Effective Rights Exporting Process

(1)

WENHUI LU

Towards system interoperability of digital rights management

Acta Universitatis Tamperensis 2234

WENHUI LU Effective Rights Exporting Process

(2)

WENHUI LU

Effective Rights Exporting Process

Towards system interoperability of digital rights management

ACADEMIC DISSERTATION To be presented, with the permission of the Board of the School of Information Sciences

of the University of Tampere,

for public discussion in the auditorium Pinni B 1096, Kanslerinrinne 1, Tampere, on 3 December 2016, at 12 o’clock.

UNIVERSITY OF TAMPERE

(3)

WENHUI LU

Effective Rights Exporting Process

Towards system interoperability of digital rights management

(4)

ACADEMIC DISSERTATION University of Tampere

School of Information Sciences Finland

Cover design by Mikko Reinikka

Acta Universitatis Tamperensis 2234 Acta Electronica Universitatis Tamperensis 1734 ISBN 978-952-03-0283-2 (print) ISBN 978-952-03-0284-9 (pdf )

ISSN-L 1455-1616 ISSN 1456-954X

ISSN 1455-1616 http://tampub.uta.fi

Suomen Yliopistopaino Oy – Juvenes Print

Tampere 2016 ^Painotuote^{441 729}

The originality of this thesis has been checked using the Turnitin OriginalityCheck service in accordance with the quality management system of the University of Tampere.

(5)

This dissertation is dedicated to my father, Mr. Lixin Lu.

(6)

(7)

ACKNOWLEDGEMENTS

Prof. Jyrki Nummenmaa, for his insightful mentoring, critical encouragement, and generous support during the course of my dissertation.

Dr. Zheying Zhang, for her inspiring supervising, enormous patience, and thoughtful guidance ever since my Master thesis.

Mrs. Pan Pan, my wife, partner, and best friend, for her understanding and sacrifice during this journey.

(8)

(9)

ABSTRACT

Digitalization has changed the content industry. Digital content can be easily counterfeited. Moreover, with the help of the Internet the counterfeited content can be distributed at almost no cost. Digital Rights Management (DRM) was introduced to govern the usage and distribution of digital content. The reception of DRM has been mixed in the content industry. Lack of DRM interoperability has been well noted from business, legal, and technology perspectives. Solutions towards system interoperability of DRM promised to solve most of the issues related to the lack of DRM interoperability. Rights exporting, as a critical task of DRM system interoperability, is the main topic of this dissertation. This dissertation focuses on the effectiveness of rights exporting.

This dissertation started with a thorough literature review. Based on the previous research, a rights model was established to capture the essence of rights for rights exporting. Then algorithms like rights decomposition and rights adaptation were developed on top of rights model. By characterizing the rights exporting process, an input-output-process model was built to formalize the process framework of rights exporting. The principles of rights exporting were discovered to guide the results of rights exporting and to relatively measure the effectiveness of rights exporting. Along the iterations of process optimization, new algorithms were developed to address identified issues, such as passive condition pre-enforcement.

This dissertation results prove that rights exporting can be achieved with the process framework proposed. Moreover, with the help of developed algorithms, rights exporting can be performed in a more effective manner.

(10)

(11)

1 INTRODUCTION

The digital era in recent decades has changed our life dramatically. One typical example can be seen from what happened in the publishing industry. People used to read books printed on paper and now more and more people enjoy reading books on e-reader devices, such as the Amazon Kindle devices. A digital copy of a book on such devices is merely a set of binary data stored on an electronic data storage device and rendered upon LED display of the e-reader for consumers to read.

Compared with the paper version of the same book, the digital copy of the book distinguishes in many ways. Firstly, the digital copy can be easily distributed in binary format. With the help of the Internet, customers can simply download the digital copy from any online retailers. Secondly, the digital copy can be reproduced with identical quality and at hardly any cost. Making a digital copy from the original copy is simply an operation that any modern operating systems offer through their file system management. Thirdly, the consumption of the digital copy can be monitored and governed. For a physical copy, other than consumers themselves, nobody knows how the copy is consumed as there is no efficient method to monitor and collect usage data for a physical copy. For example, there is no reasonable mechanism to know how many times a copy of a printed book is read by the consumer. On the contrary, the digital copy is consumed by customers normally through a rendering application on a device. Therefore, it is theoretically possible to monitor and govern how the digital copy is consumed via the rendering application. In summation, compared with a physical copy the main characteristics of a digital copy reside in the low-cost reproduction, the easy distribution, and the new governance models. the characteristics of a digital copy apply to many other types of digital content such as music, video, image, application, and any sort of digital data that need to be distributed and consumed in a controlled manner. While low-cost reproduction and easy distribution seem to reduce the effort for content retailers to produce products

(14)

concept of digital rights management was introduced to address both the opportunities and the challenges in digital content business.

1.1 Definitions

This section provides the definitions that are essential to the research scope. It first defines what digital rights management (DRM) is. Based on that, it clarifies the definition of DRM interoperability.

1.1.1 Digital Rights Management

The term Digital Rights Management (DRM) has been defined by various parties on many occasions. To better elaborate on the variety of DRM definitions, sample definitions from different disciplines are presented as follows:

Cambridge Business English Dictionary (2015) defines DRM as “the way that a company controls how users pay for music, films, books, etc. that are available on the Internet or on electronic equipment in a digital form.”

Rosenblatt et al., (2001) referred to DRM as “a set of business models and technologies that enable you to protect and profit from your text, image, music, or video content in today’s digital world.”

Open Mobile Alliance (2011) refers to the scope of DRM (OMA DRM 2011) as “to enable the distribution and consumption of digital content in a controlled manner. The content is distributed and consumed on authenticated devices per the usage rights expressed by the content owners.”

Microsoft (2015) refers to DRM as “technology that content owners can use to protect digital media files by encrypting them with a key (a piece of data that locks and unlocks the content).”

The author tends to agree more on the DRM definition from Rosenblatt et al. (2001).

DRM does utilize a set of technologies, such as encryption. However, all the technologies serve DRM as tools to realize the business models that DRM was designed to enable. Therefore, as an enabler of new business models for the content industry, DRM has more than just the technology perspective, such as business and legal perspectives. The different perspectives of DRM are discussed in Section 1.2.

