Protecting Digital Content- The Challenge Andy Barlow CTO – Phocis
DRM? • DRM (Digital Rights Management) is a much used – and abused - term • DRM refers to those technologies which have been specifically developed for managing digital rights • We prefer the term “digital trading platforms” • And we prefer the term “users” to “customers”
What does an organisation need to consider? • Intellectual Property (IP) rights • Copyright • Payment mechanisms • Security • E-commerce and ERP systems • Licensing…
Licensing • Licensing by its very nature is complex • Organisations and their business processes do not remain static • Solutions should not place restrictions on the licensing process, which is the embodiment of a business process • Organisations need to update & incorporate new licensing requirements when necessary
Content Package/Protect/Licence Devices & Platforms How do customers access your content?
Independence - encryption • There is more than one encryption technology available • Encryption independence can provide organisations with the flexibility they require • Content can then be secured for different client platforms using different encryption technologies
Independence - DRM • Currently a wide range of incompatible DRM technologies • Organisations change and DRM gets hacked • Different types of content need to be secured • Users (and publishers) must be assured that they’re not buying (into) the Betamax model!
Independence – digital content • Should be able to protect any type of content • Should be able to enforce IPR using original file formats: is this possible? Yes! • Give the user the choice of THEIR player/reader (within the constraints of the publisher’s T’s & C’s)
Independence - trust • Essential factor in enabling e-commerce • Say its you and prove its you • PKI • Smart cards and biometrics • Digital rights technologies should work alongside these types of technologies
Watermarking • Encryption is not always possible or required • Watermarking and similar technologies provide traceability outside of the DRM domain
Payment • Flexible “payment” mechanisms • Credit card • Information trade • On-line currencies • Authentication • Organisations don’t need to use the same payment mechanisms all the time
E-commerce, ERP, Content Management Systems • Most organisations already have these infrastructures in place and don’t want to re-invent them • Digital protection technology should • Integrate with current infrastructure • Enabling rapid publishing of secure content • Not be prescriptive outside of its own domain
How should it work? 2 Package with appropriate security 1 Take any content 4 Allow the content to be used 3 Trade with chosen ‘currency’
Ease of use • Easy to implement and use • For both publisher and user • Access to information should be easy but remain secure • The cost should not be prohibitive • Scaleable to run an Amazon or Yahoo! • Adaptable to change as DRM, encryption, payment and e-commerce technologies come and go
Open standards • DRM standards – isn’t that why we’re here? • W3C standards – SOAP, XML • e-business standards – ebXML, Biztalk • UDDI, SDMI • JFDI?