Sony DADC User Rights Management Solution

Setting up your online bookstore to work with Sony DADC URMS

When you decide to implement the Sony DADC URMS encryption for your institution, Sony DADC provides you with access to their server environment and a set of web address endpoints, where you can send API calls to complete eBook transactions. Sony also provides a set of Software Development Kits (SDKs) with test user apps,  so that you can experiment with completing customer eBook purchases that involve URMS encryption.

You will need to test your connection with the Sony DADC URMS server environment before you can start encrypting eBooks using URMS with live customer accounts and production transactions.  We provide more detail on how that test process works below.

Sony DADC provides detailed information about working with the URMS Application Programming Interface (API) online.

The Production and Staging Environments

As an eBook vendor you provide your customers with an online bookstore, where they can find and purchase eBooks from you, and then download these eBook files to their own mobile devices or computers. You manage your customer accounts and transactions for them, but you also would like to protect the eBooks you sell online from misuse by applying URMS encryption to each title. For that to work your online bookstore system must be configured to work with the server environment hosted by Sony DADC.

The eBooks that your online bookstore offers must be encrypted before you sell and distribute them to your customers. Your system must be set up to send eBook files to the Sony DADC before they are made available on your bookstore.  Sony DADC encrypts the eBooks using URMS and then returns them to you. After that you can deliver the secured files to your customers. It is your responsibility to store your library of eBook files on you own local servers or in the cloud. The Sony DADC server environment is designed to receive, from your system, a record of each eBook file that you have sold to a customer. The client software is then able to verify this user has access to the content.

Sony DADC hosts two URMS platforms, one for staging and one for production. Before your online bookstore can work with the production environment at Sony DADC, encrypting eBooks you sell to actual customers, you need to set up a link from your online bookstore to the staging environment at Sony DADC. This allows Sony DADC to test and verify your system before bringing it online, and thus protect their own hosted environment. Sony DADC provides each URMS evaluation or licensed customer a Store ID and a Store Access Key so that their online bookstore can communicate with the Sony DADC staging environment. After your platform is tested and approved, Sony DADC provides you, as a licensed user, with a Store ID and Store Access Key for their production environment.

Security Measures for URMS Development

The URMS staging and production environments hosted at Sony DADC are segregated from each other.  Each environment is distinct, with a separate pair of servers, databases, SDKs, online bookstores, and sample apps. There is no migration path between the staging and production environments, and no user records, eBook files, or configurations are shared between them.

This approach is used to secure records and content in the Sony DADC URMS production environment. Sony DADC URMS uses encryption technology for eBook files based on the Marlin Digital Rights Management (DRM) platform. Marlin is an open access management standard and digital content sharing platform created by the Marlin Trust Management Operation in 2005. The Marlin platform is also used to provide DRM standards and structure for other kinds of digital content distributed online, such as video games, film, and music.

The URMS staging environment is designed to allow for easier development. Some of the Marlin DRM security restraints in place to protect production eBook content are relaxed in staging to allow easier debugging and testing. But these standards must be maintained for the production environment; the production environment retains strict security measures.

Specifically, Sony DADC URMS uses Marlin trust anchors as part of the Public Key Infrastructure (PKI). These trust anchors facilitate public key management and security certificates for encryption and decryption. The Staging environment uses test trust anchors that do not need to be secured because the staging environment is separate from production. These anchors remain secret in the production environment and therefore are more secure.

Servers and APIs

The two servers provided in staging and production include:

  • Common Gateway Platform (CGP) server. Verifies user access and handles book purchases and related transactions.
  • Digital Rights Management (DRM), or Marlin server. Handles eBook encryption.

The API calls used are the same for each environment.

Endpoints

Sony DADC’s staging environment provides a pair of endpoints, one for the Common Gateway Platform Back Office and one for the Bookstore.  Note that the address for the staging environment includes the word “stage”:

https://urms-bo-stage.codefusion.technology/bo/
https://urms-store-stage.codefusion.technology/store/

The production environment provides a matching set of endpoints for customers who have licensed Sony URMS Services:

https://urms-bo.codefusion.technology/bo/
https://urms-store.codefusion.technology/store/

Sony DADC provides any licensed users with credentials to run their online bookstore in their production environment after the bookstore is certified.

For evaluation customers, Sony DADC provides a sample store to use as a template for building a more robust staging environment.  If you do not have credentials for this store, please request access from Datalogics Support.

Software Development Kits (SDKs)

Sony DADC provides separate SDKs to access the staging and production environments.

Staging SDKs Production SDKs
Stage-debug Allows access to the staging environment and stores without setting up a secured signature. This makes debugging easier. Production-debug Debug the production environment. Rarely used and temporary. Marlin trust anchors remain secret and thus are secured. Access to this SDK is limited, and  must be enabled by Sony DADC.
Stage-release This SDK is the same as the stage-debug SDK except all anti-tamper measures are active to stage a release candidate for production. Production-release The version used in publicly available applications.

Sony DADC provides a set of sample applications in the stage-release and production-release SDKs.  Use these sample apps to set up your online store and to test the ability of your customers to buy and download eBooks as part of the URMS staging environment.  After the system has been moved to production, you can provide standard eBook mobile apps to your customers, either apps you design and build yourself or apps available on the market through the Google or Apple online stores.  The reader app you provide to your customers can be dedicated to a single store, or contain a list of supported stores.  Datalogics does not provide test apps for use with the staging process.

Testing and Verifying your Staging Environment

After you have built and tested your staging environment, create a test account and send the name and password for that account to your Datalogics support representative. Datalogics runs a validation on your customer staging platform  for URMS. This process verifies:

  1. The token authentication, that the customer access is valid
  2. The purchase or lending transaction, that the customer can open and read the eBook content

So this step verifies a customer’s ability to access your bookstore and purchase eBooks. If this automated test script succeeds, Datalogics sends the account name and password to Sony DADC, and Sony DADC also validates the implementation and grants final approval for access to their production environment.

If this second test works, Sony DADC provides a new Store ID and Secret Access Key for use with your production online bookstore, and lets Datalogics know that your account has been approved.  At this point you can start conducting business with URMS in your online store. Your customers can use their mobile apps to buy and download eBooks from your online bookstore, and have them encrypted using URMS technology. The online bookstore is eligible to be included in a multi-store list for applications that support this feature.

You can provide a reader app with your system that can display a list of more than one available online bookstore if your system supports multiple stores.  If the app is working with your production system it will only provide access to bookstores that are in production.  For a reader app being tested in the staging environment, it will only provide access to test stores.

Note that as a licensed user, after your site is put into production your original URMS staging environment remains in place to support future testing and development.