On the other hand, the author of this dissertation does not want to limit the scope of DRM to a fixed set of content as Rosenblatt et al. (2001) do. The Internet assigned

(15)

numbers authority (IANA 2016) categorizes digital content according to media types, such as application, audio, example, image, message, model, multipart, text, and video. New types of digital content are emerging all the time, e.g. virtual reality content. DRM should apply to any digital content that needs to be distributed and consumed in a controlled manner. DRM should act as a bridge between rights holders of the digital content and consumers in digital marketing.

DRM differs from traditional access control. Park and Sandhu (2002) point out that traditional access control and trust management focused on the control of access primarily on server-side objects while DRM embraces client side objects as content needs to be distributed and consumed on the client side. Moreover, DRM governs the consumption of the content and not necessarily the access rights of the encrypted file e.g. whether the encrypted content file is read-only or not. Jamkhedkar et al.

(2010) have discussed in depth the differences between access control, usage control, and DRM. According to them, access control manages the controlled access to resources. Usage control is a combination of usage rules and access control. They claim that DRM includes content management, license management, the specification of usage rules, and a simplified subset of access control. In Figure 1, Jamkhedkar et al. (2010) summarize the relationships among DRM, access control, and usage control.

(16)

presented the functional architecture of a generic DRM system in Figure 2. (Lu 2007). The typical roles of different entities in a DRM system are enumerated below:

Billing Service Provider provides services that rights issuers use to charge the end users for the usage rights of the selected content.

Content Issuer is the authorized entity that creates protected content and distributes it to DRM agents.

Content Encryption Key (CEK) is the binary data used by content issuers to encrypt the original content and later delivered as part of rights object from rights issuers to DRM agents.

Content Provider is the rights holder of the digital content.

DRM agent is a trusted entity that enforces usage rights and controls access to DRM content on the client side.

End User is the entity who consumes the protected content on a client-side application integrated with a DRM agent.

Protected Content is the encrypted content that can be distributed safely through public channels to the DRM agent the end user prefers, and it cannot be decrypted without the content encryption key.

Rights Issuer is the authorized entity that issues and distributes rights objects to DRM agents.

Rights Object is the binary that holds the usage rules purchased by the user and the content encryption key which is required to consume protected content.

Figure 2. Functional architecture of a generic DRM system (Lu 2007)

Based on the reference architecture illustrated in Figure 2, once copyrighted content is created by a content provider the content is then encrypted by a content issuer with a CEK and made ready for store publishing and distribution to users.

(17)

Meanwhile, the rights issuer can pack a variety of usage rules as well as the CEK into rights objects ready for users to purchase. On the user’s side, if a user decides to purchase any rights of the content through a client-side application, the integrated DRM agent of the application on the user’s device will trigger a purchase request to a billing service. After a successful transaction, the rights issuer will deliver the rights object to the DRM agent. The encrypted content can be delivered either with rights object or separately. The user can then use the application integrated with the DRM agent to render and consume the encrypted content. The rights object will be governed by the DRM agent.

1.1.2 DRM interoperability

Gasser and Palfrey (2007) refer to interoperability as “the ability to transfer and render useful data and other information across systems (which may include organizations), applications, or components” in the context of information and communications technologies (ICTs). The DRM interoperability can be defined as the ability to distribute and consume the digital content in a controlled manner across DRM systems, devices, and applications.

(18)

Digital content is consumed with purchased rights via an application integrated with a DRM agent of a DRM system on a device. As shown in Figure 3, DRM system can have multiple DRM agents on different devices. A device can install multiple applications and support multiple DRM agents. An application can integrate more than one DRM agent from different DRM systems. From end users’ point of view, DRM interoperability ideally means that specific DRM content with its rights can be consumed by any of their preferred applications on any of their devices (Meléndez- Juarbe 2009). In other words, a DRM system should be invisible to the end users.

Unfortunately, the lack of DRM interoperability has introduced unnecessary usage restrictions to customers (Geer 2004). In order to efficiently address specific interoperability issues of DRM, DRM interoperability is categorized into three levels:

System interoperability means that DRM content and its rights governed by one DRM system can be governed by, and exported to other DRM systems.

Device interoperability means that DRM content and its rights can be transferred to and consumed on other devices; and

Application interoperability means that DRM content and its rights can be consumed by different applications.

As an example illustrated in Figure 4, a user Jack has three devices: Amazon Kindle, iPad, and iPhone. He uses the following e-reader applications to read e-books: a Kindle app on Amazon Kindle, a Kindle app on an iPhone, a Kindle app on an iPad, an iBooks app on an iPad, and an iBooks app on an iPhone. Jack purchased books with those apps. Ideally, all the books Jack purchased should be consumable through any of the e-reader apps on any of his devices. In practice, Jack can only read Kindle books on Kindle apps and iBooks books on iBooks apps. In terms of system interoperability, according to Apple iBooks (2015) “books downloaded from the Kindle Store and other books that aren’t in a DRM-free standard EPUB format aren’t compatible with iBooks.” On the other hand, DRM-protected books from the iBooks store cannot be governed on Amazon Kindle devices (Adner 2014). So there is no system interoperability between DRM systems used by the Kindle store and the iBooks store. In terms of device interoperability, Amazon Kindle does not yet have an iBooks app nor an iBooks DRM agent that can enable other apps to consume books from the iBooks store. Moreover, Apple probably has no interest in providing such an app on the Amazon Kindle (Adner 2014). DRM systems have gradually evolved into tools for consumer lock-in (Kalker et al. 2012). On the contrary, the Kindle app works well with the Kindle DRM protected books on both the iPhone and the iPad besides the Amazon Kindle. Thus, the interoperability is

(19)

one-directional rather than bi-directional between the two systems. The DRM system used by the Kindle store provides device interoperability among all Jack’s devices while the DRM system used by iBooks store only covers interoperability among Apple devices. In terms of application interoperability, Kindle apps can consume books only from the Kindle store while iBooks apps can consume books only from the iBooks store. Neither of the DRM systems offers application interoperability to permit Jack to choose freely an e-reader app he prefers.

Amazon Kindle

Kindle DRM Agent

iPad iPhone

Kindle DRM Agent

iBook DRM Agent

iBook DRM Agent Kindle

App

Kindle App

iBook App

Kindle DRM

iBook DRM

Kindle DRM Agent Kindle App

Figure 4. An example of DRM interoperability issue

Generalized from the real-life example, Figure 5 presents different levels of DRM interoperability. System interoperability exists between DRM systems X and Z.

