Issue No.12 - December (2004 vol.37)
Published by the IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2004.242
Digital media is a killer application for the Internet. However, concerns about the technology have limited the commercial distribution of digital video, audio, and images. Most notably, content producers worry that purchasers will copy and give away or resell their products in ways that the providers don't want and that violate their licenses.
In light of this, companies have developed digital rights management (DRM) technology for products and media players to let content producers enforce licensing restrictions by limiting the use of their materials.
However, this has led to a critical problem for the digital-media industry: Most DRM technologies are not interoperable. Most vendors have created proprietary technologies not available for license or use by third-party vendors, thereby making interoperability difficult.
Because they may not have a compatible DRM system, consumers cannot always play digital media they buy from one source, such as an online store, on their own player or on multiple players. In fact, media players frequently can play only content down- loaded from specific online stores. This has upset many consumers, who want to play purchased media anywhere.
With digital content becoming a big business, the industry is concerned about interoperability. And industry members fear that still more incompatibility will occur unless hardware, software, and content owners and distributors begin working together to make sure DRM products interoperate.
A series of initiatives are under way to address DRM interoperability. However, it has been difficult to get some major players, who are making money from their own proprietary technologies, to participate.
The success of Apple's iTunes online music store and iPod MP3 audio player, which uses the FairPlay software-based DRM system, has increased interest in digital media. A number of companies, including Microsoft (which has the Windows Media and Janus software-based DRM systems), have created their own outlets for downloadable music. Digital-media vendor RealNetworks' popular Helix Player, shown in Figure 1, has its own software-based DRM approach.
Hardware-based approaches include HASP products from security vendor Aladdin Knowledge Systems.
How it works
Record labels, film companies, and other content providers set strict rules in their licenses about how consumers can use online content. Rules include license start and stop dates, how many times and for how long buyers can play the content, and whether content can be played only on the device to which it was downloaded or can be transferred to other devices.
Content owners use DRM technology to encrypt both their online offerings and the software describing their usage rules. The owners then make this package available on Web servers for access by consumers.
"When a consumer buys content, the provider delivers a license and a decryption key to the media player to play the material based on the owner's rules," said Brad Hunt, chief technical officer of the Motion Picture Association of America. Purchasers' media players, if compatible with the seller's DRM system, include software that understands the rules.
Each DRM vendor supports different combinations of file formats (such as Microsoft's Advanced Systems Format, RealNetworks' Real Media, and MPEG-4), codecs (such as MP3, Windows Media Audio, and Apple's Advanced Audio Coding), and proprietary content-protection methods.
Only media players that understand the file formats, codecs, and content-protection methods used by a particular piece of digital content can play it, explained Jeff Ayars, RealNetworks' general manager for embedded players.
Because of security concerns, vendors are reluctant to share their DRM code, which hampers interoperability. For example, they worry about hackers getting copies of the code, said analyst Michael McGuire with Gartner Inc., a market research firm.
To deal with this, the industry is taking several approaches to providing interoperability.
For example, RealNetworks has provided some interoperability with its Helix cross-platform, media-format-independent DRM system, which handles content packaging, license serving, and rights enforcement, Ayars noted.
Helix provides these services in its Harmony system via file-format parsers, an application server for license serving, and a client that handles cross-platform media playback, he explained.
Translating DRM Rules
To make DRM systems interact, vendors must develop ways to pass content providers' rules from one system to another and ensure that devices and content services that use different DRM technologies enforce the rules the same way.
Technology that translates rules and other requirements into various formats so that they work with multiple DRM products is one approach.
Researchers have developed rights data dictionaries (RDDs) that try to define DRM in neutral, unambiguous ways that multiple systems can understand.
"For DRM to be interoperable, computers must be able to interpret rights expressions unambiguously. Rights expressions must use terms that are known to a system or whose interpretation is available through a lookup procedure," said Chris Barlas, a senior consultant with Rightscom.
MPEG RDD and REL
Rightscom is a digital-media-management consultancy that developed the MPEG RDD, since standardized by the International Organization for Standardization (ISO), on behalf of the Contecs:DD Consortium of content providers.
The MPEG RDD defines a standard set of terms that digital-rights systems use with MPEG-based content and provides a methodology for creating new terms. These terms will be managed by a registration authority that ISO is appointing, Barlas explained.
The MPEG Rights Expression Language (REL) is an XML-based declarative language for the computing process to enable unambiguous expression of 14 types of content-access and -usage permissions —such as execute, modify, play, and print —as defined by the MPEG RDD.
