OMA DRM v2.0

The OMA Digital Rights Management (DRM) v2.0 specification provides stronger content protection and improved functionality for rich media content, such as music and video. The specification enables an end-to-end DRM system that takes into account the need for secure distribution, authentication of devices, revocation and other aspects. The S60 platform supports the mandatory features of the OMA DRM v2.0 specification.

The improved security, compared with OMA DRM v1.0, is achieved by using:

  • Bilateral authentication between the rights issuers and devices

  • Public key infrastructure (PKI) certificates and online revocation checks

  • Protection of the confidentiality and integrity of the rights objects

Improved functionality and usability are achieved, for example, by providing enhanced preview functions and mechanisms for sharing content within a registered community of devices, called a domain.

The OMA DRM v2.0 specification as such is not mobile-specific, which means that there can be OMA DRM v2.0 non-mobile devices, such as PC software, thus enabling better interaction and content transferability between devices.

In the S60 platform, OMA DRM v2.0 is enabled for music and video files via HTTP or OMA download. For more information on the OMA DRM v2.0 features that are supported in the S60 platform, see Supported OMA DRM v2.0 features.

Silent rights object acquisition

Silent rights object acquisition means that no DRM-specific notifications are shown during the acquisition if the feature is enabled in the media file. The OMA DRM specification defines two types of silent rights URL:

  • On-demand

    Rights object is acquired when the user tries to open the file.

  • In-advanced

    Rights object is acquired at the earliest possible time.

The S60 platform supports only on-demand silent rights acquisition. The in-advanced type is treated similarly as on-demand.

Transaction tracking

Transaction tracking allows the rights issuer to track the content flow from one user to another via superdistribution. The rights issuer includes a TransactionID in the rights object, which allows the rights issuer to build a reward mechanism, for example.

PKI requirements

In the PKI, secret data is encrypted with the recipient's public key. Only the recipient can open the content with the private key. This private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography. PKI makes sure that both the mobile device and server are authenticated. The key in the mobile device identifies the mobile device and the key in the server identifies the server. The device key is stored by using data caging. If the key is lost, the downloading rights are revoked, but usage rights still apply.

In addition to the software implementation in the S60 platform, each device must have the keys and certificates listed below:

  • Device private key

  • Public certificates

  • Device certification authority (CA) certificate

  • CA root certificate

Note: The S60 platform does not provide PKI keys, certificates, or server infrastructure. Content Management License Administrator is a known PKI provider for OMA DRM v2.0. The DRM implementation in the S60 platform is prepared for CMLA, but it is not certified, because only devices can be certified by CMLA.