A more secure digital rights management authentication scheme based on smart card

Digital rights management (DRM) system is a technology based mechanism to ensure only authorized access and legal distribution/consumption of the protected digital content. DRM system deals with the whole lifecycle of the digital content including production, management, distribution and consumption. DRM schemes are effective means for the transfer of digital content and safeguard the intellectual property. Recently, Yang et al. proposed a smart-card based DRM authentication scheme providing mutual authentication and session key establishment among all the participants of the DRM environment. We show that their scheme does not resist threats like smart card attack; fails to provide proper password update facility; and does not follow forward secrecy. To overcome these weaknesses, we propose an improvement of Yang et al.'s scheme. The security of our scheme remains intact even if the smart card of the user is lost. In our scheme, user's smart card is capable of verifying the correctness of the inputted identity and password and hence contributes to achieve an efficient and user- friendly password update phase. In addition, the session keys established between the participating entities are highly secure by virtue of forward secrecy property. We conduct security analysis and comparison with related schemes to evaluate our improved scheme. During comparison, we also highlight the computational cost/time complexity at the user and the server side in terms of the execution time of various operations. The entire analysis shows that the design of the improved scheme is robust enough for the for DRM environment.