2008 Open Mobile Alliance Ltd. All Rights Reserved.
Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document. [OMA-Template-Spec-20040205]
DRM Specification
Approved Version 2.0.2 – 23 Jul 2008
Open Mobile Alliance
OMA-TS-DRM-DRM-V2_0_2-20080723-A
OMA-TS-DRM-DRM-V2_0_2-20080723-A Page 2 (152)
2008 Open Mobile Alliance Ltd. All Rights Reserved.
Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document. [OMA-Template-Spec-20040205]
Use of this document is subject to all of the terms and conditions of the Use Agreement located at
http://www.openmobilealliance.org/UseAgreement.html.
Unless this document is clearly designated as an approved specification, this document is a work in process, is not an
approved Open Mobile Alliance™ specification, and is subject to revision or removal without notice.
You may use this document or any part of the document for internal or educational purposes only, provided you do not
modify, edit or take out of context the information in this document in any manner. Information contained in this document
may be used, at your sole risk, for any purposes. You may not use this document in any other manner without the prior
written permission of the Open Mobile Alliance. The Open Mobile Alliance authorizes you to copy this document, provided
that you retain all copyright and other proprietary notices contained in the original materials on any copies of the materials
and that you comply strictly with these terms. This copyright permission does not constitute an endorsement of the products
or services. The Open Mobile Alliance assumes no responsibility for errors or omissions in this document.
Each Open Mobile Alliance member has agreed to use reasonable endeavors to inform the Open Mobile Alliance in a timely
manner of Essential IPR as it becomes aware that the Essential IPR is related to the prepared or published specification.
However, the members do not have an obligation to conduct IPR searches. The declared Essential IPR is publicly available
to members and non-members of the Open Mobile Alliance and may be found on the “OMA IPR Declarations” list at
http://www.openmobilealliance.org/ipr.html. The Open Mobile Alliance has not conducted an independent IPR review of
this document and the information contained herein, and makes no representations or warranties regarding third party IPR,
including without limitation patents, copyrights or trade secret rights. This document may contain inventions for which you
must obtain licenses from third parties before making, using or selling the inventions. Defined terms above are set forth in
the schedule to the Open Mobile Alliance Application Form.
NO REPRESENTATIONS OR WARRANTIES (WHETHER EXPRESS OR IMPLIED) ARE MADE BY THE OPEN
MOBILE ALLIANCE OR ANY OPEN MOBILE ALLIANCE MEMBER OR ITS AFFILIATES REGARDING ANY OF
THE IPR’S REPRESENTED ON THE “OMA IPR DECLARATIONS” LIST, INCLUDING, BUT NOT LIMITED TO THE
ACCURACY, COMPLETENESS, VALIDITY OR RELEVANCE OF THE INFORMATION OR WHETHER OR NOT
SUCH RIGHTS ARE ESSENTIAL OR NON-ESSENTIAL.
THE OPEN MOBILE ALLIANCE IS NOT LIABLE FOR AND HEREBY DISCLAIMS ANY DIRECT, INDIRECT,
PUNITIVE, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN
CONNECTION WITH THE USE OF DOCUMENTS AND THE INFORMATION CONTAINED IN THE DOCUMENTS.
© 2008 Open Mobile Alliance Ltd. All Rights Reserved.
Used with the permission of the Open Mobile Alliance Ltd. under the terms set forth above.
OMA-TS-DRM-DRM-V2_0_2-20080723-A Page 3 (152)
2008 Open Mobile Alliance Ltd. All Rights Reserved.
Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document. [OMA-Template-Spec-20040205]
Contents
1.
SCOPE................................................................................................................................................................................9
2.
REFERENCES ................................................................................................................................................................10
2.1
N
ORMATIVE
R
EFERENCES
........................................................................................................................................10
2.2
I
NFORMATIVE
R
EFERENCES
.....................................................................................................................................12
3.
TERMINOLOGY AND CONVENTIONS....................................................................................................................13
3.1
C
ONVENTIONS
...........................................................................................................................................................13
3.2
D
EFINITIONS
..............................................................................................................................................................13
3.3
A
BBREVIATIONS
........................................................................................................................................................15
4.
