How to protect WRT widgets with OMA DRM 1.0
This ease of use and speed of application delivery is generating new streams of revenue for advertisers keen to display there products on smartphones. In many cases the developer is being paid by the customer to develop the application and the customer is hoping viral marketing will send this demonstration of the companies product onto other people via bluetooth or SMS.
For the developer who is hoping to sell his application directly to customers over the internet the limitation to one mobile phone is very important.
The protection of WRT widgets is the subject of this article. Recently an article has been written How to package Flash content in a Widget this is was an inspired article because this solved the major problem of starting the FlashLite player to display content in smartphones.
Putting protection on WRT packages
The commonly asked questions are:-
- Does Nokia supply free products to protect these packages ?
Yes, they supply the Nokia Mobile Toolkit 4.1, this provides Digital Rights Management to OMA standard 1.0
- This sounds complex. Will changes be need to application packages to implement this ?
No changes are needed to the application package. The package is encrypted with a layer which can be read by Nokia smartphones during install.
- Can the encrypted package be broken into?
Any form of security package can eventually be broken into. What security packages hope to achieve is to make this sufficently difficult to stop the casual users from copying the application compared to the price to buy the application. The fact that decryption takes place in the phone make the application more secure.
Further to this a DRM header is applied telling the Nokia phone not to allow Forward or onward transmission to other mobile phone, by bluetooth or SMS. If this pakage is somehow sent to another phone via bluetooth, the phone will refuse to load this as this header prevents install.
The Option 1 of the above article supplies demo files to test this form of protection.
Installing NMIT 4.1
Firstly Before you start to install the program on the same download page "request a licence" by selecting toolkit licence which will be sent to your registered email account.
The installation of Nokia NMT 4.1.
When you have got your licence you can start installing, with Using Nokia SDKs and Tools on Windows Vista you must right click on the install package and select "Run as Administrator". When requested enter you Nokia Developer Username and the product licence by copy and past from the licence email you hve received. Store the email safely in case you need to install the application again.
Using NMIT 4.1 to secure the WRT .wgz package
Open the NMIT from the Nokia Developer Tools on the Start bar of Windows. There is an excellent article How to protect Flash Lite content with OMA DRM 1.0 and this shows how to protect with DRM.
In Step 4 on this guide the Flash file is used. In this article MyFlashWidget.wgz from the article How to package Flash content in a widget is used and loaded into NMIT.
Content Type should be set to "application/x-nokia-widget".
Further up the screen click on "Content Header" and select "Base64". This encrypts the package using Nokia's own encryption, this is applied to the package before download. The Forward Lock is applied during download to the smartphone.
Now save the File using "Save as.." from the main file menu.
See the picture below
Testing the WRT package on a webserver
This article was developed and tested using a local webserver described in the article
This article would not have been possible without the work of the other Nokia Developer Champion's who have provided ideas and inspiration to write this article