Digital Rights Management Using a Master Control Device

  • Imad M. Abbadi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4846)


This paper focuses on the problem of preventing the illegal copying of digital content whilst allowing content mobility within a single user domain. This paper proposes a novel solution for binding a domain to a single owner. Domain owners are authenticated using two-factor authentication, which involves “something the domain owner has”, i.e. a Master Control device that controls and manages consumers domains, and binds devices joining a domain to itself, and “something the domain owner is or knows”, i.e. a biometric or password/PIN authentication mechanism that is implemented by the Master Control device . These measures establish a one-to-many relationship between the Master Control device and domain devices, and a one-to-one relationship between domain owners and their Master Control Devices, ensuring that a single consumer owns each domain. This stops illicit content proliferation. Finally, the pros and cons of two possible approaches to user authentication, i.e. the use of a password/PIN and biometric authentication mechanisms, and possible countermeasures to the identified vulnerabilities are discussed.


Smart Card Trusted Platform Module False Acceptance Rate False Rejection Rate Trust Computing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abbadi, I.: Digital asset protection in personal private networks. In: 8th International Symposium on Systems and Information Security (SSI 2006), Sao Jose dos Campos, Sao Paulo, Brazil (November 2006)Google Scholar
  2. 2.
    Carden, N.: iTunes and iPod in the enterprise. The Journal of the International Systems Security Association, 22–25 (May 2007)Google Scholar
  3. 3.
    Chen, L., Pearson, S., Vamvakas, A.: On enhancing biometric authentication with data protection. In: Proceedings of the Fourth International Conference on Knowledge-Based Intelligent Engineering Systems and Allied Technologies, vol. 1, pp. 249–252. IEEE, Los Alamitos (2000)Google Scholar
  4. 4.
    Dabbish, E.A., Messerges, T.S.: Digital rights management in a 3G mobile phone and beyond. In: Feigenbaum, J., Sander, T., Yung, M. (eds.) Proceedings of the 3rd ACM workshop on Digital Rights Management, pp. 27–38. ACM Press, New York (2003)Google Scholar
  5. 5.
    Gallery, E., Tomlinson, A.: Secure delivery of conditional access applications to mobile receivers. In: Mitchell, C.J. (ed.) Trusted Computing, ch. 7, pp. 195–237. IEEE, Los Alamitos (2005)Google Scholar
  6. 6.
    Trusted Computing Group.: Trusted platform module FAQGoogle Scholar
  7. 7.
    Günther, A., Hoene, C.: Measuring round trip times to determine the distance between WLAN nodes. In: Boutaba, R., Almeroth, K.C., Puigjaner, R., Shen, S., Black, J.P. (eds.) NETWORKING 2005. LNCS, vol. 3462, pp. 768–779. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Huffaker, B., Fomenkov, M., Plummer, D.J., Moore, D., Claffy, K.: Distance metrics in the Internet. In: IEEE International Telecommunications Symposium (2002),
  9. 9.
    IBM Research Division Almaden Research Center.: xCP cluster protocol (2003),
  10. 10.
    International Organization for Standardization.: ISO/IEC 21481: Information technology — Telecommunications and information exchange between systems — Near Field Communication Interface and Protocol -2 (NFCIP-2) (2005)Google Scholar
  11. 11.
    International Organization for Standardization.: ISO/IEC 18033-2, Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers (2006)Google Scholar
  12. 12.
    Liu, S., Silverman, M.: A practical guide to biometric security technology. IT Professional 3(1), 27–32 (2001)CrossRefGoogle Scholar
  13. 13.
    Maltoni, D., Maio, D., Jain, A.K., Prabahakar, S.: Handbook of Fingerprint Recognition. Springer, Berlin (2003)zbMATHGoogle Scholar
  14. 14.
    Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial ‘gummy’ fingers on fingerprint systems. In: Proceedings of SPIE, vol. 4677, pp. 275–289 (2002)Google Scholar
  15. 15.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol — OCSP. RFC 2560, Internet Engineering Task Force (June 1999)Google Scholar
  16. 16.
    Open Mobile Alliance.: DRM Specification — Version 2.0 (2006)Google Scholar
  17. 17.
    Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 161–170. ACM Press, New York (2002)CrossRefGoogle Scholar
  18. 18.
    Popescu, B.C., Kamperman, F.L.A.J., Crispo, B., Tanenbaum, A.S.: A DRM security architecture for home networks. In: Feigenbaum, J., Sander, T., Yung, M. (eds.) Proceedings of the 4th ACM workshop on Digital Rights Management, pp. 1–10. ACM Press, New York (2004)CrossRefGoogle Scholar
  19. 19.
    Rowell, L.F.: The ballad of DVD JON. netWorker 10(4), 28–34 (2006)CrossRefMathSciNetGoogle Scholar
  20. 20.
  21. 21.
    Toth, B.: Biometric liveness detection. The International Journal For Information Assurance Professionals 10(8), 291–298 (2005)Google Scholar
  22. 22.
    Trusted Computing Group.: Infrastructure Working Group Architecture, Part II, Integrity Management. Specification version 1.0 Revision 1.0 (2006)Google Scholar
  23. 23.
    Trusted Computing Group.: TPM Main, Part 1, Design Principles. Specification version 1.2 Revision 94 (2006)Google Scholar
  24. 24.
    Trusted Computing Group.: TPM Main, Part 2, TPM Structures. Specification version 1.2 Revision 94 (2006)Google Scholar
  25. 25.
    Trusted Computing Group.: TPM Main, Part 3, Design Principles. Specification version 1.2 Revision 94 (2006)Google Scholar
  26. 26.
    Weiss, A.: Will the open, unrestricted PC soon become a thing of the past? Journal of Trusted Computing 10(3), 18–25 (2006)Google Scholar
  27. 27.
    Wiedenbeck, S., Birget, J.-C., Brodskiy, A., Waters, J., Memon, N.: Authentication using graphical passwords: Effects of tolerance and image choice. In: Proceedings of the 2005 symposium on Usable privacy and security, pp. 1–12. ACM Press, New York (2005)CrossRefGoogle Scholar
  28. 28.
    Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the working conference on Advanced visual interfaces, pp. 177–184. ACM Press, New York (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Imad M. Abbadi
    • 1
  1. 1.Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EXUK

Personalised recommendations