Privacy Enabled Digital Rights Management Without Trusted Third Party Assumption

Digital rights management systems are required to provide security and accountability without violating the privacy of the entities involved. However, achieving privacy along with accountability in the same framework is hard as these attributes are mutually contradictory. Thus, most of the current digital rights management systems rely on trusted third parties to provide privacy to the entities involved. However, a trusted third party can become malicious and break the privacy protection of the entities in the system. Hence, in this paper, we propose a novel privacy preserving content distribution mechanism for digital rights management without relying on the trusted third party assumption. We use simple primitives such as blind decryption and one way hash chain to avoid the trusted third party assumption. We prove that our scheme is not prone to the “oracle problem” of the blind decryption mechanism. The proposed mechanism supports access control without degrading user´s privacy as well as allows revocation of even malicious users without violating their privacy.