The main research methods used in the research include literature review, theory building, and conceptual analysis.
Literature review, as a research method was defined e.g. as “the use of ideas in the literature to justify the particular approach to the topic, the selection of the methods, and demonstration that this research contributes something new” (Hart 1998). Levy and Ellis (2006) pointed out that an effective literature review should include the following characteristics: analyze and synthesize quality literature methodologically, provide a firm foundation for a research topic and to the selection of research methodology, and demonstrate that the proposed research contributes something new to the overall body of knowledge of the research. In this dissertation, the literature review was conducted in a systematical way by narrowing down the scope of the literature review step by step. The literature review started with the
definition of DRM and its architecture and industrial deployments. Then the focus shifted to the interoperability aspect of DRM. Furthermore, the scope was downsized to rights exporting. In order to achieve rights exporting, essential elements were identified, such as a generic rights model is required to share among DRM systems (Lu et al. 2010-1). Existing RELs and the related research were reviewed. By narrowing down the scope of the literature review, a gap was identified in the area of rights exporting process. Further research was needed and a formal process needed to be proposed. Especially for the effectiveness of rights exporting, no research was identified to address the effectiveness of rights exporting.
Innovative algorithms, such as rights decomposition, were developed to fill the gap (Lu et al. 2010-1). On the other hand, literature review helped to find the existing building blocks that could be utilized in the research. For example, rights adaptation is a concept first introduced by Safavi-Naini et al. (2004), and then extended and formalized by the author (Lu et al. 2012-1).
Theory building, as defined by Torraco (1997), is “the process of modeling real-world phenomena.” Lynham (2000) elaborates more on the definition of the theory building as “the process or recurring cycle by which coherent descriptions, explanations, and representations of observed or experienced phenomena are generated, verified, and refined.” In this dissertation, two concepts were modeled using the theory building: the concept of rights and the concept of rights exporting.
A generic rights model was established to accommodate the needs to share the common presentation of rights among DRM systems for rights exporting purpose.
The model was created based on the findings from the literature review against existing rights models and RELs. The model captures the essential features of rights required by rights exporting. Then the model was verified by a case study of two mainstream DRM systems (Lu 2007). On the other hand, the process development of rights exporting started with an input-process-output analysis. Given an input, the desired output was determined. Because of the differences among DRM systems, the desired output cannot be achieved all the time. A compromised output needs to meet certain criteria in order to be an acceptable output. The acceptance criteria were achieved by analyzing the relationship between the input and output of rights exporting. The acceptance criteria are defined in the format of a set of principles for
development, evaluation, and optimization were reflected in the publication as well (Lu et al. 2013 and 2015).
Conceptual analysis is one of the research methods in the category of theoretical approach (Chu 2015). With the results of the literature review, the author identified the core elements of rights which need to be handled by rights exporting. They are permissions, conditions, and the linkage between permissions and conditions. By applying a conceptual analysis to rights, the author found out the criteria that rights need to fulfill before rights exporting (Lu et al. 2012-1). In order to maximize the output of rights exporting, techniques are needed to remove the element that fails to meet the exporting criteria. By conducting a conceptual analysis against the rights model, an innovative approach to decompose rights was discovered (Lu et al. 2010-1). The conceptual analysis also helped to form the principles of rights exporting through characterizing rights exporting (Lu et al. 2012-2).
4 RESULTS
The chapter first summarizes the studies for each published article and then presents dissertation’s contribution to science, its implication to practice, as well as its limitations.
4.1 Summary of published articles
In this section, the results from each publication are summarized.
Article 1: Rights decomposition for DRM interoperability (Lu et al. 2010-1, 2010-2, 2010-3)
The article inherits the ideas of rights model and decomposition from author’s master thesis (Lu 2007). The rights model consists of permissions, conditions, and the linkages between permissions and conditions. Permissions define the type of usage upon content governed by a DRM system, such as to play a music file.
Conditions are obligations that the permission must obey in order to consume the content, such as end-time-based condition to play a movie before the end of the year. Conditions can be categorized into stateful conditions and stateless conditions.
Stateful conditions have a dynamic internal state to determine their validity, such as count-based condition while stateless conditions have no dynamic internal state and their validity is determined by a predefined logic, such as an end-time-based condition. The linkage defines the relationships between permissions and conditions.
The linkage could have two types of functions: validity-checking path and influential path. A validity checking path is a virtual path which DRM systems follow when checking the validity of a condition in order to grant a permission to an end user. A permission can be granted only if all the conditions on its validity-checking paths are
same instance of a condition, then these instances of permissions have a shared condition, such as rights to view or print an image altogether 10 times. If an instance of a permission links to more than one instance of conditions, then the permission instance has multiple conditions, such as rights to play a movie file 3 times within a month. The rights model is not designed to address the needs in all DRM operations in all existing DRM systems. Instead, its design puts a focus on the essential elements of rights and their internal structure in a REL-agnostic manner. The simple design of the rights model helps us to avoid the distraction from other perspectives of DRM, such as security model. Still the rights model has sufficient expressive power to reflect the essential nature of rights exporting. The rights model established a solid foundation to accommodate later research related to rights exporting.
