Digital Rights Management (DRM) refers to access control technologies used to protect the rights of copyright holders. DRM systems establish rights for content, manage the distribution of content, and control what consumers can do with content. A DRM system defines three main entities - the user, content, and usage rights - and the relationships between them. Key components of DRM systems include secure containers, rights expressions, content identification systems, user and organization identification, authentication, watermarking, event reporting, and payment systems. There are various technical challenges in developing effective and worthwhile DRM systems.
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
DRM TITLE MANAGEMENT
1. Digital Rights Management
Chapter 1: Technological Aspects
1. Overview
1.1 Intellectual Property
The term “property” is subject to diverse interpretations. Property in the legal sense, is essentially a bundle of
rights flowing from the concepts of ownership and possession.1 While most of them have material existence,
the value of property depends on the knowledge of use associated with it.
“Intellectual Property” is the property created by the intellect of human mind such as musical, literary, and
artistic works; inventions; and symbols, names, images, and designs used in commerce.2 Unlike other forms
of property, intellectual property is a nonphysical property which stems from, or is identified as, and whose
value is based upon some idea(s).
Intellectual Property (IP) insists on some amount of novelty/originality to gain protection. The degree of
newness, be it novelty or originality differs from one system to another and hence is subjective. What is
protected with respect to intellectual property is the use or value of ideas/expressed ideas.
1.2 Intellectual Property Rights
Intellectual Property Rights (IPRs) such as copyrights, patents, trade marks, industrial designs and trade
secrets provide the legal protection upon which authors, inventors, firms and others rely to protect their
creations, for a limited duration of time.
Today’s digital technologies allow perfect, inexpensive and unlimited copying and dissemination of content –
legal or otherwise. IPRs which work in the digital era are essential to both the creative sector and the overall
development of the Information Society.
2. Digital Rights Management
2.1 Introduction
quot;Digital Rightsquot; is indicative of the freedom of individuals to perform actions involving the use of a computer,
any electronic device, or a communications network.3 The term is particularly related to a set of actions which
would normally be permitted in accordance with the rights of individuals as they exist in any other aspect of
life, but which have been impacted by a change to digital technology.
Digital Rights Management or DRM refers to access control technologies used to protect rights of publishers
and copyright holders from illegal usage of digital works or devices.4 DRM is often described as a type of
server software developed to enable secure distribution and perhaps more importantly, to disable illegal
distribution of copyrighted material.5
DRM poses one of the greatest challenges for content communities in this digital age. Traditional rights
management of physical materials benefited from the materials' physicality as this provided some barrier to
unauthorized exploitation of content. However, today we already see serious breaches of copyright law
because of the ease with which digital files can be copied and transmitted.
Previously, Digital Rights Management (DRM) focused on security and encryption as a means of solving the
issue of unauthorized copying, that is, lock the content and limit its distribution to only those who pay. This
was the first-generation of DRM, and it represented a substantial narrowing of the real and broader
capabilities of DRM. The second-generation of DRM covers the description, identification, trading, protection,
2. monitoring and tracking of all forms of rights usages over both tangible and intangible assets including
management of rights holder’s relationships.
2.2 Trading Perspective
The management activities involve entities engaged in the creation of the assets and focus on management
of digital rights. Rights holder needs to identify their content and then collect metadata for the content, so that
potential customers can find it. After this, rights holders assert what rights they have in the content and what
rights will ensure maximization of the business model prepared thereafter for distribution of their assets.
The second part of DRM is about digitally managing of rights or enforcing exploitation rules as determined by
rights holder. This aspect of DRM focuses on building technologies to prevent illegal distribution and to some
extent monitoring the usage of the digital assets ensuring fair-use for the legitimate owners.
DRM
Management Enforcement
Identify Content Distribute Content
Describe Content Usage of Content
Assert Rights Monitor Usage
Make Business Model Initiate Payment
Figure 1: Trading perspective of Digital Rights Management
It is important to note that DRM is the quot;digital management of rightsquot; and not the quot;management of digital
rightsquot;, that is, DRM manages all rights, not only the rights applicable to permissions over digital content. In
short, DRM includes everything that someone does with content in order to trade it.
3. Information Architecture
3.1 Entity Relationship Model
The Information Architecture deals with how the entities are modeled in the overall DRM framework and their
relationships. Any digital rights management scheme operates on three levels:
Establishing rights for a piece of content,
Managing the distribution of that content, and
Controlling what a consumer can do with that content once it has been distributed.
3. In order to accomplish these levels of control, a DRM program has to effectively define and describe three
entities -- the user, the content and the usage rights -- and the relationship between them.
Rights
Own Over
Users Content
Create/Use
Figure 2: Entity Relationship Diagram of DRM
This model implies that any metadata about the three entities needs to include a mechanism to relate the
entities to each other.
