Electron Commer Res (2011) 11: 91101 DOI 10.

1007/s10660-010-9069-6

Service and P2P based secure media sharing in mobile commerce environments
Xi Chen Shiguo Lian

Published online: 16 November 2010 Springer Science+Business Media, LLC 2010

Abstract Service technology is slowly evolving to be a promising technology for developing applications in open, loosely coupled and distributed computing environments, e.g., in mobile commerce (m-commerce). Services technology can shield the heterogeneous platforms and is suitable for m-commerce applications. Peer-to-Peer (P2P) technology becomes more and more popular for mobile commerce applications. For secure media distribution in m-commerce applications, the security and P2P rights management become more and more urgent. New schemas and architectures for secure P2P based m-commerce applications, which are expected to function automatically or semi-automatically, are expected. In this paper, a secure media service system is presented, which can trace illegal distributors in m-commerce applications. In this scheme, the decryption operation and ngerprint embedding operation are combined together, which avoids the leakage of clear media content in mobile transfer. Additionally, these operations are implemented by the peer, which makes the scheme compliant with existing Peer-to-Peer Digital Rights Management (DRM) systems and very proper for secure media distribution in m-commerce applications. The architectures and modes of secure media distribution in m-commerce environment are presented and discussed. Keywords Mobile commerce Peer to peer Services Secure Digital rights management
This work was partially supported by the National Natural Science Foundation of China under Grant Nos. 70901039 and 70732002, National Postdoctoral Science Foundation of China under Grant No. 20090450144, and by Jiangsu Postdoctoral Science Foundation under Grant No. 0901104C. X. Chen ( ) Department of Electronic Commerce, Nanjing University, Nanjing 210093, China e-mail: chenx@nju.edu.cn S. Lian France Telecom R&D (Orange Labs) Beijing, Beijing 100080, China e-mail: shiguo.lian@ieee.org

92

X. Chen, S. Lian

1 Introduction Mobile Commerce arguably means more than just a new technique. Many analysts believe that it will revolutionize the business world and innovate the way individuals live. The study discussed in this paper concentrates on secure media distribution existing e-commerce applications with the wired Internet to the mobile Internet. Services technologies and P2P technology are currently the most appropriate technologies to realize m-commerce applications. This paper develops mobile commerce application frameworks based on Web Services technologies and peer-to-peer technology. The architectures and application modes are illustrated and presented. Future works of the applications are discussed. Wireless and mobile networks have experienced exponential growth in terms of capabilities of mobile devices, middleware development, standards, the improvement of wireless bandwidth and network implementation, and user amount. Mobile applications and commerce have been studied and some business application modes have been developed. In mobile commerce applications, every mobile device can be seen as a peer, and the interactions in mobile devices can be seen as peer-to-peer interactions [1]. So, some peer-to-peer application schemas can be used to resolve the mobile commerce problems and to construct new mobile commerce applications. The mobile phone became a mass media channel when the rst ringtones were sold to mobile phones by Radiolinja in Finland. Soon other media content appeared such as news, videogames, horoscopes, TV content and advertising. The total value of mobile phone paid media content exceeded Internet paid media content and was worth billion dollars. But still there are problems in media distribution mobile commerce, e.g., how to efciently control illegal media distribution in mobile commerce is one of the key problems. Generally speaking, mobile commerce belongs to e-commerce. And nowadays, secure media transmission and distribution are very important applications in ecommerce [2], such as video, audio or picture content, especially in mobile commerce, its transmitted anytime and anywhere. Digital content transmission can lower the cost of commerce and decrease the transport time compared with delivering the physical digital content. Peer-to-Peer technology supports direct le sharing among peers, is an easy way for anyone to provide content, for content seekers to discover the latest content, and for network provider to reduce the distribution cost. For these properties, it is now widely used in le downloading, music sharing, video sharing or network gaming especially in commerce applications. However, P2P is infamous for copyright infringement, and makes P2P rights managements establishment more and more urgent [3]. It is one of the key problems in P2P commerce applications. There are some DRM systems [46], but most of them are applicable only to traditional server-client based networks. P2P suitable DRM systems [711] can be categorized into four types, i.e., server-client based architecture, distributed architecture, semi-distributed architecture and super-node based architecture. In server-client based architecture, P2P networks are used only as the channels of content distribution, while all the licenses are issued by the DRM server. With the rise of peers, the DRM servers loading will be increased greatly, which cause bottleneck of the service. In distributed architecture, most of the DRM functions are implemented by the peer node except the license issuing of peer nodes. The DRM servers loading

