DRM: The guardian and protector of digital media

Sun, 03/31/2002 - 7:00pm
David Iler, Contributing Editor

Digital Rights Management promises to make the ’Net safe for digital content distribution, while also expanding consumer choice in delivery devices

The brave, new world of digital media over the Internet is entering its second generation, with content owners learning the harsh lessons of outlaw distribution that characterized the first wave. The major lesson learned is that a powerful guardian and protector is essential for content owners to take advantage of the distribution capabilities of the Internet.

The acronym stamped on the chest of these cyborg guardians is DRM–for digital rights management.

DRM is not only the security blanket that can keep frightened record companies and movie executives sleeping well at night, but can unleash sophisticated marketing and wide distribution of content to consumers to enjoy on a number of devices, including personal computers, handheld devices and set-top boxes.

Talal Shamoon

‘The choice of DRM technology is more significant than
the choice of a streaming format’

–Talal Shamoon

"The choice of digital rights management [technology] is more significant than the choice of a streaming format," says Talal Shamoon, executive vice president of InterTrust Technologies Corp., a DRM company headquartered in Santa Clara, Calif.

The implications for the cable industry are significant, as local storage in set-top boxes and home networking connectivity may require an evolutionary step beyond today's conditional access systems, a fact beginning to resonate with the industry's engineers.

In a nutshell, DRM works by delivering to users encrypted files that can only be opened and executed once specific permissions and authorizations have been granted. Without them, the files cannot be accessed. A number of companies have emerged to address the IP-based DRM market, although through strong, sweeping technology and sheer weight of force, InterTrust and Microsoft Corp. have elbowed their way to the fore.

DRM dealmaker

InterTrust has been busy forging alliances with a variety of companies, and maintains "a very broad body of intellectual property in trusted computing," says Shamoon. The company holds 22 U.S. patents and has 90 patents pending worldwide.

Partners and licensees include AOL Time Warner Inc., Nokia Corp. (also an investor), Digital World Services (a subsidiary of Bertelsmann AG) and Pace Micro Technology plc, which in November, joined InterTrust in the development of DRM-enabled digital set-top boxes for broadband IP operators.

InterTrust has also enlisted digital asset management provider Artesia Technologies Inc., streaming and on-demand provider nCube Corp., customer management and billing developer Portal Software Inc., network infrastructure company SkyStream Networks Inc., MPEG-4 developer Inc. and Sun Microsystems Inc. as partners for what it calls the Rights|Alliance.

InterTrust is in the process of rolling out a new, second-generation platform, Rights|System, comprised of three components–Packagers, Servers and Clients–that runs on Sun's platform and is targeted to, among others, cable and satellite television providers.

In practice, the Rights|System Packager generates two files: the encrypted content file and a rights file, termed Rights|Pack. Metadata, or information that describes the content, and usage rules for the content, comprise the Rights|Pack. Offering some flexibility, new usage rules can be added after the content has been encrypted, without recalling the content file.

The encrypted content file is sent to the content distributor's Web server, while the rights file is shipped off to a Content Rights server, thereby physically separating the rights from the content itself.

Once a consumer purchases the content through the distributor's e-commerce system and the transaction has been approved, the Rights|System Authorization Generator sends an authorization to the consumer's device. The Rights|System software client uses the authorization to access the Rights|Pack–both the encrypted content and the usage rules. The user can then retrieve the content according to the rules described in Rights|Pack. Allowances can be made for the content to be transferred to devices other than the one that actually downloaded the content, such as a portable MP3 player.

"The technology is highly portable–we've ported it to multiple environments," says Shamoon. InterTrust has developed client software for personal computers, portable devices, mobile phones and set-top boxes.

Encrypted content files can also be distributed to other potential users. But to access the files, these users are directed to the distributor of the content where they can obtain rights to use it. In this way, providers can offer incentives to those who download the content through "tell-a-friend" promotions.

The PC client, says Shamoon, is actually a plug-in for media players made by Real Networks Inc. and Microsoft. InterTrust's association with Envivio, meanwhile, gives it a foothold in the emerging MPEG-4 media standard.

The Rights|Client software, says Shamoon, is a small, 100-kilobyte piece of firmware that was designed to be integrated into a set-top box "with no hardware requirements." The Rights|System servers, including the Authorization Generator, Content Rights Server and System Operations Server, are based on Sun's Java network technology.

The company has also developed two silicon DRM products: TrustChip and RightsChip. TrustChip is a micro-controller, more specifically, a Cirrus Logic Inc. Maverick semiconductor based on a secure hardware reference design. The RightsChip is essentially a smart card. To help proliferate its technology, InterTrust has also engineered software development kits for third-party application development.

Shamoon indicated that InterTrust is willing to integrate its platform and technologies into cable and/or satellite TV platforms, and is involved in discussions with unnamed service and technology providers.

Windows and DRM

As one would expect, Microsoft is a leading player in DRM technology, building Windows Media Rights Manager (WMRM) technology into its Windows Media Player, the streaming media player that's bundled with newer versions of the Windows operating system. WMRM works by creating "packaged media files" containing an encrypted media file that has been locked with a "key" ID and, optionally, additional information, such as the Web address of where the license may be acquired. An encrypted license, with the key, is distributed separately.

The packaged file is saved in Windows Media Audio (.wma) or Windows Media Video (.wmv) formats. The file can be distributed on the Web as a download, streamed from a media server or e-mailed or distributed on a compact disc. In this way, copy-protected files can be distributed, although licenses to play the content are not transferable.

A content provider selects a "license clearinghouse," which can be a server maintained by Microsoft or the provider. The server stores the specific rights conditions and business rules for the content and implements the WMRM license.

