70 S. Wang

and Q. Liu
The main driving force of DRM comes from industry [1]. The most representative
sample is the protection of eBook, electronic music, and digital movie. Several fa-
mous international companies have release their own solutions and productions, such
as Microsoft’s WMRM, Real Networks’ Helix DRM, Adobe’s Content Server, and
IBM’s EMMS.
2 Current DRM Systems
2.1 Classification of DRM Systems
Existing DRM systems could be classified into different categories according to dif-
ferent standards (such as safety technique chosen, protected object, etc.). The pro-
tected objects include: software, eBook, images, stream media and contents on mobile
devices.
The main function of software-protected DRM system is the precaution of software
piracy. The protection of software appeared in the 1980s, which could be regarded as
the earliest application of DRM. In the early times, the methods to prevent software
piracy include the usage of key floppy disk, copy-proofed CD, encryption card, etc.
Many new software-protection forms appear along with the development of DRM
technology and network technology.
The eBook-protected DRM systems have two kinds of applications: the online
bookstore (such as Amazon, eReader), and the digital library (such as netLibrary,
Apabi). The online bookstore sells eBook directly to the readers while the digital
library only provides borrowing service, and both of them have to protect the rights
against infringement by third parties.
The images-protected DRM systems are somewhat complex. Some websites attach
their own logo onto the images to prevent others from using it illegally. But the visi-
ble logo sacrificed the image’s quality. Another preferable method is to embed the
copyright information into the images by digital watermarking. If someone used the
images without authorization, the owner could detect the copyright information hided
in the images with special software, and prove it. Now the companies who focus on

digital watermarking include: Digimarc in USA and High Water Signum in England.
They provide similar service. In China the “Patriot Banshen” digital watermarking
system could satisfy the requirement [8]. Digital watermarking could also be used in
stream media market.
The stream media-protected DRM system protects electronic music, electronic
movies and videos. Now some marketers have used DRM technology. Some famous
stream media systems have their own rights management solutions, such as WMRM,
EMMS and Helix DRM, etc.
The DRM system used on movable device can protect images, ringtone, mp3, mp4,
etc. Because the movable platform is different from PC platform, the embedded sys-
tems present new technological demands on DRM. At present, some mobile phone
(such as Nokia) has applied DRM technology supporting OMA DRM. [15] Along
with the development of intelligent mobile phone, the DRM still cannot achieve real
copyrights protection.
ERDRM: A Digital Rights Management System Model for Educational Resources 71
2.2 Decisive Concepts in DRM
The research on DRM always includes the architecture, content security, rights expres-
sion, as well as authentication. The systems are different in those points. This section is
mainly about their characteristics, and gives a contrast on current DRM systems.
Architecture.
The generic DRM architecture accepted to all includes three core
components: the content packaging server, the license server and the client [2], [3].
Content
repository
Product
database
DRM
packager
Content Packaging
Server

Rights
database
Encryption
key database
License Server
Identify attribute
database
DRM
license
generator
Client
content
metadata
encryption
keys
rights
encryption
DRM
controller
Content package
License package
Identifying
attributes
Financial
transaction
Rendering
application

Fig. 1. The generic DRM architecture
The DRM packager in content packaging server encrypts the content and transfers

them to the user through P2P, email, or downloading service, etc. the rights package
will be transferred to license server.
The DRM controller in client determines the way the user using the content,
through policies bound to the package and implicit in the packaging format, that the
requested use requires authorization. If the license cannot be found on the user’s ma-
chine or has expired. The DRM controller should make rights request by packaging
and sending attributes of the user and the content to a license server.
The license server verifies the submitted client identification or attributes creden-
tials, creates license, packaged and transferred to client securely.
For more information about DRM architecture, you may access [2], [3], [4].
72 S. Wang

and Q. Liu
Content Security. Generally, the protection of digital content is based on encryption
technology, namely encrypting the digital content at first before distribution. So the
unauthorized user cannot get valuable information even they have intercepted the
content during transmission successfully. Digital watermarking is a new direction in
information security field. It can protect the copyright and integrity of information.
Digital watermarking is applied in those fields: remote monitor and control, owner
authentication, ownership verification, operation tracking, content identification, copy
restriction and device control.
Rights Expression.
Rights Expression plays an important role in DRM, it works by
rights expression language (REL). Existing works in this area include the INDECS
project. One of the basic distributions of this project is clearly separating and
identifying the three core entities: Users, Content, and Rights [3]. Users can be any
type: from a rights holder to an end consumer. Content also can be any type of content
at any level of aggregation. The rights entity is an expression of the permissions,
constraints, and obligations between the Users and the Content. Most of the existing
RELs are XML-based. The two most developed RELs are XrML [14] and ODRL

[12], [13].
Authentication. Authentication is a fundamental part of any DRM system, because it
is the foundation of rights management. The DRM system verifies the reality and
validity of the user’s identity, then determines whether make authorization or not with
the results. The most applied authentication technologies are password-confirming
and hardware binding.
Table 1. A Contrast among the systems
Concepts
protected
Objects

Architecture Content Security Rights
Description
Authentication
Software C/S
Structure
Encryption,
Digital Watermarking
Hardware ID
Software ID
eBook Typical
Structure
Encryption,
Digital Watermarking
EBX User/Password
Stream Media Typical
Structure
Encryption,
Digital Watermarking
XrML/

