Docstoc

DRM Requirements

Document Sample
DRM Requirements Powered By Docstoc
					TIRAMISU IST-2003-506983
DRM Requirements



 DATE                                                               February 15, 2004
 CONTRACTUAL DATE OF DELIVERY TO THE EC                             N/A – internal document
 ACTUAL DATE OF DELIVERY TO THE EC                                  N/A – internal document
 EDITOR, COMPANY                                                    Zvi Lifshitz, Optibase Ltd.
 WORKPACKAGE/TASK                                                   WP2- Framework Design
 DOCUMENT CODE                                                      TIR-DMP-W2-DRM-R0.1
 SECURITY:
      Submission to DMP. Any usage needs consent of editor




DOCUMENT HISTORY
Release      Date         Reason of change                       Status            Distribution
0.1          15/2/2004   Version for DMP First draft with g      Draft             DMP




                             Any usage needs consent of editor                                    i
DRM Requirements                                                                                TIR-OPTIBASE-W2-DRM-R0.0




Table of Contents
FOREWORD ............................................................................................................................ III

1.      GENERAL REQUIREMENTS ............................................................................................ 1
     1.1    BUSINESS REQUIREMENTS ........................................................................................ 1
       1.1.1   Efficient Access Control ....................................................................................... 1
       1.1.2   Motivating Obedience .......................................................................................... 1
       1.1.3   Law Enforcing Assistance .................................................................................... 1
     1.2    TECHNICAL REQUIREMENTS ...................................................................................... 2
       1.2.1   Security ................................................................................................................ 2
       1.2.2   Monitoring ............................................................................................................ 2
       1.2.3   Closing loopholes................................................................................................. 2
       1.2.4   Interoperability ..................................................................................................... 2
       1.2.5   Impersonation ...................................................................................................... 3
       1.2.6   Versatility ............................................................................................................. 3
       1.2.7   Accessibility ......................................................................................................... 3
       1.2.8   Non-Restrictiveness............................................................................................. 3
       1.2.9   Simplicity .............................................................................................................. 4
       1.2.10 Affordability .......................................................................................................... 4
       1.2.11 Anonymity ............................................................................................................ 4
       1.2.12 Identification ......................................................................................................... 4
       1.2.13 Traceability .......................................................................................................... 4




                         Any usage needs consent of editor                                                                              ii
DRM Requirements                                               TIR-OPTIBASE-W2-DRM-R0.0




FOREWORD
This document contains one chapter from an original document produced by the IST project
TIRAMISU (The Innovative Rights and Access Management Inter-platform SolUtion). The
paper describes requirements for DRM that have been defined by the project. It has been
realized that this work had much relevance to the objectives of the DMP therefore an edited
version of it has been submitted to that organization.
The chapter contained in this document is “General DRM requirements”. It includes a section
called “Business Requirements” which are brief top-level requirements from business point of
view. This is followed by a second section that elaborates technical requirements derived
from the business ones.




                Any usage needs consent of editor                                         iii
DRM Requirements                                                 TIR-OPTIBASE-W2-DRM-R0.0




1. GENERAL REQUIREMENTS
This chapter presents the main issues DRM systems have to cope with. The first section
summarizes DRM requirements from business point of view, as elaborated and analyzed in
Work Package 1. The rest of the chapter focuses on technological requirements, which are
mostly derived from the business ones.

1.1 Business Requirements
The overall goal of DRM systems is to enforce licensing and ensure proper compensation to
the media rights owner. Without such compensation the media industry will dry out.
License enforcing is a combination of social conventions, legal measures and technology.
This document is about technology, but it needs to address all these three aspects because
social conventions and the ability to enforce the law are also affected by the technology in
use. Therefore we can talk about three objectives TIRAMISU DRM technology has to deal
with:
    1. TIRAMISU DRM must provide efficient access control.
    2. TIRAMISU DRM shall motivate license respect and royalty payment.
    3. TIRAMISU DRM should provide tools for assistance in law enforcing.
The requirements for achieving these objectives are elaborated below.

