Digital Right Management in Internet Communication and Information Transfer Francisca Nonyelum Ogwueleka Aniche Delight Aniche Department of Computer Science Department of Computer Science Federal University Wukari, Nigeria Gregory University Uturu, Nigeria 234(0)7035653127 234(0)7035653127 ogwuelekafn@gmail.com delight.aniche@gmail.com ABSTRACT mechanism, internet communication and information transfer The result of the lack of operational proficient digital copyright called digital right management (DRM) have been postulated to protection include booming piracy market, lack of motivation for provide a means to protect the copyright industry. However, none quality creative work and huge revenue loss. This research of these schemes have been able to meet this goal considerably as evaluates encryption based digital right management in internet huge compromises in consumers‟ security and satisfaction communication and information transfer and identified major resulting from the payment system requirement and the very factors contributing to the incompetence of existing digital right constrained access to content trails each and every one of them. management schemes. Data from the Nigeria Communication There are gaps in the use of data encryption in the protection of Commission and other sources were used to study the viability of information both in internet communication and in information applying mobile phone communication in digital right transfer especially in the area of copyright protection which has transactions. The research sought solution for digital copyright caused consumers and copyright holders dissatisfaction hence the protection in Nigeria that will use the universal mobile phone, great need for this research to propose a scheme that will satisfy recharge cards and public key encryption. The proposed solution consumers‟ security and access to copyrighted contents even changed digital copyright protection from copyright content usage while offline and the copyright holders in getting the revenue they protection to copyright content redistribution protection and used need and not losing it to pirates. short message service (SMS) of mobile phone service providers as The aim of this study is to proffer a functional solution to the means of communication and public key cryptography for content problem of copyright infringement in the Nigerian context using and transaction security. The solution reduced the required usage encryption and communication techniques; objectively proposing skill level and satisfied the Fair Use Policy enabling artists and a scheme that uses the limited infrastructure and computer literacy authors to reach wider market with their products effectually in Nigeria to protect copyrighted information in the internet and without losing their revenue. off the internet; and find the best channel of communication between consumers and copyright holder that will encourage wider consumer base participation and easy, efficient and secure CCS Concepts transaction in the purchase and use of copyrighted materials while • Social and professional topics ➝Computing / technology obtaining/keeping little or no information about the customer. policy ➝Privacy policy The significance of this research is in finding a way to use data Keywords encryption and the available communication and information transfer techniques to effectively protect copyrighted contents in Digital copyright protection, digital right management, short Nigeria without compromising consumers‟ security and message service, mobile phones, public key cryptography, fair use satisfaction or copyright holders control and revenue. Such policy scheme will be very beneficial to the copyright industry and the Nigeria economy. 1. INTRODUCTION Billons of dollar have been lost in copyright infringement from This research focused on the use of data encryption and software products to academic products and resources, movies, communication technique (internet communication and music, news etc. that has gained momentum with the advent of information transfer) in the protection of copyrights. We looked at computer and internet. People can now go online and download various Digital Right Management (DRM) schemes based on data thousands of dollars‟ worth of copyrighted products without encryption and the commonly used form of communication in paying a dime and go ahead to pirate it and make more millions of Nigeria and proposed a model that will satisfy the need of dollars from it at a great loss to the Copyright Holder. Techniques consumers and copyright holders considering the limited that combine data encryption or other data scrambling information infrastructure and computer literacy in Nigeria as a case study for developing countries. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are 2. REVIEW OF RELATED STUDIES not made or distributed for profit or commercial advantage and that In the general scene of cryptography, internet communication and copies bear this notice and the full citation on the first page. To copy information transfer, the last three decades have witnessed otherwise, or republish, to post on servers or to redistribute to lists, volumes of researches and studies. Fagin et al [1] in their study requires prior specific permission and/or a fee. stated that there is good progress in the area of dismantling the CoRI’16, Sept 7–9, 2016, Ibadan, Nigeria. Copyright © 2016 Ibadan ACM Chapter 1-0002-0240-16-01/23/15 skepticism surrounding cryptography. Callas [2] in his study of the social expectations of data encryption indicated that 31 cryptography has a future largely dependent on how society uses holders via low return on the investment on DRM due to lack of it, which in turn depends on the current laws, regulations, customs consumers‟ patronage and the consumers‟ renewed motivation to and what the society anticipate cryptography to do. Floyd [3] in circumvent the schemes that many copyright holder are beginning his own study proposed a solution based of cryptography for to wonder if DRM is the required solution to their problem. securing wireless mobile ad-hoc networks, which are especially