Service and P2P based secure media sharing in mobile commerce

93

is greatly reduced, while the security cannot be conrmed. Such function as content ow monitoring or license issuing control still depends on the server, and the network is not sable when some peer nodes leave the network. In semi-distributed architecture, the structure is similar to the distributed architecture with only a difference that the functionality of user authentication is implemented by the DRM server. This scheme improves the security of the system. However, the DRM server is required to provide secure services. In the super-node based architecture, no DRM server is needed, and all peer nodes can issue a license. In practical, the super node acts as a temporary DRM server to nd specic license issue-able peer nodes, and the found peer node can issue license to other nodes. It is reported that this architecture can support P2P networks scalability and distributed processing. In some applications, the customer can decrypt the media content, get the clear content from the displaying buffers or by camera capturing, and redistribute it to unauthorized customers. To resist this illegal action, only encryption is not enough to keep the DRM systems effective. Digital ngerprinting can be a good compensation. Digital ngerprinting [12, 13] is the technology to embed customer information into media content with watermarking algorithms [14]. Based on digital ngerprinting, different customer receives different media copy. Each media copy contains a unique code that identies the owner of the copy. Thus, if the media content is distributed illegally, the unique code can be used to trace the illegal distributors. Digital ngerprinting has been recommended by some DRM systems, such as OMA [4] and AACS [6]. Generally, where to embedding the ngerprint is a key point, which is in relation with the security and efciency. Till now, three types of scheme have been reported. The rst one embeds ngerprint at the server side, the second one embeds ngerprint in the routers [15], and the third one embeds ngerprint at the customer side [1618]. In the rst scheme, the servers loading is increased greatly with the rise of customer number. In the second scheme, whether the router is secure should be conrmed. In the third scheme, the ngerprint should be embedded in a secure way in order to avoid that the customer steals the clear media content. Generally, the ngerprinting operation is combined with the encryption/decryption operations [1926]. P2P network is different from traditional networks. The typical difference is that there are few servers in a P2P network. Additionally, the peer nodes are often of versatile capability. Due to P2P networks property, it is more suitable to embed the ngerprint in peer nodes, that is, at the customer side. According to this case, the secure ngerprint embedding scheme needs to be investigated. In this paper, we propose a secure media distribution scheme suitable for P2P mobile commerce applications based on joint decryption operation, and analyze the mobile commerce application architectures of the scheme. In the proposed scheme, the sender peer encrypts and distributes the media content, and the receiver peer uses the decryption key together with his peer ID to decrypt media content. For media content is decrypted and ngerprinted at the same time, which avoids the leakage of clear media content and keeps secure in practice. The ngerprint can be extracted from the decrypted media content and used to trace the distributor. The rest of the paper is arranged as follows. In Sect. 2, the secure media distribution scheme based on joint decryption is presented. The web services technology and classied architectures of service and P2P based secure media distribution in mobile commerce environments

94

X. Chen, S. Lian

are presented and discussed in Sect. 3. Finally, future work is given, and some conclusions are drawn in Sect. 4. 2 The proposed distribution scheme We present a secure distribution scheme suitable for all the existing DRM systems and for mobile commerce application environments. For simplicity, the super-node based DRM architecture [10] is taken for an example, and the secure distribution scheme based on it was presented in detail. 2.1 Super-node based DRM architecture In the super-node based DRM architecture shown in Fig. 1. Peer A is selected by Super node as an issue-able node, and Peer B applies the media content stored in Peer A. The process is composed of the following steps: (1) Peer A registers the content and license in Super node, (2) Peer B applies the content stored in Peer A from Super node, (3) Super node tells Peer B that the content is stored in Peer A, (4) Peer B gets the license and content from Peer A, and (5) Peer B decrypts the content with the license, and watches the content under the licensed condition. 2.2 The proposed secure distribution scheme In the proposed secure distribution scheme, the traditional decryption operation is replaced by joint decryption operation, as shown in Fig. 2. Here, the media content P is decrypted under the control of both the key and the ngerprint F. F is the unique peer ID. In practice, different peer nodes may receive the same K in the license, while they have different peer ID. Thus, the decrypted copy P is different from each other, from which, the unique peer ID can be extracted and used to trace the receiver. 3 P2P based secure media service in mobile commerce environment With the increasing depth on the application of e-commerce, people proposed higher demands on how to access the information and e-commerce services more directly
Fig. 1 Super-node based DRM architecture