Device interoperability between A and B is achieved by DRM system X with a separate DRM agent A(X) on device A and B(X) on device B. Application interoperability between B1 and B2 is achieved by DRM system X with its DRM agent B(X) integrated into both applications. Once system interoperability is achieved between two systems, device interoperability and application interoperability can be improved as well. As illustrated in Figure 5, the existence of system interoperability between X and Z also indirectly achieves the device

(20)

DRM interoperability can be achieved in different manners. System interoperability needs two DRM systems to interact with each other. System interoperability can improve the application and device interoperability as the device and application coverage from DRM systems combined is larger than individual coverages of any DRM systems. On the other hand, the application interoperability and device interoperability can be achieved within one DRM system by implementing the DRM agents for the target devices and integrating them into the target applications.

Figure 5. Different levels of DRM interoperability

Compared with the device and application interoperability, the benefit of system interoperability appears to be not as obvious as the benefits that the other two offer to end users. Nevertheless, the impact of system interoperability can be profound.

Firstly, end users have the freedom to purchase rights to the desired content from any preferred retailer if system interoperability is in place for the DRM systems utilized by those retailers. As rights can be exported from one system to another, end users can choose the retailer that offers the best price and services. Secondly, the purchased rights and its content can be independent of a specific DRM system.

Without system interoperability, an end user is essentially locked with the device and application options provided by the specific DRM system (George and Chandak

(21)

2006). Shifting to other device or application options implies losing access to all the purchased rights to the content. Moreover, when the original retailer ceases to exist, system interoperability protects end users from the risk of losing the purchased rights and their related content as end users have options to shift to another DRM system.

Thirdly, system interoperability reduces the cost of a DRM solution by reducing the total industrial effort to provide device interoperability and application interoperability. Once interoperability exists among DRM systems, DRM agents can be shared, and there is no need to have separate DRM agents for each DRM system on each device to provide the same level of device interoperability. The less DRM agents, the less integration work, is needed for applications to provide the same level of application interoperability.

1.2 Background and motivation

As briefly discussed in Section 1.1, DRM is more than a set of technologies. This section reviews different perspectives of DRM to outline the holistic background and related topics for the DRM and its interoperability. The issues identified from those perspectives contribute to the motivation of the research.

1.2.1 Business perspective

The size of the digital content business has been growing. For example, in the music industry, the Recording Industry Association of America (RIAA) reported that the total digitally distributed music content received a new all-time high revenue of $4.51 billion while the total physical shipment revenues shrank from 35% to 32% from 2013 to 2014 (RIAA 2015). It means that revenue wise digital shipment has dominated the U.S. music market with around two-thirds of the total revenue share.

In the publishing industry, the Association of American Publishers (AAP 2015) indicated a clear trend in the growth of eBook format which hit record volume numbers in 2013 and received revenue growth +43% over 2011. For home

(22)

DRM is essentially rights management, DRM provides a mechanism for end users to purchase the usage rights of their desired content. As a consequence, end users do not purchase content itself. Instead, they purchase a set of rights to access the content (Trivedi 2009). Compared with purchasing the ownership of content, purchasing the usage rights of the content can provide much more options for end users to choose. Moreover, as a set of usage rights is always a subset of rights that the ownership includes, the price for a subset of ownership rights should ideally be lower than the price for the ownership of the content. Rights can be tailored to meet the need of a specific end user. End users do not have to pay for the usage rights they don’t need. On the other hand, DRM enforces the purchased rights to the content. If the usage of the content is not defined in the purchased rights, then the usage will not be granted to the end user. DRM, as an enforcer of purchased rights, was supposed to play an important role in preventing piracy of the content. For example, according to Steve Jobs (2007), Apple did have to deploy a DRM system to convince the biggest music companies to license their music to distribute legally over the Internet. In summation, enabling new business models and preventing piracy were supposed to be the main reasons to justify the existence and demands of DRM for rights holders.

The DRM adoption in the music industry has so far proven the otherwise. First about the rights model DRM enables, Trivedi (2009) pointed out how customers failed to understand the rights they purchased, especially the restrictions, which lead to dissatisfaction. According to the survey conducted by Amberg and Schröder (2007), the majority of customers for music are not interested in personalized rights even with a distinctive price level. Customers prefer music services that provide more flexible usage rights even though those services have a higher price level (Dufft et al.

2005). Secondly, about the piracy DRM prevents, Steve Jobs (2007) already explained why piracy could not be avoided by DRM if the same content is available in DRM- free format from another source, such as music on unprotected CDs. Meanwhile, existing DRM systems have been circumvented. Hauser and Wenz (2003) presented many methods used to hack the existing DRM systems and concluded that it wouldn’t take long to circumvent a DRM system if the interests of the content protected by the system have reached a certain level. It is enough to have just one DRM system breached for the piracy to flourish for any protected content. DRM seems to fail to deliver either the desired business model or the security it promised in the music industry. Moreover, the lack of DRM interoperability has introduced unnecessary usage restrictions to customers (Geer 2004). Customers take DRM interoperability issues, not only in their valuation decisions but also in their decisions,

(23)

to become piracy users (Sinha et al. 2010). Consequently, rights holders compromised and retailers in the music industry started to make strategic changes.

Already in 2007 many online music stores, such as Rhapsody, Verizon, Yahoo Music, and MTV, started to remove DRM protected content from their catalog (Sinha et al.

2010). Apple press info (2009) announced that all songs are DRM-free on iTune in contrast with DRM protected approach Apple applied previously. Meanwhile, online music streaming services, such as Spotify’s on-demand streaming as well as Pandora’

Internet radio broadcasting, as alternatives have gained grounds on the landscape of the music industry (Ritala 2013). While the revenue from permanent digital downloads fell 8.7% in 2014, streaming music services grew 29% in 2014 (RIAA 2015). Figure 6 illustrated a clear trend in the growth of streaming music services in recent years and by 2014 accounted 27% of total industry revenues. If categorized by revenue source, streaming music services include subscription services, such as Rhapsody and paid version of Spotify, streaming radio service revenues distributed by SoundExchange, such as Pandora and SiriusXM, and non-subscription on- demand streaming services with advertisements, such as YouTube, Vevo, and free versions of Spotify (RIAA 2015). Subscription services contributed the most for streaming music revenues. Subscription services are enabled by DRM as well (Kwok 2002). However, as protected content presented through music streaming services is not exposed to customers as an asset they own, such as a file, customers do not expect to consume the content in any other ways than what is provided by the client applications of the music streaming services. The DRM interoperability issues that could be exposed from a file download case are therefore well hidden in a streaming case for customers.