INTRODUCTION ...........................................................................................................................................................17
4.1
V
ERSION
2.0.1 ...........................................................................................................................................................17
5.
THE RIGHTS OBJECT ACQUISITION PROTOCOL (ROAP) SUITE..................................................................19
5.1
O
VERVIEW
.................................................................................................................................................................19
5.1.1
The 4-pass Registration Protocol.......................................................................................................................19
5.1.2
The 2-pass Rights Object Acquisition Protocol.................................................................................................20
5.1.3
The 1-pass Rights Object Acquisition Protocol.................................................................................................21
5.1.4
The 2-pass Join Domain Protocol ......................................................................................................................22
5.1.5
The 2-pass Leave Domain Protocol...................................................................................................................22
5.1.6
The ROAP Trigger.............................................................................................................................................23
5.1.7
ROAP URL's......................................................................................................................................................24
5.1.8
Rules for Obtaining User Consent .....................................................................................................................25
5.2
I
NITIATING THE
ROAP.............................................................................................................................................26
5.2.1
The ROAP Trigger.............................................................................................................................................26
5.2.2
Initiating ROAP from a DCF.............................................................................................................................29
5.3
ROAP
XML
S
CHEMA
B
ASICS
..................................................................................................................................30
5.3.1
Introduction........................................................................................................................................................30
5.3.2
General XML Schema Requirements ................................................................................................................30
5.3.3
Canonicalization & Digital Signatures...............................................................................................................31
5.3.4
The Request type................................................................................................................................................31
5.3.5
The Response type.............................................................................................................................................31
5.3.6
The Status type...................................................................................................................................................32
5.3.7
The Extensions type...........................................................................................................................................34
5.3.8
The Protected Rights Object type ......................................................................................................................34
5.3.9
The Rights Object Payload type.........................................................................................................................35
5.3.10
The Nonce type..................................................................................................................................................36
5.4
ROAP
M
ESSAGES
.....................................................................................................................................................36
5.4.1
Notation .............................................................................................................................................................36
5.4.2
Registration Protocol .........................................................................................................................................36
5.4.2.1
Device Hello ............................................................................................................................................................................. 36
5.4.2.2
RI Hello..................................................................................................................................................................................... 39
5.4.2.3
Registration Request................................................................................................................................................................ 41
5.4.2.4
Registration Response.............................................................................................................................................................. 44
5.4.3
RO Acquisition ..................................................................................................................................................47
5.4.3.1
RO Request ............................................................................................................................................................................... 47
5.4.3.2
RO Response............................................................................................................................................................................. 50
5.4.4
Domain Management.........................................................................................................................................52
5.4.4.1
Join Domain Request ............................................................................................................................................................... 52
5.4.4.2
Join Domain Response............................................................................................................................................................. 54
5.4.4.3
Leave Domain Request ............................................................................................................................................................ 57
5.4.4.4
Leave Domain Response.......................................................................................................................................................... 58
6.
CERTIFICATE STATUS CHECKING & DEVICE TIME SYNCHRONIZATION...............................................60
6.1
C
ERTIFICATE STATUS CHECKING BY
RI...................................................................................................................60
6.2
C
ERTIFICATE STATUS CHECKING BY
DRM
A
GENTS
...............................................................................................60
6.3
D
EVICE
DRM
T
IME
S
YNCHRONIZATION
.................................................................................................................61
OMA-TS-DRM-DRM-V2_0_2-20080723-A Page 4 (152)
2008 Open Mobile Alliance Ltd. All Rights Reserved.
Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document. [OMA-Template-Spec-20040205]
7.
KEY MANAGEMENT....................................................................................................................................................62
7.1
C
RYPTOGRAPHIC
C
OMPONENTS
..............................................................................................................................62
7.1.1
RSAES-KEM-KWS...........................................................................................................................................62
7.1.2
KDF ...................................................................................................................................................................62
7.1.3
AES-WRAP.......................................................................................................................................................63
7.2
K
EY
T
RANSPORT
M
ECHANISMS
...............................................................................................................................63
7.2.1
Distributing K
MAC
and K
REK
under a Device Public Key....................................................................................63
7.2.2
Distributing K
D
and K
MAC
under a Device Public Key.......................................................................................63
7.2.3
Distributing K
MAC
and K
REK
under a Domain Key K
D
........................................................................................64
7.3
U
SE OF
H
ASH
C
HAINS FOR
D
OMAIN
K
EY
G
ENERATION
.........................................................................................64
8.
