OMA DRM
Encyclopedia
OMA DRM is a Digital Rights Management
(DRM) system invented by the Open Mobile Alliance
, whose members represent mobile phone manufacturers (e.g. Nokia
, LG
, Motorola
, Samsung
, Sony-Ericsson, BenQ-Siemens
), mobile system manufacturers (e.g. Ericsson
, Siemens
, Openwave
), mobile phone network operators (e.g. Vodafone
, O2, Cingular, Deutsche Telekom
, Orange
), and information technology
companies (e.g. Microsoft
, IBM
, Sun
). DRM provides a way for content creators to set enforced limits on the use and duplication of their content by customers. The system is implemented on many recent phones. To date, two versions of OMA DRM have been released: OMA DRM 1.0 and OMA DRM 2.0.
In order to ensure that all manufacturers' implementations of OMA DRM can work with each other, the Open Mobile Alliance provides specifications and test tools for OMA DRM.
The OMA DRM group is chaired by Sergey Seleznev (Samsung Electronics
).
content such as ringtones and wallpapers on their phone.
The content can be distributed using HTTP or MMS
.
Each participating device in OMA DRM 2.0 has an individual DRM Public key infrastructure
(PKI) certificate, with a public key and the corresponding private key. Each Rights Object (RO) is individually protected for one receiving device by encrypting it with the device public key. The RO in turn contains the key that is used to decrypt the media object. Delivery of Rights Objects requires a registration with the Rights Issuer (the entity distributing Rights Objects). During this registration, the device certificate is usually validated against a device blacklist by means of an Online Certificate Status Protocol
(OCSP) verification. Thus, devices known to be hacked can be excluded once they try to register with an Rights Issuer in order to receive new Rights Objects so they can access the content.
, Turkcell
, Vivo
, Orange
) use OMA DRM for their content services. The first OMA DRM 2.0 implementations were released in early 2005; implementations were installed on mobile phones by the end of 2005. Software implementations for personal computer and PDA
clients are also available.
Most of the ringtones pre-installed on mobile phones have implemented DRM. Many commercial ringtone vendors who are not part of any mobile phone carrier do not bother with any form of DRM, perhaps because the number of ringtone vendors is huge, and people will choose to download unprotected ringtones if they can get them. The record industry does not mandate that DRM be implemented on ringtones, unlike digital music stores (such as iTunes
). Many ringtones are reverse-engineered by the ringtone provider themselves, so it is their choice whether to implement the DRM.
Since 2006, OMA has been working on DRM 2.0.1 and 2.1, and on new features such as SRM (Secure Removable Media) and SCE (Secure Content Exchange).
An open source solution for OMA DRM 2.0 is also available:
Series 40 phones, an installed file with DRM will have its "Send" option greyed out in its options menu. If the user attempts to send such a file via MMS
, a message stating "The file is copyright protected" will appear. A Bluetooth
file transfer will fail if the user tries to extract the file using Bluetooth, yet the file will still appear as present, and will still be deletable via Bluetooth.
However, if the file (such as a music track) is received with separate delivery—the key is sent separately from the actual download of the file, and the file contains a license URL—it is possible to forward the file to other devices. Once the file is activated on the new device, it will prompt the user to access the URL embedded in the file, and give the user the option to acquire the key.
Symbian
-based devicesat least the Nokia 6680 and 6681; possibly many others will completely refuse to send all files of certain types*.mid, *.jar, *.jad and *.sis files over Bluetooth. For these phones, this blocks sending of MIDI files, Java Applets, and Symbian programs regardless of whether or not they are protected by DRM. Such phones will refuse any attempts to send such files with the message "Unable to send protected objects" or a similar error. This prevents sending such content, even when the content license explicitly allows or even depends on redistribution.
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
(DRM) system invented by the Open Mobile Alliance
Open Mobile Alliance
The Open Mobile Alliance is a standards body which develops open standards for the mobile phone industry.- Principles :Mission: To provide interoperable service enablers working across countries, operators and mobile terminals....