(24)

Noble, and Apple, have applied their own DRM schemes (Trivedi 2009). Unlike the music industry, book piracy required much more effort before digital era (Trivedi 2009). Rights holders tend to be more cautious about digital publishing. From the customers’ point of view, a normal end user may not have needs to own more than one e-book reader in most of the cases, unlike in music use case where end users normally have more than one device to consume the music. However, similar concerns of usage restrictions, such as printing, as well as interoperability issues, such as sharing with friends, have been raised as well (Carreiro 2010). Some of the concerns have been taken into the DRM implementation. For example, Nook, the e-reader from Barnes & Noble, allows book sharing (Trivedi 2009). Still, due to the lack of DRM interoperability among e-book retailers, customers are locked with their retailers. When they need to upgrade or to resell their e-reader devices, they also need to take legacy content into consideration (Carreiro 2010). As Trivedi (2009) mentioned, the publishing industry is still in its early phase of DRM adoption compared with the music industry. Whether DRM adoption will follow the similar trend occurred in the music industry is yet to be seen.

The DRM adoption in the video industry resembles the music industry in many ways. Many video retailers have adopted DRM with a subscription based streaming service model, such as Netflix, Spotify, Hulu, and Amazon Prime Instant Video (Wang et al. 2013). According to DEG (2015), subscription streaming spending in U.S. has increased 25.81% from 2013 to 2014, which represents 53.3% of total digital spending of U.S. Home Entertainment. Still, instead of offering DRM-free content as the music industry did, the video industry has been searching for an interoperable solution that gives customers more flexibility among different retailer DRMs.

UltraViolet, as a plausible solution, has been pushed by the industry and been gaining momentum (Schultz 2012). According to the DEG 2014 year-end cover note, the number of UltraViolet accounts grew more than 30% in 2014 and reached 110 million registered rights in total.

While reviewing the industry adoption of DRM for music, eBook, and video, it is worth noticing that DRM interoperability has been one of the main issues complained by the customers.

1.2.2 Legal perspective

Although rights holders expected DRM to prevent privacy, many of the DRM systems were hacked (Hauser and Wenz 2003). It was believed that criminalization of profit-driven hacking can be effective in increasing the cost of hacking and

(25)

therefore reducing its quantity (Leeson and Coyne 2005). In response to the industrial concerns regarding the vulnerability of DRM technology to hacking, policy makers started to address them into the law. In 1996, member states of the World Intellectual Property Organization (WIPO) signed and adopted the WIPO Copyright Treaty (WIPO 1996). WIPO (1996) stated “Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.” As a consequence, member states started to implement necessary legislation to comply with the WIPO treaty. For example, Digital Millennium Copyright Act (DMCA 1998), as the US implementation of WIPO copyright treaty, was enacted in 1998. In the European Union, Directive 2001/29/EC, also known as European Union Copyright Directive (EUCD), was adopted in 2001.

As Samuelson (2003) summarized, DMCA in Section 1201 prohibits both the circumvention of the technological measures that protect a copyrighted work or controls access to the work; and the manufacture, distribution, or trafficking of technologies primarily designed or produced to circumvent those technological measures. DRM systems as a part of technological measures that control access to protected content are therefore protected by DMCA. However, DMCA not only protects DRM systems against piracy but also turns DRM systems into effective means of governing the use of copyrighted works in digital format (Elkin-Koren 2007). Any attempts to consume the content not allowed by the DRM system are illegal even for the consumers with legal purchase. For example, Mulligan et al. (2003 Oct) explained how simply sharing a subscription account with another person could potentially violate DMCA. Liu (2013) discussed how DMCA raises additional barriers to the encryption research even though an exemption for such research was presented in DMCA. Elkin-Koren (2007) elaborated on how DMCA was used to compromise consumers’ freedom with the Lexmark and Chamberlain case. The fundamental question is whether consumers are entitled to any other usage rights than the purchased rights governed by DRM systems. The answer resides in fair use

(26)

exemption for unauthorized use of the courts, and therefore enhances flexibility to react to unforeseen challenges that fair use faces when new technological development impacts the copyright system. Burk and Cohen (2001) presented how fair use had performed a variety of social functions within the policy framework of copyright law before DMCA came, and how fair use was not properly reflected in DMCA. Mulligan et al. (2003) believed that fair use exceptions in U.S. copyright law were being undermined by rules that DRM and DMCA enforce which reflects the exclusive interest of rights holder alone. Armstrong (2006) explained how DMCA allows DRM systems to override the fair use doctrine and to change the user experiences that customers are used to before DRM came.

EUCD resembles DMCA in many ways as both are inspired by the corresponding provisions of the WIPO Treaties of 1996 (Fallenbock 2002). As stated in Article 6 in Directive 2001/29/EC (2001), EUCD also requests member states to provide legal protection against the circumvention of technological measures as well as the manufacture, distribution, trafficking of devices, products or components or the provisions of services which are primarily promoted or designed for enabling or facilitating the circumvention of any effective technological measures that prevent or restrict unauthorized access to copyrighted works. Besides the commonality shared between EUCD and DMCA, Dusollier (2003) believed DMCA addresses fair use to a limited extent with a reactive approach to defining a number of exemptions out of scope of legal protection, while EUCD prefers a proactive approach by requesting rights holders to make available the means of benefiting from those exceptions or limitations related to fair use. On the other hand, Senftleben (2010) argued that EUCD failed to offer member states either legal certainty or sufficient flexibility towards fair use doctrine. Hugenholtz and Senftleben (2011) demonstrated how the lack of flexibility in EUCD has caused struggling in courts from several member states when certain fair use is not explicitly recognized in the law. Brown (2003) demonstrated the inconsistency in dealing with interoperability and research related issues among the EUCD implementations from different European countries.

