The blog of content protection

End of July, DECE made a new move: the creation of a trademark name that should identify the interoperable products defined by DECE. The trademark is UltraViolet.
Since several years, a large consortium of companies known as DECE defines the specifications of an interoperable solution for content delivery based using the concept of digital rights locker. With UltraViolet, DECE starts to educate consumers.

Is UltraViolet already in the shop? No. Will it be soon? I don\’t know, but I will let you make your guess with this quote from the official site about the roadmap.

Ambitious undertakings like UltraViolet take time to be fully deployed in the global market. Keep an eye out as key components are introduced on the \”Road to UltraViolet\”

The previous site http://www.decellc.com/ points now directly to the new address of UltraViolet

If you want to learn more about Digital Rights Locker, meet me and Arnaud Robert (Disney) at ACM DRM workshop where we will present a paper describing the basics of rights locker.

In February, I reported about a new concept Digital Personal Property. IEEE is launching a project to develop this DRM, so called Consumer-ownable Digital Personal Property. It is P1817.

The main goal is to mimic the features of a physical good. In other words, if you would be able to enforce the uniqueness of the instance of a digital good, then there would be no serious reason to limit drastically. In other words, you would be able to act like with a physical book. You could lend it, or sell it. In economic terminology, the challenge is to turn a digital good into an excludable good. By nature, digiatl goods are non-rival and non-excludable.

The main technical concept is that the piece of content is encrypted and can be distributed freely. But the decryption key will be

moveable but uncopiable

. Actually, the decryption key, so called playkey, will be double, one in a server repository and the other one for the user. To lend a piece of content, Alice will hand herplaykey to Bob… To return the piece of content,Bob will send back her playkey. Meanwhile, Alice should not have anymore her playkey.

I see several issues with this proposal.

• - There must be only two instances of the playkey (one in a server, and one at the consumer). The technical challenge will be the moveable but uncopiable playkey. One of our Holy Grails. Some enforcements are foreseen.

  Counterfeit Handling
  The playkey banking system facilitates the identification of counterfeited playkeys.
  Playkey pair synchronization occurs, during which the system checks the validity of the playkeys with the issuer and the registrar. There are at least two approaches to handling counterfeits: (1) The consumerʼs player is notified, after which the user interface always highlights the item as counterfeited, and (2) the consumerʼs playkey vault is directed to
  invalidate the device playkey, notify players of its invalid status, and refuse to provide further services for that playkey. The first approach leaves the counterfeit usable, and depends on the social stigma of owning and using forged goods to discourage its further use and encourage reporting of the forgery to vendors and publishers. The second approach prejudges intent and guarantees that the consumer victim pays the price of
  the illegal activity. Either way, there exists the opportunity for vendors or publishers to offer rewards for information leading to the identification of the counterfeiters.

• How to handle the multi format issue? Today, many customers complain about non compatible format protected by DRM content. For instance, if you use different resolution or codec. Take as an example a Blu-Ray disc and a SD file for Windows player. This does not nicely map in the physical world. A book has no incompatibility of format with your eyes. If we would like to push the comparison, the challenge would be to be able to provide the same book but with different languages.

  Currently, the foreseen answer by the industry is the digital rights locker.

Will it succeed? I don’t know. In any case, I will be very interested to study the solution making a digital data structure “moveable but uncopiable”.

Ubisoft recently launched its new game “Silent Hunter 5”, a simulation of submarine. The game was protected with a new generation of DRM that required constant online connection to servers. Of course, if you are online, it is easier to fight piracy. As usually, in the game arena, this new DRM generated a huge fury (remember Spore).

Unfortunately, 24 hours after the launch, a cracked version appeared on the P2P networks (see TorrentFreak). The cracked version does not require online connection!

Quickly, Ubisoft denied that the game was cracked.