4. Components of DRM Systems
The DRM systems have to fulfill a variety of independent but interrelated tasks. For each of the tasks, a
variety of tools exists as described:
4.1 Secure Containers
They make content inaccessible to those users that are not authorized to access the content. These
containers mainly rely on cryptographic algorithms such as DES or AES. Eg. InterTrust’s DigiFile, and
Microsoft’s file format for ebooks, etc.
4.2 Rights Expressions
The Rights entity allows expressions to be made about the allowable permissions, constraints, obligations,
and any other rights-related information about Users and Content. Hence, the Rights entity is critical because
it represents the expressiveness of the language that will be used to inform the rights metadata.
Such rights expressions are formed either using simple rights expression flags or complex Open Digital
Rights Language (ODRL) in conjunction with its Rights Data Dictionary.
4.3 Content Identification and Description System
They help uniquely identify the content (eg. International Standard Book Number) and associate descriptive
metadata with the content.
Some popular identification systems are the ISBN for books, ISRC for recordings, ISAN for audio-visual
material and Digital Object Identifiers or DOI, which is a generic content identification system.
4. Unique Certification
Number Authority
Issuer
Creation
Description
Check
Authorization of
Check
Media Distributor
Purchaser
Check
Identity
Distributor
Unique
ID
Number
Creation Media
Creation
Creation Creation
Creator Purchaser
Provider Distributor
Assignment Value Current IPR Info
Of Rights Rights
Appl. Holder
for
License
Log
Value Value
Rights IPR Monitoring
Service
Holder Database
IPR Info
Provider
Figure 3: Relationship Model for the Content Value Chain
4.4 Identification of People and Organization
Not only does a rights owner need to associate a claim of ownership with the content but also the consumer
will need to be uniquely identified. Such user identification systems are a prerequisite for DRM systems to be
able to limit content access to legitimate users.
4.5 Authentication Systems
The DRM requires algorithms to authenticate the person or organization that wants to interact with any
content. This function will involve cryptographic algorithms and may need an agency that issues electronic
certificates often referred as “Trusted Third Party” or TTP.
The TTP fulfills the authentication needs at various levels in the DRM system. Some examples are:
Device needs to authenticate themselves to the services they communicate with,
Within the DRM system, different components need to establish a secure and authenticated channel
amongst themselves.
4.6 Watermarking and Fingerprinting
These set of technologies, often referred as forensic technologies, are related to identification of content.
5. 4.7 Event Reporting
A mechanism to report events such as the purchase of a piece of content is important to allow event-based
payments to be processed. These event-based payments are examples of new business models that DRM
can enable.
4.8 Payment Systems
The systems that enable the monetary transactions need to be a part of the secure and trusted system in
order for the system to operate.
5. Evaluation Criteria for DRM Systems
The various members of the content value chain have different priorities as to what is important to them in a
content distribution system. However, all have different interests and priorities in each of the following eight
criteria: (1) how user-friendly is the system, (2) how trustworthy, (3) secure and (4) extensible is the system,
(5) how can it be implemented, (6) how open is the system, (7) does it interoperate with other systems, and
finally, (8) what would be the cost of implementing such technology?
6. Conclusion
This paper provides an overview of the technical issues surrounding DRM and lists a variety of technologies
that are needed to address several crucial aspects of digital content distribution.
We have not yet found the right business models and service offerings to make a DRM system worthwhile.
Clearly this does not mean that DRM Technologies will not find their place in a digital commerce environment,
it just means that there is still a lot to do.
7. References
1. [Property] “Basic Principles and Acquisition of Intellectual Property Rights” by Dr. T. Ramakrishna
2. [Intellectual Property] “Basic Principles and Acquisition of Intellectual Property Rights” by Dr. T.
Ramakrishna
3. [Digital Rights] http://en.wikipedia.org/wiki/Digital_rights
4. [DRM definition] http://en.wikipedia.org/wiki/Digital_rights_management
5. [DRM definition] http://searchcio.techtarget.com/sDefinition/0,,sid182_gci493373,00.html
6. Coyle, Karen quot;The Technology of Rights: Digital Rights
Managementquot;. http://www.kcoyle.net/drm_basics1.html
7. Rump, Niels “Technical Aspects of
DRM”. http://books.google.com/books?id=YtbCWtob0qgC&dq=digital+rights&source=gbs_summary_s&cad=
0
8. Iannella, Renato quot;Digital Rights Management Architecturesquot; D-Lib Magazine.
http://www.dlib.org/dlib/june01/iannella/06iannella.html
9. quot;Digital Rights Management and Librariesquot; American Library Association.
http://www.ala.org/ala/washoff/WOissues/copyrightb/digitalrights/digitalrightsmanagement.htm
10. quot;What Does DRM Really Mean?quot; PC Magazine. http://www.pcmag.com/article2/0,4149,942369,00.asp
11. “Digital Rights Management: The Skeptic’s View”. http://www.eff.org/wp/digital-rights-management-
skeptics-view