vulnerable given their no clear line of defense. His proposed 3.1 DRM Requirements solution called Mobile Application Security System (MASS) foil DRM system need persistent content protection that implies that unauthorized modifications of mobile applications by other protection must stay with the content even after delivery to the running applications and other hosts on the wireless network, by consumer. For instance, a digital movie delivered securely over to guaranteeing the authenticity and authority of the mobile code. a recipient can save and copied unrestrictedly and an unprotected copy may be uploaded onto the Internet where many people can Given the central role of encryption in the security of consumer download and use it without reduction in quality. The DRM trust data especially in the area of today ecommerce, Toubba [4] noted model is different from the simple cryptographic model where two in his work the importance of strong encryption key management parties that trust each other can own a key pair or share a secret and granular access control to Web-based applications. Young [5] key exchange encrypted message while an outside attacker tries to illustrated the limitations that exist in computer platform security intercept and recover the data [11]. In DRM, one communicating in the use of cryptography in his study. It presented the party (the end users) cannot be trusted with a shared secret key or experimental results of initiation a crypto-viral payload attack on even unencrypted data. Malicious users may break the security the Microsoft Windows platform, specifically on the Microsoft system to make a profit through selling cracked software and Cryptographic API. Li. et al [6] in their study of the significance digital assets. Once the protected content is delivered to the user, of the application of strong cryptography in voice communication an attacker has a chance to break the system with unlimited time developed a new Hierarchical Data Security Protection (HDSP) and resource [11]. Even though an average consumer may not scheme using secret chaotic bit sequence. Fortifying data have the skill, interest or time to attack the system especially when encryption and authentication of corporate networks through they are affordable, one hostile consumer/hacker with enough cryptosystems was evaluated in a study conducted by Harris [7]. motivation and skills can considerably flaw the effectiveness of He studied the feasibility of generating biometric key encryption the system. If such attacker encode his break into software and and the experimental analysis of the study holds optimistic publish it on the Internet, anyone can get access to the tool and prospects for its use in modern cryptosystems. defeat the protection scheme [11]. Perhaps, quite a number of techniques can be employed in chains to fortify the protection. Today, systems embedded in various chips depend on the same The techniques include; encryption, digital signature and hash technologies upon which corporate IT depends. These functions, digital certificate, individualization, watermarking, technologies involve Ethernet, TCP/IP, and operating systems. tamper resistance, hardware and software based techniques, self This shows that embedded systems, like mobile phones, protecting container etc [12]. automobiles, military weapons and other sensitive life dependent devices are as susceptible to similar security challenges as Despite these techniques, currently DRM can best be described as corporate IT systems [8]. The use of strong cryptography is a failure as the schemes are always broken, consumers‟ patronage critical in protecting embedded systems that use wireless is low and there is still great motivation for the high volume technology, such as Bluetooth, Blackberry, RFID etc. from consumption of pirated content. A number of factors have attacks. Lovoshynovskiy et al [9] in their study concluded that conspired to elicit such result. recent progress in data-hiding technologies have indicated that network security, Quality of Service (QoS) and secure data The central limitation of the DRM technology arose from the communications over public networks can greatly leverage misplacement of copyright philosophy obtainable in the theoretical data-hiding technologies. Zanin et al [10] in their study traditional copyright protection in digital implementation. The devised a distributed signature protocol based on the RSA copyright philosophy does not restrict access to copyright content algorithm that can be implemented in large-scale ad-hoc networks. but to its distribution. In summary, DRMs would have been huge The signature protocol is distributed, adaptive, and robust yet success if they had focus on copyright protection in the same way subject to tight security and architectural constraints. the traditional copyright protection did by restricting access to redistribution than restricting access to usage. If one can access 3. CURRENT EXISTING SYSTEM AND content in a public domain and is, only able to consume it in that ITS LIMITATIONS domain he/she will not bother to crack the content to obtain a There are a number of digital right management schemes in the personal copy especially when the content is fairly priced given market with various restriction enforcement techniques, activation that the consumer is almost only paying for the distribution cost of means and business models that can grants usage permission his/her personal copy. Therefore, the schemes presented in this based on; content availability, restriction of redistribution of study consider a paradigm shift from usage right to distribution or content between devices, the number of devices content can be redistribution right. viewed on, the number of times content can be viewed, how long The second limitation of the schemes is in the neglect of some it is available for and so on. However, none of these schemes have stakeholders in the distribution chain. Unlike the traditional satisfied the various expectations of the consumers and the copyright protection where everybody in the distribution chain copyright holders. This has caused an imbalance that has brought gets something – from the artist to the producer, the promoter and dissatisfaction to the consumers, hence the motivation for to the retailer, digital copyright protection neglects the core consumers to circumvent the scheme, that is, pirate the content. interface to the consumers. The third limitation with the schemes This imbalance has also increased the woes of the copyright is in consumer identification required to access their payment. 