Sony DADC User Rights Management Solution

Overview

Purpose

This section provides a general overview of the various CGP (Common Gateway Platform) components and APIs and outlines the basic workflow of encrypting and decrypting books.

If you have questions about using URMS, please contact Datalogics support.

The URMS Environment

To install the URMS environment, the user is provided with the URMS Software Development Kit (SDK). The SDK includes a pair of library files—a Jar file for Android or a tar.gz file for iOS—that can be used to build a custom eReader mobile app for opening eBooks on Android or iOS mobile devices. The customer can use an existing eReader app and integrate it with the CGP Server at Sony DADC. The rest of the URMS environment includes web services or APIs that the customer can use to communicate with the CGP Server. URMS includes both test and production platforms, including a sample store where a customer can experiment with the environment while evaluating the product.

The Common Gateway Platform (CGP) represents the implementation for the URMS. The GCP Server at Sony manages assigning and controlling user rights and entitlements to content for all end users across all online stores and libraries that use URMS to buy and sell, lend, share, and give eBooks. CGP tracks who is buying and borrowing books from each store and library. CGP also provides for a common bookshelf, where a user who buys or borrows books from more than one store or library can see all of his or her books in one place, using a single account and login.

Each source of eBook content, a local web store or library, interacts through the Store API with the CGP server to register titles, set up user accounts, and complete other functions related to eBook processing. The store or library electronic commerce site integrates with the CGP Server.

CGP Components

URMS_workflow

The red box highlights the Back Office API, which provides services for protecting and packaging books. This interface will be used mainly by distributors and publishers.

The yellow box depicts the Store API. It provides services such as:

  • User and device management
  • Generating Auth Tokens
  • Book Transactions, like buying and lending
  • Revoking licenses

This interface will be mainly used by retailers.

The blue box exemplifies the interface between URMS servers and URMS SDK. URMS SDK is the client-side component that can be easily integrated in existing readers and transparently handles the communication with the URMS and Marlin servers.

Marlin here refers to the Marlin DRM platform, an open rights management standard and digital content sharing platform created by the Marlin Trust Management Operation in 2005.

The grey area shows interactions where URMS is not involved. These parts include tasks like transmitting the catalog of available content from the distributor to the retailer or the interface between the retailer’s server and the reader application.

Supported Platforms and Formats

URMS SDK is available for the following platforms:

OS Version
Android 4.1 or later
iOS 7.1 or later
Windows (alpha) 7 or later
Mac OS X (alpha) 10.9 or later

URMS SDK enables the secure distribution of EPUB2, EPUB3, and PDF files.

APIs

Server APIs

  • SDK API. Defines the interface between URMS SDK and CGP server.
  • Store API. This API is used between the CGP server and a customer’s store.
  • Back Office API. Book encryption and registration services.

Client API

  • URMS SDK. A library that provides Marlin DRM content protection, book decryption, bookmark synchronization, common bookshelf functionality to mobile apps.

Environments

URMS provides both a Production environment and a Test environment. The two environments are completely separated. To change from Test to Production or back again you need to exchange the URMS SDK library.

Basic Workflow

This section describes the basic steps that have to be executed in order to protect a book and consume it on a mobile device.

  1. Content Generation (CGP Back Office Operation)
    This process registers and encrypts an e-book with the CGP system.
    The CGP responds with a unique CCID (Common Content ID) which identifies the encrypted book.
  2. Store User Registration (CGP Store Operation)
    Here an existing store user gets registered with the CGP server.
  3. Book Registration (CGP Store Operation)
    This process of associating a book with a given user.
  4. Book Download (URMS SDK Operation)
    The encrypted e-book data gets downloaded to the device.
  5. Book Decryption (URMS SDK Operation)
    In a last step the encrypted e-book data gets decrypted on the device.

For a more detailed description of supported use cases please refer to Use Cases.
The technical documentation of URMS SDK function calls and CGP API HTTP requests can be found at CGP API.

store_reader_urms_interaction

Getting Started

Android

The sample can be built using Eclipse ADT by simply importing the folder as an Android project.

URMS SDK release libraries configured against the production environment have signature checks activated.

For this reason you will need to find the Android App Signature associated with your mobile app and share it with the vendor. This is a simple process; find the signature content, copy it into an email message, and send it to the vendor.

Follow these steps to find the signature:

  • Sign the apk file with a release key. This is the same key that would be used for distributing the app to the public. The apk file refers to the Android Application Package, used to distribute and install apps.
  • Unzip the apk file
  • Go to the “META-INF” directory
  • Execute the following command on the .rsa file (usually android.rsa or cert.rsa). The rsa file holds a digital certificate.
keytool –printcert –file <file>
  • Extract the SHA256 signature
  • Copy the SHA256 signature character string and paste it into an email message. Send the message to Datalogics support. Please provide your company name and contact information.
  • Datalogics will forward the signature to the vendor for you.

iOS

For iOS there are two sample apps. Cgp-sample-ios uses an older Readium version that does not support filter chains. Instead, is uses an HTTP server specific to URMS that is in charge of providing book fragments and also calls the decryption API.

The bundle/SDKLauncher-iOS sample contains a recent version of Readium’s iOS Launcher that was extended to support URMS. Recent Readium launchers already support the Readium SDK filter chain. The marlin_decrypter.cpp is a concrete implementation of a Readium filter and uses the decryption API to decrypt content. For customers who base their apps on Readium, this is a blueprint how the Marlin Filter can be added to existing Readium-based readers.

Note that the Readium filter is included with the URMS SDK. If a new release of URMS requires an updated version of Readium, the correct version of Readium will be part of the installation package.

When the protected URMS static library is compiled into a third-party application, the Binary Update Tool must be executed on the final compiled application.

This is needed to update embedded integrity checksums, which are contained in the final binary.

The tool requires the following input:

  • compiled binary application
  • the protection data file (nwdb)

Both files can be found in the “libs” folder located in the root directory of the shipped bundle.

OS X and iOS applications must be re-signed after running the Binary Update Tool, because the binary footprint will be different. You can perform signing using the co-design tool from the command line.

Running the update tool:

scp-update-binary --binary=<compiled executable> <*.nwdb>

Example:

${PROJECT_DIR}/../libs/scp-update-binary --binary=${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.app/${PRODUCT_NAME} ${PROJECT_DIR}/../libs/urms.nwdb

Off-line Mode
The client mobile device is designed to work offline as needed, such as during a long flight when the device would be in airplane mode. But if the client application is offline for too long, GetAvailableBooks() may not be able to update licenses and might fail to delete an expired eBook.

If the client application continues to remain offline indefinitely, the local URMS SDK client will detect this and send an error message to the user.  The URMS SDK is designed to block attempts to subvert security. For example, if a borrowed book is about to expire, the local URMS SDK can detect if an expiration date has arrived and inform the user even if the device is offline.

After the network connection is available again, the error is cleared.

Mandatory Updates
URMS returns an error if the installed URMS SDK is not the latest version available.

The user must respond and update the SDK, making sure that keys stored within the URMS SDK, and the security patch, are kept current.

Rendering flow
It is recommended that data decrypted with URMS SDK is extracted to memory before loading it to the Rendering Engine.

Storing the data as a temporary file instead increases the risk of the data being copied illegally.