Nicholas Paul Sheppard

On multiple watermarking

Mintzer and Braudaway [6] once asked: If one watermark is good, are more better? In this paper, we discuss some techniques for embedding multiple watermarks into a single multimedia object and report some observations on implementations of these techniques.

Import/export in digital rights management

The inherently controlled nature of digital rights management systems does little to promote inter-operability of systems provided by different vendors. In this paper, we consider import and export functionality by which multimedia protected by one digital rights management regime can be made available to a multimedia device that supports a different digital rights management regime, without compromising the protection afforded to the content under the original regime. We first identify specific issues to be addressed by developers of digital rights management import/export regimes and outline a variety of methods by which these regimes may be implemented. We then apply our observations to the specific example of import and export of content between the digital rights management regimes defined by the Motion Picture Exports Group and the Open Mobile Alliance.

Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.

Enforcing P3P policies using a digital rights management system

The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRMis one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumers privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.

A rights management approach to protection of privacy in a cloud of electronic health records

A patient-centric DRM approach is proposed for protecting privacy of health records stored in a cloud storage based on the patients preferences and without the need to trust the service provider. Contrary to the current server-side access control solutions, this approach protects the privacy of records from the service provider, and also controls the usage of data after it is released to an authorized user.

Using digital rights management for securing data in a medical research environment

We propose a digital rights management approach for sharing electronic health records in a health research facility and argue advantages of the approach. We also give an outline of the system under development and our implementation of the security features and discuss challenges that we faced and future directions.

Distributed management of OMA DRM domains

Version 2.0 of the Open Mobile Alliances Digital Rights Management Specification provides for protected content to be shared amongst a collection of devices in a domain. Domains are created and managed directly by the rights issuer that issues rights to the domain. In this paper, we propose to devolve the management of domains to a domain manager known as Heimdall that acts as a broker between the devices in an authorised domain and any content providers from which content for the domain can be sourced. We describe and compare three different modes in which Heimdall might operate.

A Rights Management Approach to Securing Data Distribution in Coalitions

As network capacity has increased over the past decade, individuals and organisations have found it increasingly appealling to make use of remote services in the form of service-oriented architectures and cloud computing services. Data processed by remote services, however, is no longer under the direct control of the individual or organisation that provided the data, leaving data owners at risk of data theft or misuse. This paper describes a model by which data owners can control the distribution and use of their data throughout a dynamic coalition of service providers using digital rights management technology. Our model allows a data owner to establish the trustworthiness of every member of a coalition employed to process data, and to communicate a machine-enforceable usage policy to every such member.

Weighted segmented digital watermarking

We introduce the notion of weighted watermarking for proof-of-ownership watermark protection of multimedia works that are the product of more than one author and where each author is considered to be of different importance relative to the other authors. We specifically examine weighted segmented watermarking for still images and generalise previous work on performance measurement of watermark embedding patterns in the presence of cropping attacks.

Location-based DRM using WiFi access points

Location-based digital rights management (DRM) refers to a system allowing the owner of an electronic file to specify not only the actions a user is allowed to perform regarding the content, but also restrict the actions to a specified geographical area. A method for retrieving location information is required. One such method is to place wireless access points in areas of interest, requiring a device to be in the vicinity of the correct access point(s) in order to access a file.