About
OS DRM

About

Introduction

Digital Rights Management (DRM) is the persistent access control of digital content. The aim of this project was to implement a prototype DRM controller operating system level in order to test the feasibility of such a system. If you are interested in a more detailed description of the system implementation and test results, please click on the Downloads link in the main menu.

System Overview

The system implements a DRM Controller responsible for enforcing rights protection on an end user machine. The Controller provides DRM support for multiple file formats, and is transparent to all applications that try to access DRM protected content. The system has been developed on the Linux operating system. The core system consists of a Daemon Module and a Kernel Modules. The Kernel Module is responsible for the enforcement of access control rules. The Daemon Module is responsible for managing use licenses and retrieving licenses for the Kernel Module.

In addition to communication with the Kernel Module, the Daemon Module must communicate with a license server in order to negotiate new licenses. New licenses are stored in a license store managed by the Daemon Module. The internal and external communications of the DRM Controller module are illustrated in the diagram below.

Overall system architecture

The following steps describe the interaction between the various parts of the system:

Step A:
The application receives as input a DRM protected file.

Step B:
The application requests access to the file. The kernel module intercepts this request.

Step C:
The kernel module sends a request for license details to the daemon.

Step D:
The daemon checks the license store for a license. If a license exists, the daemon proceeds to step G. Otherwise, it proceeds to step E.

Step E:
The daemon connects to a license server enabling the negotiation of a license download.

Step F:
If a license is successfully negotiated, the daemon proceeds to step G. Otherwise, a message is sent to the kernel module to deny file access.

Step G:
The validity of the license is checked against a revocation list. If a license is invalid, the daemon may return to step E to negotiate a new license.

Step H:
The daemon returns the license to the kernel module in a simplified (non-XML), common format. This will contain all relevant information form the original license.

Step I:
The kernel module performs a final check on the access request. The end-user and the request are referenced against the relevant fields in the use license. If these details are valid, the application is granted access to the requested file.