Learning Center
Plans & pricing Sign in
Sign Out



									OMA DRM 2.0
June 7, 2011

Page 1 (of 6)   Ovi Publisher Guide
O M A           D R M       2 . 0             Q U I C K          S T A R T

What is OMA DRM?

OMA DRM is a Digital Rights Management technology defined by the Open Mobile Alliance, a conglomerate of mobile
phone manufacturers (including Nokia), network equipment manufacturers, and network operators. With DRM, you
can protect digital content from unauthorized distribution. You can secure your digital assets, preserve your
investments, and maintain your revenue stream.

Nokia devices support these versions of DRM for Ovi Store content:
    OMA DRM 1.0 Forward Lock  This simple mechanism prevents content from leaving a device. The
     content is delivered to the device in a DRM message. The device extracts the content from the message
     and can freely use the content, but cannot forward the content to another device.
    OMA DRM 2.0, All mandatory features  This version of DRM provides stronger protection, with:
          bilateral authentication between the rights issuers and devices
          data encryption and decryption using Public Key Infrastructure (PKI)

How does OMA DRM 2.0 work?

1.   Publisher  Submits content to Ovi Publish, which encrypts the content for Ovi Store.
2.   Consumer  Buys content from Ovi Store.
3.   Ovi Store  Processes the payment, then delivers the encrypted content.
4.   Consumer Device, DRM Agent  On receiving payment confirmation, requests a rights object from the License
     Key Manager (LKM), using the Rights Object Access Protocol (ROAP).
5.   License Key Manager  Authenticates the consumer device, sets usage rights, and delivers the rights object.
     Optionally restricts the number of times content can be used, or the time period during which content can be
6.   Consumer Device, DRM Agent  Registers the access rights.
7.   Consumer  Uses the content, which calls the DRM Agent to check access rights before decrypting protected

For more information about:
    DRM in general, go to:
    The OMA DRM 2.0 specification, go to:
    How DRM works with Ovi Store in-app purchases, go to:

Page 2 (of 6)                                                                                OMA DRM 2.0 (Beta)  Quick Start
    Executable files, such as *.exe or *.dll, cannot be protected by DRM. There is, however, extensive
     protection from Symbian OS platform security to ensure the integrity of executable files. This protects
     against a potential hacker’s attempts to tamper with an executable file.
    Assets such as audio and video files, that require streaming as opposed to being loaded entierly into
     memory, should not be DRM protected for performance reasons.

Also, in this current release, you can use DRM 2.0 only for:
    Qt based or native Symbian apps  All other content that can be published on Ovi such as other app
     types, like Java and Flash Lite, and other contents types, like audio and video, are not supported.
    Symbian^3 devices  To distribute to other devices, for example, N97 or 5800, you would need to
     publish the same content using DRM 1.0 Forward Lock or no protection, which compromises the DRM
     2.0 protected content.
    Paid content  DRM protection for free (or temporarily free) content is not supported.

Summary steps
Here is a summary of the steps to apply DRM protection to your app:
1.   Identify which of your app’s assets you want to DRM protect. Then place the identified assets into specially
     named folders so that these assets will be DRM protected when the app is submitted to Ovi Publish.
2.   Modify your app code to use the Symbian Content Access Framework (CAF) Agent API to access the protected
     assets. After Ovi Publish encrypts the protected assets, your app code will no longer be able to access these
     assets directly.
3.   Test your app.
4.   Submit your app to Ovi Publish, selecting:
     1.   Requesting Nokia Signing.
     2.   OMA DRM 2.0 protection. The assets you have placed in the specially named folders are DRM protected.
5.   Test your app after it has been published.

Detailed steps

Prepare your app for DRM protection as follows:
1.   Ask Nokia to sign your app. This way, we can apply DRM protection, apply the signature, then package your app
     for downloading. For details about requesting our free signing service, go to:

2.   Consider the different assets associated with your app and select the assets that you wish to DRM protect, for
     example, data for game levels. As stated earlier, executable files, such as .exe or .dll, cannot be protected by
3.   Structure the app such that it accesses these external asset files. Consider including at least one gating asset. A
     gating asset is an asset that needs to be accessed by the app each time the app executes. Such a gating asset
     will prevent a user from using the app unless they have unlocked the DRM protected gating asset. Care must be
     taken to ensure that this gating asset actually contains some critical content. Otherwise, it could be replaced by
     an unlocked file with the same name, essentially cracking the DRM protection.
4.   Store these data files in a special project sub-folder, before packaging and submitting your app to Ovi Publish.
     When you select OMA DRM 2.0 protection in Ovi Publish, encryption is applied only to these external assets.
     Store the files that are to be encrypted in this project sub-folder:


     The <drive> is the development drive (for example, C: or D:), private contains your project’s private files which
     cannot be accessed by other apps, and <UID> is the globally Unique Identifier for your app package,

OMA DRM 2.0 (Beta)  Quick Start                                                                               Page 3 (of 6)
     represented as eight hexadecimal characters without any leading 0x indicator. If your app includes in-app
     purchases, store these files in:


     where XXXXXX is the in-app ID provided by Ovi Store for the in-app purchase. For more information about in-app
     purchases, see
5.   All DRM protected assets must be read using the Symbian Content Access Framework (CAF) Agent API. Other
     APIs cannot directly access DRM protected files. The Symbian CAF API must be used to read the file first and
     then hand it off to other APIs most likely by writing the contents of the protected asset to a buffer.

