Institute of Information Theories and Applications FOI ITHEA
The paper represents a verification of a previously developed conceptual model of security related
processes in DRM implementation. The applicability of established security requirements in practice is checked
as well by comparing these requirements to four real DRM implementations (Microsoft Media DRM, Apple's
iTunes, SunnComm Technologies’s MediaMax DRM and First4Internet’s XCP DRM). The exploited weaknesses
of these systems resulting from the violation of specific security requirements are explained and the possibilities
to avoid the attacks by implementing the requirements in designing step are discussed.