1.1.1   Efficient Access Control
To achieve efficient access control, DRM systems are required to:
    1. Prevent illegal access to the protected media.
    2. Associate legal access to media with payment mechanisms.
    3. Eliminate the proliferation of unprotected copyrighted media.

1.1.2   Motivating Obedience
To motivate users to follow regulation – respect licenses and pay royalties, DRM systems are
required to:
    1. Ensure that digital media consumers enjoy at least the same rights and usages as
       they had with traditional media.
    2. Ensure access to protected media is as easy and as simple as to unprotected media.
    3. Respect the anonymity of the consumers.
    4. Avoid adding extra encumbrance to the cost of the media creation, distribution and
       consumption.
    5. Allow free choice of services and devices independently of the media item and the
       license.
    6. Assist in assuring consumers that remuneration is distributed fairly.

1.1.3   Law Enforcing Assistance
Advanced DRM systems can help enforcing the law when regulations were violated. To
accomplish this function DRM systems are required to:
    1. Make innocent consumers aware when the media is pirated.
    2. Enable tracing the media source and trail.
    3. Make it difficult for violators to stay anonymous.



                Any usage needs consent of editor                                         1
DRM Requirements                                                  TIR-OPTIBASE-W2-DRM-R0.0




1.2 Technical Requirements
The previous section has described the business requirements for DRM Systems and their
technological implications. Here we will analyze these requirements from an engineering point
of view.
The business requirements above were classified into three categories. We will not follow this
classification here because it is very probable that some engineering solutions will address
more than one category. We will list all the general technical requirements while trying to
cover all the issues that were raised in the previous section.

1.2.1   Security
The Security category includes the following requirements:
    1. Media shall be stored and delivered in a format that prevents or complicate illegal
       access. Practically this means encryption or scrambling.
    2. Key for decryption/unscrambling shall be distributed to authenticated license holders
       only.
    3. The decryption/unscrambling key shall enable only operations authorized in the
       license.
    4. They key shall be used in automated operations only. Uses shall not have direct
       access to the key.
    5. The system should be resistant to tampering as much as possible.

1.2.2   Monitoring
The purpose of monitoring is to force royalty payment according to license terms and to
enable automated levy collection. DRM systems are required to:
    1. Monitor each usage or transit of media that is subject to authorization or fiscal
       transaction.
    2. Report of such events to management systems. The reports shall identify the
       operation, the media item and the license involved in the event.
    3. Report of violations to management systems. The reports should include as much
       details as possible for identifying the violators.

1.2.3   Closing loopholes
Loopholes are the frail links in the media or key lifecycle which expose the media to violation.
In order to minimize loopholes, DRM systems are required to:
    1. Protect the media all the way from creation (mastering) to consumption (playback) so
       that at no middle stage it is available as clear text.
    2. Prevent the key from being stolen and used for operations that are not allowed by the
       license terms.
    3. Have an in individual key for each media item, so that if one key is exposed only the
       single associated media item is endangered.

1.2.4   Interoperability
Interoperability is a very basic requirement of TIRAMISU DRM for allowing fee choice of
services and devices. In order to enable interoperability, DRM systems should:
    1. Use a standard algorithm to encrypt/scramble the media.
    2. Use standard signaling.
    3. Use a standard environment for key management.



                 Any usage needs consent of editor                                            2
DRM Requirements                                                   TIR-OPTIBASE-W2-DRM-R0.0




    4. When proprietary or renewable algorithms are used in the system ensure that these
       algorithms are softly loadable into the devices through a standard framework.

1.2.5   Impersonation
In the old analogue days buying a licensed media item was simple – buying the physical
media. This does not apply in the digital days when there are practically no physical media.
Therefore there is a need for impersonation – association between licenses and virtual
identities. The following are the requirements for impersonation:
    1. The license holder shall be authenticated through a virtual identity (VI) – a piece of
       hard or software.
    2. The VI should be easily transferred between devices.
    3. The VI should maintain the anonymity of its owner.
    4. It should be easy to transfer licenses between VIs.
    5. The VI should be compatible with all devices that may consume the media.
    6. One license can be attached to a single VI or to a group.
    7. It shall be impossible to replicate a VI without authorization.
    8. It should be possible to recover a VI after loss or damage.