MPEG REL
User/Password
Hardware ID
Mobile Typical
Structure
Encryption OMA DRM User/Password
Hardware ID
Image Digital Watermarking
A Contrast among Systems. Actually, the DRM systems have both same and special
characteristics in the four aspects mentioned above. As shown in Table 1.
The digital rights management of images is somewhat complex, and the relevant
technologies are not mature enough. Most of the researches are limited to the declara-
tion of the rights ownership and the tracking of rights by digital watermarking. It is
always used after the act of tort has happen. We will not make a conclusion in this
paper.
ERDRM: A Digital Rights Management System Model for Educational Resources 73
3 Digital Rights Management in Education
Digital rights management is complex and difficult regardless of the application do-
main. Nonetheless, education places some very specific demands on it. This section
introduces the specific requirement presented by education for DRM, discusses the
security technology available, and analyzes their merits and demerits.
3.1 Specific Requirements Presented by Education
IEEE LTSC DREL Study Group makes a deeply study on the domain features of
education, learning, and training [4]. The prominent ones of them are listed below:
• In the education area, the education resources may have multiple authors for the
joint authorship is very common. The educational resources may be reconstructed
from multiple learning objects. The rights expression language of the DRM system
must be able to identify rights information associated with component learning ob-
jects and with contributing authors as distinct from rights associated with aggregate
works.

• In web-based education, the users participate in learning, reuse the educational
resources, and all of these will raise the privacy problem, for the privacy may be
protected by privacy acts and local policies. The DRM system has to consider these
acts and policies carefully.
• Learning, education and training are all highly local activities, yet the education
resources will be created and distributed across jurisdictional and domain bounda-
ries in a distributed education. So the rights should be expressed from a combina-
tion of local and global context.
• Actually, Profits is always not the main objective of creating the intellectual prop-
erty in education, and the attribution seems more important. Most of the authors are
wish to share their ideas if they are in fact properly acknowledged with some con-
straints, even the constraints may be different according to the practical situation.
• In the copyright laws, there are always some items about “fair use” refers to educa-
tion and research, as a result, maybe we cannot just divide the users simply into the
authorized and the unauthorized.
3.2 Security Technology Issues
Security technology issues must be considered in digital rights management applica-
tion. Actually these issues include authentication and content security which were
mentioned above in section 2.
Authentication is the foundation of rights management, and it is also a very impor-
tant part of DRM system. The DRM system verifies the reality and validity of the
user’s identity then make decision with the results. Most of the e-learning systems are
made up by databases and platforms, in which different platforms provide different
services. The COLIS project [5] in Australia use SSO to realize the integrity of ser-
vices. SSO means a user signs on once in a system, he or she could access all the
systems that trust the first system. SSO is integrity on the “Authentication” level.
74 S. Wang

and Q. Liu
Content Security can be realized by digital watermarking or data encryption tech-

nology. Also there is web scripting technology can be used in DRM for educational
resources for most of the resources can be formatted by HTML.
Digital Watermarking. Digital watermark is a pattern of bits inserted into digital im-
ages, audio or video files that identifies the file’s copyright information (author,
rights, etc.), but these information are always invisible, or in the case of audio clips,
inaudible. Moreover, the actual bits representing the watermark must be scattered
throughout the file in such a way that they cannot be identified and manipulated. And
finally, the digital watermark must be robust enough so that it can withstand normal
changes to the file. The purpose of digital watermarks is to provide copyright protec-
tion for intellectual property that’s in digital format.
Digital watermark is just for tracking the copyright information other than assuring the
security of content. It can be used in the protection of sharable educational resources.
Data Encryption. Data encryption is the basic security technology in the network.
Encryption is the most effective way to achieve data security. It is a proactive defense
policy, provides huge security with very small cost. There are two main types of en-
cryption: asymmetric encryption (also called public-key encryption) and symmetric
encryption.
Encrypting digital works is foundational in copyrights protection. The content pro-
tection in DRM is mainly based on encryption. To read the encrypted file, you must
have access to a secret key or password that enables you to decrypt it. Most of the
existing stream media DRM systems are based on data encryption technology. Al-
though very safe, these systems go against retrieval, go against the sharing and com-
munication of educational resources.
Web Scripting Technology. The web scripting technology controls access to the web
page’s content by inserting functional scripting code into the source code. Such as
disabling right click, disabling select, disabling edit, disabling printing, and so on. It
also could restrict the time of access and operation. This method can protect educa-
tional resources on certain level, but this low security is only satisfied the demands of
some valueless resources.
Data encryption and digital watermarking both have their own merits and demerits,

as shown in Table 2.
Table 2. Comparison of data encryption and digital watermarking
Data Encryption Digital Watermarking
Control the access to the content Detect and track the hiding content
Content-irrelevant Content-relevant
The terminal has to demonstrate
the decryption process
The terminal has not to demonstrate

the decryption process
Attacking techniques is mainly
signal processing,
which will make the content

hides invaliable
Attacking techniques is mainly

decryption.
Has intensity of D/M and M/D Has no intensity of D/M and M/D
System security has nothing to
do with the terminal device
System security is determined by
security of terminal device