32 People like privacy. Not many people would like a third party to 4. METHODOLOGY always keep track of the type of content they consume at least for In this research, we studied the existing Digital Right the sake of security. The fourth limitation in the approach of the Management systems using internet research tool and observed schemes is in the requirement to be online before one can activate the Nigerian market environment noting the booming piracy the use of content. People would prefer it that they have the market, which beckoned for new DRM system that can meet the choice to choose a content while strolling or doing any other thing market demand. In our research, we realized that the very limited with a friend that has it and be able to consume it without having information infrastructure that can support the existing DRM to first of all go online especially when such a consumer does not systems is a major factor in the booming of piracy in Nigeria. have such means. The fifth limitation is in the payment Using statistics from the Nigerian Communication Commission infrastructure requirement, which is obviously not at the reach of we established that up to 67% of the 150 million Nigerians have everyone that would like to consume content. This also extends to access to mobile phone hence we started developing a model that the choice of communication channel, which can only can use mobile phone communication access as alternative to accommodate a minority class. In Nigeria, not every bus driver in internet in transacting for content right. The Free Use/Use and Get the bus garage that would like to listen to a favourite track can Paid DRM Model achieves copyright protection by restricting afford internet access. The schemes do not have any place for fair redistribution right, that is, the right to copy a content from one use at all. Fair use implies the exceptions to copyright protection device to another without the appropriate permission while the like the use of a copyrighted content for academic purpose. usage right is free. The model uses two sets of public/private key pair with key lengths of about 64 bits and the NTRU or XTR 3.2 Validation of the system encryption algorithm to ensure secure offline delivery of license. The DRM model called “Free Use/Use and Get Paid DRM The content, for example, an electronic book, is packaged by the model” is based on the principle of redistribution right protection content distributor in a self-encrypting and protecting container, that is, protecting copying-right. With this paradigm change in which allows reading the book using a Universal Usage Key priorities, the copyright philosophy for digital right management (KUU) resident in the plug-ins that helps the consumption action schemes can be redefined to meet the consumers‟ satisfaction and but not copying action. The distributor packages the content and the right holders‟ expectations. The model approaches copyright its reference in the metadata into some temper proof self- protection from the angle of free content consumption wherever protective program using encryption and place the content in the you can access it. This means that a consumer has the right to server and in every public domain like facebook, so that people consume all he/she can of a content he/she finds online or in a can read but not copy. Figure 1 illustrates the proposed DRM friend‟s device or in the library but does not have the right to model. redistribute it by making a personal copy without a license. With this approach, fair use requirement is fully met as scholars or critics can access and consume contents in public domains. It also wilts down the motivation to attempt to go the whole hug of circumventing the protection scheme when the usage of the content is free in the public domain. The use of public key cryptography makes offline redistribution right acquisition possible, thereby granting consumers the freedom to consume their favourite content offline and on the go. The model uses the mobile telecommunication service providers and text message as the mode of communication for the purpose of obtaining redistribution right instead of internet. Given that more people have access to mobile phone at more periods of time and location, consumer base is astronomically increased. Besides, most people would find better motivation to crack a content that requires them to have an internet connection than one that only requires them to just send a text message, especially when they are use to using their phones as most people are. The use of the mobile telecommunication service providers can make paying for rights with airtime credit possible than the stress of authenticating and paying from one‟s bank account especially when all that needs to be paid is often less than the service charge for using the online payment system. This method of payment also Figure 1. A diagram of the Free Use/Use and Get Paid DRM encourage anonymity which give the consumer a sense of privacy system model and security as nothing is known about the consumer beyond the phone number. It also solves the problem of the lack of payment infrastructure. When a consumer requests to copy content, by clicking copy, a message box pops up and informs the consumer of his lack of The proposed model takes into account the role of every redistribution right and asks him/her to click “Ok” to get a right. stakeholder in the distribution chain and disburses as much as When the consumer clicks Ok, a form is returned to him into 20% of every redistribution right purchased to stakeholders in the which he/she specifies „how many redistribution right to downstream distribution chain. purchase‟, „the type of