1. Rights Technologies for
E-Publishing
November 8, 2012
Bill Rosenblatt
GiantSteps Media Technology Strategies
www.giantstepsmts.com
billr@giantstepsmts.com +1 212 956 1045
1
2. Outline
History of DRM
DRM Technology
DRM Economics
Cloud Readingg
Comparison with other media types
Forensic content protection technologies
IDPF EPUB LCP project update
2
4. What Is DRM?
Original definition: any system used to manage or
track rights to content.
Popular d fi iti technologies that
P l definition: t h l i th t use encryption ti
to protect digital content from unlicensed use on
users’ d i
’ devices.
4
5. Antecedents of DRM
1960s: digital encryption
1970s: physical media copy protection
Early 1980s: dongles
Late 1980s: software license management
g
1990s: CD-ROM copy protection
Late 1993: conference Technological Strategies for
Protecting Intellectual Property in the Networked
Multimedia Environment Washington DC
Environment,
5
6. Historical Development
Late 1990s: documents software
documents,
Late 1990s: digital conditional access (CA) for cable TV
Early 2000s: music
Early 2000s: “Enterprise Rights Management”
(corporate documents)
Mid-2000s: mobile music
Mid late 2000s: video downloads
Mid-late
Late 2000s: merging of DRM with CA for video
6
8. DRM Reference Architecture
Content Server Client
Content Package
Encryption
Content
Repository Content
DRM
Packager
1
Metadata
Product
Info
2
Financial DRM Rendering
Transaction Controller
9 Application
10
6
3
DRM
5 License 8 Encryption
Rights Generator Keys Identity
7 4 Rights
Encryption
Identities License
Keys
License Server
8
9. Typical Components
Content Server Client (user device)
– Repository of encrypted – DRM Controller
content (software/firmware)
License Server – Receives encrypted content
– Takes requests for usage – Requests licenses
licenses – Grants rights to users
g
– Authenticates identities
(user, device, or both)
– Issues licenses (small files)
containing decryption keys
9
10. DRMs in E-Publishing
Major Minor
MobiPocket DRM: Amazon Fictionwise Passhash:
Adobe Content Server: Nook
Nook, Kobo, Google Books, Microsoft PlayReady: Blio
Sony Reader, Numilog, Kobo Vox DRM: Kobo Vox
many others Marlin: Sony Reader Japan
FairPlay: Apple iOS
y pp
FileOpen: various
publishers’ sites
10
12. Economics of DRM
Publishers demand it but (usually) don’t pay for it
don t
Retailers and device makers control designs
Very few successful standalone DRM vendors
Retailers and device maker use DRM for “lock-in”
Interoperability and fair use suffer
Interoperable
“Interoperable” DRM (Adobe Content Server) not easy
for users
12
13. The Rights Technologies R&D Index
(GiantSteps research, 2010)
research
Rights technologies research output per country –
measured by number of articles in respected journals
GERD (Gross Expenditure on Research & Development)
(G E dit R h D l t)
– OECD statistic
Rights Technologies R&D Index is ratio of RT research
output to GERD
Measure is independent of size or wealth of country
13
15. R&D Survey Results
Reasons for Lack of R&D
RIAA Lawsuit
Threat
Other 6%
12% Topic
T i
Distasteful
12% Moved On to Other
Topics
6%
R&D Not Published
in Sci Journals No Grant Money
24% 12%
There’s no
Limited Money i it
M in
Commercialization 40%
Opportunities
28%
15
17. The Future?
Traditional
Content DRM File Downloads
Server
Connection Can Be Intermittent
Offline Reading
Cloud Reading
Content XML, Page Images
Server
Connection M t B C ti
C ti Must Be Continuous
17
18. Content Protection for Cloud Reading
XML Page Images
Send a screen at a time “Screen shot DRM”
(
(Safari Books Online, Send one page image at a time
Google Books) (Amazon “Look Inside”)
Send a chapter at a time Pirates must OCR pages
(Amazon Kindle Cloud Reader) images and assemble them
i d bl th
Pirates must assemble content
from components
p
18
20. DRM for Other Content: Music
Permanent internet downloads went DRM free in 2007
DRM-free
Permanent mobile downloads followed soon thereafter
DRM for physical media (CDs) a failure
On-demand streaming services (Spotify, Deezer)
g ( p y, )
– Stream encryption: data encrypted in transit to client
– “Offline listening mode”: DRM for locally cached files
20
21. DRM for Other Content: Video
Downloads all use DRM
– Whether purchase (permanent) or rental (temporary)
Physical media uses DRM
– CSS for DVDs
– AACS and BD+ for Blu-ray
Otherwise encrypted streaming
– Derived from Conditional Access (CA) for cable & satellite
Strongest content protection technologies found here
– Alignment of economic incentives
21
22. DRM for Other Content: Games
DRM ranges from very strong to none
– Gamers particularly adept at hacking
– Conversely “DRM Free” can be a selling point
Conversely, DRM Free
Motivations different from video
– Just need to minimize illegal sharing for first few weeks
– That’s where most of the revenue comes
22
24. Forensic Rights Technologies
(a/k/a Content Identification or Content Recognition)
Watermarking and fingerprinting
For network piracy monitoring schemes (HADOPI)
Do not prevent unlicensed use
Crawl Internet looking for copies of known content
g p
Provide evidence of unlicensed uploads and downloads
Block or monetize user uploads (YouTube)
24
25. E-Book “Watermarking”
Embedding data in “noise” portions of images
noise
Adding unprintable chars to text content
Inserting identifiers in e book
e-book
– Once, once per chapter, on every page
– Could be transaction ID, user ID, user’s real name, email address,
credit card number
Idea: if your personal info is in the file, would you still share
with your million b t f i d ?
ith illi best friends?
Easy to circumvent
Examples: Pottermore EPUB files, O’Reilly PDF downloads
25
26. E-Book “Fingerprinting”
Sophisticated pattern matching
Crawls web, finds instances of known content
Can look for context to see if use is licensed
(e.g. news wire stories on newspapers’ websites)
Examples: MarkMonitor/dTecNet, Attributor,
y
Irdeto/BayTSP
26
27. Watermarking vs. Fingerprinting Tradeoffs
Watermarking Fingerprinting
Content Changes Watermark must be embedded None required, can be used with
content “in the wild”
Process Insert watermark in every file on Compute fingerprint once for each
server and/or consumer device; content item and deposit in
detect later vendor’s master database; re-
compute later for lookup
Hacking risk Not very robust, easy to hack Nothing to hack
(unlike id / di
( lik video/audio watermarking)
t ki )
Data Storage Can store any data, up to capacity Cannot store any information;
limitations; files with same content identical content files compute
can have different watermarks identical fingerprints
Costs Spread throughout the digital Primarily fall on service providers
content value chain
27
29. IDPF EPUB LCP Project
Lightweight Content Protection standard for EPUB3
Address lack of interoperability in EPUB due to lack of DRM
standards
Attempt to create standard interoperable DRM that is attractive
to retailers & device makers
Trade off strong security for ease and low cost of
implementation
p
Take advantage of anticircumvention laws
Process: issue RFP for technology contributions
29
30. EPUB LCP Project Status
RFP published in July
Deadline extended to late September
Six complete proposals received
Evaluations to be presented to IDPF Board in early
p y
December
30
31. Complete Proposals Received
FileOpen – well established US vendor
well-established
Impervio – Canadian startup
Kobo – new proposed open standard
Marlin Developer Community (
p y (MDC) –
)
Marlin-derived spec
RHKS – Korean startup (from Random House Korea)
Sony DADC – Marlin-based technology
31