     For information about using this API, go to:
     48F5212AF0CA.html (Overview, Concepts, Tutorial)
     97B2CDE7E069/specs/guides/OMA_DRM_CAF_Agent_API_Specification/OMA_DRM_CAF_Agent_API_Specification.html (API

          To enable Qt apps to access the encrypted files, use a DRMFile class to wrap the CAF API:


           Then, to open, read, or close a file, use the class as follows:
           #include "DRMFile.h"

           // create a file using the DRMFile class
           DRMFile file;

           // try to access the encrypted file
           int error =[0]);

           // if the device can access the encrypted file
               // process the file data

           // if the device cannot access the encrypted file
                // check the cause of the error

           You can use this DRMFile class by either adding the files from the above location to your application, or by
           creating your own custom implemention following this example.

          To enable Symbian C++ apps to access the encrypted files, use the CAF API as shown in the sample code
           that follows (NOTE: the complete working application from which the example below is taken can be found
           at: )

Page 4 (of 6)                                                                                OMA DRM 2.0 (Beta)  Quick Start
          // -----------------------------------------------------------------------------
          // Sample code to read an OMA DRM protected file and use its contents.
          // -----------------------------------------------------------------------------
          void CDrmReaderAppUi::ReadProtectedFileL( const TDesC& aFileName )
             // Create a CContent object, supplying protected content file name
             // CAF will figure out the appropriate agent
             CContent* content = CContent::NewLC( aFileName );

              // Create a CData object to read the content.
              // Tell the agent we are planning to "execute" the content.
              // *** if OpenContentL gets error -6 here: KErrArgument,
              //     then CAF sees that you have rights but does not like the
              //     content MIME type and DRM intent match.
              //     For example: image/png in DCF with EView is OK
              //                  image/png in DCF with EPlay is _not_ OK
              // For Ovi Store, always use EExecute intent.
              CData* data = content->OpenContentL( ContentAccess::EExecute );

              // Don't need content object any more
              CleanupStack::PopAndDestroy( content );
              CleanupStack::PushL( data );

              // Get the size of the plaintext content
              TInt size;
              data->DataSizeL( size );

              // Guard against potential heap overflow
              if (size > KMaxFileSize)
                 User::Leave( KErrTooBig );

              // Execute the intent, tell the agent that we plan to "execute" the content.
              // Always call ExecuteIntent shortly before attempting to read the data.
              User::LeaveIfError( data->ExecuteIntent( ContentAccess::EExecute ) );

              // Send image data for conversion and display
              HBufC8* decryptedContent = HBufC8::NewLC( size );
              TPtr8 pDecryptedContent = decryptedContent->Des();
              User::LeaveIfError( data->Read( pDecryptedContent ) );

              CleanupStack::Pop( decryptedContent ); // txr ownership to iPicProcessor
              iPicProcessor->StartL( decryptedContent, *iAppView );

              // Cleanup loaded resources
              CleanupStack::PopAndDestroy( data );

6.   Test your app. Because the actual file encryption does not happen until you upload your app to Ovi Publish, use
     a tool such as dcfpackager.exe to simulate DRM-protected files during testing. This tool wraps your data files into
     DCF envelopes, but without data encryption. When your app uses the CAF API to read a DCF-wrapped data file,
     this simulates a successful use case where there is a valid license for the data file. To simulate an error case (for
     example, where no license available and therefore the file cannot be accessed), simply replace the file with a
     DRM-encrypted file. For a copy of dcfpackager.exe, go to:
7.   Package your app. If your app:
         has never been published in Ovi Store  Use the new UID provided by Nokia and create a new content
         is already in Ovi Store with a Nokia-provided UID  Re-use the existing UID and update the existing content
         is already in Ovi Store with a UID from another signing authority  Use the new UID from Nokia and create
          a new content item.
8.   In Ovi Publish, under the Content Files tab, select OMA DRM 2.0. This encrypts all asset files that are stored in
     the folder <drive>:\private\<UID>\drm\data\.

OMA DRM 2.0 (Beta)  Quick Start                                                                               Page 5 (of 6)
     This selection does not apply to in-app purchases. If you saved in-app purchase asset files in the sub-folders
     <drive>:\private\<UID>\drm\data\resourceId_xxxxxx, they are encrypted automatically regardless of this
9.   After your app has been published you will need to test it. Note that if you did not place the assets you intended
     to be DRM protected in the correct folders, the assets will not be DRM protected. It is therefore very important to
     confirm that the files were actually encrypted.

Page 6 (of 6)                                                                              OMA DRM 2.0 (Beta)  Quick Start

To top