copy‟, whether the consumer is to purchase 33 a Private Parent, a Business Parent or a Child Copy. Upon decrypts the code using the Content Business Key (KCB) and submitting the form, the program generates a random number verifies the nonce. If the nonce does not check out, the process is corresponding to the state of the randomized storage locations of aborted and the consumer notified but if otherwise, the program the byte units of the content inside the self protecting container. ORs its fixed string with the first string in the received RRC code To this random number it attaches its Content ID (CID), a nonce and adds the result to the second string to generate the which is a part of the random number for that transaction session, Redistribution Key (KR). With the KR, the program orders and a flag specifying the type of copy and the number of copy. The un-stegs the byte units address locations in the protecting program encrypts this group of information with the Content container and prepares the new copy to be copied by generating a Redistribution Subsystem (CRS) server Public Key called the new and unique CID comprising of a portion of the parent CID, Server Business Key (KSB) and returns a string of codes known the session nonce, the time and date of when it is produced and a as the Redistribution Right Request Code (RRRC) to the unique identifier. It also assigns the new KCB sent from the CRS consumer. The consumer sends the RRRC code as a text message server and the general KSB to the new copy. After the copy is along with his/her Transaction Authorization Password (TAP) in made according to the copy type, the permission counter is a given format to the Content Redistribution Subsystem (CRS) via decreased by one. the mobile telecommunication service provider. The Mobile Service Provider (MSP) back end scans the message for a valid At the CRS server end, about 20% of the revenue is designated TAP which the consumer must have set up with the MSP prior to and shared in line with a predetermined percentage of distribution the transaction. If none is found, the service drops the message by the Account and Audit Unit (AAU) among the downstream but if any is found, it forwards the message to the Content stakeholders in the distribution chain with the Transacting Copy Redistribution Subsystem (CRS) for further processing. or Content (TC) getting up to 10%, the next from the bottom 4%, 2%, 1% and so on. The AAU working with the CRS credits these At the CRS subsystem, the Encryption Decryption Sub-Unit accounts accordingly and also disburses the shares of each (EDU) in the Redistribution Transaction Unit (RTU) decrypts the stakeholder at the upstream distribution chain at the end of every message using the CRS private key called the Server Private Key business day. (KSP) and the Content ID (CID) extracted along with other information. The Content Reference Sub-Unit (CRU) manager in The various types of redistribution copies that can be made the Content Packaging Unit (CPU) locates the required content include Child Copy (CC) – this copy cannot be used for and the redistribution rate plus other information regarding the redistribution i.e. no new copy can be made from it. It is the type content in its reference database using the CID. The Account intended for use on CDs and DVDs. Private Parent Copy (PPC) – Management Sub-Unit (AMU) of the RTU unit calculates the cost this is the standard copy for private use with no adverts on it. to satisfy the number and type of redistribution copy requested Other copies can be made from it and is the only copy that can then sends an Account Deduction Request (ADR) to the MSP. produce a Business Parent Copy (BPC). Each PPC can only The Account Deduction and Transfer Unit (ADT) of the MSP produce one BPC. Redistribution copies or sales made from the confirms the availability of the required cost in the consumers PPC are not rewarded. Business Parent Copy (BPC) – this is the account. If the fund is not sufficient, it sends an Insufficient standard redistribution copy that is rewarded for every single copy Balance Message (IBM) back to the consumer and an Abort made from them. However, a BPC cannot produce another BPC Transaction Message (ATM) back to the CRS server and the but it can only produce PPC and CC copies. PPCs are jumped transaction is aborted. But if the fund is sufficient, it deducts the anywhere there are found in the distribution chain when costs from the consumer‟s account and credits the CRS server distributing reward. If a PPC is the TC, the nearest BPC in the account and sends a Verifiable Digital Receipt (VDR) to the chain takes the reward. AMU sub-unit of the RTU unit so it can go ahead with the transaction and forward a transaction alert to the consumer. Upon Consumers can access and consume contents anywhere they find receipt of the VDR, the RTU coordinating with the Packaging it but cannot redistribute it without license. The Content Sub-Unit (PU) of the CPU calculates and generates three (3) sets Distribution Service (CDS) places the content freely in every of strings. The first string is about eight bit which when ORed public domain they can find like facebook, libraries, portals, with a predetermined set of string in the content and added to the radio/TV houses etc. so that consumers can consume and maybe second string generated by the server yields the key to order and desire a personal copy in which case they will require a un-steg the randomized locations of the content byte units address redistribution right. Consumers, who have bought BPC copy, can in the self protecting container. The third string is the Content also advertise them on their own in various public domains or to Business Key (KCB) of the new copy to be produced. friends/family and get rewarded whenever anybody transacts redistribution permission from their BPC copy. This means for The RTU working with the PU sub-unit extracts the transaction games for instance, consumers can play the game online or in the session nonce contained in the random number and sets the flag public domain or in a friends device with limited features and for the number of