DOMAINS........................................................................................................................................................................65
8.1
O
VERVIEW
.................................................................................................................................................................65
8.2
D
EVICE
J
OINS
D
OMAIN
.............................................................................................................................................65
8.3
D
OMAIN
RO
A
CQUISITION
&
C
ONSUMPTION
..........................................................................................................65
8.4
D
EVICE
L
EAVES A
D
OMAIN
......................................................................................................................................65
8.5
D
OMAIN
C
ONTEXT
E
XPIRY
.......................................................................................................................................66
8.6
S
UPPORT FOR
M
ULTIPLE
D
OMAINS PER
R
IGHTS
I
SSUER
........................................................................................66
8.7
D
OMAIN
RO
P
ROCESSING
R
ULES
............................................................................................................................66
8.7.1
Overview............................................................................................................................................................66
8.7.2
Inbound Domain RO..........................................................................................................................................66
8.7.2.1
Installing a Domain RO........................................................................................................................................................... 66
8.7.2.2
Postprocessing after installing the Domain RO..................................................................................................................... 68
8.8
D
OMAIN
U
PGRADE
....................................................................................................................................................68
8.8.1
Use of hash chains for Domain key management..............................................................................................68
9.
PROTECTION OF CONTENT AND RIGHTS ...........................................................................................................70
9.1
P
ROTECTION OF
C
ONTENT
O
BJECTS
.......................................................................................................................70
9.2
C
OMPOSITE
C
ONTENT
O
BJECTS AND
A
SSOCIATED
R
IGHTS
O
BJECTS
...................................................................70
9.2.1
Multiple Rights for Composite Objects .............................................................................................................70
9.2.1.1
Multiple Rights for Multipart DCFs ....................................................................................................................................... 70
9.3
P
ROTECTION OF
R
IGHTS
O
BJECTS
...........................................................................................................................71
9.3.1
Device RO Processing Rules .............................................................................................................................71
9.3.1.1
Overview ................................................................................................................................................................................... 71
9.3.1.2
Receiving a Device RO ............................................................................................................................................................ 72
9.3.1.3
Installing a Device RO............................................................................................................................................................. 72
9.4
R
EPLAY
P
ROTECTION OF
S
TATEFUL
R
IGHTS
O
BJECTS
..........................................................................................73
9.4.1
Introduction........................................................................................................................................................73
9.4.2
Replay Protection Mechanisms..........................................................................................................................74
9.4.2.1
Stateful ROs with RI Time Stamps........................................................................................................................................... 74
9.4.2.2
Stateful ROs without RI Time Stamps..................................................................................................................................... 74
9.5
P
ARENT
R
IGHTS
O
BJECT
..........................................................................................................................................75
9.5.1
Parent Rights Objects and Domains...................................................................................................................75
9.5.2
Semantics of stateful constraints........................................................................................................................75
9.5.3
Selection of Parent Rights Object ......................................................................................................................76
9.6
O
FF
-D
EVICE
S
TORAGE OF
C
ONTENT AND
R
IGHTS
O
BJECTS
..................................................................................76
9.7
G
ROUP
ID
M
ECHANISM
............................................................................................................................................77
9.7.1 Semantics of stateful constraints...............................................................................................................................77
10.
CAPABILITY SIGNALLING....................................................................................................................................78
10.1
O
VERVIEW
.................................................................................................................................................................78
10.2
HTTP
H
EADERS
........................................................................................................................................................78
10.3
U
SER
A
GENT
P
ROFILE
..............................................................................................................................................78
10.4
I
SSUER
R
ESPONSIBILITIES
........................................................................................................................................79
11.