Along with the design of rights model, an algorithm to simplify the internal structure of rights is identified and named as rights decomposition. Rights decomposition starts with grouping the instances of permissions that share a condition instance. Inside a group, each instance of permission must share a condition instance with at least another permission instance in the same group. After grouping, if there are more than one group of permissions in the rights instance, then the rights instance can be decomposed into several subsidiary rights instances.
Each subsidiary rights instance holds a group of permissions and their linked condition instances. Furthermore, if a shared condition can be divided into two instances, then the rights instance could be further decomposed. Rights decomposition can be used to provide a better granularity of rights. The granularity of rights could impact the results of rights exporting when dealing with the differences between DRM systems. It could isolate the portion of rights that prohibits rights exporting, and increase the portion of rights that could be exported.
The algorithm is further elaborated and formalized in a journal publication (Lu et al.
2010-2). The rights decomposition concept was also generalized into a patent application and filed by Nokia (Lu et al. 2010-3)
Article 2: Deploying adaptation in rights exporting (Lu et al. 2012-1)
The article continues the development of rights adaptation from the ideas of previous researchers (Safavi-Naini et al. 2004) and author’s master thesis (Lu 2007).
With the help of rights model, the root causes that could prohibit rights exporting were identified. The root causes were analyzed from five perspectives: rights, permission, condition, linkage, and internal structure of the rights. Those perspectives form the criteria of rights exporting. Based on the analysis, the main causes were summarized into seven types: unsupported type of permission,
unsupported type of condition, unsupported type of linkage, no support for multiple conditions, no support for shared condition, the limited capacity of multiple conditions, and limited capacity of a shared condition. In order to remove those causes that prohibit rights exporting, four rights adaptation methods are developed to deal with the various causes. They are condition pre-enforcement, permission reduction, condition division, and condition merge. By applying different methods of rights adaptation, a rights instance can be converted into the format that can be exported to the target system.
Condition pre-enforcement attempts to enforce the condition in the domestic DRM system before exporting, such as to enforce a condition that requires registration before usage. Once the condition is enforced, it can be safely removed from the rights to be exported.
Permission reduction attempts to remove unsupported permissions. If a permission instance cannot be supported on the target system, it can be removed from the original rights so that the adapted rights can then be exported to the target system.
Condition division attempts to divide a shared condition instance into several subsidiary instances in order to simplify the internal structure of the rights. For example, if there is an instance of rights to view or print an image for one month, then the time interval condition can be divided into two instances, one for each permission.
Condition merge attempts to merge condition instances linked to one permission instance. For example, if there is a permission to play a music file with two count-based conditions for 3 times and 4 times, then those two condition instances can be merged into one count-based condition for 7 times.
Different adaptation methods have different effects on different causes. For example, condition pre-enforcement could remove unsupported condition type while permission reduction could remove supported permission type while both could potentially resolve prohibited cases caused by the limited capacity of multiple conditions as they can remove the amount of linkage between permissions and conditions. The effects of adaptation methods are summarized and priorities are given for each method. Then an algorithm is developed to reflect the effects of
internal structure of the original rights instance. Therefore, the adapted rights might be further decomposable even if the original one has been decomposed. A rights exporting process needs to arrange the rights decomposition method from Article 1 and rights adaptation in the proper manner. Thus, the article is a stepping stone towards the later research on the process framework of rights exporting.
Article 3: Characterizing Trustworthy Digital Rights Exporting (Lu et al. 2012-2)
Starting from this article, the research entered into the main part and focused on the process of rights exporting. The article first established the process framework of rights exporting by defining input-process-output model. The inputs are a domestic DRM system, a target DRM system, and a set of rights governed by the domestic system. The outputs are a set of exported rights on the target system and a set of remaining rights on the domestic system. The formalized process framework is the key artifact of the research and the bearer of the main contributions of the research.
Based on the formalized process framework, different aspects of rights exporting are characterized.
Firstly, the direction of rights exporting was discussed. Rights from one system can be exported to another system either directly between the two systems or indirectly via intermediate DRM systems. The directions of rights exporting can be unidirectional or bidirectional. Unidirectional means that rights can be exported from one system to another, but not the other way around, while bidirectional means that rights can be exported mutually between two systems. If any extra rights are generated during rights exporting, then bidirectional rights exporting can exacerbate the situation as the rights exporting can be reproduced repetitively.
Secondly, there are two modes of rights exporting: copy mode and move mode.
Copy mode retains rights on the domestic system and creates identical rights on the target system. Move mode creates identical rights on the target system and removes original rights on the domestic system. Copy mode can be challenging for rights with stateful conditions as the internal state of stateful conditions might be out of sync between two DRM systems.