“You have probably seen rumors on the web that Assassin’s Creed II and Silent Hunter 5 have been cracked. Please know that this rumor is false and while a pirated version may seem to be complete at start up, any gamer who downloads and plays a cracked version will find that their version is not complete,”

Unfortunately, when scouting the forums, I never find any person complaining that the game was not working. Nevertheless, the crack requires to avoid any connection to Ubisoft servers.

Ubisoft was expecting to deploy the same DRM for Assassin Creed II. Some delay may be foreseen.

As a citizen, I see the need of DRM. As a security expert, I “build” DRM. Piracy is bad. As a gamer, I hate DRM that requires a permanent connection for a game that does not need interaction with other entities. I often play games in train or plane. Such a DRM requirement would be deterrent for me. One of the most important requirements for DRM is that DRM should be as transparent as possible for honest user.

Software protection is one of the most complex tasks.

Paul Sweazey believes he has found the solution that mitigates the problem of DRM. He wanted to emulate a property of physical goods: rivalry (If you want more information about rivalry, please have a look on Bomsel’s works). In a nutshell, rivalry is the fact that when consuming a good you reduce the access for others. For instance, when you play your DVD, someone else cannot play it on another player. This is not true for electronic files. By definition, electronic goods are non-rival. One of the purposes of DRM is to add a pinch of rivalry.

To do so, Sweazey created the concept of Digital Personal property. How does it work? Content has two elements: an encrypted folder containing the essence and a playkey that you preciously keep in a vault. Sounds familiar, isn’t it? In DRM vocabulary, his playkey is called a license. You may freely distribute the encrypted folder but will give your playkey only to trusted people who would not steal your license. The license must be UNIQUE in the sense that there is one unique instance at any time. Thus, if the person you gave your playkey does not return it, you lost its ownsership.

The technical trick will be to be able to create a rival license that should not be linked to a device (else you end up with the typical problem of interoperability).

He just moved the problem of DRM towards the license. He will still have to find a method to generate a license (playkey) that can exist only as one unique instance in the world and that could be played everywhere. This is the Holy Grail of DRM that we have been all looking for years. TCreating rivalry is difficult without introducing physical constraints.

It reminds me one of the concepts we built in an old system called SmartRight. The objective was to control the size of an authorized domain for a familly but without any central online authority. We used an electronic token that was passed to the newly joining device. Of course, you could add a device from your neighbour, but then your neighbour “owned” the electronic token. Would the neighbour leave or not collaborate anymore, you could not anymore add devices to your domain. It was based on the use of secure processors and on the fear of loosing the token.

Will DPP work? If Sweazy finds a robust and user friendly way to create this unicity of instance, it would work. This would also offer a lot more applications. But is it feasible? Bruce Schneier would probably say no. (Wait our next security newsletter with his interview.) And many brains are researching this topic.

For more information, read Goodbye, DRM; hello “stealable” Digital Personal Property at Ars technica.

CES period is always interesting time because many initiatives are disclosed or present their progress. In the field of DRM, two interesting news:

Disney starts to unveil more about its KeyChest technology. CNBC presented the following spot.

At the same time, DECE made a press release presenting their latest milestones. In a nutshell, DECE has:

• defined a common file format In the FAQ, it seems that it is compliant with Microsoft’s PIFF,
• selected a company that will host the rights locker,
• and announced that five DRMs will support it (Adobe, Marlin, Microsoft PlayReady, OMA and Widevine

Both KeyChest and DECE use the new concept of rights locker. In very simplistic terms, a rights locker is a database that stores the usage rights that a customer purchased. This database should be shared by content distributors. The promise is that if you purchase one piece of content, it may be played back (if you paid as such) on any of your devices (or at least on the devices compliant with this rights locker) independently of the DRM used by the device. In other words, the usage rights will be linked to a customer rather than to his/her devices.

This is a great progress in electronic content distribution. One of the strongest complains of customers is the lack of interoperability of DRMs. This is an answer.

Without doubt, this blog will come back on the topics of rights locker in the future.