From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

OMA DRM is a digital rights management (DRM) system invented by the Open Mobile Alliance, whose members represent mobile phone manufacturers (e.g. Nokia, LG, Motorola, Samsung, Sony-Ericsson, BenQ-Siemens), mobile system manufacturers (e.g. Ericsson, Siemens, Openwave), mobile phone network operators (e.g. Vodafone, O2, Cingular, Deutsche Telekom, Orange), and information technology companies (e.g. Microsoft, IBM, Sun). DRM provides a way for content creators to set enforced limits on the use and duplication of their content by customers. The system is implemented on many recent phones. To date, two versions of OMA DRM have been released: OMA DRM 1.0 and OMA DRM 2.0.

In order to ensure that all manufacturers' implementations of OMA DRM can work with each other, the Open Mobile Alliance provides specifications and test tools for OMA DRM.

The OMA DRM group is chaired by Sergey Seleznev (Samsung Electronics).


OMA DRM 1.0[edit]

OMA DRM version 1.0 was first drafted in November 2002, and approved in June 2004. It provides basic Digital Rights Management, without strong protection. The standard specifies three main methods: Forward Lock, Combined Delivery (combined rights object / media object), and Separate Delivery (separated rights object + encrypted media object). Forward Lock prevents the user from forwarding content such as ringtones and wallpapers on their phone.

The content can be distributed using HTTP or MMS.

OMA DRM 2.0[edit]

Version 2.0 was drafted in July 2004 and approved in March 2006. The primary new feature is the extension of DRM 1.0's Separate Delivery mechanism.

Each participating device in OMA DRM 2.0 has an individual DRM Public key infrastructure (PKI) certificate, with a public key and the corresponding private key. Each Rights Object (RO) is individually protected for one receiving device by encrypting it with the device public key. The RO in turn contains the key that is used to decrypt the media object. Delivery of Rights Objects requires a registration with the Rights Issuer (the entity distributing Rights Objects). During this registration, the device certificate is usually validated against a device blacklist by means of an Online Certificate Status Protocol (OCSP) verification. Thus, devices known to be hacked can be excluded once they try to register with an Rights Issuer in order to receive new Rights Objects so they can access the content.

OMA SRM 1.0[edit]

Started in September 2005 and approved in March 2009, the goal of the Secure Removable Media (SRM) Work Item is to define the protection and consumption of digital content and associated usage rights on an SRM. An SRM is a removable medium that implements means to protect against unauthorized access to its internal data, such as a secure memory card or smart card. The SRM Work Item does not stand alone; it extends the existing OMA DRM 2.0 specifications. While OMA DRM 2.0 defines a general framework for downloading Rights to devices and sharing Rights in a domain, the SRM Work Item defines mechanisms and protocols for the SRM. It extends OMA DRM version 2.0 or 2.1, allowing users to move Rights between devices and SRMs, and to consume Rights stored in SRMs without generating and managing complex groups of devices in a domain.

OMA SRM 1.1[edit]

Started in December 2008 and approved in June 2011, SRM 1.1 is an extension of SRM 1.0 introducing such functions as content license move between two SRMs, direct license provisioning to SRM and support for OMA Broadcasting (OMA BCAST) tokens. Latter allows to turn SRM into a secure electronic wallet capable to store credits that are used to subscribe to mobile broadcast and multicast services.

OMA SCE 1.0[edit]

OMA SCE 1.0 started in September 2005 and was approved in December 2008 as a Candidate enabler. The goal of Secure Content Exchange (SCE) is to extend OMA DRM v2.0, enabling seamless sharing of purchased content between multiple devices, including all the devices owned by a subscriber (phone, PC, home electronics system, car audio system, etc.) and the temporary sharing of content on any device that is in close proximity to the subscriber’s device (e.g., a television set at a friend’s house or in a hotel room while the user is travelling). Because there will be no single DRM system deployed across all these different devices, the SCE also enhances the interoperability between OMA and non-OMA DRM systems, by defining an Import function for OMA DRM.

Implementations and usage[edit]

OMA DRM 1.0 has been implemented in over 550 models of mobile phone. Many mobile operators[nb 1] use OMA DRM for their content services. The first OMA DRM 2.0 implementations were released in early 2005; implementations were installed on mobile phones by the end of 2005. Software implementations for personal computer and PDA clients are also available.

Most of the ringtones pre-installed on mobile phones have implemented DRM. Many commercial ringtone vendors who are not part of any mobile phone carrier do not bother with any form of DRM, perhaps because the number of ringtone vendors is huge, and people will choose to download unprotected ringtones if they can get them.[improper synthesis?] The record industry does not mandate that DRM be implemented on ringtones, unlike most digital music stores. Many ringtones are reverse-engineered by the ringtone provider themselves, so it is their choice whether to implement the DRM.

Since 2006, OMA has been working on DRM 2.0.1 and 2.1, and on new features such as SRM (Secure Removable Media) and SCE (Secure Content Exchange).[needs update]

Broadcast Services Security issues with DRM Profile[edit]

Broadcast services requirements being completely different from video-on-demand, the OMA BCAST Smartcard profile has been recommended by all the industries to be the unified standard used for Mobile TV broadcast.


Commercial OMA DRM providers include:

  • Authentec
  • castLabs mobile TV Service Delivery Platform
  • Discretix
  • Irdeto
  • Mutable OMA DRM
  • NDS
  • Philips
  • Saffron Digital
  • Viaccess

An open source solution for OMA DRM 2.0 is also available.[1]

Licensing format[edit]

The OMA DRM specification uses a profile of the Open Digital Rights Language for expressing its licenses.[2]

Determining that a file is OMA protected[edit]

Nokia Series 40[edit]

On Nokia Series 40 phones, an installed file with DRM will have its "Send" option greyed out in its options menu. If the user attempts to send such a file via MMS, a message stating "The file is copyright protected" will appear. A Bluetooth file transfer will fail if the user tries to extract the file using Bluetooth, yet the file will still appear as present, and will still be deletable via Bluetooth.

However, if the file (such as a music track) is received with separate delivery—the key is sent separately from the actual download of the file, and the file contains a license URL—it is possible to forward the file to other devices. Once the file is activated on the new device, it will prompt the user to access the URL embedded in the file, and give the user the option to acquire the key.


Some vendors implement broad DRM systems, restricting consumer rights beyond the scope documented by the OMA DRM standards. For example, some Nokia Symbian-based devices[nb 2] will completely refuse to send all files of certain types[nb 3] over Bluetooth. For these phones, this blocks sending of MIDI files, Java Applets, and Symbian programs regardless of whether or not they are protected by DRM. Such phones will refuse any attempts to send such files with the message "Unable to send protected objects" or a similar error. This prevents sending such content, even when the content license explicitly allows or even depends on redistribution.


  1. ^ e.g. Vodafone, SFR, Turkcell, Vivo, Orange)
  2. ^ at least the Nokia 6680 and 6681; possibly many others
  3. ^ *.mid, *.jar, *.jad and *.sis files

External links[edit]