It seems that the fair use doctrine is a delicate balance between freedom and protection inherent in copyright law (Senftleben 2010). Therefore, DRM systems should embrace fair use. Burk and Cohen (2001) proposed a mixed fair use infrastructure with the automatic mechanism as first layer support in domestic DRM system to grant rights in primitive cases of fair use and a mediation mechanism as second layer support with a trusted third party to grant rights in advanced cases of fair use. Armstrong (2006) attempted to enhance the offline experiences of fair use

(27)

in Burk and Cohen’s proposal with a rights assertion framework accompanied with identity escrow. Armstrong (2006) explained the conflict of interests in the case of allowing copyright holders to decide whether to grant a set of usage rights for fair uses to the customers. Therefore, granting a disinterested party, such as the government, the authority to authorize requested fair uses could be a preferable solution. In such case, it seems inevitable to allow the DRM system of the disinterested party to interoperate with the DRM system that the copyright holder chooses to enforce purchased rights. Also, Mulligan et al. (2003) believed that allowing rights to be transferred is clearly one step toward better alignment with personal use expectations which includes fair use. DRM interoperability could be a preliminary requirement for a DRM solution that truly embraces fair use.

1.2.3 Technological perspective

As discussed in Section 1.1.1, DRM technologies should cope with digital content that needs to be distributed and consumed in a controlled manner. Therefore, controlled distribution and controlled consumptions are two main perspectives that DRM technologies deal with.

As Liu et al. (2003) pointed out, without protection, digital content can be easily copied and altered. In order to distribute digital content in a controlled manner, a protection mechanism needs to be in place. Protection mechanism can be categorized into the proactive approach and reactive approach. Proactive approach intends to prevent uncontrolled distribution or consumption while the reactive approach is used to identify the breach of controlled distribution or consumption.

To proactively protect electronic information during transmission between terminals and computers, common cryptography mechanism was introduced into public with an IBM research program initiated in the late 1960s (Smid and Branstad 1998).

Encryption can be either symmetric or asymmetric, and asymmetric encryption offers separation of secrecy and authentication (Simmons 1979). The content is usually encrypted with a unique symmetric key due to performance concerns (Jeong et al. 2005). The encrypted content cannot be decrypted without the content

(28)

to authenticate the DRM agent. For example, OMA DRM chooses to utilize public key infrastructure (PKI) based on asymmetric encryption to securely authenticate the client (OMA DRM v2.2). Jeong et al. (2005) demonstrated how PKI could secure the key distribution between rights issuers and DRM agents. As a proactive approach can be breached, a reactive approach is important for damage control, such as tracking down the origin of the breach. In order to identify a DRM breach in distribution, the digital watermark can be applied to the copyrighted content. Digital watermark can be used to trace copyright violators by embedding the rights holder’s info and consumer’s info into the digital content (Thomas et al. 2009). Schyndel (1994) demonstrated how to code an undetectable watermark to an image that could potentially apply to copyright infringement protection. Boney et al. (1996) showed how to hide copyright information in the audio signal. Dittmann et al. (1998) evaluated and improved video watermarking techniques designed to ensure copyright protection.

In order to consume the content in a controlled manner, the DRM agent needs information about the usage rules granted to the customer. Thus, a descriptive language is required to express the rights in a machine-readable manner, in other words, rights expression language (REL). REL describes the basic grammar in general. When applied to a specific domain, the dedicated vocabulary to the domain is required and usually defined as rights data dictionary (RDD) (Schmidt et al. 2004).

Xerox introduced the Digital Property Rights Language (DPRL) to support commerce in digital works (DPRL 1998). In 1999 the meta-language of DPRL changed from a Lisp-style to XML and DPRL became eXtensible rights Markup Language (XrML) (Wang et al. 2002). XrML was later selected as the core architecture and base technology for MPEG-21 Rights Expression Language (Wang et al. 2005). Another important branch of REL is Open Digital Rights Language (ODRL), which was created in 2000 and later adopted by the Open Mobile Alliance (OMA) as the REL used in its DRM specification for mobile content (Iannella 2004).

Schmidt et al. (2004) summarized the development of REL in Figure 7.

(29)

Figure 7. Genealogy of rights expression languages (Schmidt et al., 2004)

With the required technologies in place, DRM systems started to flourish. Many DRM systems emerged, such as Window Media DRM, which later evolved to Microsoft PlayReady (Microsoft 2015), and OMA DRM (Open Mobile Alliance 2011). However, DRM systems are built to govern the rights and content produced within their own systems. DRM systems are not designed to interoperate with each other. The emerging demands for DRM interoperability challenged the existing architecture of DRM solutions.

1.3 Research objective and research questions

The growth of the digital content industry justified the importance of DRM. Out of many issues identified from the industrial deployment of DRM, the lack of DRM interoperability has received a lot of the attentions from business, legal, and

(30)

important role in such dilemma. From the technology perspective, DRM interoperability brings a challenge to existing DRM solutions and demands further development towards an interoperable solution. Therefore, this dissertation was designed to contribute to DRM interoperability.

As defined in Section 1.1.2, DRM interoperability could be achieved at three different levels: application, device, and system level. While device and application interoperability of DRM can be achieved within a specific DRM system, system interoperability demands interaction among different DRM systems. As discussed in Section 1.1.2, there are the benefits that only system interoperability could provide, such as the freedom to change retailers without losing the purchased rights of content. Thus, DRM system interoperability is the level this dissertation aims at. The high-level research objective is to achieve DRM system interoperability.

In order to identify the existing research on the DRM system interoperability and the gaps that require further research and development, a thorough literature review was conducted, and details are presented in Chapter 2. DRM system interoperability has been discussed by a few researchers, such as Koenen et al. (2004), Schmidt et al.

(2004), and Safavi-Naini et al. (2004). Koenen et al. (2004) proposed architectural options in high level to achieve DRM interoperability. Schmidt et al. (2004) identified necessary tasks. One of the tasks is to reformat rights. DRM systems based on different RELs don’t interoperate with each other as they express usage rules in different languages. Even for systems based on the same REL, one system may have trouble expressing the usage rules defined by another system if they have different sets of the vocabulary defined in RDD. Safavi-Naini et al. (2004) discussed further on rights reformatting and introduced the concept of rights exporting. Rights exporting is to export rights governed from one DRM system to another. It is one of the key processes for DRM system interoperability. Even though Safavi-Naini et al. (2004) provided some recommendations on how to perform rights exporting, the whole process was not well defined, and some details were still missing, such as how to perform rights adaptation, etc. Therefore, the author decided to put the research focus on rights exporting between DRM systems and develop a formalized process for it. The main subject of the research is the rights exporting between DRM systems.