redistribution permission granted and the flag of adverts without cost but cannot redistribute a private copy to their the type of the redistribution copy. It arrange the information in a own personal device at home or anywhere to be played at their predetermined format and encrypt them using the Content Private convenience. For books, the consumer can consume the much Key (KCP) which is unique to every copy of the content produced he/she can in the public domain where it is advertised without by the server and never gets transmitted. The server forwards the cost but will need a redistribution license for a personal copy encrypted information known as Redistribution Right Code redistribution. Same goes for music, they can be consumed (RRC) back to the consumer via the MSP. The MSP closes the anywhere they are advertised or played, like radio, occasions, a transaction section and generates a report for audit purposes. friend‟s house, in the street etc but a redistribution license will be Upon receipt of the message, the consumer inputs the RRC code required for redistributing a personal copy to a private domain to into the RRC code input field of the content. The program be enjoyed at will. 34 The Free Use/Use and Get Paid DRM system model can be Figure 2 presents a diagrammatic representation of these primary realized in the following four subsystems: subsystems and their units with a pictorial depiction of 1. Content Redistribution and Plug-in Subsystem (CRPS): This information flow. However, the secondary subsystems that are not subsystem consist of the Content Redistribution Program primarily required for the operation of this DRM model are not (CRP) and the Content Plug-In (CPI). These two units reside included in the diagram like the Reward Distribution Subsystem with the content at the point of content consumption. The (RDS) and the Consumer Content Redistribution Effort CRP is bonded to each content at the time of packaging by the Subsystem (CCRE). Content Packaging Unit (CPU) that resides in the Content Redistribution Subsystem (CRS). The CRP is the tamper resistant, protective container that uses different techniques (e.g. encryption, watermarks, steganography) to keep the content safe. The CPI, is a downloadable plug-in that extends the functionalities of existing content readers or players to be able to play contents using the Free Use DRM. Each downloaded copy of plug-in locks to the CPU during installation and becomes a protective repository for Free Use contents in that device. Every consumer intending to consumer a Free Use DRM content must do a one-time per device download and installation of the plug-in and the CPI is upgradeable. 2. Consumer and Consumer Requesting Device Subsystem (CCRD): This subsystem consist of the Consumer and the Consumer Requesting Device (CRD). The consumer uses the CRD device to make content redistribution right request by sending a Redistribution Right Request Code (RRRC), given by the CRPS subsystem at the instant of attempting to copy the content, to the Content Redistribution Subsystem (CRS) through the Mobile Service Provider (MSP) of his/her mobile phone network. This CRD device also receiver back a Redistribution Right Code (RRC) from the CRS subsystem via the MSP subsystem for the consumer if the RRRC request met the Redistribution Right Requirement (RRR) for that Figure 2: The system structure content or an Insufficient Balance Message (IBM) or an Invalid Transaction Authorization (ITA) message if the RRR 4.1 Architecture of the System Design was not met. The Free Use/Use and Get Paid DRM have the architecture shown 3. Mobile Service Provider (MSP): This subsystem consist of in Figure 3. The system can be broken down into many three units – the Message Handling Unit (MHU), the Account subsystems undertaking different functions. There are four Deduction and Transfer Unit (ADT) and the Report subsystems primary to the operation of this proposed system and Generation and Sending Unit (RGS). The MHU handle the each composed of a number of unit and sub-unit. Logically related messages that are send back and forth between the consumer functions carried out by physically related system devices are and the CRS subsystem. The ADT handles the consumer grouped into subsystems to ease the understanding of the account deduction process prior to the RRC generation by the operation of the system. Logically close functions performed in CRS. The RGS handles the generation and sending of all the same subsystem by a group of subsystem devices are co- necessary report regarding the success or failure of each located to form sub-units. The two inputs to the system are the transaction via the MHU. request from the consumer and the content input and 4. Content Redistribution Subsystem (CRS): This subsystem is configuration command from the administrator‟s console. The rest the main subsystem providing the DRM and content of the other system processes involve the transformation and distribution service to the public. It consists of four major packaging of the input content to become deliverables. The two units with several sub-units. They include – the Redistribution outputs of the system are deliverables consumed by the consumer Transaction Unit (RTU), the Content Packaging Unit (CPU), in form of music, movie, software, game, ebooks and news etc and the Content Distribution Unit (CDU) and the Account and payment instructions/reports. A careful survey of the figure also Audit Unit (AAU). highlights the sub-units, units and subsystems interactions and the flow of information as well as command within the system. 