Thirdly, the results of rights exporting can be expressed by the correlation between the original rights on the domestic system and the exported rights on the target system. The ideal correlation is that the original rights would be identical to the exported rights. However, when the ideal target cannot be achieved, the acceptable range of correlation needs to be decided. Theoretical possibilities of the correlation were discussed as well as their implications.
Finally, by inspecting the characteristics of rights exporting the desired outcome became clear and was concluded as the principles of rights exporting. There are two main principles: to maximize the rights to be exported, and to prevent generating extra rights. The principle to prevent generating extra rights enforces trustworthy rights exporting while the principle to maximize rights to be exported provide tools to evaluate the effectiveness of rights exporting. The principles were then integrated into the context of process framework of rights exporting and presented in the format of formalized statements to regulate the relationship between the input rights and output rights in the process framework of rights exporting. The principles act as the guidance in building the process framework and provide the benchmark for performance evaluation in optimizing the process framework.
Article 4: Decision-making in rights exporting: The integrated process (Lu et al. 2013)
Article 1 and Article 2 provided essential algorithms required for rights exporting process. Article 3 established the process framework and set up the group rules for rights exporting. This article put everything together and provided the integrated framework.
The article first completed the big picture by introducing the decision-making step into rights exporting process. The decision-making step decides whether or not an instance of rights can be exported from the domestic system to the target system based on the criteria identified in Article 2. If no cause that could prohibit the rights exporting is identified, then the decision-making step will accept the rights instance to be exported to the target system. Otherwise, it rejects the rights instance. The rejected rights are then subject to further processing. With the decision-making step, the first version of the rights exporting algorithm was proposed as part of process framework. A predefined instance of rights was applied to the algorithm, and the results of rights exported were examined.
Secondly, the algorithm of the rights decomposition was integrated and formed the second version of the rights exporting algorithm. The decomposition was integrated after a rights instance is rejected. By using the same input rights, a bigger portion of the rights instance got exported to the target system. In other words, the
be decomposed. If a rights instance cannot be decomposed nor adapted, then it should not be exported and should stay in the domestic system. The third version of the rights exporting algorithm is examined with the same input rights used in the first and second version, and the exported portion of the same rights instance increased further.
During the examination of the third version, an issue is identified. If none of the decomposed instances of rights can be exported, the original rights instance should be restored and stay in the domestic system. The decomposed rights instances should be discarded. Moreover, the decomposition could be nested. In order to achieve that, the fourth version of the rights exporting algorithm was introduced with a recursive mechanism to trace the accepted rights instances. The integrated process is well formulated and encapsulated. It could be potentially applied to any solution that aims at providing DRM system interoperability.
Article 5: Passive condition pre-enforcement for rights exporting (Lu et al.
2015)
Based on the integrated process of rights exporting proposed in Article 4, an issue related to condition pre-enforcement as one of the rights adaptation methods is identified. Even though some conditions can be pre-enforced before exporting to a target system, the pre-enforcement may not apply to all DRM systems. For example, if an end-time-based condition is pre-enforced by creating a device certificate that expires at that time, the rights instance could be still valid after that time if it is exported to other devices. Thus, it requires a mechanism to track the conditions that have been enforced on the system level. It leads to a broader topic on how to deal with the system level differences.
The system level differences need to be addressed in the rights exporting process as they apply to all rights instances on the system. The system characteristics cannot be changed by the domestic DRM system itself. Thus, they can be expressed in the format of a set of stateless conditions. They are defined as system stateless conditions (SSCs). Then the system differences can be expressed by the delta of SSCs between the domestic system and the target system. As SSCs apply to all rights in a DRM system, they should be pre-enforced before an instance of rights is exported from the DRM system. In order to distinguish it from the condition pre-condition method defined in rights adaptation, the system level condition pre-enforcement is defined as passive condition pre-enforcement (PCP) while the method from the rights adaptation algorithm is redefined as active condition pre-enforcement (ACP).
PCP addresses the differences in system characteristics between the domestic system and the target system. PCP can be performed by adding all SSCs of the domestic system to the rights instances to be exported. However, if some of the SSCs from the domestic system are not supported by the target system, then no rights instances should be exported to the target system. Moreover, some of the SSCs of the domestic system might be satisfied by the SSCs of the target system. In such case, adding only the SSCs that cannot be satisfied by the SSCs of the target system will minimize the effort of PCP. The processing of SSCs from two systems not only impacts the feasibility of the rights exporting between two systems but also results in a set of SSCs to be applied to the rights instances for rights exporting.
Once the necessary SSCs are added to the rights instances, they create links to all permission instances. Then the rights instance should be taken into the
Once the necessary SSCs are added to the rights instances, they create links to all permission instances. Then the rights instance should be taken into the