Trusted computing and global control: what’s Digital Rights Management (DRM)?
Technology, day after day, gives us the opportunity to have tools and appliances able to interoperate, managed by a central monitor like PCs at home or phone linked to the net by satellite, that we keep in the pocket of the jacket.
Most of these tools are automatic and handle themself as far as possible and leave to human beings just the opportunity to choose between a few options, those that manufacturers considered appropriate to leave.
By many years the marketplace of dekstop and mobile is moving in this direction, with the development of DRM. The voice of DRM from Wikipedia:
“Digital rights management (DRM) is an umbrella term that refers to access control technologies used by publishers and copyright holders to limit usage of digital media or devices. It may also refer to restrictions associated with specific instances of digital works or devices. To some extent, DRM overlaps with copy protection, but DRM is usually applied to creative media (music, films, etc.) whereas copy protection typically refers to software.
The use of digital rights management has been controversial. Advocates argue it is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams. Opponents, such as The Free Software Foundation, maintain that the use of the word “rights” is misleading and suggest that people instead use the term digital restrictions management. Their position is essentially that copyright holders are attempting to restrict use of copyrighted material in ways not included in the statutory, common law, or Constitutional grant of exclusive commercial use to them. The Electronic Frontier Foundation, and other opponents, also consider DRM schemes to be anti-competitive practices.”
DRM supporters (Microsoft..??) claim:
1. A computerized method for a digital rights management operating system comprising:
- assuming a trusted identity;
- executing a trusted application;
- loading rights-managed data into memory for access by the trusted application; and
- protecting the rights-managed data from access by an untrusted program while the trusted application is executing.
2. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
- refusing to load the untrusted program into memory.
3. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
- removing the rights-managed data from memory before loading the untrusted program.
4. The computerized method of claim 3, further comprising:
- terminating the execution of the trusted program.
5. The computerized method of claim 3, further comprising:
- renouncing the trusted identity before loading the untrusted program when the untrusted program executes at the operating system level.
6. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
- securing the rights-managed data written to a page file by the digital rights management operating system.
7. The computerized method of claim 6, wherein securing the rights-managed data written to a page file comprises:
- prohibiting raw access to the page file while the trusted application is executing.
8. The computerized method of claim 6, wherein securing the rights-managed data written to a page file comprises:
- erasing the page file before allowing raw access to the page file.
9. The computerized method of claim 8, further comprising:
- terminating the execution of the trusted application.
10. The computerized method of claim 6, wherein securing the rights-managed data written to a page file comprises:
- encrypting the rights-managed data prior to writing it to the page file.
11. The computerized method of claim 1, further comprising:
- protecting the trusted application from modification by an untrusted process while the trusted application is executing.
12. The computerized method of claim 11, wherein protecting the trusted application comprises:
- refusing to attach the untrusted process to the trusted application.
13. The computerized method of claim 11, wherein protecting the trusted application comprises:
- preventing the untrusted process from accessing memory allocated to the trusted application.
14. The computerized method of claim 1, further comprising:
- restricting a user to a subset of available functions for manipulating the rights-managed data.
15. The computerized method of claim 1, further comprising:
- restricting a user to a subset of functions available for modifying the trusted application during execution.
16. The computerized method of claim 1 wherein the elements are performed in the order recited.
17. A computer system comprising:
- a processing unit;
- a system memory coupled to the processing unit through a system bus;
- a computer-readable medium coupled to the processing unit through a system bus; and
- a digital rights management operating system executed from the computer-readable medium by the processing unit, wherein the digital rights management operating system causes the processor to create a trusted identity for the digital rights management operating system.
18. The computer system of claim 17, further comprising:
- a trusted application executed from the computer-readable medium by the processing unit, wherein the trusted application causes the processor to load rights-managed data into the system memory, and
- wherein the digital rights management operating system further causes the processor to protect the rights-managed data while the trusted application is executing.
19. The computer system of claim 18, wherein the digital rights management operating system further causes the processor to write the rights-managed data into a page file on the computer-readable medium and causes the processor to secure the rights-managed data on the page file from access by an untrusted program.
20. The computer system of claim 19, wherein the digital rights management operating system further causes the processor to erase the rights-managed data from the page file before allowing access to the page file by the untrusted program.
21. The computer system of claim 18, wherein digital rights management operating system further causes the processor to revoke the trusted identity and terminate the trusted application prior to loading an untrusted program.