TRANSPORT MAPPINGS.........................................................................................................................................80
11.1
I
NTRODUCTION
..........................................................................................................................................................80
11.2
HTTP
T
RANSPORT
M
APPING
...................................................................................................................................80
11.2.1
General...............................................................................................................................................................80
11.2.2
HTTP Headers ...................................................................................................................................................80
OMA-TS-DRM-DRM-V2_0_2-20080723-A Page 5 (152)
2008 Open Mobile Alliance Ltd. All Rights Reserved.
Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document. [OMA-Template-Spec-20040205]
11.2.3
ROAP Requests .................................................................................................................................................80
11.2.4
ROAP Responses...............................................................................................................................................81
11.2.5
HTTP Response Codes ......................................................................................................................................81
11.3
OMA
D
OWNLOAD
OTA ...........................................................................................................................................81
11.3.1
Download Agent and DRM Agent Interaction ..................................................................................................82
11.3.1.1
Downloading DRM Content ............................................................................................................................................... 82
11.3.1.2
Downloading ROAP Trigger or Rights Objects................................................................................................................ 82
11.3.1.3
Downloading DRM Content and Rights Object Together ................................................................................................ 83
11.4
WAP
P
USH
................................................................................................................................................................83
11.4.1
Push Application ID...........................................................................................................................................83
11.4.2
Content Push......................................................................................................................................................83
11.5
MMS..........................................................................................................................................................................84
11.6
ROAP
OVER
OBEX..................................................................................................................................................84
11.6.1
Overview............................................................................................................................................................84
11.6.2
OBEX Server Identification...............................................................................................................................84
11.6.3
OBEX Profile.....................................................................................................................................................84
11.6.3.1
OBEX operations................................................................................................................................................................. 84
11.6.3.2
OBEX headers...................................................................................................................................................................... 85
11.6.3.3
OBEX Connect..................................................................................................................................................................... 85
11.6.3.4
OBEX Disconnect................................................................................................................................................................ 86
11.6.3.5
OBEX Abort ......................................................................................................................................................................... 86
11.6.3.6
OBEX PUT........................................................................................................................................................................... 87
11.6.3.7
OBEX GET........................................................................................................................................................................... 87
11.6.4
Exchanging ROAP messages over OBEX.........................................................................................................88
11.6.4.1 OBEX Response Codes ................................................................................................................................................................ 88
11.6.5
Service Discovery..............................................................................................................................................89
11.6.5.1
IrDA...................................................................................................................................................................................... 89
11.6.5.2
Bluetooth .............................................................................................................................................................................. 89
11.6.6
Bluetooth Considerations...................................................................................................................................90
11.6.6.1
Use of Bluetooth security .................................................................................................................................................... 90
12.
SUPER DISTRIBUTION............................................................................................................................................91
12.1
O
VERVIEW
.................................................................................................................................................................91
12.2
P
REVIEW
....................................................................................................................................................................91
12.3
T
RANSACTION
T
RACKING
........................................................................................................................................91
12.4
DCF
I
NTEGRITY
........................................................................................................................................................92
13.
EXPORT.......................................................................................................................................................................93
13.1
I
NTRODUCTION
..........................................................................................................................................................93
13.2
E
XPORT
M
ODES
........................................................................................................................................................93
13.3
C
OMPATIBILITY WITH
O
THER
DRM
S
YSTEMS
.......................................................................................................94
13.4
S
TREAMING TO
O
THER
D
EVICES
.............................................................................................................................94
14.
UNCONNECTED DEVICE SUPPORT ....................................................................................................................95
15.
BINDING RIGHTS TO USER IDENTITIES...........................................................................................................99
15.1
IMSI
UID
....................................................................................................................................................................99
15.2
WIM
UID
...................................................................................................................................................................99
15.2.1
Support for WIM uid .........................................................................................................................................99
16.
SECURITY CONSIDERATIONS (INFORMATIVE)...........................................................................................101
16.1
B
ACKGROUND
.........................................................................................................................................................101
16.2
T
RUST
M
ODEL
.........................................................................................................................................................101
16.2.1
RIs supporting multiple PKIs...........................................................................................................................101
16.2.2
Devices supporting multiple PKIs ...................................................................................................................101
16.3
S
ECURITY
M
ECHANISMS IN THE
OMA
DRM........................................................................................................101
16.3.1
Confidentiality .................................................................................................................................................101
16.3.2
Authentication..................................................................................................................................................102
16.3.3
Integrity Protection ..........................................................................................................................................102
16.3.4
Key Confirmation ............................................................................................................................................102
16.3.5
Other Characteristics........................................................................................................................................102