Protecting your content! | Search |
NowSMS Support Forums ⬆ NowSMS Support - SMS Issues ⬆ Archive through December 09, 2003 ⬆ |
◄ ► |
Author | Message | |||
Lars mService Unregistered guest |
When selling content via wap push or mms. How do you protect the content from not being forwarded by the person who downloaded it, to the persons friends(from phone to phone)? Is there any way, perhaps in the header, to define that this content cannot be forwarded to other phones. I know that there is some stuff with Forward Locks, but i think that is only for mms. The market for ringtones is getting bigger and bigger, and the recordcompanies aquires more and more security, which is undestandable. | |||
Lars Nielsen New member Username: Larsmservice Post Number: 1 Registered: 10-2003 |
-- | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 965 Registered: 10-2002 |
Lars, Actually, forward locks have been implemented first in WAP. And we're only just now starting to see forward locks implemented in MMS clients. (Well, SonyEricsson did have an MMS forward lock for their phones, but it was proprietary and only supported in SE phones. The official DRM standard from the OMA seemed to start popping up in WAP browsers first.) Unfortunately, the way DRM was implemented for WAP, it is almost impossible to store a protected DRM object on a conventional web server. (In a way, this makes some sense because if it was openly accessible via a conventional web link, it would be easy enough to just forward the link.) The problem is that the "application/vnd.oma.drm.message" content type requires a "boundary=" parameter. For example, the MIME type for a JPG that had a forward lock wrapper would look something like this: Content-type: application/vnd.oma.drm.message; boundary="--mime-boundary" I don't think it's too easy to configure a conventional web server to serve up a boundary header like this ... so you'd have to use dynamically generated content. Basically, content that is wrapped in OMA DRM looks like this: --mime-boundary Content-type: original-content-type (e.g., image/jpeg) Original-content-data --mime-boundary-- The "--mime-boundary" string is a string that needs to match the "boundary" parameter for the content type. We're still looking for the best ways to implement some DRM functionality into NowSMS. | |||
Anonymous |
Bryce, Can you show an example of a full http request containing the mime-boundary and original content? | |||
tdn Unregistered guest |
I have a webserver that produces a page with this in the header: Content-type: application/vnd.oma.drm.message; boundary="dbae1e90b1b459c41b38c82dd7f34e8f" The content of the page is this: dbae1e90b1b459c41b38c82dd7f34e8f Content-type: image/jpeg ÿØÿà JFIF ÿþ >CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality ÿÛ C [--CUT--] ‰¿èbÕÿ ð6Oþ*Š( ÿ „¿Äßô1jÿ ø'ÿ Gü%þ&ÿ ¡‹Wÿ ÀÙ?øª( Ú•ö©:Ϩ^ÜÝÊ«°Iq+HÁrN2Iã$þtQE ÿÙ dbae1e90b1b459c41b38c82dd7f34e8f But the phones I've tested (Nokia 5100,6610, SE T68i) get an "unknown filetype"-error. What is wrong? A test can be seen here: http://80.196.156.155:8000/php/tdn/locked_image.php | |||
tdn Unregistered guest |
I have these two files: http://telwap.mservice.dk/waporder/xsupport/testb.dm and http://80.196.156.155:8000/php/tdn/locked_image.php The first one works, the second one dont. What is the difference? Why does the php file not work? | |||
Paul de Vries Unregistered guest |
well i think if a wap push message is generated then the url on the phone can be easily copied.. so if you have a webserver make sure that the wappush link is only accessible once and will be deleted after a "SUCCESSFULL" download about MMS that should be a feature in NOWSMS 5.x i think nowsms 5 should be able to know whether a mms has been retrived once, and thus mark it unretrievable | |||
Lars Nielsen New member Username: Larsmservice Post Number: 2 Registered: 10-2003 |
>>To: Paul de Vries I know the problem of the wap push message issue is also a security issue to consider. But i want to take everything in steps. And step one for me is to protect the actual content, so that the user cannot send it from phone to phone. The forward-lock works, but only on very few phones. I have tested with several phones today, and the result was disapointing. Even the SE T610 could not download the content. My Nokia 3100 works perfect. I cannot use the content in eg. a mms message. The phone returns an error message sounding something like: "The picture is digitally protected". I know you write about mms, but mms is not going to be used in a scale like wappush, so i only concentrate on wap push. | |||
Lars Nielsen New member Username: Larsmservice Post Number: 3 Registered: 10-2003 |
Actually i am very dissapointed that the vendors has not added support for forward-lock long time ago. Found a Nokia-pdf today where i could see which phones supported Digital rights management, etc. Very dissapointing reading | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1007 Registered: 10-2002 |
