Distributed policy enforcement
Existing technical measures for enforcing policies, e.g., those measures for handling rights on digital content and services on end-user devices, have moderate success. The main reason is that most of the technical solutions are under the total control of end-users, due to the lack of appropriate protection in hardware and software. Experience in the past has shown that hardware solutions (e.g., dongles) do not gain acceptance because of their high complexity, incompatibility, insufficient security, and limited user acceptance. Moreover, a variety of these techniques were treated as trade secrets. This strategy contradicts a fundamental cryptographic principle: Security should not rely on the secrecy of an algorithm but on the secrecy of a secret parameter (e.g., a cryptographic key). In spite of nondisclosure and legal threats by content providers, most of the protection measures have been broken in the past. In contrast the proposed platform aims at combining the Security Software Layee and the features offered by the TC hardware to provide the appropriate basis for the realization of policy enforcement. For instance it aims at enforcing license agreements if they have been accepted by the consumer of digital content: On the one hand, the platform should ensure that users of online information (e.g., travelling or navigation information, electronic magazines, etc.) can only get access to the desired information in exchange for payments, and that they cannot arbitrarily distribute this information to others. On the other hand it should prevent content providers from accessing more private information about the user than actually needed for the underlying service. Possible application areas are copyright protection of multimedia data, eLearning, eBooks, geographical information systems, and Telematics in car navigation systems. The platform will considerably complicate the unauthorised distribution of digital content. Certainly, this platform will also build the basis for pragmatic and fair DRM solutions. In this context, we are particularly interested in adapting the development of our platform to the concepts of fair use and first sale, which allow the private (e.g. one-time transfer) or non-profit (e.g., for educational purpose) usage of content.