Given a proposed version of the rights exporting process, an indicator is required to measure the performance of the process proposal. The effectiveness determines how successfully rights can be exported and has direct impacts on the end users in the case of DRM interoperability. Thus, it is taken as the primary performance indicator for rights exporting process during this dissertation.

(31)

In summation, the research question is established as below:

How to perform rights exporting effectively between DRM systems to achieve DRM system interoperability?

The research question consists of three parts: what, why, and how as listed below:

Why (objective): to achieve DRM system interoperability

What (subject): to perform rights exporting between DRM systems How (performance): effectively

The “Why” part is one objective of the research. Section 1.1 provides the theoretical rationale for DRM system interoperability and Section 1.2 provides evidence of the demands for DRM interoperability from different perspectives. Those motivations justify the research objective.

The “What” part defines the main subject of the research. In order to clarify the scope, the formal definitions of rights, rights exporting, and DRM systems need to be provided after a thorough literature review. As rights exporting is performed among DRM systems, a system agnostic approach is needed to express rights. Thus, a generic rights model needs to be established to facilitate the discussion and to unify the expression. Based on the rights model, methods and algorithms can then be developed and formalized as stepping stones towards rights exporting process.

Finally, the rights exporting process can be constructed by connecting methods and algorithms in an optimal sequence.

The “How” part determines the quality of the research by measuring how effectively the rights exporting is performed. “Effectively” means “in a way that is successful and produces the intended results” according to Cambridge dictionaries online (2015). In order to determine how effectively rights exporting is performed, the success criterion and intended results need to be clarified for rights exporting.

For example, given a rights instance as an input, what is the ideal output and what is the range of an acceptable output. In order to provide a meaningful comparison, different versions of rights exporting process should be examined with the same set of rights as input. For example, if the first version of the process produces better

(32)

1.4 Summary outline

This summary is structured into five sections: introduction, related research, research timeline and methodology, results, and conclusions.

The introduction chapter briefly provides the holistic background of the research area, the research motivation and scope, and the overall theme and structure of this dissertation. The related research chapter covers the literature review of the research domain in detail and outlines the framework of this dissertation. The chapter on research design and methodology shows how the research was designed and conducted in a systematic manner. The results chapter reviews what has been achieved during the course of completing this dissertation. The conclusions chapter discusses the limitations and the future of the research.

(33)

2 RELATED RESEARCH

This chapter reviews previous research related to the research questions this dissertation focuses on.

2.1 DRM systems

As concluded in the introduction chapter, the definition of DRM in the scope of this dissertation is to manage the distribution and the consumption of the digital content in a controlled manner in order to enable business models between rights holders of the content and consumers in digital marketing. This chapter reviews a few existing DRM systems focusing on the following perspectives: distribution model, rights model, and supported business models.

2.1.1 Perspectives in DRM systems

This section outlines the key perspectives that this dissertation focuses on DRM systems.

One of the essential features DRM systems provide is content and rights distribution. As illustrated in Figure 2, content needs to be encrypted before delivering to the client side to consume. Both the encrypted content and the encryption key need to present when the content is consumed. A distribution model defines how a DRM system distributes content and rights to the client side. For rights distribution, depending on whether the rights that hold the encryption key to the encrypted content are delivered together with the encrypted content, rights distribution can be categorized into two types: separate distribution and combined

(34)

instance of rights may be embedded into a video file for distribution. After downloading the file, the rights can be installed from the instance embedded in the video file. For content distribution, depending on whether the content is delivered as a whole, content distribution can be categorized into two types: file distribution and streaming distribution. File distribution means that content is delivered to the client side as a file, such as a video file. Streaming distribution means that content is delivered to the client as media segments on demand, such as video streaming. Then the media segments can be consumed immediately instead of consuming the media as a whole.

Once both content and its associated rights are present on the client side, a client- side application can render the content for the end user to consume with the help of a DRM agent. How the content can be consumed is described in the rights model.

There are three core entities involved in DRM: users, rights, and content (Guo 2001), where users can be different parties like an end user, a rights holder, a publisher, etc.

Rights model defines the detailed relationship among core entities. The relationship is modeled within the rights expression. Therefore, rights model normally links to a rights expression language (REL), which expresses the usage rights in a machine- readable language.

Figure 8. Core entities and their relationships (Guo 2001)

A DRM system can enable various business models based on the distribution model and rights models. Here are the business models supported by the most of the state- of-art DRM systems:

Subscription allows a service provider to charge end users with a flat rate for access to any content in the service provider’s collection. For example, services like Netflix, Spotify, Hulu, and Amazon Prime Instant video, charge a recurring fee for access to a large database of media (Wang et al. 2013).

(35)

Pay-per-use allows a service provider to charge end users based on the amount of actual usage upon the content. For example, Sony picture offers pay-per-view for the video on demand (Sony Picture 2016).

Rental allows a service provider to charge end users for time-based rights to content.

For example, Apple iTunes Store provides a movie renting service to allow users watch a movie as many times as preferred by the end user within a time period (Apple iTunes Store 2016).

Purchase allows a service provider to charge end users with a rate to cover the unlimited usage of the content supported by the DRM system. For example, e-book stores like Amazon Kindle and Apple iBooks allow end users to purchase e-books (Trivedi 2009).

Ad-based allows a service provider to insert advertisement when end users consume the content. For example, Spotify provides an Ad-based free account for end users to use freely with advertisements showing periodically (Spotify 2016).

Besides business models, there are use cases that most end users desire and therefore should be enabled by DRM systems. For example, the device domain concept allows a group of devices to share domain bound rights, which solves the issue that end users have to purchase different licenses for each device they own. Another example is about temporary sharing as some of the fair use scenarios are based on temporary sharing. End users may want to share the content with devices for a temporary and non-commercial usage e.g. to display an image or play music on a friend’s device temporarily.

By reviewing the key perspectives of existing DRM systems, a set of system characteristics can be generalized. It helps in establishing a generic rights model to facilitate the research of this dissertation.

2.1.2 Microsoft PlayReady DRM

Microsoft PlayReady (2015) is the premier DRM platform that protects and distributes digital content. Microsoft has invested in PlayReady for over 14 years and over $2 billion in R&D. Microsoft PlayReady is a good example of a commercial DRM system that the third party can leverage with.