tdn, I'm not sure what the difference is between your two links. If I connect to your second URL with a Nokia 6600, I don't get anything (but my GPRS APN might have an issue with port 8800). What's weird is that I can download that link using Internet Explorer, but I tried to connect in via Telnet (so I can view the raw headers), I get a response back telling me that a connection is not allowed from my IP address. (Yet it works from the web browser, which I do not understand.) | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1008 Registered: 10-2002 |
Paul, This is something that we are looking at (also for the multimedia wap push). The problem is that if the user is not configured with your MMSC as their MMSC in the mobile phone, then the MMSC does not know whether or not the message was downloaded successfully ... it only knows that an attempt was made. That makes this automatic deletion more complicated. Our thinking is a configurable setting to delete after "x" attempts, or "y" minutes after the first attempt. | |||
Lars Nielsen New member Username: Larsmservice Post Number: 4 Registered: 10-2003 |
>>Bryce: I willsetup some testlinks tomorrow on port 80 The big difference is that the link on port 8800 is a linux debian with apache and modperl installed. It dynamically creates the .dm content the other is win2k and the .dm file is static created by Nokia content etc. etc. 2.1.4 | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1010 Registered: 10-2002 |
Alright, post a link tomorrow, and I'll take a look. Maybe I can get a line analyser running on my end to look at the raw traffic as well. One longshot idea ... I notice in the web download of the above link that there is a "Content-type:" header in the version that does not work, and "Content-Type:" in the version that does work. It's a bit of a longshot, but we had a tech support issue earlier today where we were dealing with an MM4 interoperability problem where the other vendor would not accept "Content-type" as a header, because the actual specs have it capitalised as "Content-Type". A longshot for sure, but without looking at the HTTP headers, this was the only real difference that I noticed. | |||
tdn Unregistered guest |
Bryce, We have now figured out the problem. It was the UNIX style newline char ('\n') that did not work on the phone. Apearently it needs to be the DOS style newline ('\r\n'). | |||
Lars Nielsen New member Username: Larsmservice Post Number: 5 Registered: 10-2003 |
Yes we fixed it and we also got it to support SonyEricsson phones. But where do i find out which phones supports it ? Its really hard to find at the vendors webpages. anyone got links out there? Bryce ? | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1017 Registered: 10-2002 |
Lars, I haven't seen any good lists for this. But here would be my suggestion for the quickest way to do some research. Go to: http://w3development.de/rdf/uaprof_repository/ Download the UAProf files, and search to see which ones reference "application/vnd.oma.drm.message" as a supported content type. On the SonyEricsson phones are you using the "application/vnd.sem.mms.protected" content type, or are you using the OMA forward lock? (I'm curious which SonyEricsson phones are supporting the OMA forward lock.) -bn | |||
Lars Nielsen New member Username: Larsmservice Post Number: 6 Registered: 10-2003 |
>>Bryce: On the SonyEricsson phones are you using the "application/vnd.sem.mms.protected" content type, or are you using the OMA forward lock? (I'm curious which SonyEricsson phones are supporting the OMA forward lock.) << Bryce. I have only used the OMA forward-lock. It doesnt work on T68i, but works perfectly on the T610. I have no experience with the: "application/vnd.sem.mms.protected". Looks to me as if its only for mms, but might work on actual content like pictures, midifiles, etc. Have you experience with that one yourself ? If yes on which phones? Should we make a forum with supported stuff phone by phone? No! Impossible. The vendors(Nokia, SE, etc.) ought to have pages for that, so that us developers could be kept updated without spending hours and hours surfing google for finding out which phones supports what. | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1079 Registered: 10-2002 |
Lars, You're right ... the other SonyEricsson MIME type applies strictly to MMS, not WAP. I agree with you, it is incredibly frustrating trying to determine which phone supports what. I have to at least give Nokia some credit in that they do produce some matrixes and characteristics documents on their phones which are helpful. With the other vendors, it is much more difficult. -bn | |||
Lars Nielsen New member Username: Larsmservice Post Number: 7 Registered: 10-2003 |
Bryce... Ever heard of WURFL ? We should all contribute to WURFL, then our lives would be easier i think. | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1116 Registered: 10-2002 |
Lars, I haven't heard reference to WURFL in quite some time, but it is good to hear that it is still around and being updated. http://wurfl.sourceforge.net/ I'll have to take some time to get re-acquainted with it. | |||