Service and P2P based secure media sharing in mobile commerce

95

Fig. 2 The proposed secure distribution scheme

and conveniently. Mobility has gradually got established as a crucial success factor for both business and the communications industry and has penetrated the lives of millions. Four popular features about mobility are the existence of third generation standards that eliminate bandwidth and latency constraints and network heterogeneity, second generation mobile devices that eliminate the need for scaling-down and customization of multimedia content to suit palmtops, e-readers etc., rst generation mobile data networks that are not scale-down versions of the web, mobile applications especially for mobile-commerce. P2P networks have recently gained much attention due to its advantageous features of decentralized administration, load balancing, fault tolerance, and recovery. Using hopping technologies, peers that are out of range of the peers they wish to communicate with can hop through other peers to reach their destination through either wired or wireless networks. This greatly extends overall communication range and provides countless conveniences for mobile users. With these valuable features, P2P networks serve as an ideal communication infrastructure for massive media content distribution over mobile and wired networks. The mobile devices with the advantage feature of convenient, fast, and largecapacity data transmission make the mobile commerce market with tremendous potential. Peer-to-Peer information sharing in such environments presents a tremendous opportunity for people and mobile devices to exchange information such as pictures, audios and videos with peers. People can use mobile devices to capture or to record some interesting or important things at any place and at any time, then to upload the content to the Internet with mobile network supporting. Other people who are interested in the new reports and want to get the information immediately can get the pictures, audio and videos through their mobile devices and the support of the mobile network. They certainly should pay for them if the information has knowledge rights. The proposed secure scheme can be applied to mobile commerce applications by services technology and 3G network supporting. We proposed two application modes according to the mobile devices functions, one for the function limited mobile devices and the other for the function extended mobile devices. In the following content, we rst introduce the web services technology for mobile services and then present the application structure in the two modes.

96

X. Chen, S. Lian

3.1 Web services technology for mobile services Web services can be dened as follows, a program component which can be called by standard web protocols. One web service just likes an application program logic cell; it provides service and data for remote clients and other application programs. Remote clients and application programs access web services through Internet protocol and mobile network protocol, use XML to describe main data and use SOAP (Simple Object Access Protocol) to call web services. Because of using XML and SOAP, access to web services is separated with services realization, so web service supporting relax coupling and non-coupling distributed systems, and this can make sub systems running in different platforms to collaborate with each other forming a whole system. Web service application is the bridge between different platforms. The web service paradigm is a promising technology for developing applications in open, distributed and heterogeneous environments [27]. The proliferation of this technology has coincided with signicant advances in the hardware and software capabilities of mobile devices. Due to the great benets that come with the web service technology, such as interoperability, dynamic service discovery and reusability, there is a strong interest in making mobile devices capable of providing and consuming web services over wireless networks. In service and P2P based Secure Media distribution application in mobile commerce environment, the encryption and joint decryption processes can be realized by web services provided by some online e-commerce sites. The unique peer ID will be the mobile commerce users unique ID, such as mobile phone number. The key, the unique peer ID and the digital content will be the parameters of the invoked web services. 3.2 Secure media distribution in mobile devices with limited functionalities In such environment, the information process abilities of the processors in mobile devices are not strong enough to process the encryption and decryption of the media. They can only transmit the content. There should be a portal website for mobile devices to connect and upload the content. The portal website will take the super node action. When the media content, key and the providers unique peer ID (such as the mobile phone number) have been uploaded by web services invoking, the portal website will provide the encryption and services. Other mobile devices can connect the portal website and search for the media content. If other mobile devices want to get some media, it also should provide the mobile phone number as the unique peer ID and invoke the web service interface provided by the portal website. After the portal website has got the peer ID from the parameter of the web method, it will send the mobile payment process to the peer. After the payment process completing, the portal website will begin the decryption process with the consumers mobile phone number as the unique peer ID and the license provided by the provider, then the decrypted content will be sent to the mobile device. The disadvantage is that there is the possibility of the media content leaked in the wireless transmission process, for the user terminals limitation. The structure of the secure media distribution application in mobile devices function limited environment is shown in Fig. 3. In the environment, if the peer is not function limited mobile devices, such as the personal computer, the mobile commerce media services portal will not invoke the