(36)

Figure 9. Distribution model of PlayReady (Microsoft PlayReady 2015)

The distribution model that PlayReady supports resembles the model illustrated in Figure 2 with different terminology as shown in Figure 9. Digital content is encrypted by the encoder with an encryption key also available on the license server. After the content is encrypted, it can be delivered to playback clients via the content distribution network. PlayReady clients discover the content from the service associated with the client. In order to decrypt the content, a PlayReady client needs to send a license request to a PlayReady license server. The PlayReady license server authenticates the client and issues a license back to the client. Then the client uses the license key to decrypt the content and render the content according to the policies specified in the license. PlayReady also supports a few variations on this model. For example, a license can be embedded in the content without utilizing a license server for distribution. In other words, PlayReady supports both separate distribution and combined distribution for rights distributions. For content distribution, PlayReady supports both file distribution and streaming distribution. In file distribution, PlayReady supports two modes in file distribution: basic download mode and progressive download mode, where progressive download allows the client to start to render the content during downloading and without waiting for the completion of downloading.

The rights model of PlayReady is based on extensible media rights (XMR) expression language (Microsoft PlayReady 2008). As specified by Microsoft (Microsoft PlayReady Client 2015), the essential components in the rights model of PlayReady are structured as a rights container named “license” which contains a content key and policies. The content key is a symmetric cryptographic key to decrypt the encrypted content file. Policies are usage rules that specify how, when

(37)

and where content can be consumed. Beyond the simple license model, PlayReady also supports chained license. Chained license structure is formed by one root license and one or multiple leaf license(s). Root license contains a root key used to encrypt content keys in all its associated leaf licenses.

PlayReady enables a wide range of business models. The simple license model can address the need for Pay-per-view model and purchase model. Chained licenses are frequently used by subscription model to renew licenses for a huge number of content more efficiently. PlayReady supports rental scenarios by supporting time- based licenses. Moreover, PlayReady (Microsoft PlayReady 2015) also claims to support advertisement insertion. PlayReady also supports domain use cases.

According to Microsoft (Microsoft PlayReady 2015), PlayReady has been approved by major Hollywood studios, the Digital Entertainment Content Ecosystem (DECE), UltraViolet, and HbbTV. PlayReady is available on multiple platforms, such as Android, iOS, Windows/Windows phone, Xbox, and various types of devices.

2.1.3 OMA DRM

The Open Mobile Alliance (OMA) is an industry body constituted to develop standards for the mobile phone industry (Safavi-Naini et al. 2004). OMA DRM specifications provide mechanisms for secure authentication of trusted DRM agents, and for secure packaging and transfer of usage rights and DRM content to trusted DRM agents (OMA DRM v2.2 2011).

(38)

Figure 10. OMA DRM distribution model (OMA DRM v2.2 2011)

Figure 10 illustrates the normal distribution model that OMA DRM uses. Content issuer uses CEK to encrypt the original content into protected content with the DRM content format (DCF). Then the protected content can be safely delivered to a DRM agent through any channels e.g. a removable media or a web store. When the end user wants to consume the content, the end user requests a rights object from a rights issuer through a DRM agent. Once the billing transaction is confirmed, the rights issuer delivers the rights object to the DRM agent. The DRM agent can decrypt the protected content using the CEK in the rights object and consume the content according to the usage rules defined in the rights object. OMA DRM supports combined delivery of protected content and rights objects. Combined delivery allows the protected content and rights object to be delivered together in a single download transaction. Thus, OMA DRM supports both the combined distribution and separate distribution for rights distribution. For content distribution, OMA DRM supports both the file distribution mode and the streaming distribution mode.

The rights expression language of OMA DRM (OMA DRM REL) specifies the syntax and semantics of rights based on the Open Digital Rights Language (OMA DRM v2.2 2011). OMA DRM REL is a mobile profile of Open Digital Rights Language (ODRL) with additional permissions and constraints defined in a data

(39)

dictionary. The details of ODRL are reviewed in Section 2.5. The rights model of OMA DRM REL consists of the following sub-models:

Foundation model contains the basic of rights and incorporates the agreement model and the context model.

Agreement model expresses the rights granted to content and incorporates the permission model and the security model.

Context model provides metadata of rights and augments the foundation model, the agreement model, and the constraint model by expressing additional info.

Permission model specifies the granted access and incorporates the constraint model.

Requirements model enhances the permission model by specifying pre-conditions that should be fulfilled in order to obtain the related permissions.

Constraint model enhances the permission model by providing fine-grained consumption control of content.

Inheritance model allows a parent rights object to specify permissions and constraints for one or more pieces of DRM content each governed by a child rights object.

Security model provides information related to the confidentiality for the CEK of rights object, the integrity of association between rights objects and DRM content, and the rights object integrity and authenticity.

As an open DRM standard initiated in 2003, OMA DRM v2.2 (2011), the latest version, enables a wide range of business models. The permission model and the constraint model effectively support pay-per-view and rental business model. The inheritance model enables the subscription business model. The requirement model contains the AdvertisementPolicy element which enables the advertisement insertion business model. OMA DRM v2.2 supports domain use cases. Moreover, the domain property (noConsumeAfter) enables temporary sharing use cases which would have been difficult to achieve.

OMA DRM v2.2 also takes interoperability into consideration. It supports the export use case. Its content may be exported to other DRM systems that are not OMA DRM compliant. The export use case involves checking with the rights issuer whether the export is allowed for the content type and the target system, as well as

(40)

2.1.4 Marlin DRM

Marlin is an initiative started by Intertrust Technologies, Philips, Sony, Samsung and Panasonic to develop open standards for interoperable DRM technology (Keoh 2011). The Marlin architecture specifies technologies for building DRM into consumer devices and services, which incorporates two important platform technologies known as the Octopus DRM architecture and Networked Environment for Media Orchestration (NEMO) framework (Marlin 2011). Octopus is a set of specifications and a reference implementation for a simple, open, and flexible DRM engine of core DRM functions to determine whether access should be granted in a given set of conditions, while NEMO combine SOAP (Simple Object Access Protocol) web services with SAML (Security Assertion Markup Language) authorizations to provide end-to-end message integrity and confidentiality protection, entity authentication, and role-based service authorization (Marlin 2011).