Toma New member Username: Toma Post Number: 4 Registered: 11-2003 |
Hey guys, I'm reading your discussion here. What's the difference between a sending content via a WAP Push and MMS? Can't you use them to send the same type of content? thanks. Toma | |||
Digs Unregistered guest |
Hi All, I'm not quite getting it but maybe close! I too have the same problem, doing WAP push to multiple handsets and wish to protect the content from being forwarded. From my perspective there are two ways of accomplishing this. Confirm the download of the WML files and then have them deleted after successful download from the web server. - I have no idea how to do this, if anyone does I am all ears.... Or implement the WAP forward locks? I am testing with WAP push to the devices and the user downloads various WML files from the server. The only headers I have are as follows: <?xml version="1.0"?> <!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml"> <wml> <card title="content"> <p><a href="http://www.myserver.com/wap/content.gif"></a></p> </card> </wml> If any of you guys can shed light on how to do this by example it would be greatly appreciated. And also, do WAP forward locks work on any WAP capable phone that is in accordance to the WAP spec? Or is it a try it and see approach? Many thanks, Digs | |||
Lars Nielsen New member Username: Larsmservice Post Number: 12 Registered: 10-2003 |
>>Digs How you want to protect your content from being forwardet from phone2phone by deleting the content on your server i dont know. What you do there is avoiding that others should download from your server. We have been running that way for a long time and it works fine. Now the phone2phone problem is a bit more difficult. But i think you want to read up on DRM support. We have it running perfectly now, but are waiting to set it online untill we know a bit more about which phones supports it. We could spend days finding out which phones supports it, but we'd rather wait for a while, and instead use it as a demonstration to the recording companies. They are thrilled, especially now when the "true-tones" are coming out. ;)Lars mobilenation ApS | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1266 Registered: 10-2002 |
Toma, There are differences in how the content is presented, as well as differences in how the content is delivered. From a presentation perspective, there is a separate MMS client in the mobile phone, and most MMS clients support the SMIL markup language to create a slide show type of presentation of the content. By contrast, WAP push messages are presented via the WAP browser. And the markup language is WML (or XHTML Basic can be used with some newer phones). On the delivery side ... there are subtle differences. When an MMS notification or a WAP push is sent to a mobile phone, there is a URL associated with the notification or push. When you send an MMS notification, the content is automatically fetched by the MMS client. With a typical WAP push (service indication), the user must select a link to then connect to the URL that has the content. (There is another type of WAP push, service load, where the content is loaded automatically but this is not supported by many mobile phones.) One subtle difference in the delivery is that the MMS client and WAP browser can have different network connectivity settings. In quite a few environments, the pre-configured operator settings for the MMS client only support receiving content from the operator MMSC, whereas the WAP browser settings are open to external content sites. So WAP push can be used in environments where MMS cannot. | |||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 1267 Registered: 10-2002 |
Digs, Lars addressed the forward lock issue pretty well (and there's good info in this thread about how to implement it ... there's just the issue of not many phones supporting it at this point in time). As far as deleting the WML (or the image/content itself) from the server after it has been fetched, you would have the content be served up by a dynamic script rather than a static URL. That dynamic script would disable itself after it runs. Or, more likely you would want to implement some controls so that the script can only be accessed for x minutes after the first access so that it could facilitate better error handling. | |||
Lars Nielsen New member Username: Larsmservice Post Number: 13 Registered: 10-2003 |
>> Deleting content on server... I made a pretty simple setup. For each order i create a folder in a dir called Xwaporder. The foldername gets a GUID as foldername. I create a WML page in there, and copies the content into the dir. Then i have a table in a sqlserver called Xfiles2Delete where i put a timestamp, and som folderinformation. Then i made a script running every10 minutes that checks if the folder is more than 1 hour old. If true then delete the content and then the folder. Simple ;-) |