1.2.6   Versatility
A DRM system is required to be versatile in the sense that:
    1. Licenses should be granted to media items independently of the format the items are
       represented in, the network type it is delivered through or the way it is consumed by.
    2. It will allow protected items to travel through heterogeneous networks and storage.
    3. It will support scalable media coding without hindering the full potential of that
       technology.

1.2.7   Accessibility
A DRM system is supposed to prevent illegal access to media. It shall not prevent or
complicate legal access to media. The rule of thumb is: the only difference between protected
and unprotected content should be the price. Specifically this means that:
    1. Once license is obtained for the first time, no further manual operation is required in
       order to access the media, comparing to unprotected media access.
    2. Unless specifically restricted by the license terms, media should be accessible in all
       environments (in house, on the road etc.) and in all geographic locations, as long as
       a consuming device is available.
    3. Unless specifically restricted by the license terms, media should be accessible at any
       time of the day and period of the year.

1.2.8   Non-Restrictiveness
A DRM system should allow any legal use of media, specifically usage that is legal with
traditional analogue media. Examples of such usage:
    1. Playback of the media on any device owned by the licensee.
    2. Making personal copies.
    3. Recording excerpts for personal use.
    4. Lending media items to friends.
    5. Selling used media.



                 Any usage needs consent of editor                                           3
DRM Requirements                                                     TIR-OPTIBASE-W2-DRM-R0.0




1.2.9   Simplicity
Purchase and use of traditional media is simple. Just pop into a record shop, but a disc and
play it back on a player. Digital media allows even more robust consuming models, such as
online delivery. DRM should support the simple models and avoid adding complexity to the
consumers (technical complexity that is handled automatically and is transparent to the
consumers does not count). Specifically it is supposed to support:
    1. Simple mechanisms for license trade.
    2. Simple mechanisms for enabling the licenses on devices.
    3. Simple payment and subscription methods.

1.2.10 Affordability
One of the main factors affecting the motivation to tamper with security systems is the price
of the goods. As for digital media, DRM technology can succeed only if it there is a parallel
drop in the cost of the protected media. While the cost factor is beyond the DRM scope, a
good DRM system shall contribute to the efforts to keep low costs by avoiding of adding extra
cost due to the technology itself. It is required that:
    1. The cost of the technology for protecting the content at creation time is proportional
       to the financial gains of content protection.
    2. A progressive system supports trade-off between cost and quality of protection
       technology.
    3. The encumbrance of delivering protected media comparing to unprotected media is
       marginal.
    4. The cost of implementing DRM mechanisms in a consuming device is low
       proportionally to the cost of the entire device.

1.2.11 Anonymity
One of the important rights of consumers of traditional media is anonymity. A record can be
purchased in a record shop without disclosure of the customer. DRM systems should respect
this right. It is therefore necessary that:
    1. The media item is delivered to the customer in anonymity.
    2. The license is delivered to the customer in anonymity, or:
    3. The license does not expose details about the media item or its source.

1.2.12 Identification
One of the methods to fight piracy in physical goods is to make it apparent when goods are
stolen or illegally traded. DRM systems should apply similar measures for digital media. Such
measures may include:
    1. Persistent association of details about the source of the media and rights ownership.
    2. Persistent association of general licensing terms (e.g. protected/ unprotected).
    3. Association between the media item and references for acquiring its license.

1.2.13 Traceability
When everything fails the media may have been pirated and then it remains to find and
prosecute the violators. A DRM system can help at this stage if it can:
    1. Make it difficult to illegally copy media without living fingerprints.
    2. Make it difficult to distribute pirated media anonymously.
    3. Make it difficult to consume pirated media anonymously.



                 Any usage needs consent of editor                                          4

				
DOCUMENT INFO