Service and P2P based secure media sharing in mobile commerce

97

Fig. 3 Structure of the secure media distribution application in mobile devices function limited environment

web service to decrypt the content, but just send the encrypted content and license to the peer (such as peer N in Fig. 3). The application server also can be invoked through Internet, thus the super node in the network can take the application servers role and provide the web services for media content encryption, decryption and licenses generating. 3.3 Secure media distribution in mobile devices with extensible functionalities With the development of the processors and the mobile devices, mobile phones often have beyond sending text messages and making voice calls, including call registers, GPS navigation, music and video playback, RDS radio receiver, alarms, memo and document recording, personal organiser and personal digital assistant functions, ability to watch streaming video or download video for later viewing, video calling, with autofocus and ash, ringtones, games, PTT, USB, infrared, Bluetooth and WiFi connectivity, instant messaging, Internet e-mail and browsing and soon will also serve as a personal computer. Mobile phones also include a touchscreen and stronger processor, with these users can do a lot of complex processes through mobile phones. Intelligent mobile phones are just like personal computers. In Such environment, the information process abilities of the processors in mobile devices are strong enough to process the encryption and decryption of the media. Thus, the application mode is the same as the schema presented in Sect. 2. Every mobile device can be as the computer to complete the media content encryption,

98

X. Chen, S. Lian

Fig. 4 Structure of the secure media distribution application in mobile devices function extended environment

transmission and decryption. Even with the development of the mobile devices, some mobile phone can be the super node in the application, and then it is the fully mobile peer to peer commerce application. If the mobile device can not be the super node, the structure of the secure media distribution application in mobile devices function extended environment is shown in Fig. 4. If the mobile device can not take the super node role, then there still need the super node in the Internet to provide for the registration and media search services, or there should be a portal website for mobile devices to register and search media content. If the mobile device can take as the super node in the future, the structure will be as shown in Fig. 5. Figure 5 shows the mobile application structure, the application structure is totally the same as the P2P application in Internet. The peers are all mobile devices, and the application is fully in wireless environment. In such environment, people can share the media content at any time, immediately, and at any place. Anyone who uploads the media content by mobile network, he does not need to be afraid of the illegal distribution the media content. By the mobile payment supporting, he can get the pay or credits the media content worth. It will be the efcient application mode in the near future.

4 Conclusions and discussions In this paper, a joint decryption operation is proposed to construct the secure media content distribution scheme suitable for mobile commerce digital content transfer

Service and P2P based secure media sharing in mobile commerce

99

Fig. 5 Structure of the secure media distribution application in mobile devices function extended environment (with the mobile device as the super node)

applications. In super-node based architecture, the joint decryption operation is presented to decrypt and ngerprint media content under the control of the decryption key and peer ID. The decryption and ngerprint embedding processes are implemented simultaneously, which avoids the leakage of media content. The encrypted media content is too chaotic to be understood, the ngerprint in the decrypted media content is imperceptible. Additionally, the scheme can be implanted in other DRM architectures. These properties make the scheme a potential choice for secure content distribution in mobile commerce applications. Compared with existing DRM functions, only the joint decryption operation is introduced to replace the traditional decryption operation. And the peer ID is used to control the joint decryption operation besides the decryption key. Thus, it is easy to be implemented in the peer node. In Sect. 2, the secure distribution scheme in super-node based architecture is proposed. In fact, the joint decryption operation can also be introduced to other P2P DRM architectures, such as server-client based architecture, distributed architecture and semi-distributed architecture. Thus, the proposed scheme is compliant with existing P2P DRM architectures. The schemes robustness against other operations and some new joint decryption operations will be investigated in future work, also the secure scheme for software distribution in mobile commerce applications will be researched for its different features. The proposed secure scheme can be applied to mobile commerce applications by services technology, peer-to-peer technology and 3G network supporting. The encryption and joint decryption processes can be realized by web services provided by some online portal commerce websites. The unique peer ID will be the mobile commerce users unique ID, such as mobile phone number. The key, the unique peer ID