Figure 11. Marlin DRM sample interaction (Marlin 2011)

(41)

Figure 11 illustrates a sample DRM system interaction. Starting from Step 1, a user uses a client application to browse content published in a web store, which is the front end of all the operations that provide information and choices for the end user.

Once the user selects the preferred content in Step 2, the web store tells the client application where and how to obtain the content by providing an action token that specifies all the DRM-related steps required prior to content playback. In Step 3 the web store also exchanges data related to the user purchase with its back office, which is usually responsible for managing user accounts, license information, performing database transactions, etc. The client application obtains the content from the content server in Step 4. The client application in Step 5 passes an action token to an API provided by the Wasabi SDK, which is an example Marlin client implementation developed by Intertrust which encapsulates all Octopus DRM related functions on the client side. In Step 6 the Wasabi API will process the action token and deliver service requests with business tokens to the Bluewhale server, which is an example Marlin server implementation developed by Intertrust and Sony.

The communication (Step 6 and Step 9) between a Marlin Client (Wasabi in this case) and a Marlin server (Bluewhale in this case) is always via Marlin protocols based on NEMO and the service requests and responses between client and server contain Octopus objects. The Bluewhale server in Step 7 sends server-to-service requests with business tokens to the back office of the web store. The back office applies the business logic and in Step 8 returns the information required by the Marlin server, which in this case is the Bluewhale server. If the negotiation between Bluewhale and back office goes successfully, the Bluewhale server in Step 9 sends a response to the Wasabi SDK with a license to the content. Once both content and its associated license are present on the client application side, the user in Step 10 can request playing of the content. The client application in Step 11 asks the Wasabi SDK to determine whether the license allows the content to be played. If so, the Wasabi SDK decrypts and plays the content with the client application.

(42)

Figure 12. Octopus license structure (Marlin 2011)

There are essentially four types of Octopus objects: content, license, node, and link.

The content object represents the multimedia content that is encrypted with a content key. License object specifies the controls that govern the use of the content (Keoh S.L. 2011). As illustrated in Figure 12, a license object is a collection of the following objects:

ContentKey includes encrypted key data.

Protector binds content objects to ContentKey objects.

Control includes and protects the control program.

Controller binds ContentKey objects and control objects.

Metadata provides information to describe the conditions required by the license.

Unlike traditional DRM systems, Octopus does not use a REL to represent usage rules (Boccon-Gibod et al. 2009). Instead, it uses a semantic-free procedural approach, which represents all rules by executable programs expressed as a sequence of bytecodes for a small virtual machine called Plankton. To evaluate a rule, Octopus prepares the inputs for the rule and then executes the byte code. The result of execution determines whether the requested action on the content is granted or denied. Using control program separates the protection of the content from the governance of the content. It provides great flexibility and extensibility in defining

(43)

usage rights for the end users and reduces implementation efforts on the client side (Boccon-Gibod et al. 2009).

Figure 13. An example directed graph of Octopus's nodes and links (Marlin 2011)

Besides the license object and content object, Octopus also defines two other important objects: node object and link object. Node and link objects are used to express the relationships between devices the user owns, subscriptions and user’s accounts with the service providers in the form of a directed graph (Keoh 2011). In Figure 13, nodes are illustrated as circles and links between nodes are shown as arrows. Figure 13 indicates that device A belongs to the user Bob, and device B and C belong to both Bob and Carol. Bob subscribes to the video subscription service.

Whether a device is permitted to access content is determined by the control program in the license. Within the control program, the service provider will specify a target node. If the target node is reachable via a link or a chain of links from the device node, then the device node can play the content. Usually, a target node is a user node. In a subscription case, a target node can be a subscription node. Octopus uses a cryptographic scheme called Scuba to leverage the existence of the node and link topology in order to facilitate the distribution of content keys to the client node for consumption. As illustrated in Figure 14, each node is assigned with a set of

(44)

Figure 14. Octopus link and node objects (Boccon-Gibod et al. 2009)

With the Octopus DRM engine, Marlin supports various business models. Simple business models, such as pay-per-use, rental, and purchase, can be easily supported by customized control programs defined in license objects. Subscription model and domain usage can be supported with link and node objects. Marlin also specifies dynamic media zones as an extension to the core specification which provides support for the description of different types of zones in media presentation, such as advertisement zones that enables the advertisement business model (Marlin 2011).

In temporary sharing case, Marlin (2011) demonstrates how to achieve temporary sharing with an example use case to play a purchased movie at the friend’s place by using a temporary link node.

Marlin (2011) also proposes a mobile delivery solution called OMArlin to enable interoperable download, streaming, sharing, and consumption of content between OMA and Marlin DRM systems. OMArlin uses the OMArlin content format which is based on OMA content format. An OMArlin content file can contain both OMA rights objects and Marlin licenses, as well as information needed to retrieve a license from a Marlin server or a rights object from an OMA rights issuer. OMArlin also

(45)

embraces domains which can contain both devices with OMA DRM agents and devices with Marlin DRM clients.

According to Intertrust (2016), Marlin has been adopted by several national initiatives and standards bodies, such as YouView (www.youview.com) in the UK, TivùOn! (dgtvi.tivu.tv/bollino-tivuon.aspx) in Italy, and the IPTV Forum Japan (www.marlinusers-japan.org). Some of the popular Internet TV services also use Marlin technology. For example, AcTVila (www.actvila.jp) in Japan and HbbTV (www.hbbtv.org) groups in France and Spain have selected Marlin as one of their DRM options. Some standards-based ecosystem, such as Ultraviolet (www.myuv.com) have approved Marlin for distributing premium Hollywood content.

2.2 DRM in layers

In Chapter 1, the definition of DRM in this dissertation was provided, and a reference DRM system was presented. This section introduces the layered view of DRM architecture proposed by Jamkhedkar and Heileman (2004).

Effective Rights Exporting Process - Towards system interoperability of digital rights management

WENHUI LU

Effective Rights Exporting Process

Towards system interoperability of digital rights management

WENHUI LU

Effective Rights Exporting Process

WENHUI LU

Effective Rights Exporting Process

ACKNOWLEDGEMENTS

ABSTRACT

CONTENTS

1 INTRODUCTION

1.1 Definitions

1.2 Background and motivation

1.3 Research objective and research questions

1.4 Summary outline

2 RELATED RESEARCH

2.1 DRM systems

2.2 DRM in layers