OMA DRM
From Wikipedia, the free encyclopedia
OMA DRM is a Digital Rights Management (DRM) system invented by the Open Mobile Alliance whose members represent the entire value chain, including mobile phone manufacturers (e.g. Nokia, Motorola, Samsung, Sony-Ericsson, BenQ-Siemens), mobile system manufacturers (e.g. Ericsson, Siemens, Openwave), operators (e.g. Vodafone, O2, Cingular, Deutsche Telekom, Orange), and IT companies (e.g. Microsoft, IBM, Sun). In order to ensure interoperability across all implementations the OMA provides in addition to the specifications also test tools for OMA DRM. The OMA DL DRM group is chaired by Jan van der Meer (Philips) and Willms Buhse (CoreMedia).
The scheme is implemented on many recent phones and is intended to be used by mobile content providers to add Digital Rights Management to their products. To this date two versions of OMA DRM have been released: OMA DRM 1.0 and OMA DRM 2.0.
- OMA DRM 1.0 - Started in November 2002 and approved in June 2004: Basic DRM standard without strong protection. Specifies three main methods: Forward Lock, Combined Delivery (combined rights object / media object), and Separate Delivery (separated rights object + encrypted media object). Forward lock prevents the user from forwarding content such as ringtones and wallpapers on their phone. The content can be distributed using e.g. HTTP or MMS.
- OMA DRM 2.0 - Started in July 2004 and approved in March 2006: Extension of the DRM 1.0 separate delivery mechanism. Each participating device in OMA DRM 2.0 has an individual DRM PKI certificate with a public key, and the corresponding private key. Each Rights Object (RO) is individually protected for one receiving device by encrypting it with the device public key. The RO in turn contains the key that is used to decrypt the media object. Delivery of Rights Objects requires a registration with the Rights Issuer (RI, the entity distributing Rights Objects). During this registration, the device certificate is usually validated against a device blacklist by means of an Online Certificate Status Protocol (OCSP) verification. Thus, devices known to be hacked can be excluded once they try to register with an RI and receive new ROs for content access.
Contents |
[edit] Implementations and Usage
OMA DRM 1.0 has been implemented in over 550 phone models. Many mobile operators (e.g. Vodafone, SFR, Turkcell, Vivo, Orange) use OMA DRM for their content services. The first OMA DRM 2.0 implementations were released in early 2005 and on mobile phones end of 2005. Software implementations for PC and PDA clients are also available. Most of the ringtones pre-installed on mobile phones have implemented DRM. Many commercial ringtone vendors who are not part of any mobile phone carrier do not bother with any form of DRM, perhaps because the number of ringtone vendors is huge, and people will choose to download unprotected ringtones if they can get them. Unlike with digital music stores such as iTunes the record industry does not mandate that DRM be implemented on ringtones. Many ringtones are reverse engineered by the ringtone provider themselves so it is their choice whether to implement the DRM.
[edit] Broadcast Services Security issues with DRM Profile
Broadcast services requirements being completely different from VOD, OMA BCAST Smartcard profile has been recommended by all the industries to be the unified standard used for Mobile TV broadcast.
Commercial OMA DRM providers include:
- Beep Science
- castLabs mobile TV Service Delivery Platform
- CoreMedia DRM
- Discretix
- Irdeto
- Mutable OMA DRM
- NDS
- SafeNet
- Philips
- Viaccess
- Saffron Digital
An open source solution for OMA DRM 2.0 is also available:
The OMA DRM specification uses a Profile of the Open Digital Rights Language for expressing its Licenses:
Since 2006, OMA has been working on DRM 2.0.1 and 2.1, and on new features such as SRM (Secure Removable Media) and SCE (Secure Content Exchange)
[edit] Determining that a file is OMA protected
A ringtone that includes OMA Forward Lock DRM usually has a ".asp" file extension, however this is more of a detail of the servers hosting the content as ".dm" and ".drm" will tend to actually be more common. This file could potentially be viewed before downloading the actual file as kind of a confirmation request on downloading data. However, with most of today's implementations at this point it is usually too late for denial and the user would already have been billed for the ringtone. The file extension does not matter for Nokia phones, so it is possible that they may use an extension other than .asp.
On Nokia Series 40 phones an installed file with DRM will not have its "Send" option greyed out in its options menu. If the user attempts to send this via MMS a message "The file is copyright protected" will appear. A Bluetooth file transfer will fail if the user tries to extract the file using Bluetooth, yet the file will still appear as present and will still be deletable via Bluetooth.