The SIM as a component of digital rights management

Connectivity, coupled with mobility has become a pervasive and integral accessory to the modern consumer lifestyle. Mobile networks have rapidly evolved from analogue voice only origins (1G) via digital voice (2G) to be able to offer cost-effective, reliable, fast and ubiquitous mobile wireless data connectivity (2.5G/3G/3.5G).

With this, mobile network operators are aiming to leverage their past 2.5G, current 3G and future 3.5G network infrastructure investment by significantly improving on data volumes and revenues.

According to Graham McKay, CTO of Trusted Transactions company Prism, operators regard multimedia infotainment content as one of the more significant consumer propositions underpinning future mobile data revenue growth and with today`s power efficient, consumer-friendly mobile handsets which integrate telephony, data communications and rich multimedia capabilities, this growth is a reality.

He adds that the wired broadband Internet enabled the first mass consumer market for electronically distributed, stored and played digital multimedia content.

"Early market entrants such as Apple capitalised on the now proven download-and-pay for music on the move model by successfully combining a funky and easy to use device (iPod) and service (iTunes). Prior to this, the music industry experienced significant business challenges with the free distribution and exchange of digital music in contravention of copyright. After legally grappling with the fixed Internet piracy challenge (eg, Napster, Grokster), music and other content industries are conscious of the significantly greater threat posed to digital media by a mobile wireless Internet with its greater reach, penetration and convenience," explains McKay.

As was the case with service providers for the fixed Internet, it is believed that mobile network operators will still enjoy the data revenues incurred in the distribution and sharing of digital content, whether legal or illegal. However, mobile operators have learnt from the fixed Internet digital media experience, that providing pervasive broadband data transport alone is not enough to ensure a sustainable business proposition for the media industry to offer its digital content with the commitment and confidence that will achieve the infotainment data revenue leverage mobile operators seek.

"By incorporating seamless, interoperable and cost-effective protection of content capable of enabling a viable mobile/wireless digital media marketplace for the content industry, mobile operators will be able to satisfy consumers in much the same way as Apple did with iTunes and at the same time offer the content providers exactly what they need. Constrained by what consumers and the content industry can afford, mobile operators could enjoy a further premium on data revenues by incorporating a content trust and security model such as that afforded by Digital Rights Management (DRM). That is, better mobile data revenues for providing `smart` trusted and secure digital media data transport rather than unsecure `dumb` data transport," says McKay.

He points out that all industry players in the media value chain ultimately aim to create a market appetite for content and any approach should therefore wisely address this need for protection. Suitable controls should be closely aligned with consumer interests and key considerations underpinning the success of this process are standardisation, interoperability, availability, scalability, trust, seamless operation, easy payment and cost-effectiveness. In providing a protection model that continues to promote usage and distribution in a simple, intuitive and unhindered way, media artists` intellectual property rights and economics are also protected. The result should then be trusted, protected and interoperable content availability via multiple channels across a diverse set of media players and devices.

The Open Mobile Alliance (OMA) defines DRM as the ability to enable the distribution and consumption of digital content in a controlled manner. The content is distributed and consumed on authenticated devices per the usage rights expressed by the content owners. OMA DRM turns a mobile network into a trusted distribution channel for digital content to mobile/wireless devices.

OMA launched DRM v2.0 to provide for a more consumer-oriented scheme that suits a wider variety of business models for digital media content. OMA DRM v2.0 adds security features and improved support for device capabilities (streaming content), and access to content from multiple devices. The DRM support will need to be built into mobile handsets to allow DRM compliant devices to play secured files and work seamlessly with other devices. OMA DRM v2.0 protects higher-value content and supports more business models through a broader feature set. OMA have also introduced a DRM download specification for better reliability of downloads.

"A key stumbling block to the adoption of DRM is interoperability and standardisation. The question begs as to when sufficient handsets support a common DRM scheme, and about when will handset implementations be interoperable? For many mobile operators it`s been a watch and wait game, as standards evolve and OMA DRM IPR/Patent issues are resolved between the mobile network and consumer appliance industries," he adds.

A key element within the DRM ecosystem, regardless of standards evolution, points to the single common, interoperable and trusted entity in the mobile network - the SIM.

"The SIM, as a smart card based trust component, has a proven track record with mobile operators in secure identification and authentication of subscribers, hitherto ensuring revenue protection for voice and data services. If the SIM also supports an additional interface to the handset such as Microsoft`s SIM API or the JCP`s (Java Community Process) JSR177 specification for J2ME MIDP2.0 handsets, the SIM presents itself as an ideal trusted repository (dongle) of security key information for use by handset based DRM applications," explains McKay.

He adds that in DRM, the SIM could play the role of supporting registration and the authentication of DRM capable devices to Right`s issuers. Using a STK (SIM Toolkit) user interface, a menu can be presented, which translates to a URL pointing to a Rights Issuer and Rights Objects retrieval/payment can be supported. Once the device has been authenticated using a digital certificate on the SIM, the Rights Objects is transferred to the SIM after payment clearing.

Prism is a member of SIMalliance, a non-profit organisation created to promote the benefits of SIM cards and SIM-based services. SIM Alliance has specified a complementary scheme to OMA`s DRM, named SIM Sentry. SIM Sentry provides enhanced execution time security to handset-based applications by allowing a secure key repository and the capability for handset application developers to code portions of the application in the SIM. This creates an improved anti-hack protection scenario for gaming software companies, for example, where each game could make different calls to SIM based applets for successful execution, thereby frustrating the hacker, protecting the content provider and invisible to the user.

"Through SIMalliance, SIM vendors are working together and focusing their efforts with mobile operators, content and device vendors to standardise the SIM as a logical and viable DRM component option," he concludes.

DRM 2.0 supports usage models such as:

* Single purchase
* Super distribution - users free to share content by means of peer to peer data transfer
* Off device storage
* My Domain devices (My car radio, 2nd phone, Hi-Fi, PC, Laptop)
* Tracking
* Forward lock
* Subscription
* Pay-per-time
* Free preview
* Loyalty
* Ratings

The Primary elements to an OMA DRM system are defined as follows:

* Media Object/Content: An OMA DRM formatted and encrypted content object such as a video clip, or music/album.
* Content Issuer (CI): The entity that delivers DRM Content formatted according to OMA DRM specifications.
* Rights Issuer (RI): Assigns permissions and constraints to DRM Content, and generates Rights Objects.
* Rights Object (RO): An XML document expressing permissions associated with DRM Content.
* The DRM Agent: The trusted entity in a device that is responsible for enforcing permissions and controlling access to DRM Content. The DRM Agent is launched when DRM Content is received on the device, and un-packages/encrypts content to the device. When DRM Content is accessed, the DRM Agent is consulted for permissions.
* Off-device storage devices: DRM Content is inherently secure, and may be stored by users off-device - for example in a network store, a PC, on removable media or similar.