70 S. Wang and Q. Liu The main driving force of DRM comes from industry [1]. The most representative sample is the protection of eBook, electronic music, and digital movie. Several fa- mous international companies have release their own solutions and productions, such as Microsoft’s WMRM, Real Networks’ Helix DRM, Adobe’s Content Server, and IBM’s EMMS. 2 Current DRM Systems 2.1 Classification of DRM Systems Existing DRM systems could be classified into different categories according to dif- ferent standards (such as safety technique chosen, protected object, etc.). The pro- tected objects include: software, eBook, images, stream media and contents on mobile devices. The main function of software-protected DRM system is the precaution of software piracy. The protection of software appeared in the 1980s, which could be regarded as the earliest application of DRM. In the early times, the methods to prevent software piracy include the usage of key floppy disk, copy-proofed CD, encryption card, etc. Many new software-protection forms appear along with the development of DRM technology and network technology. The eBook-protected DRM systems have two kinds of applications: the online bookstore (such as Amazon, eReader), and the digital library (such as netLibrary, Apabi). The online bookstore sells eBook directly to the readers while the digital library only provides borrowing service, and both of them have to protect the rights against infringement by third parties. The images-protected DRM systems are somewhat complex. Some websites attach their own logo onto the images to prevent others from using it illegally. But the visi- ble logo sacrificed the image’s quality. Another preferable method is to embed the copyright information into the images by digital watermarking. If someone used the images without authorization, the owner could detect the copyright information hided in the images with special software, and prove it. Now the companies who focus on digital watermarking include: Digimarc in USA and High Water Signum in England. They provide similar service. In China the “Patriot Banshen” digital watermarking system could satisfy the requirement [8]. Digital watermarking could also be used in stream media market. The stream media-protected DRM system protects electronic music, electronic movies and videos. Now some marketers have used DRM technology. Some famous stream media systems have their own rights management solutions, such as WMRM, EMMS and Helix DRM, etc. The DRM system used on movable device can protect images, ringtone, mp3, mp4, etc. Because the movable platform is different from PC platform, the embedded sys- tems present new technological demands on DRM. At present, some mobile phone (such as Nokia) has applied DRM technology supporting OMA DRM. [15] Along with the development of intelligent mobile phone, the DRM still cannot achieve real copyrights protection. ERDRM: A Digital Rights Management System Model for Educational Resources 71 2.2 Decisive Concepts in DRM The research on DRM always includes the architecture, content security, rights expres- sion, as well as authentication. The systems are different in those points. This section is mainly about their characteristics, and gives a contrast on current DRM systems. Architecture. The generic DRM architecture accepted to all includes three core components: the content packaging server, the license server and the client [2], [3]. Content repository Product database DRM packager Content Packaging Server Rights database Encryption key database License Server Identify attribute database DRM license generator Client content metadata encryption keys rights encryption DRM controller Content package License package Identifying attributes Financial transaction Rendering application Fig. 1. The generic DRM architecture The DRM packager in content packaging server encrypts the content and transfers them to the user through P2P, email, or downloading service, etc. the rights package will be transferred to license server. The DRM controller in client determines the way the user using the content, through policies bound to the package and implicit in the packaging format, that the requested use requires authorization. If the license cannot be found on the user’s ma- chine or has expired. The DRM controller should make rights request by packaging and sending attributes of the user and the content to a license server. The license server verifies the submitted client identification or attributes creden- tials, creates license, packaged and transferred to client securely. For more information about DRM architecture, you may access [2], [3], [4]. 72 S. Wang and Q. Liu Content Security. Generally, the protection of digital content is based on encryption technology, namely encrypting the digital content at first before distribution. So the unauthorized user cannot get valuable information even they have intercepted the content during transmission successfully. Digital watermarking is a new direction in information security field. It can protect the copyright and integrity of information. Digital watermarking is applied in those fields: remote monitor and control, owner authentication, ownership verification, operation tracking, content identification, copy restriction and device control. Rights Expression. Rights Expression plays an important role in DRM, it works by rights expression language (REL). Existing works in this area include the INDECS project. One of the basic distributions of this project is clearly separating and identifying the three core entities: Users, Content, and Rights [3]. Users can be any type: from a rights holder to an end consumer. Content also can be any type of content at any level of aggregation. The rights entity is an expression of the permissions, constraints, and obligations between the Users and the Content. Most of the existing RELs are XML-based. The two most developed RELs are XrML [14] and ODRL [12], [13]. Authentication. Authentication is a fundamental part of any DRM system, because it is the foundation of rights management. The DRM system verifies the reality and validity of the user’s identity, then determines whether make authorization or not with the results. The most applied authentication technologies are password-confirming and hardware binding. Table 1. A Contrast among the systems Concepts protected Objects Architecture Content Security Rights Description Authentication Software C/S Structure Encryption, Digital Watermarking Hardware ID Software ID eBook Typical Structure Encryption, Digital Watermarking EBX User/Password Stream Media Typical Structure Encryption, Digital Watermarking XrML/ MPEG REL User/Password Hardware ID Mobile Typical Structure Encryption OMA DRM User/Password Hardware ID Image Digital Watermarking A Contrast among Systems. Actually, the DRM systems have both same and special characteristics in the four aspects mentioned above. As shown in Table 1. The digital rights management of images is somewhat complex, and the relevant technologies are not mature enough. Most of the researches are limited to the declara- tion of the rights ownership and the tracking of rights by digital watermarking. It is always used after the act of tort has happen. We will not make a conclusion in this paper. ERDRM: A Digital Rights Management System Model for Educational Resources 73 3 Digital Rights Management in Education Digital rights management is complex and difficult regardless of the application do- main. Nonetheless, education places some very specific demands on it. This section introduces the specific requirement presented by education for DRM, discusses the security technology available, and analyzes their merits and demerits. 