35 Content Title Input Field, the content format (if known) in the Content Format Input Field, the content provider or copyright holder in the Content Provider/Copyright Holder Input Field by selection from the drop down list of the Providers or Copyright Holders in contract with that Distributor. The administrator can then specify the charges for private parent redistribution right and a business parent redistribution right in the Private Parent Charge Input Field and the Business Parent Charge Input Field respectively. The Advanced Setting yields further functionality to the administrator in managing content input. Functionalities like excluding one or more contents in a folder, binding two or more contents together, specifying content reference marker of the administrator‟s choice or any other rule the administrator want the content to obey using Right Expression Language (REL). The system administrator (not the Database Administrator) uses the System Configuration Interface to configure the items that appear or are active in the drop down lists in particular and the interface in general. The System Configuration Interface is used in the technical system configuration like specifying what encryption algorithm, Key range, MSP, RDS CCRE subsystems locations etc. 4.3 The Database Output Interface The Database Output Interface provides a means for the Database Administrator to search the database. Every content input through the Database Input Interface is processed (packaged and organized by the CPU) and stored in one of the virtual volumes in the CDB with their references in the CRU. A search of the database through the Database Output Interface primarily sorts the content reference list in the Content Reference Unit (CRU) to return a list of the required contents to the interface. The administrator selects the type of content he/she is looking for by selecting one of the types in the drop down list of the Content Type Input Field. Next he/she checks one of the radio buttons in the “Search Content by” field to select the search parameter he will like to use in searching for the content. Next, he/she will select the first letter in the name he wants to use. This selection produce a drop down list of all the Figure 3. The Free Use/Use and Get Paid DRM system content of the selected type and class whose selected parameter‟s architecture first letter match the selected first letter. When he/she chooses from this list, all the contents will appear in the List of Content 4.2 The Database Input Interface below. Let us illustrate this with an example. If the administrator The Database Input Interface is the interface through which the chose ebook as the content type, if he chooses to search for this database administrator inputs content into the CRS subsystem for book by Author, he will be require to choose the first letter of the further processing like packaging and distribution. The author(s)‟ name. Assuming he is looking for a book written by administrator copies the contents into a folder or a volume Ogwueleka F.N, it follows he will have to choose the letter “O” as connected to the CRS subsystem. Through the Content Location the author‟s name first letter. This action will produce a drop Input Field, the administrator browses the drop down list and down list of all authors whose name starts with the letter “O”. locates the content file or folder or perhaps types it in. Next, the When the administrator selects Ogwueleka F.N. from the list, the administrator selects the content type from the drop down list of List of Content field below will be populated with all the books the Content Type Input Field. The content types can include by Ogwueleka F.N. in the CDB from which the administrator will Music, Movies, Games, Softwares and Ebooks etc. The next field then select the particular one he wants. This interface is also used requires the administrator to more clearly describe the content by at the CDU sites by users to search the database for content. selecting the class to which the content belong in the content type However, while the administrator‟s interface at the CRS selected. For instance, if the content is of the type “Music”, the subsystem is equipped with many more features that help the administrator selects “Music” in the Content Type Input Field but manipulation of contents, the users‟ interface at the CDU sites can will need to select the class of music the content belongs to. For be equipped with shopping carts to enable the user select and the selected type “Music” the content can belong to any of the organized a list of contents he/she wish to request. classes like Jazz, Disco, Reggae, Blues, Hip-hop e.t.c. Next, the administrator specifies the Author or Artist of the content in the Author/Artist Input Field, the Producer or Publisher of the content 4.4 The Graphical User Interface in the Producer/Publisher Input Field, the Date of Production or Visualization Publication of the content in the Date of Production/Publication The consumer uses the graphical user interface interacts with Input Field, the Album or Series to which the content belong (if system through the CRPS subsystem when redistributing contents any) in the Album/Series Input Field, the content title in the in the public or private domain. At the instant of clicking copy to 36 copy the content, the CPI presents the consumer with the No Right Message Box that tells the consumer of his/her lack of 5. RESULT AND DISCUSSION Redistribution Right on the content and asks him/her to click OK The Free Use/Use and Get Paid DRM System Model deals with to request or input right or CLOSE to close the message box and content packaging, distribution and redistribution, consumer terminate the process. When consumer clicks Ok, a request form, request servicing, content maintenance and royalty disbursement the User Main Menu is returned into which the user indicates the to both distributing consumers and the copyright holders as a number of redistribution right he/she is requesting and the type of result, there are lots of database involved in the operation of this Content Copy he/she wants to redistribute. Perhaps, he selects one system. The very prominent among them include; the Raw of the two types of copy (Private Parent, Child Copy) from a drop Content Database, the Content Database, the Content down list and click Ok. If the consumer wants a Business Parent Redistribution Copy Database, the Transaction Report Database, Copy which only one copy can be made from any Private Parent the Content Distribution and Distribution Sites Database, the Copy, he/she will not need to select from the drop down list but Copyright Holders/Provider Database, the Revenue and check