"In brief, the RDD describes a way of transforming a term from one metadata schema to another. This will make it possible to relate terms from different schemas and establish their semantic content," Barlas explained.
In-device and Web-based translation services
Consumer products could contain software that translates DRM instructions from one content-protection system to instructions understood by the devices.
"[Device] manufacturers would then have to agree to embed this technology into their products," said Gartner analyst Ray Wagner.
Rather than rely on internal software, devices could contact a Web-based translation service for DRM rules. "Each participating technology would register with the service, which would maintain a mapping from any registered [DRM] technology to any other. Devices would present content to this service and receive a translated version," Wagner explained.
Translation pros and cons
With translation technology, companies could continue using their proprietary DRM software, eliminating the need to convince vendors to share code or adopt a common architecture.
However, said Wagner, translation is a complex process. He added that it becomes even more complicated, resource intensive, and difficult to make transparent to users as the number of DRM applications, file formats, and systems grows. Standardization could help with this, he noted.
Hewlett-Packard, InterTrust Technologies, Matsushita Electric Industrial, Philips Electronics, Samsung Electronics, Sony, and Twentieth Century Fox Film comprise the Coral consortium. Coral plans to develop specifications making it easier for protected digital material to work with multiple devices, software media players, and online content stores.
Coral is considering a proposal by InterTrust to use the company's NEMO (networked environment for media orchestration) content-protection technology. NEMO provides a way for different DRM systems used by content providers and consumers to communicate with one another.
NEMO works via a software-based, service-oriented architecture, in which participants have trusted, protocol-independent interfaces that enable the easy delivery of content-protection services.
With the system, content vendors use X.509 digital certificates, which authenticate participants and help NEMO determine which DRM approaches providers and consumers are using. DRM systems are then able to provide the necessary services.
Coral says it wants its technology to work with current and future DRM systems. NEMO could provide this capability because it is programmable, said Jack Lacy, InterTrust's senior vice president of standards and community initiatives.
The company has built a NEMO testbed that has achieved interoperability among various DRM-related devices, formats, networks, and services.
Coral's members represent a large pool of digital content and related technology, including Hollywood movies, recorded music, and consumer-electronics devices. However, Coral is also significant because of the companies that aren't participating.
Apple, Microsoft, and RealNetworks have not joined. Gartner's McGuire explained, "Experts say the companies' DRM solutions are tightly coupled with their existing online business models and, in Apple's case, with the extremely successful iPod. All of these players want to establish their technologies as de facto industry standards. The question they are asking is, 'What's the business imperative to work toward interoperability?' "
A lack of participation by most record companies and movie studios may also decrease Coral's chances of widespread adoption.
However, he added, Coral hasn't asked these companies to join because the consortium is trying to stabilize its standard first.
Traditional Rights and Usages
The Digital Media Project's Traditional Rights and Usages (TRUs) initiative has begun addressing digital rights management, including interoperability issues. The DMP ( www.dmpf.org) is a nonprofit organization that promotes the use of digital media for the benefit of providers, distributors, and users.
A TRU is a statement of a consumer's real, assumed, or desired right to use a piece of content in a certain way, such as by copying, modifying, or selling it.
The DMP wants to create a set of TRUs to look at the way users typically work and want to work with content and then compare this with the way digital-media protection and management technologies operate, explained Thomas Curran, a member of the organization's board of directors and a project leader for Enterprise of the Future, a market research firm.
The DMP then wants to use this information to create a set of conventions that would let the technologies interoperate while addressing all concerned parties' interests, he said.
To enable a measure of DRM interoperability, content providers will probably start by cross-licensing DRM technology used by other companies, said Gartner's Wagner. However, McGuire added, "Cross-licensing requires that you get Microsoft, IBM, or other companies, involved, which is not an insignificant task."
Meanwhile, Wagner said, there isn't likely to be technical DRM interoperability at least for another few years.
As for Coral, Wagner said, "[Consortia have] not worked because there are so many stakeholders and so much power involved. The alternative is for industry players to set their own standards and have them fight it out. That seems to be the current way that they are trying to do it."
For these reasons, the future is uncertain. Said Wagner, "We were talking about the same issues with the same problems and the same group of participants five years ago."
David Geer is a freelance technology writer based in Ashtabula, Ohio. Contact him at firstname.lastname@example.org.