480 likes | 643 Views
CALIS Solution to Digital Rights Management The 21st Century Digital Asset Management Seminar Hong Kong 2006. Wenqing Wang Ph.d, CTO National Administrative Center for CALIS, China wangwq@calis.edu.cn Jan. 6, 2006. Agenda. Introduction to CALIS and CADLIS Requirements of DRM in CADLIS
E N D
CALIS Solution to Digital Rights ManagementThe 21st Century Digital Asset Management SeminarHong Kong 2006 Wenqing Wang Ph.d, CTO National Administrative Center for CALIS, China wangwq@calis.edu.cn Jan. 6, 2006
Agenda • Introduction to CALIS and CADLIS • Requirements of DRM in CADLIS • CALIS Solution to DRM • Overview of IDL-DRM • Demo of IDL-DRM
What’s CALIS China Academic Library & Information System • CALIS is a nation-wide public service system for academic libraries in china • Funded by the China government • Under the leadership of Ministry of Education (MOE) • Started in 1997 • Directed by “National Administrative Center” which locates in Peking University Library • Phases: Phase-I (1997-2001) , Phase-II (2002-2006) • CALIS is a nation-wide academic library consortium • More than 500 academic libraries are members
Blues are founded in Phase II. • Others in Phase I. Union Catalog Center Technical Center 4 National Resource Centers (1)Science, Social Science (2)Engineering (3)Medicine (4)Agriculture over 500 academic libraries in china Organization Structure of CALIS (Three levels) National Administration Center National level Regional level 7 Regional Resource Centers 1 National Defence Resource Center 15 Provincial Resource Centers Local level 22 Academic Digital Library Testbeds Notes: 27 Resource Centers in all
China Academic Digital Library Information System (CADLIS)is a national project for high education during Phase-II. Goals of CADLIS: develop “The Standards and Specifications of CADLIS”. develop an open architecture and infrastructure of CADLIS. develop a group of key applications which are used to build digital libraries. build federated digital libraries for all of 27 resource-centers of CALIS. organize over 100 academic libraries (core members of CALIS)to build collaboratively a group of digital collections which will be shared among all members. What’s CADLIS
Digital Collections in CADLIS • Networked Digital Library of Special Digital Collections (NDL-SDC) • Networked Digital Library of electronic Thesis & Dissertation (NDL-ETD) • Netlibrary eBook Collection • Networked System of Teaching Reference Information & eBooks • CALIS Online Union-Catalog Database • including bibliographies and holdings from 500 academic libraries • Other collections (omitted…)
NDL-SDC : Networked DL of Special Digital Collections • NDL-SDC’s two layers: • The local-layer : 70 local collections • developed by 70 academic libraries separately. • The center-layer : A central union-collection • harvests metadata and digital objects from local collections |using OAI-PMH protocols and METS format. • Types of Resource: • ebooks, rarebooks, images, rubbings, atlases, audio, video, etc. • NDL-SDC’s service • The center-layer provides cross-searching and navigation service among different resources in the central union-collection • The local-layer provides users with access to digital objectin local collections securely.
NDL-ETD : Networked DL of Electronic Thesis & Dissertation • NDL-ETD’s two layers: • The local-layer : 100 local ETD-collections • developed by 100 academic libraries separately. • The center-layer : A central ETD-collection • harvests metadata and 16-pages full-texts of ETD from local collections using OAI-PMH protocols and METS format. • NDL- ETD’s service • The center-layer provides integrated searching and navigation service for all ETDs in the central collection • The local-layer provides users with access to full-texts of ETDsin local collections securely.
Netlibrary eBook Collection CALIS needs to build Netlibrary Mirror Site in China • Netlibrary provides raw data of eBook • eg., full-text in PDF format. • CALIS develops Netlibrary eBook systemto provide searching services and secure access to these eBooks in DRM technology.
Requirements of DRMin CADLIS • CALIS needs DRM solution to protect digital rights of assets in central and local collections of CADLIS: • Avoids illegal duplication on Internet • Avoids illegal usage (such as print, copy & paste, etc.) • Avoids illegal download • Restrains number of duplicates in concurrent access • Other restrictions, etc.
Requirements for DRMin CADLIS (cont.) CALIS requires DRMsystem to be able to: 1) protect full-text in PDF format and other medias (images, Audio, video, etc.); 2) support quick access to large volume of encrypted data in high performance 3) be integrated with many kinds of collections and other applications (Searching System, Billing System, User Access Management, etc.) 4) be in a lower cost
CALIS solution to DRM(two aspects) (1)Technology Solution: CALIS needs to develop the following applications: • Digital Right management Applications • IDL-DRM for PDF • IDL-DRM for other medias • Digital Rights Registration Application (2)Juristic Solution CALIS gains legal authorities in advance from • Legal venders (international or domestic), • Academic libraries (for their own collections), • Authors (of dissertations, etc.).