100

X. Chen, S. Lian

and the media content will be the parameters of the invoked web services. The application methods and structures have been investigated and discussed in the paper. Some concerns in the proposed application mode, such as the privacy and anonymity issues of content consumers and he privacy problems in the schema will be investigated in the future. Along with the security problems resolved, it will lay down the foundations for future service based mobile commerce applications development in P2P networks and other commerce applications. The next evolution that recently was released is the 4th generation, also known as Beyond 3G in the literature, with the aim to offer broadband wireless access with nominal data rates of 100 M/s to fast moving devices, and 1 G/s to stationary devices dened by the ITU-R [28]. A 4G system would be a complete replacement for current network infrastructure and is expected to be able to provide a comprehensive and secure IP solution where voice, data, and streamed multimedia can be given to users on a Anytime, Anywhere basis, and at much higher data rates than previous generations. At this level the schema proposed in the paper will be fully applied.

References
1. Milojicic, D. S., Kalogeraki, V., Lukose, R., et al. (2002). Peer-to-Peer computing (Technical Report HPL-2002-57). HP Labs. 2. Padmavathi, G., & Annadurai, S. (2006). A security framework for content-based publishsubscribe system. Electronic Commerce Research and Applications, 5(1), 7890. 3. Oram, A., et al. (2001). Peer to peer: harnessing the benets of a disruptive technology. Sebastopol: OReilly & Associates. 4. OMA. Open Mobile Alliance Specication Version 2.0. http://www.openmobilealliance.org. 5. ISMA (2005). Internet Streaming Media Alliance Implementation Specication 2.0. http://www. isma.tv. 6. AACS (2004). Advanced Access Content System (AACS) technical overview. http://www. aacsla.com. 7. Iwata, T., Abe, T., Ueda, K., & Sunaga, H. (2003). A DRM system suitable for P2P content delivery and the study on its implementation. In Proceedings of the 9th Asia-Pacic conference on communications (APCC) (Vol. 2, pp. 806811). 8. Kwok, S. H., & Lui, S. M. (2001). A license management model to support B2C and C2C music sharing. In Proceedings international WWW conference, Hong-Kong (pp. 136137). 9. Kalker, T., Epema, D. H. J., Hartel, P. H., Lagendijk, R. L., & Vansteen, M. (2004). Music2Share copyright-compliant music sharing in P2P systems. In Proceedings of the IEEE (pp. 961970). 10. Sung, J. Y., Jeong, J. Y., & Yoon, K. S. (2006). DRM enabled P2P architecture. In Proceedings of the 8th international conference of advanced communication technology (ICACT) (Vol. 1, pp. 487490). 11. Zhang, Y., Yuan, C., & Zhong, Y. Z. (2007). Implementing DRM over Peer-to-Peer networks with broadcast encryption. In Lecture notes in computer science: Vol. 4810. Proceedings of the 8th Pacic Rim conference on multimedia (PCM) (pp. 236245). Berlin: Springer. 12. Wu, M., Trappe, W., Wang, Z. J., & Liu, K. J. R. (2004). Collusion resistant multimedia ngerprinting: a unied framework. In Security, steganography, and watermarking of multimedia contents (Vol. 5306, pp. 748759). 13. Kundur, D., & Karthik, K. (2004). Video ngerprinting and encryption principles for digital rights management. Proceedings of the IEEE, 92(6), 918932. 14. Cox, I. J., Miller, M. L., & Bloom, J. A. (2002). Digital watermarking. San Mateo: Morgan Kaufmann. 15. Brown, I., Perkins, C., & Crowcroft, J. (1999). Watercasting: distributed watermarking of multicast media. In Lecture notes in computer science: Vol. 1736. Proceedings of international workshop on networked group communication (pp. 286300). Berlin: Springer. 16. Lian, S., & Chen, X. Lightweight secure multimedia distribution based on homomorphic operations. Telecommunications System. doi:10.1007/s11235-010-9367-2.