, whose members represent mobile phone manufacturers (e.g. Nokia
Nokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
, LG
LG
LG may refer to:*LG Corp., a South Korean electronics and petrochemicals conglomerate*LG Electronics, an affiliate of the South Korean LG Group which produces electronic products* Lawrence Graham, a London headquartered firm of business lawyers...
, Motorola
Motorola
Motorola, Inc. was an American multinational telecommunications company based in Schaumburg, Illinois, which was eventually divided into two independent public companies, Motorola Mobility and Motorola Solutions on January 4, 2011, after losing $4.3 billion from 2007 to 2009...
, Samsung
Samsung
The Samsung Group is a South Korean multinational conglomerate corporation headquartered in Samsung Town, Seoul, South Korea...
, Sony-Ericsson, BenQ-Siemens
BenQ-Siemens
BenQ-Siemens was the mobile communications subsidiary of Taiwanese BenQ Corp. The division was formed out of BenQ's acquisition of the then struggling Siemens mobile group in 2005. The stated goal of the company was to pull together BenQ's lifestyle experience, their design team and Siemens'...
), mobile system manufacturers (e.g. Ericsson
Ericsson
Ericsson , one of Sweden's largest companies, is a provider of telecommunication and data communication systems, and related services, covering a range of technologies, including especially mobile networks...
, Siemens
Siemens AG
Siemens AG is a German multinational conglomerate company headquartered in Munich, Germany. It is the largest Europe-based electronics and electrical engineering company....
, Openwave
Openwave
Openwave is a software company. Based in Redwood City, California, USA, Openwave is historically significant in its introduction of the Mobile Internet and its expansion into a large successful mobile software supplier in the mobile telecom sector...
), mobile phone network operators (e.g. Vodafone
Vodafone
Vodafone Group Plc is a global telecommunications company headquartered in London, United Kingdom. It is the world's largest mobile telecommunications company measured by revenues and the world's second-largest measured by subscribers , with around 341 million proportionate subscribers as of...
, O2, Cingular, Deutsche Telekom
Deutsche Telekom
Deutsche Telekom AG is a telecommunications company headquartered in Bonn, Germany. It is the largest telecommunications company in Europe....
, Orange
Orange SA
Orange is the brand used by France Télécom for its mobile network operator and Internet service provider subsidiaries. It is the fifth largest telecom operator in the world, with 210 million customers . The brand was created in 1994 for Hutchison Telecom's UK mobile phone network, which was...
), and information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
companies (e.g. Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
, IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
, Sun
Sun Microsystems
Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...
). DRM provides a way for content creators to set enforced limits on the use and duplication of their content by customers. The system is implemented on many recent phones. To date, two versions of OMA DRM have been released: OMA DRM 1.0 and OMA DRM 2.0.
In order to ensure that all manufacturers' implementations of OMA DRM can work with each other, the Open Mobile Alliance provides specifications and test tools for OMA DRM.
The OMA DRM group is chaired by Sergey Seleznev (Samsung Electronics
Samsung Electronics
Samsung Electronics is a South Korean multinational electronics and information technology company headquartered in Samsung Town, Seoul...
).
OMA DRM 1.0
OMA DRM version 1.0 was first drafted in November 2002, and approved in June 2004. It provides basic Digital Rights Management, without strong protection. The standard specifies three main methods: Forward Lock, Combined Delivery (combined rights object / media object), and Separate Delivery (separated rights object + encrypted media object). Forward Lock prevents the user from forwardingEmail forwarding
Email forwarding generically refers to the operation of re-sending an email message delivered to one email address on to a possibly different email address...
content such as ringtones and wallpapers on their phone.
The content can be distributed using HTTP or MMS
Multimedia Messaging Service
Multimedia Messaging Service, or MMS, is a standard way to send messages that include multimedia content to and from mobile phones. It extends the core SMS capability that allowed exchange of text messages only up to 160 characters in length.The most popular use is to send photographs from...