IDL-DRM Application • Released date: • V1 in 2004-12 • V2 in 2005-10 • Co-developed by: • CALIS Technology Center • Institute of Digital Library of Peking University.
Own Over Create/Use Model of IDL-DRM • AdoptingODRL standard (Open Digital Rights Language) • ODRL is Rights Expression Language for Digital Asset Management and E-Commerce. • Three Entities: • Asset: content with any granularity and encryption information. • Rights: consisting permissions, constraints, requirements, conditions. • Party: include end users, roles and rights holders who have some form of ownership over the Asset and/or its Permissions.
Rights Modes of IDL-DRM • Permission: —actual usages allowed over the Assets • Save, Print, text copy, play • lend, sell • Constraint —limits to these Permissions • max-period of lending for a single user • max-count of lent books for a single user • Max-count of duplicates of a same book for all users • Banding to client hardware for a single user (optional) • Online or offline • Requirement —obligations needed to exercise the Permission • Pre-pay (optional) • … • Conditions…
Architecture of IDL-DRM DRM Reader (DigiViewer) (or Browser) Remote Management Client (RMC) DRM Client Right Management (RM) Server Remote Access Interface (RAI) (Encrypted) Database DRM Server Content Management (CM) Server (1-m) (1-n)
Types of DRM-Clientin IDL-DRM • How to choose client-types and service-modes: • Tradeoff between the level of security and usability • Decided by DRM-Administrator in advance.
3td Authentication (Optional) 3td Billing System (Optional) 3rd Searching System (required) IDL-DRM Server (Encrypted) Database Secure Access Environment with IDL-DRM Browser DRM Client End-User DigiViewer or Web Browser query & result Request Object Encrypted Object (PDF,...) Request Object 3td Collections (required) federation Automatic ingestion
Demo of IDL-DRM : Remote Management Client (RMC) • Four groups of functions User Management Administrator Management ebooks Management Rights Management
eBook Management in RMC Books imported Add book group List all books
User Management in RMC Edit user profile • For user groups with password users Add a new user Add a new group
IP-User Management in RMC • For user groups with IP-Segments Add a new group Config IP-segment for a existed group Add a IP-segment
Rights Management in RMC Applying Rights on combination of Book-group and User-group • Permission-Type: lend or online-reading • Allowed Permission and Constrains: • Read, copy, print, save • start-time, banding to personal hardware Add right for user group Add right for IP-group
Scenario of IDL-DRMin CALIS/CADLIS IDL-DRM is used in the following cases: • CADLIS’s NDL-SDC (Special Digital Collections) • CADLIS’s NDL-ETD (electronic Thesis & Dissertation) • NetLibraryMirror Site in CALIS (Demo) • IDL-ETD Management system
Scenario of IDL-DRM in NDL-SDC / NDL-ETD • In NDL-SDC (Networked System of Special Digital Collections) or NDL-ETD (Networked System of Electronic Thesis & Dissertation), local collections (SDC/ETD) can be integrated with IDL-DRM. Center of NDL-SDC / NDL-ETD Central Layer Browser Central Union Collection Portal DRM-client End User OAI-harvest encrypted data Local Layer IDL-DRM Local Collection (SDC / ETD) Local Library
Scenario of IDL-DRM in NetLibraryMirror Site (Demo) • NetLibrary eBook System is integrated with IDL-DRM • ingested data: full-text of PDF format, User information • NetLibrary eBook System provides ebook-searching service • IDL-DRM provides users with access to encrypted PDF IDL-DRM System NetLibrary System PDFImport RM Server Content Management content UserImport User Management User CM Server RAI Web Searching
(A) Browser (B) DigiViewer Process of Getting eBooks IDL-DRM System NetLibrary System RM Server Content/User interoperability Web Searching CM Server or SSL http/https Browser (IE/firefox) Step1: End-user is Searching eBooks. Step2: User is viewing full-text of PDF format in DRM Client (Browser or DigiViewer alternative)
List of Search Results Search Button title Simple Search Full-text link Step1: Searching eBooks in NetLibrary • full-text link points to IDL-DRM Server
Step 2-A: Using Web Browser as DRM-client When IDM-DRM server receives a PDF request • Substep1: user authentication • User logins using Password (if needed) • or IP-Validation (automatic). • Substep2: Viewing PDF in Browser • RM Server send License to Browser which redirects it to CM Server. • CM Server verifies the license. • CM Server transfer encrypted content to Browser. • The Browser starts the timing. • User view encrypted PDF in Browser page-by-page.