Service and P2P based secure media sharing in mobile commerce

101

17. Lian, S., Liu, Z., Ren, Z., & Wang, H. (2006). Secure distribution scheme for compressed data streams. In Proceedings of 2006 IEEE conference on image processing (ICIP 2006) (pp. 19531956). 18. Lian, S., & Chen, X. (2010). Secure and traceable multimedia distribution for convergent mobile TV services. Computer Communications, 33(14), 16641673. 19. Lian, S., Kanellopoulos, D., & Ruffo, G. (2009). Recent advances in multimedia information system security. Informatica, 33(1), 324. 20. Lian, S., Liu, Z., Ren, Z., & Wang, H. (2007). Commutative encryption and watermarking in compressed video data. IEEE Transactions on Circuits and Systems for Video Technology, 17(6), 774778. 21. Lian, S., & Wang, Z. (2008). Collusion-traceable secure multimedia distribution based on controllable modulation. IEEE Transactions on Circuits and Systems for Video Technology, 18(10), 14621467. 22. Lian, S. (2008). Digital rights management for the home TV based on scalable video coding. IEEE Transactions on Consumer Electronics, 54(3), 12871293. 23. Lian, S., & Liu, Z. (2008). Secure media content distribution based on the improved set-top box in IPTV. IEEE Transactions on Consumer Electronics, 54(2), 560566. 24. Lian, S. (2008). Multimedia content encryption: techniques and applications. London: Auerbach Publication, Taylor & Francis Group. 25. Lian, S., & Zhang, Y. (2009). Handbook of research on secure multimedia distribution. IGI Global (formerly Idea Group, Inc), March 2009. 26. Lian, S., Chen, G., Cheung, A., & Wang, Z. (2004). A chaotic-neural-network based encryption algorithm for JPEG2000 encoded images. In Lecture notes in computer science: Vol. 3174. International symposium on neural network (ISNN2004), Dalian, China, May 2004 (pp. 627632). Berlin: Springer. 27. Pilioura, T., Tsalgatidou, A., & Hadjiefthymiades, S. (2003). Scenarios of using web services in mcommerce. ACM SIGecom Exchanges, 3(4), 2836. 28. Kim, Y. K., & Ramjee, P. (2006). 4G roadmap and emerging communication technologies (pp. 12 13). Norwood: Artech House.

Xi Chen received Ph.D. from Nanjing University of Science and Technology, China. He is an associate professor in Management School of Nanjing University and a visiting scholar of University of Washington. He authors more than 50 refereed journal/international conference papers and chapters. He authored the book The theory of enterprise resource planning. He got the Best Paper Awards from Chinese Academy of System Simulation. He is the project chief of National Science Foundation and National Ministry of Education Science Foundation. His research interests include service science, E-Commerce security, information management and data authentication. He is a member of some Technical Committees, the technical committee chair and organization committee chair of refereed conferences/workshops, the peer review expert of NSFC. He is on the editor board of several international journals, and reviewer of some refereed international journals and conferences. Shiguo Lian got his Ph.D. from Nanjing University of Science and Technology, China. He was a research assistant in City University of Hong Kong in 2004. Since July 2005, he has been a Research Scientist with France Telecom R&D (Orange Labs) Beijing. He is the author or co-author of more than 80 refereed international journal and conference papers covering topics of secure multimedia communication, intelligent multimedia services, and ubiquitous communication. He is a member of IEEE Communications & Information Security Technical Committee, IEEE Multimedia Communications Technical Committee, and IEEE Technical Committee on Nonlinear Circuits and Systems. He is on the editor board of several international journals. He is the guest editor of more than 10 international journals. He is in the organization committee or the TPC member of refereed conferences. He is also the reviewer of refereed international magazines and journals.