For this assignment, add the ability to sell digital rights management (DRM)-protected electronic content, e.g., books or movies, to the sales platform for TheLargeRiver.com.
Start with the diagram on Slide 43 (“Final Configuration”). Your system design needs to support the following features:
- Customers can have up to 8 devices on which they can view their content
- This is stored content, not streaming—streaming content brings in an entirely different set of constraints.
- The content has to be encrypted to that user, and digitally signed by TheLargeRiver.com. You should assume that the cryptography works properly; I neither need nor want any details about that.
- Users may add and delete devices at any time, up to that limit. When a new device is successfully added, it should be able to view previously purchased content. Devices deleted from the account should have their access revoked.
- You may (and in fact should) assume that customers have to install TheLargeRiver-provided software on their device in order to view purchased content.
Your solution must address the following issues:
- What new resources, if any, need to be protected?
- What new components, if any, need to be added?
- What new information flows need to be added?
- Why is your design secure against these threats?
You may, if you wish, start by printing out my slide and drawing on it, but that's by no means required; every entity on that diagram has a unique name that you can refer to. (If anyone wishes, I'll send them the .pic file I used to draw that diagram, but I suspect that you'll end up spending more time playing with the formatting…)