the Radio Button below before clicking Ok. The Business Expenditure Database and the Royalty Disbursement Database. Parent Option grades-out whenever a Business Parent Copy is The database design of this system is still primitive but must made of the content. However, if the consumer has an RRC code, contain the following schema as shown in Table 1 to identify he/she simply inputs it in the „Input RRC code here‟ input field content. and then clicking Ok to proceed. If the first explanation is the case, an RRRC code Output Message Box is presented from Table 1: Database Schema for Content Identification and which the consumer is requested to copy the RRRC code and Referencing SMS to the CRR server through a given sms code or CALL a Content Title The name of the content file given phone number for more information. If the second Date/Time of The date/time when such content was explanation was the case, the consumer is presented with a Upload uploaded in to the distributor‟s system Process In Progress Counter showing the progress of the copy Date/Time of The date/time when it was finally packaged or operation and a series of other input window through which the Packaging the market consumer control and contributes to the copy process. At the end The reference ID recorded in the database of the process, the consumer has a new copy of the content in the Reference Code that refers to the content or the content copy location specified by him/her. The type of content e.g. ebook, music, movies Content Type etc The system main menu shown in Figure 4 provide control access The class of content which is a sub category and use access to the proposed Free Use/Use and Get Paid DRM Content Class of the content type. E.g. classes under music system from the distributor‟s back end. may include hip-hop, reggae, blues etc. Author/Artist The name of the author or artist Producer/Publis The content producer or publisher her Date of The date the content was produced or Production/Pub published lication The album or series to which the content Album/Series belong The format the content came with and the one Format it was converted to Content The person(s) that holds the copyright of a Provider/Copyr digital content ight Holder Private Parent The amount charged per private parent Charge license Business Parent The amount charged per business parent Charge license Content The public key of the unique content Business Key encryption key pair (KCB) Content Private The private key of the unique content Key (KCP) encryption key pair Content Parent The copy from which the transacting copy Figure 4. The free use/use and get paid DRM system main menu Copy was made from Content The copy(s) that where made from the content Offsprings copy in question 37 The content‟s history of transaction is also maintain and used in the system to access and manage the various BPAs. A more robust plotting the content lineage tree. To do that, some of the databases use of it is made through the database output interface, which the will require maintaining additional information about the content administrator or the consumer can use to search the system‟s transaction history, which may include the following schema as content database for a content of choice. listed in Table 2. The Free Use/Use and Get Paid DRM Model is a robust, Table 2: Additional Schema for Maintaining Content Transaction distributed copyright protection model with a distributor‟s end History (Content Redistribution Subsystem) that package the contents and Date/Time of Date/time of when the license transaction of the place them in the public domains and also service consumer Transaction new copy was made request sent over the mobile service provider network and a Requesting The consumer phone or other mobile devices detached consumer end consisting of the content packaged into Device with which he/her send the RRRC code to the some protective program and plug-in program that helps the CPS subsystem consumption of the content by the consumer. This implies that a No. of Rights The number of rights the consumer wish to number of languages like PHP for the distributors online database purchase system and Java for content packaging etc will be used for the Type of Right The type of content copy the consumer wish to implementation of the system model. In this research study, we make with the license have used the Unified Modeling Language UML to model this Transaction The unique transaction identifier generated by system from different perspectives such as the system interaction Nonce the CRPS with the environment using Used Case Diagram and the sequence RRRC code The redistribution right request code which is of operation that take place in the system using Sequence Diagram generated by the CRPS subsystem and sent by etc. We also implemented part of this model using Java and PHP text message to the CPS programming languages on JBox and MySQL server. RRC code The redistribution right code generated in response to the RRRC code sent from the The system was implemented using the drivers in three major transacting content that can unlock the content decentralized locations, the Content Redistribution Subsystem and allow the number of copies specified to be (CRS), the Mobile Service Provider (MSP) and the Content made Redistribution and Plug-in Subsystem (CRPS). The CRS New KCB The public encryption key of the new content subsystem is integrated in a specialized computer server and has key pair both stand alone and web interfaces integrated together and New KCP The private encryption key of the new content linked with the MSP subsystem. The MSP subsystem is key pair integrated with mobile service provider(s) system and provides the payment infrastructure and the offline link between the CRS and the CRPS through the use of mobile phone and recharge The activity of report generation is not concentrated in any cards. The CRPS subsystem is the consumable digital content particular subsystem or designed to stand alone but is dispersed in and the plug-in that helps their consumption resident in the various subsystems. However, the report generation functions standalone or