One attack and one DRM-proof technology appears "crack standard"

Data protection technology DRM has become one of the fastest developing information security technologies in the 2007. Recently, companies led by Microsoft have issued new standards for relevant technologies. On the contrary, in the United States hackers Congress, has been the corresponding crack standards, an attack on the user's impact can not be overlooked.

The birth of new technology

The birth of data protection technology is for all kinds of information replication and data security on the Internet. DRM protects digital content with a certain security algorithm, its application can include electronic data, video, audio, picture, security document and other digital content protection. The principle of DRM technology is to establish information authorization center first, the digital content after coding compressed can be protected by encryption key, and the encrypted information head holds the key identification code and the URL of Authorization center. When the user carries on the information operation on the Internet, according to the information Head key identification code and the URL characteristic, may send the related key decryption after the information Authorization Center authentication authorization. Data content that needs to be protected is encrypted, even if it is saved by the user, and cannot be used without authentication authorization from the Information Authorization center.

At present, the most widely used domain of DRM is digital copyright encryption and security protection. In traditional digital copyright protection, digital watermarking technology is used. Digital watermarking is a hidden mark embedded in digital content, which is usually invisible and can only be extracted by special detection tools. Digital watermarking can be used in software, pictures, music, film protection, without compromising the quality of the original works, the copyright-related information hidden therein. However, the current market of digital watermarking products in the application is not mature, easy to be destroyed, and digital watermarking methods can only be found after security incidents for forensics or tracking, can not be prevented in advance.

Instead, DRM technology encrypts digital content, and only authorized users can get the decrypted key, and the key is bound to the user's hardware information. Encryption technology combined with hardware binding technology to prevent illegal copy, this technology can effectively achieve the purpose of protection. At present, the information protection of most computer companies and research institutions at home and abroad adopts DRM technology.

Core of the DRM

In the actual protection process, DRM is generally divided into two steps to protect. First, the data providers (such as enterprises, Web sites, digital libraries, etc.) use the developer packaging tools to encrypt the original file and add the header to the file. Generally, a 128-bit or 156-bit symmetric algorithm is used to complete encryption, and additional security information can be added while the encryption is complete.

In the second step, when a user accesses the information, the machine will automatically check that there is no corresponding license, if not, the system will instruct the customer to a specific registered address to register, when the customer input user name, password or insert IC card, USB identity authentication token, authentication server officers transferred Guevara the identity of the customer and the corresponding permissions, If the result of the checksum is that the customer is a legitimate user, and the content he clicks on is also within his purview, the authentication server will read the user's hardware fingerprint (can be PC information, can also be IC card, Ikey information), generate a license file implanted on the user's machine.

If the packaging process is to add a security lock to the digital file, then the license is the key to unlock, each legitimate user has a specific, unique key, and, is tied to the hardware fingerprint.

New markets and new challenges

But that remark, while, outsmart. At a recent hacking conference in the United States, some top hackers have unveiled cases of DRM technology being cracked. This behavior has caused considerable loss to the developer. Therefore, how to monitor product security incidents, real-time understanding of the current situation of products, has become a key protection of digital rights.

At present, with huge data protection potential market, many manufacturers, such as Microsoft, Realworks and SafeNet are committed to digital copyright protection, but also the introduction of different technologies. Take SafeNet's mediasentry services as an example, the technology can help developers to effectively monitor the growing threat of software piracy and prevent unauthorized product distribution. For the time being, this service can provide continuous protection for the software and stifle the threat in the bud.

Security experts say these services provide the most advanced scanning technology available to find and index pirated content on the Internet. Through the global monitoring points, online auction groups, IRC networks, newsgroups, FTP sites, point-to-point groups and sites to implement continuous monitoring, so that real-time, accurate grasp of online security situation. Once the relevant intelligent scanning agent has found that there is a tort, all the relevant data will be recorded in the security vendor's giant database, and sent to the designated customer folder, and then, all the collected information to access, retrieve, and generate the corresponding report.