Transmission time-based authentication scheme using 3G mobile device for DRM system

The recent widespread deployment of 3G technology has opened the possibility for high value digital content to be delivered to wireless-driven output terminals that may or may not be mobile. This calls for a robust DRM (Digital Rights Management) system that can protect copyrighted content from being illegally accessed. The conventional method of authenticating a registered user or a prospective content purchaser is by means of the username and password combination. However, this method raises many vulnerabilities, especially now that password attacks and phishing techniques are rampant. Enhanced user authentication schemes are thus needed to ensure that the content is delivered to the legitimate purchaser, and to combat piracy in the Internet in general. Our assumed DRM system utilizes 3G mobile devices, such as HSDPA (High Speed Downlink Packet Access) enabled mobile devices, to access the content. An essential part of the system is an access area restriction scheme; it is based on the physical location of the user´s mobile device as estimated from the packet transmission time between the mobile device and the server. Together with personal information, the access location must be pre-registered to realize location-specific enforcement policies. This system is extremely flexible and supports a wide range of security policies; for example, the content provider can stipulate that service is terminated if the registered user moves away from the registered terminal through which he is accessing the content.