3.1 Specific Requirements Presented by Education IEEE LTSC DREL Study Group makes a deeply study on the domain features of education, learning, and training [4]. The prominent ones of them are listed below: • In the education area, the education resources may have multiple authors for the joint authorship is very common. The educational resources may be reconstructed from multiple learning objects. The rights expression language of the DRM system must be able to identify rights information associated with component learning ob- jects and with contributing authors as distinct from rights associated with aggregate works. • In web-based education, the users participate in learning, reuse the educational resources, and all of these will raise the privacy problem, for the privacy may be protected by privacy acts and local policies. The DRM system has to consider these acts and policies carefully. • Learning, education and training are all highly local activities, yet the education resources will be created and distributed across jurisdictional and domain bounda- ries in a distributed education. So the rights should be expressed from a combina- tion of local and global context. • Actually, Profits is always not the main objective of creating the intellectual prop- erty in education, and the attribution seems more important. Most of the authors are wish to share their ideas if they are in fact properly acknowledged with some con- straints, even the constraints may be different according to the practical situation. • In the copyright laws, there are always some items about “fair use” refers to educa- tion and research, as a result, maybe we cannot just divide the users simply into the authorized and the unauthorized. 3.2 Security Technology Issues Security technology issues must be considered in digital rights management applica- tion. Actually these issues include authentication and content security which were mentioned above in section 2. Authentication is the foundation of rights management, and it is also a very impor- tant part of DRM system. The DRM system verifies the reality and validity of the user’s identity then make decision with the results. Most of the e-learning systems are made up by databases and platforms, in which different platforms provide different services. The COLIS project [5] in Australia use SSO to realize the integrity of ser- vices. SSO means a user signs on once in a system, he or she could access all the systems that trust the first system. SSO is integrity on the “Authentication” level. 74 S. Wang and Q. Liu Content Security can be realized by digital watermarking or data encryption tech- nology. Also there is web scripting technology can be used in DRM for educational resources for most of the resources can be formatted by HTML. Digital Watermarking. Digital watermark is a pattern of bits inserted into digital im- ages, audio or video files that identifies the file’s copyright information (author, rights, etc.), but these information are always invisible, or in the case of audio clips, inaudible. Moreover, the actual bits representing the watermark must be scattered throughout the file in such a way that they cannot be identified and manipulated. And finally, the digital watermark must be robust enough so that it can withstand normal changes to the file. The purpose of digital watermarks is to provide copyright protec- tion for intellectual property that’s in digital format. Digital watermark is just for tracking the copyright information other than assuring the security of content. It can be used in the protection of sharable educational resources. Data Encryption. Data encryption is the basic security technology in the network. Encryption is the most effective way to achieve data security. It is a proactive defense policy, provides huge security with very small cost. There are two main types of en- cryption: asymmetric encryption (also called public-key encryption) and symmetric encryption. Encrypting digital works is foundational in copyrights protection. The content pro- tection in DRM is mainly based on encryption. To read the encrypted file, you must have access to a secret key or password that enables you to decrypt it. Most of the existing stream media DRM systems are based on data encryption technology. Al- though very safe, these systems go against retrieval, go against the sharing and com- munication of educational resources. Web Scripting Technology. The web scripting technology controls access to the web page’s content by inserting functional scripting code into the source code. Such as disabling right click, disabling select, disabling edit, disabling printing, and so on. It also could restrict the time of access and operation. This method can protect educa- tional resources on certain level, but this low security is only satisfied the demands of some valueless resources. Data encryption and digital watermarking both have their own merits and demerits, as shown in Table 2. Table 2. Comparison of data encryption and digital watermarking Data Encryption Digital Watermarking Control the access to the content Detect and track the hiding content Content-irrelevant Content-relevant The terminal has to demonstrate the decryption process The terminal has not to demonstrate the decryption process Attacking techniques is mainly signal processing, which will make the content hides invaliable Attacking techniques is mainly decryption. Has intensity of D/M and M/D Has no intensity of D/M and M/D System security has nothing to do with the terminal device System security is determined by security of terminal device . Scripting Technology. The web scripting technology controls access to the web page’s content by inserting functional scripting code into the source code. Such as disabling right click, disabling. domain features of education, learning, and training [4]. The prominent ones of them are listed below: • In the education area, the education resources may have multiple authors for the joint. successfully. Digital watermarking is a new direction in information security field. It can protect the copyright and integrity of information. Digital watermarking is applied in those fields: remote