Enterprise Digital Right Management (E-DRM) scheme is a mechanism that protects the confidential information of an enterprise from illegal accesses. In 2008, Chen proposed an E-DRM scheme for mobile devices, and Chen's scheme has low computation costs so it is suitable for mobile environments. However, we find that Chen's scheme is insecure because the symmetric key can be easily computed by an attacker. In addition, tampering with the user's password cannot be discovered by the mobile user. Moreover, there are some redundant computations for user authentication in Chen's scheme. To overcome the above-mentioned flaws, we propose an efficient and reliable E-DRM scheme for mobile environments in this paper. In the proposed scheme, the symmetric key is protected by a one-way hash function so it cannot be directly computed by an attacker. In addition, tampering with the transmitted message can be detected by the mobile users in the proposed scheme. Besides, the proposed scheme has no redundant computation for user authentication. Therefore, the proposed scheme is more efficient and reliable than Chen's scheme.

• 出版日期2010-9
• 单位中国人民大学