposedgeneric framework for managing an authorised domain. The fournovel solutions all involve secure means for creating, managingand using a secure domain, which consists of all devices ownedby a single owner. The schemes allow secure content sharingbetween devices in a domain, and prevent the illegal copying ofcontent to devices outside the domain. In addition, eachsolution incorporates a method for binding a domain to a singleowner, ensuring that only a single consumer owns and manages adomain. This enables binding of content licences to a singleowner, thereby limiting illicit content proliferation.In the first solution, domain owners are authenticated usingtwo-factor authentication, which involves "something the domainowner has", i.e. a master control device that controls andmanages consumers domains, and binds devices joining a domainto itself, and "something the domain owner is or knows", i.e. abiometric or password/PIN authentication mechanism that isimplemented by the master control device. In the secondsolution, domain owners are authenticated using their paymentcards, building on existing electronic payment systems byensuring that the name and the date of birth of a domaincreator are the same for all devices joining a domain. Inaddition, this solution helps to protect consumers' privacy;unlike in existing electronic payment systems, payment carddetails are not exposed to third parties. The third solutioninvolves the use of a domain-specific mobile phone and themobile phone network operator to authenticate a domain ownerbefore devices can join a domain. The fourth solution involvesthe use of location-based services, ensuring that devicesjoining a consumer domain are located in physical proximity tothe addresses registered for this domain. This restricts domainmembership to devices in predefined geographical locations,helping to ensure that a single consumer owns and manages eachdomain.
展开▼