Consumers must first acquire a license key to unlock the file and play it. WMRM either directs the consumer to a registration page on the Web to provide payment, or "silently" retrieves a license and key from the clearinghouse server, depending on the business model employed for the content.

To execute the digital media file, consumers need a media player that supports WMRM, such as Windows Media Player. After obtaining the license, the consumer can play the file based on the rules/rights dictated by the license. That license can specify start times and expiration dates, duration of allowable play, number of times the content can be accessed, and rights to transfer the file to a CD recorder. With specific rights, consumers might also be allowed to play the content on a specific computer and/or copy it to a portable device.

Extending Windows DRM

Click image to enlarge
Click image to enlarge
Figure 2: When a user requests access to a digital asset from CinemaNow, the PatchBay middleware executes a series of commands to verify whether the user is permitted to view the content, and sets rules on how the user may access it before the content is delivered.
CinemaNow Inc. made a significant splash in February when it announced a partnership with MGM Home Entertainment to offer selected MGM movie titles on its Web site in streaming and downloadable formats.

CinemaNow has developed a middleware application called PatchBay which builds upon Windows DRM technology and extends its functionality to meet the needs of content owners like MGM. According to Brad Serling, chief technology officer for CinemaNow, PatchBay was developed because the company wanted to create its own toolset to manage distribution and rules to control the cost and availability of content.

For example, with PatchBay, CinemaNow can, depending on the requirements of its content partners, charge a different price for a movie accessed through than if it's accessed through the CinemaNow Web site. The platform can also account for availability and pricing of titles based on geographic territory, thus accommodating movie studios' often complex rights and distribution deals.

When a movie is downloaded on the CinemaNow site, the user is presented with a credit card screen and a payment request. The first time the user hits the "play" button on his Windows Media Player, the player "talks" to PatchBay, telling it that user "X" wants to watch the movie and requests a license. PatchBay then tells WMRM whether to issue a license.

"The key is, any time a request is made (to play a file), Windows Media Rights Manager has to issue a license," says Serling.

Importantly, PatchBay also works with CinemaNow's back-end systems by tracking several key data metrics, including specific title requests, user demographics and credit card approvals/declines. Through PatchBay, CinemaNow can also share revenue with content holders, as well as determine its own profitability based on sales and the costs of sending the files to users.

In this way, CinemaNow is leveraging WMRM by building an engine that stores pricing, reporting and tracking data.

"We've adapted Windows Rights Manager to the VOD world," says Serling. With WMRM, CinemaNow can "package content once and have all cost scenarios stored in PatchBay," he adds.

PatchBay resides on servers running Windows 2000 and the Microsoft SQL 2000 Enterprise Edition database application. Territorial rights information is managed by Digital Envoy's NetAcuity geographic-targeting technology running on a Linux server. CinemaNow has also integrated DoubleClick Inc.'s ad manager and VeriSign Inc.'s verification and payment collection services into the platform.

CinemaNow has licensed PatchBay to Walker Asia Entertainment Pte. Ltd., which will offer CinemaNow's video-on-demand services in Singapore, with additional sites expected to launch in Asia this year.

Other DRM technologies

DivXNetworks Inc., a broadband video distribution technology provider, has opted to build its own DRM scheme into its Open Video System, according to company co-founder and Director of Product Development Joe Bezdek.

He says that while many existing, off-the-shelf DRM technologies have been designed and optimized for digitized audio, the DivX DRM system is crafted specifically for full-length video.

Taking a broader view of DRM to include text, images, audio and video, is SealedMedia Ltd. The company's technology is designed to conform to the separation of rights and content paradigm, but also accommodate roaming and subscription licenses. Rights to access content are encoded into separate licenses that contain the content encryption keys. Licenses are stored on a networked SealedMedia License Server in a password-protected, owner-specific account.

Distance learning, says Martin Lambert, chief technology officer and co-founder of SealedMedia, is an application that can require cross-media protection, with video and attendant text files and images comprising a content package.

Conditional access and DRM: One in the same?

Just as the distinction between IP delivery and MPEG delivery of video content is converging, so is the case with DRM and conditional access technologies. Some might say that DRM describes what proven, industrial-strength conditional access technologies used by cable operators accomplish today.

However, because of advanced services such as personal video recording with storage-enabled set-top boxes, coupled with home networking, DRM is becoming a topic of discussion within the cable industry.

"We're going to need something like DRM to be an evolution of conditional access," says Jean-Pol Zundel, chief software architect with Comcast Corp. This is particularly true, he notes, when one considers that the TV may not always represent the "end of the line" for content. What's needed, he adds, is a protection method that's "more attached to the asset itself."

"As usage becomes more complex, you're going to [require] something more sophisticated," says Zundel. "There's no question [DRM is] somewhere in our future," he adds, stressing, however, that the technology has little or nothing to do with IP as a transport method.

Zundel points out that the OpenCable Application Platform (OCAP) contains basic conditional access application programming interfaces (APIs) that enable (among other things) the opening and display of content. It may make sense, he says, to add APIs to the spec for advanced conditional access, which might allow or restrict the copying of content from one device to another.

Also thinking along these lines is Motorola Broadband Communications. Senior Director of Secure Systems Technology Eric Sprunk says the company is applying its MediaCipher conditional access system to local storage content in order to control, among other things, the number of times stored content may be viewed. In addition, MediaCipher is being applied to content delivery that's not necessarily MPEG-based.

To help accomplish this, Sprunk says Motorola is supporting an implementation of a standard originated by ABC/ Disney–Extended Copy Control Information (ExCCI)–which, in part, specifies a set of functions to allow persistent stored media on a hard drive.

Factor in the industry's point of deployment (POD) requirements, and the conditional access/DRM picture becomes a little fuzzy. For now, Motorola, says Sprunk, is "pursuing a form of DRM that will go out in our non-POD products."


Share This Story

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.