.
OMA DRM 2.0
Version 2.0 was drafted in July 2004 and approved in March 2006. The primary new feature is the extension of DRM 1.0's Separate Delivery mechanism.Each participating device in OMA DRM 2.0 has an individual DRM Public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
(PKI) certificate, with a public key and the corresponding private key. Each Rights Object (RO) is individually protected for one receiving device by encrypting it with the device public key. The RO in turn contains the key that is used to decrypt the media object. Delivery of Rights Objects requires a registration with the Rights Issuer (the entity distributing Rights Objects). During this registration, the device certificate is usually validated against a device blacklist by means of an Online Certificate Status Protocol
Online Certificate Status Protocol
The Online Certificate Status Protocol is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track...
(OCSP) verification. Thus, devices known to be hacked can be excluded once they try to register with an Rights Issuer in order to receive new Rights Objects so they can access the content.
OMA SRM 1.0
Started in September 2005 and approved in March 2009, the goal of the Secure Removable Media (SRM) Work Item is to define the protection and consumption of digital content and associated usage rights on an SRM. An SRM is a removable medium that implements means to protect against unauthorized access to its internal data, such as a secure memory card or smart card. The SRM Work Item does not stand alone; it extends the existing OMA DRM 2.0 specifications. While OMA DRM 2.0 defines a general framework for downloading Rights to devices and sharing Rights in a domain, the SRM Work Item defines mechanisms and protocols for the SRM. It extends OMA DRM version 2.0 or 2.1, allowing users to move Rights between devices and SRMs, and to consume Rights stored in SRMs without generating and managing complex groups of devices in a domain.OMA SRM 1.1
Started in December 2008 and approved in June 2011, SRM 1.1 is an extension of SRM 1.0 introducing such functions as content license move between two SRMs, direct license provisioning to SRM and support for OMA Broadcasting (OMA BCAST) tokens. Latter allows to turn SRM into a secure electronic wallet capable to store credits that are used to subscribe to mobile broadcast and multicast services.OMA SCE 1.0
OMA SCE 1.0 started in September 2005 and was approved in December 2008 as a Candidate enabler. The goal of Secure Content Exchange (SCE) is to extend OMA DRM v2.0, enabling seamless sharing of purchased content between multiple devices, including all the devices owned by a subscriber (phone, PC, home electronics system, car audio system, etc.) and the temporary sharing of content on any device that is in close proximity to the subscriber’s device (e.g., a television set at a friend’s house or in a hotel room while the user is travelling). Because there will be no single DRM system deployed across all these different devices, the SCE also enhances the interoperability between OMA and non-OMA DRM systems, by defining an Import function for OMA DRM.Implementations and usage
OMA DRM 1.0 has been implemented in over 550 models of mobile phone. Many mobile operatorse.g. Vodafone, SFRSFR
SFR is a French mobile phone company. It has over 20 million customers, and provides over 4.6 million households with high-speed internet access...
, Turkcell
Turkcell
Turkcell is the leading mobile phone operator of Turkey, based in Istanbul. The company has 34.1 million subscribers as of June 30th, 2011.- Company background :...
, Vivo
Vivo
-Computer and technology:* Video In Video Out* Vivo Software, streaming format, acquired in 1998 by RealNetworks* VivoActive, Vivo Software's video format* Vivo S.A., a major Brazilian mobile phone company...
, Orange
Orange SA
Orange is the brand used by France Télécom for its mobile network operator and Internet service provider subsidiaries. It is the fifth largest telecom operator in the world, with 210 million customers . The brand was created in 1994 for Hutchison Telecom's UK mobile phone network, which was...
) use OMA DRM for their content services. The first OMA DRM 2.0 implementations were released in early 2005; implementations were installed on mobile phones by the end of 2005. Software implementations for personal computer and PDA
Personal digital assistant
A personal digital assistant , also known as a palmtop computer, or personal data assistant, is a mobile device that functions as a personal information manager. Current PDAs often have the ability to connect to the Internet...
clients are also available.