networked devices. Any attempt to redistribute a of the RGS unit in the MSP subsystem and report generation and content bundled in the CRPS without license is denied. cataloging ability of the AUU sub-unit is central to the smooth running of the entire system. The activity of the MSP subsystem is When an attempt to redistribute a content is denied, a form is report based as that particular subsystem is central to the presented with which redistribution right can be requested. After transaction of all the consumers with the CRS and yet is located indicating the number and type of right, the CRPS generates a outside the distributor‟s domain. Besides, being the channel of unique RRRC code. The consumer sends to the CRS as SMS via communication between the consumer and the distributor, each of the MSP. the two parties depend on the report coming from this subsystem to know what is happening with the transaction at each other‟s An RRC is generated and sent back to the consumer using the end. Therefore, the RGS is a unit whose function is to monitor the same means after the transaction is verified and payment made. activities in the two other units in the MSP subsystem and The RRC code is inserted in the space provided before the generate an appropriate report about them and send to the redistribution of the digital content is allowed. appropriate parties or device e.g. IBM message to the Consumer, VDR message to the AMU sub-unit in the RTU unit and the CRA server. The AUU as well as the ACU sub-units of the AAU unit The performance evaluation of the proposed model after directly monitors activities in the MSP subsystem and at the RTU, implementation was excellent and achieved the good results after CPU and CDU units for the purpose of auditing and accounting testing. Noted are offline copyright protection of digital contents respectively. through offline content license purchase and use; the system can use text messages for license transaction; the system can be The query functionality like the report generation activity is accessed by larger consumer base with mobile phone access hence spread across the various units in the system and imbedded in the can provide unhindered access to legitimate digital content even different output interfaces e.g. the Business Parent Account on the go; the system can enhance consumer security and comfort (BPA) which enables the Business Consumer to query the system through anonymity and on the go legitimate content purchase and about his redistribution efforts or reward status or the Business use; the system will accommodate the Fair Use Policy; and the Parent Account Menu which enables the administrator to query system will make license payment with airtime credit possible. 38 6. CONCLUSION 8. REFERENCES This research studied digital copyrights infringement and the [1] Fagin, B., Baird, L., Humphries, J. and Schweitzer, D. 2008. limitations of the existing technical solutions in the form of Skepticism and Cryptography. Knowledge, Technology & Digital Right Management and thus proposed a model that uses Policy, Vol. 20 No. 4, pp 231 – 242 mobile phone Short Message Service (SMS) to transact content [2[ Callas, J. 2007. The Future of Cryptography. Information license purchase. The security of the transaction is made possible Systems Security. Vol. 16, No. 1, pp 15 – 22. by the use of public key encryption. By using mobile phone [3] Floyd, D. 2006. Mobile application security system (MASS). instead of internet communication alone to transaction for license, Bell Labs Technical Journal, Vol. 11, No. 3, pp 191 – 198. an average peasant in the street without sophisticated computer [4] Toubba, K. 2006. Employing Encryption to Secure skill to undertake internet banking and content activation can still Consumer Data. Information Systems Security. Vol. 15, No. purchase and consume legitimate contents using his/her mobile 3, pp 46 – 54. phone by simply sending SMS and paying for the content license [5] Young, A. 2006. Crypto Viral Extortion using Microsoft's using his/her airtime credit. The study through the Free Use/Use Crypto API. International Journal of Information Security. and Get Paid Model will resolved the problematic Fair Use Policy Vol. 5, No. 2, pp 67 – 76. of digital contents by shifting emphasis from copyright content [6] Li, C., Li, S., Zhang, D. and Chen, G. 2006. Cryptanalysis usage protection to copyright content redistribution restriction. of a Data Security Protection Scheme for VoIP. Vision, Image & Signal Processing, Vol. 153 No. 1, pp 1 – 10. Digital copyright problem especially in the Nigeria context cannot respond to only technical solution. We therefore, recommend that [7] Harris, D. 2007. Has Anyone Seen My Data? Electronic government and other relevant authorities promulgate laws that Design. Vol. 55, No. 9, pp 41 – 46. will be effective in ensuring digital copyright protection. We also [8] Robinson, S. 2008. Safe and Secure Data Encryption for recommend the use of public key encryption algorithms like the Embedded Systems. EDN Europe. Vol. 53 No. 6, pp24– 33. Nth Degree Truncated Polynomial Ring Unit (NTRU) or the [9] Lovoshynovskiy, S., Deguillaume, F., Koval, O. and Pun, Efficient Compact Subgroup Trace Representation (XTR) during T., 2005. Information-Theoretic Data-Hiding: Recent system development against the well known RSA given their light Achievements and Open problems. International Journal of weight and the likelihood of using the Free Use/Use and Get Paid Image & Graphics, Vol. 5 No. 1, pp 5 – 35. DRM System in low end systems like MP3s and Mobile Phones. [10] Zanin, G., Di Pietro, R. and Mancini, L. 2007. Robust RSA Distributed Signatures for Large-Scale Long-Lived Ad hoc Networks. Journal of Computer Security. Vol. 15, No. 1, pp 7. ACKNOWLEDGMENTS 171 – 196. Our thanks to Nigerian Communication Commission for the [11] Pasi T. 2005. Concepts and a Design for Fair Use and statistically information. Privacy in DRM, D-Lib Magazine. Vol. 11, No. 2. pp 932 – 937. [12] Intel Corporation. 2009. High-Bandwidth Digital Content Protection System, Publication of the Digital Content Protection LLC Website, Revision 1.4, pp 10 – 40. 39