  • 學位論文


A Study of Mobile Applications Using Digital Rights Management

指導教授 : 薛夙珍


行動用戶以行動設備進行娛樂、影音、繳費與購物等應用服務的機會,已日趨增多,但卻也因此增加了從行動環境購買或傳送數位內容的交易風險。由於在行動企業與購買電子書這兩種應用服務中,所傳送或購買的數位內容都屬有價值的資訊,因此需在傳送或交易過程中做好安全保護,以避免受到惡意使用者的竊取或竄改。 行動企業的員工在外洽公時,由於可隨時隨地使用手持裝置來存取公司的電子文件,若僅只是將企業文件以簡單的安全技術作加密,未能作好安全的存取控制保護,惡意的員工將可輕易地從手持設備將已解密的企業機密資訊作散播,也因此洩漏了公司的重要資訊而造成公司的利益損失。為了保護企業數位內容之安全性,本論文結合了數位權利管理(Digital Rights Management,DRM)概念與可信任運算平台(Trusted Platform Module,TPM)技術,設計一個輕量級的行動企業文件傳遞協定,可以有效避免企業文件在傳遞時的不當修改或偽造等安全問題。 由於電子書交易模式所傳輸的數位內容,跟行動企業一樣都屬有價資訊,所以在論文中除了探討了行動企業的文件保護議題,也將電子書交易作為研究主軸。目前電子書的交易模式多數為,消費者必須一整本書一起購買,無法讓使用者依需求來選購部份章節或頁數,造成使用者購買意願的降低,且電子書經下載後亦無法分享予其他的使用者。因此,本論文提出可讓行動用戶依個人需求購買部份章節的行動電子書協定,協定以數位權利管理概念來保護電子書的交易安全,也運用多種憑證讓分享電子書內容的同時,也能公平地完成拆帳作業;此外,運用了樹狀結構的方式來產生各章節之加解密金鑰,以簡化金鑰管理的問題。


The increase of mobile users’ requesting services like entertainments, audio and video, billing, and purchasing using mobile devices has increased the risks of transactions conducted and content delivery in the mobile environments. Considering common applications, enterprise documenting and e-books purchasing services using mobile devices require more secure protections because the digital contents are too valuable to be sneaked or tampered. A malicious employee in an enterprise supporting mobile business applications may jeopardize the company business because he may access and reveal classified company documents to competitors using the mobile devices during a business travel. Without secure access control, or with merely a simple encryption of an enterprise secret, the important company documents might be compromised and disseminated. In order to protect digital contents of company documents accessible from mobile devices, this study integrates Digital Rights Management (DRM) and Trusted Platform Module (TPM) and proposes a lightweight document delivery scheme for mobile enterprise documents. The scheme may prevent the documents from improper modification and falsification when a document is delivered in the mobile environment. The digital contents of e-books are as valuable as company documents so that they require protections of similar degrees as that of enterprise documents. Modern e-book transactions request the purchase of a whole book to protect the content of the book using one encryption key. This limitation becomes a major hurdle for the willingness of e-book purchasing when some readers expect to buy certain chapters or pages of interests, rather than the entire e-book. In addition, sharing of an e-book is impossible after downloading. Therefore, this study proposes a chapter-on-demand transaction protocol for e-book purchasing in a mobile environment. The transaction security is protected using the mechanism of digital rights managements. The protocol uses multiple certificates to provide e-book sharing while ensuring fair bill-clearing. The management of encryption keys for chapters is simplified by the devised tree-structured key production method.


[18] Steven Ong (2004), Mobile Digital Rights Management, Technology
[1] 林家禎,張建騵(2006),一個適用於行動商務環境的數位權利保護機制,2006電子商務與數位生活研討會,台北市。
on electronic commerce, pp. 185-194.
[11] Chin-Ling Chen(2008), “A secure and traceable E-DRM system based on
[13] Sai Ho Kwok(2002), “Digital rights management for the online music business,” SIGecom Exchanges of the ACM, vol. 3, no. 3, pp. 17-24.


