Secure Software Lifecycle Professional – CSSLP – Question073

Which of the following is an example of over-the-air (OTA) provisioning in digital rights management?

A.
Use of shared secrets to initiate or rebuild trust.
B. Use of software to meet the deployment goals.
C. Use of concealment to avoid tampering attacks.
D. Use of device properties for unique identification.

Correct Answer: A

Explanation:

Explanation: Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites. MIDlet suite providers install their MIDlet suites on Web servers and provide a hypertext link for downloading. A user can use this link to download the MIDlet suite either through the Internet microbrowser or through WAP on his device. Over-the-air provisioning is required for end-to-end encryption or other security purposes in order to deliver copyrighted software to a mobile device. For example, use of shared secrets to initiate or rebuild trust. Answer: D and C are incorrect. The use of device properties for unique identification and the use of concealment to avoid tampering attacks are the security challenges in digital rights management (DRM). Answer: B is incorrect. The use of software and hardware to meet the deployment goals is a distracter.