Apparatus and method for managing digital rights through hooking a kernel native API

摘要

Provided are an apparatus and method for managing digital rights. An agent unit manages application programs to which DRM is to be applied and rights to contents processed by the application programs to which DRM is to be applied, and encrypt and decrypt the contents processed by the application programs. A rights management unit authenticates a user and manages a user right to the contents processed by the application programs. A kernel API hooking unit monitors input/output of a file through hooking kernel native APIs, requests the rights management unit to verify the user right to the contents to be processed, and requests the agent unit to encrypt or decrypt the contents when the user right to the contents to be processed is verified.

主权项

1. An apparatus for managing digital rights, the apparatus comprising:
a computer hardware processor executing application modules, the application modules comprising:
an agent unit configured to manage application programs to which DRM is to be applied and a right to contents processed by the application programs to which DRM is to be applied and encrypt or decrypt the contents processed by the application programs to which DRM is to be applied;a rights management unit configured to authenticate a user and manage a user right to the contents processed by the application programs to which DRM is to be applied; anda kernel API hooking unit configured to monitor input/output of a file through hooking of kernel native APIs, request the rights management unit to verify a user right to contents to be processed when the contents are detected as being processed by the application programs to which DRM is to be applied, and request the agent unit to encrypt or decrypt the contents to be processed in response to verifying the user right to the contents to be processed, wherein the agent unit, the rights management unit, and the kernel API hooking unit are driven for each application program to which DRM is to be applied, and wherein the agent unit comprises:
a user policy management unit configured to change rights of a user or rights to contents on the basis of rights information received from the user or a management server managing DRM policies;a document rights management unit configured to manage a list of application programs to which DRM is to be applied and manage rights information for each document and each application program to which DRM is to be applied;an injection unit configured to monitor application programs running on an operating system and drive the agent unit, the rights management unit, and the kernel API hooking unit for each application program in response to running of the application program to which DRM is to be applied; andan encryption/decryption unit configured to encrypt or decrypt the contents and return the encrypted or decrypted contents to the kernel API hooking unit in response to the request for encryption or decryption of the contents from the kernel API hooking unit, wherein the agent unit and the rights management unit operate in a user level and the kernel API hooking unit operates in a kernel level.