22. A computer-readable medium having computer-executable instructions for a digital rights management operating system stored thereon comprising:
- obtaining, from a computer processor, a first value for a monotonic counter;
- presenting, to a trusted time server, the first value for the monotonic counter;
- receiving, from the trusted time server, a certificate binding the first value of the monotonic counter to a time on the trusted time server;
- obtaining, from the processor, a second value for the monotonic counter before loading a trusted component;
- calculating, using the certificate and the second value, a trusted current time;
- comparing a time stamp on a trusted component with the trusted current time; and
- determining whether to load the trusted component based on the comparison.
23. The computer-readable medium of claim 22, wherein obtaining and presenting the first value of the monotonic counter occurs on a pre-determined schedule.
24. The computer-readable medium of claim 22, wherein the time stamp comprises a date and time at which the trusted component becomes invalid and the trusted component is loaded when the trusted current time is less than the time stamp.
Here you can read all the article. In “FIELD OF THE INVENTION” they say explicitly that “This invention relates generally to computer operating systems, and more particularly to booting and identifying an operating system that enforces digital rights“. It follows:
“… For a client, digital form allows more sophisticated content, while online delivery improves timeliness and convenience. For a publisher, digital content also reduces delivery costs. Unfortunately, these worthwhile attributes are often outweighed in the minds of publishers by the corresponding disadvantage that online information delivery makes it relatively easy to obtain pristine digital content and to pirate the content at the expense and harm of the publisher.
Piracy of digital content, especially online digital content, is not yet a great problem. … Books and audio recordings are available now, and as bandwidths increase, video content will start to appear. With the increase in value of online digital content, the attractiveness of organized and casual theft increases.
The unusual property of digital content is that the publisher (or reseller) gives or sells the content to a client, but continues to restrict rights to use the content even after the content is under the sole physical control of the client. For instance, a publisher will typically retain copyright to a work so that the client cannot reproduce or publish the work without permission. A publisher could also adjust pricing according to whether the client is allowed to make a persistent copy, or is just allowed to view the content online as it is delivered. These scenarios reveal a peculiar arrangement. The user that possesses the digital bits often does not have full rights to their use; instead, the provider retains at least some of the rights. In a very real sense, the legitimate user of a computer can be an adversary of the data or content provider. “Digital rights management” is therefore fast becoming a central requirement if online commerce is to continue its rapid growth. Content providers and the computer industry must quickly provide technologies and protocols for ensuring that digital content is properly handled in accordance with the rights granted by the publisher. If measures are not taken, traditional content providers may be put out of business by widespread theft, or, more likely, will refuse altogether to deliver content online…”.
In short, DRMOS protects CopyRight data protected from unauthorized programs such as data is in memory. To ensure such protection the DRMOS refuses to load into memory programs untrusted and trusted applications are running, or remove any data from memory and each trusted application before loading the untrusted one. If the untrusted application concerned acts at the level of the operating system, such as a debugger (basic tool used by crackers to the discovery of bugs or security systems that protect applications), the next reboot the DRMOS surrenders trusted identity that it created with the processor.
To prevent not allowed access to the data page in the file, they are encrypted or eliminated before loading untrusted applications or the DRMOS prohibits raw access to it.
Furthermore, there is also a trusted system clock that will deny to manipulate time restrictions of shareware software trusted.
You won’t be able to use several functions to manage and manipulate your PC and the data that flow from it in any way and by any means.
These patents show that is already in place for some time, the establishment of a cooperative system hardware and software can reduce your home or your laptop or any other computer-based object run by the operating system, to a simple blender.
While Intel steered clear of mentioning the new DRM technology at its Australian launch of the new products, Intel’s Australian technical manager Graham Tucker publicly confirmed Microsoft-flavored DRM technology will be a feature of Pentium D and 945: “[The] 945g [chipset] supports DRM, it helps implement Microsoft’s DRM … but it supports DRM looking forward,” Tucker said, adding the DRM technology would not be able to be applied retrospectively to media or files that did not interoperate with the new technology.
In other words, what happens if they build hardware that only supports DRM? We would not have the opportunity to choose, because any other hardware is incompatible with the DRM software and vice versa.
The end user will have a limited number of operations that can run and these are choiced by the big companies in the global marketplace.
Even now it should not be so incredible if we have a PC in which it was chosen for us what we can or can not use: I am not referring to hacking, in fact it is a problem that proprietary software, music and movies, protected by CopyRight are continually subject to manipulation in order to distribute copies illegally.
So DRM technology, the TCPA and anything mentioned in this post represent in my opinion a good way to combat piracy. However, the intention behind this method is wrong and should be emphasized.
It’s just that less experienced users, those who merely use computers only for connecting to the internet, to use the MS Office package in their office or home, know how they are going to accept the policy of the new system the Trusted Computing Group (TCG).