Most of the ringtones pre-installed on mobile phones have implemented DRM. Many commercial ringtone vendors who are not part of any mobile phone carrier do not bother with any form of DRM, perhaps because the number of ringtone vendors is huge, and people will choose to download unprotected ringtones if they can get them. The record industry does not mandate that DRM be implemented on ringtones, unlike digital music stores (such as iTunes
ITunes
iTunes is a media player computer program, used for playing, downloading, and organizing digital music and video files on desktop computers. It can also manage contents on iPod, iPhone, iPod Touch and iPad....
). Many ringtones are reverse-engineered by the ringtone provider themselves, so it is their choice whether to implement the DRM.
Since 2006, OMA has been working on DRM 2.0.1 and 2.1, and on new features such as SRM (Secure Removable Media) and SCE (Secure Content Exchange).
Broadcast Services Security issues with DRM Profile
Broadcast services requirements being completely different from video-on-demand, the OMA BCAST Smartcard profile has been recommended by all the industries to be the unified standard used for Mobile TV broadcast.Providers/Implementations
Commercial OMA DRM providers include:- Authentec
- castLabs mobile TV Service Delivery Platform
- Discretix
- Irdeto
- Mutable OMA DRM
- NDS
- Philips
- Saffron Digital
- Viaccess
An open source solution for OMA DRM 2.0 is also available:
Licensing Format
The OMA DRM specification uses a Profile of the Open Digital Rights Language for expressing its Licenses:Nokia Series 40
On NokiaNokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
Series 40 phones, an installed file with DRM will have its "Send" option greyed out in its options menu. If the user attempts to send such a file via MMS
Multimedia Messaging Service
Multimedia Messaging Service, or MMS, is a standard way to send messages that include multimedia content to and from mobile phones. It extends the core SMS capability that allowed exchange of text messages only up to 160 characters in length.The most popular use is to send photographs from...
, a message stating "The file is copyright protected" will appear. A Bluetooth
Bluetooth
Bluetooth is a proprietary open wireless technology standard for exchanging data over short distances from fixed and mobile devices, creating personal area networks with high levels of security...
file transfer will fail if the user tries to extract the file using Bluetooth, yet the file will still appear as present, and will still be deletable via Bluetooth.
However, if the file (such as a music track) is received with separate delivery—the key is sent separately from the actual download of the file, and the file contains a license URL—it is possible to forward the file to other devices. Once the file is activated on the new device, it will prompt the user to access the URL embedded in the file, and give the user the option to acquire the key.
Criticism
Some vendors implement broad DRM systems, restricting consumer rights beyond the scope documented by the OMA DRM standards. For example, some NokiaNokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
Symbian
Symbian
Symbian is a mobile operating system and computing platform designed for smartphones and currently maintained by Accenture. The Symbian platform is the successor to Symbian OS and Nokia Series 60; unlike Symbian OS, which needed an additional user interface system, Symbian includes a user...
-based devicesat least the Nokia 6680 and 6681; possibly many others will completely refuse to send all files of certain types*.mid, *.jar, *.jad and *.sis files over Bluetooth. For these phones, this blocks sending of MIDI files, Java Applets, and Symbian programs regardless of whether or not they are protected by DRM. Such phones will refuse any attempts to send such files with the message "Unable to send protected objects" or a similar error. This prevents sending such content, even when the content license explicitly allows or even depends on redistribution.
External links
- DRM 1.0 release from www.openmobilealliance.org
- DRM 2.0 release from www.openmobilealliance.org
- DRM 2.1 release from www.openmobilealliance.org
- DRM 2.2 release from www.openmobilealliance.org
- RICD 1.0 release from www.openmobilealliance.org
- SRM 1.0 release from www.openmobilealliance.org
- SRM 1.1 release from www.openmobilealliance.org
- SCE 1.0 release from www.openmobilealliance.org