Various approaches to cross-platform and cross-application interoperability have been suggested. One idea is an interpreted DRM virtual machine (a Java-like VM but for rights management). However appealing, so far this approach seems mainly to push important difficult security issues down into the DRM-VM.
Cross-application interoperability has been attempted by using a combination of secure viewers with (a) redirectors that trap Operating System calls or network events or (b) a middleware layer that provides services to applications. Redirectors are used by some security applications, [e.g., certain Symantec products] so they have their uses even though significant limitations exist in most cases. Middleware also presents certain security challenges that can be mitigated, but not fully eliminated, which is one reason why DRM ultimately needs to be rooted in the OS. Even if DRM is rooted in the OS, there are, of course, many OSs running on all kinds of devices.
One US patent application 20030018906, "Method and system for protecting software applications against static and dynamic software piracy techniques," assigned to Liquid Machines describes, among other things, another approach that is very cute (meant as a term of high praise). Its one of those ideas that I wish I had thought of. So what's the idea?
The cuteness entails: A method for protecting a software application module, comprising: rewriting the application module by overwriting executable code at identified authorization points.... and then inserting code that deals with authorization, entitlements, etc.
This rewrite the code approach implies generality: any OS, any application.
Of course, both the Devil and God are in the implementation details.
Recent Comments