Viewing encrypted PDF in Browser Next Page Prev Page Table of Content
Time-out mechanism in Browserfor releasing inactive duplicate Your Session will be ended in 30 seconds Click to extent your time
Step 2-B: Using DigiViewer as DRM-client For a new user, there are 4 sub-steps to get a first ebook: • Substep1: download DigiViewer • when a new user first click full-text link to IDM-DRM, it will prompt user to download DigiViewer client Click here to download DigiViewer
Step 2-B: Using DigiViewer as DRM-client (cont.) For a new user (cont.): • Substep2: registration • After DigiViewer is installed, user click the full-text link again. • DigiViewer starts, and prompts the user to register for CA certificate IP user click here Password user Register here User Registration (for CA Certificate)
agreement for “lend” service agreement for “online reading” Step 2-B: Using DigiViewer as DRM-client (cont.) Select DRM-Services For a new user (cont.): • Substep3: select DRM-Services • RM Server check the user’s registration information. • RM Server issues a CA certificate to the user. • RM Server let user to select DRM-services. lend Online reading I Agree/disagree buttons I Agree/disagree buttons
Step 2-B: Using DigiViewer as DRM-client (cont.) For a new user (cont.) or for an old user: • Substep4: views PDF in DigiViewer • RM Server sends a license to DigiViewer. • DigiViewer uses the license to request data from a CM Server. • CM Server validates the license, encrypts PDF according to “Rights”, andsends encrypted PDF to DigiViewer. • PDF is downloaded automatically (for offline only, optional) • User views PDF in DigiViewer page-by-page (online or offline). Viewing PDF in DigiViewer (online or offline)
Viewing encrypted PDF in DigiViewer • Functions: • Go to xx Page • Change Page Scale • Move Page • Text-Select • Print • Search text Table of Content
Time-out mechanism in DigiViewer for releasing inactive duplicate When DigiViewer is inactive for a specified period of time, the current ebook will be closed automatically.
Personal eBook Management in DigiViewer • My Bookshelf: • let user manage his own downlaoded ebooks in DigiViewer category Operation for a selected book:open, move, renew, return,deleted, rename, new category Book Information
Features of IDL-DRM • Standardization • Open and interoperability • Security • Scalable and high performance • Flexible
Standard of IDL-DRM • IDL-DRM adopts many standards: • ODRL • X.500 • RAS • DES • SSL • … • IDL-DRM provides interoperable mechanisms to support transparent and innovative use of protected digital assets.
IDL-DRM feature : Open and Interoperability • Remote Access Interfaces (RAI) provided by IDL-DRM • supports multiple programming languages: C/C++, MS ASP, VB, Java
Security Technologies: SSL CA certificate Digital Signature High-intensity Encryption: RAS with 1024/2048 bit 3DES with 168bit Blowfish with 448bit SHA-1 with 160bit Banding Hardware banding IP-Segment banding Effects: Avoids illegal users Avoids illegal listening Avoids illegal certificates Avoids illegal rights Avoids illegal download Avoids illegal duplication … IDL-DRM feature : Secure
IDL-DRM feature : Scalable and high performance • Supports large-volume data storage • Supports load-balancing • Supports high number of concurrent users • Scalable deployment
rarebooks ebooks Dissertations atlas e-journals ebooks Scalable Deployment (1) • Single IDL-DRM allows distributed data storage on multiple hardware servers to support load-balancing. RM Server CM Server 3 CM Server 1 CM Server 2 Dissertations
Saclable Deployment (2)Unified IDL-DRM • Support consistent access across multiple IDL-DRMs • Based on Pyramid of CA IDL Root CA IDM-DRM Server IDM-DRM Server CM Server DRM CA RM Server CM Server DRM CA RM Server Reader A Reader B Reader C Reader C Reader D Reader E • Reader-C is allowed to have two CA certificates issued from two IDL-DRM systems. • It means one end-user can access to the two IDL-DRM Systems simultaneously if he/she has two legal rights granted by the two of them.
IDL-DRM: Supports multiple OS: Windows, Linux, Solaris Supports multiple RDBMS Oracle, SQL Server, MySql, PostgreSQL Support multiple browsers: Microsoft IE Netscape8 and FirFox1.0 (with mozilla core) (cont.) Flexible rights management Flexible service-modes Online Offline Easy-to-use of DRM-client Web Browser DigiViewer IDL-DRM feature : Flexible