Introduction

DRM can be described as a set of rules to manage the rights of content stored in digital format. DRM protects owners' rights not only while distributing but also through the whole life cycle of the given digital media. Digital Rights can be set at any level viz., at the Content Provider level, Content distributer level, Seller level or User level-all depending upon the Business model.

History

Initially Digital Rights Management (DRM) focused on security and encryption as a means of solving the issue of unauthorized copying and pirating i.e., lock the content and limit its distribution to only those who pay for the content. We can conside this as first-generation of DRM.Today, DRM has come to represent a lot more.

Understanding DRM

Digital Rights Management(DRM) is not difficult to understand if you take an uncomplicated view of the world. World (at least, the commercial world) is about “creating”. Every creation can be made available for use “free of cost” or it could be “costed”. As almost everything gets digitalized, we are seeing increasing content being created in the digitized form. Most of the creators want to cost it. That’s understandable. What really concerns the creators is the fact that much of their creation is being used “free”. DRM aims to ensure that free usage of content stops (unless it’s permitted by the creator).

DRM is still an evolving paradigm. It is a system that aims to ensure that creators call the shots. It means that when content is created it needs to be guarded through its stages of development. Thereafter, this content will require to be distributed to end users.End-Users eventually will pay for “what they want to use” and “how they would want to use it”. Ensuring all of the above is what DRM is about. DRM starts to get complicated when you make a technical framework for achieving the above.

A More Formal Definition

“It is a means for addressing the description, identification, trading, protection, monitoring and tracking of all forms of rights usages over tangible and intangible assets, including rightholders’ relationships”. (This succinct definition is from the DCITA, Australian Govt.). As one starts to understand the true implementation semantics & syntax of DRM, each of these terms such as description,… monitoring,..rightholders’ relationships etc., start to make sense. We understand them from a technical standpoint in due season, though their intuitive meaning is clear enough.

Today, DRM has come to represent a broad sweep of policies, protocols and technologies that address Intellectual Property (IP) management. This management hinges about enforcement of rights (of ownership, and of usage). This enforcement in turn is provided by trusted and secure services to control the distribution and usage of content.

Initial DRM systems took an enforcement driven perspective to managing content. Modern paradigms tend to treat it in terms of life-cycle value chain perspective. This means that current (and future) DRM systems focus on managing and securing content through its entire lifecycle rather that serving to “restrict its usage” by the end customer – a decidedly more limited perspective.

This causes us to emphasize the fact that DRM vendors can indeed bring any technology to bear upon what content is available and what is not. The features that DRMs support arise out of the explicit negotiations of these rights from the content owners. If the owners of Peter Jackson’s “Lord of The Rings Trilogy” will permit only “pay-per-single-view, iPod Video based downloads”, the blame for this restrictive use must actually be laid at the doorsteps of the content owners and not Apple Computers. When IT firms today take flak, much of it is undeserved (though much is well deserved as well!).

“The key to a successful DRM system is that it is not seen as a separate “DRM System”, but as part of typical content management and consumption systems with which users are familiar”. (R Iannella)

DRM Architecture

Let us for a moment talk of IP Management. This has two core aspects, one, the Upstream Content Management (CM) and two, the downstream DRM. Usually, both these have willy nilly come to represent DRM. CM pertains to version control and configuration management of digital asset(s) as they are being created by content owners and contributors. These are then available for distribution. Distributors thereafter make it available for use by end consumers. Of course, at each stage, offers are made. These are accepted through agreements. Security mechanisms (based on PKI) enforce the agreement.

Some sort of a conceptual “marker” now would be useful. Typically, weighty papers on DRM will talk in terms of (a) Frameworks, (b) Functional Architectures, (c) Systems Architecture, (d) Information Model et. al. Of course, this article is supposed to be a “jump start” guide and does not purport to be a treatise on DRM, so we’ll try and distil a quick schematic of DRM.

First, a short description of our canvas. Content , Parties, and Rights require to be managed. In order to manage these, some systems need to be put in place. These are Metadata systems, Identity Systems, Discovery Systems, Packaging Systems, Rights Holders Systems, Agreement/Licensing Systems, Identity Systems. Now, these systems are supported by Services which are provided to content users. These services include Delivery Services, Reporting Services, Trading Services, Payment Services and the like.

Here then an omnibus block dig.:-

In the above diagram we have tried to meld the functional and systems architectures. The schematic is fairly self explanatory and helps to underscore the several interdependencies. Note here that there is actually one sub-block in the systems interface stack that explicitly talks of security/crypto. This shows us that DRM is a lot more than just security. But,… before one gets away with the impression that security is just one element, lets us remind ourselves that each one of the arrows in the diagram (at least most of them) represent “secure communications”, so security does come in as a pervasive element.

Some More Details (at the risk of sounding repetitive)

It’s clear therefore that we are evolving a model to link three core entities, Content, Rights, and Parties (from a programming perspective this treatment at once lends itself to OOA&D).

The rights entity embodies particulars of Offers and agreements between parties. This embodiment (or capture of specifics) is done through a REL (Rights Expression language. Enter therefore the XrMLs and the ODRLs and the XMLs of the world. The detail here comprises permissions, constraints, requirements, conditions and the like. Identifiers link Parties and Content to Rights.

Content (the raison d’etre) is identified though formal identification systems. A key aspect here is that content is often layered, i.e., content can be identified through the various stages of its creation or manipulation. Which means that for what we actually perceive as one content item may actually be a bundle of related content as it is crystallized from the abstract to the concrete. All of this is defined by the IFLA (International Federation Of Library Associations). This translates into one work having many expressions, each being a content entity. This model helps the establishment of a chain of title through the lifecycle of content.

The Parties entity is also expressed through formal identification systems (as with content). We can express parties as individuals, organizations, or role types. DRM hinges about the establishment of a “trusted ecosystem”. Obviously therefore, the parties in the ecosystem need to be authenticated and authorized. Once that is done, the parties can perform functions as entitled by their rights. An open standard for Single-Sign-On that is likely to impart a framework for management of rights operations authorized to users is the Liberty Project.

Standards (Do we have any?)

To begin with most existing CA/DRM Systems worldwide are proprietary. Interoperability is emerging to be the holy grail of CA/DRM. This may not happen for some time. At any rate, even in the best case, only a sort-of-a-broad-framework can become standardized. Fundamentally there are two standards (We look at proprietary systems like the MS Windows Media DRM and Apple’s FairPlay in the “The Market Place” section). Lets us express what we know of leading directions in Standards as a small tree.

In the End...

Maintained by: anurag.dave@hsc.com
Views:

 Create your own educational wiki!Help Add to Del.ici.ous Add to Digg Add to Reddit Add to fUrl Add to SpurlPublic, Platinum wiki Privacy Policy RSS