In the first of the “Hitchhiker’s Guide to DRM” series, we define
- what DRM (Digital Rights Management) is,
- and why it plays an important role in ensuring fair use of digital resources through a combination of encryption, access control technology, and business rules.
The Tale of Two Boys
Ram and Shyam were 7th graders who loved passing notes to each other during class. An inseparable duo, their notes contained the latest school gossip, computer game cheat codes, and cricket match scores.
Their notes used to pass through several of their classmates’ hands in their journey because they sat far away from each other in class. But, the boys weren’t worried about others learning their secrets because they trusted their classmates.
However, one sad day, one of their classmates opened one of their notes and broke their trust!! Delighted by the juicy gossip in the note, he used it to take Ram and Shyam’s lunch money.
Having lost all of his lunch money, Ram thought long and hard about sending his notes securely to Shyam and before long, Ram had an idea.
“How about using a code language to write my notes?”
Excellent idea, he thought to himself and set about creating a substitution code (1 for A, 2 for B, and so on). The following day in class, Ram used his new code language to write a secret message and send it to Shyam.
The note made its way to Shyam through the hands of several curious (& nosy) classmates, and none of them could crack the code.
But, when Shyam got the message, he looked perplexed and thought to himself –
What are these numbers, squiggly lines, and alphabets? Is Ram testing his new pen, or was he hit on the head with a cricket ball?
Ram stared at Shyam’s puzzled face with equal bewilderment and suddenly realized his mistake. He had forgotten to send Shyam the key to the code!
So, Ram wrote down the code on a piece of paper and sent it to Shyam, who used it to decode the note.
Job well done, Ram thought to himself.
They didn’t know that one of their classmates had copied down the coded message and now had the codebook. For the second day in a row, Ram and Shyam lost their secrets and their lunch money.
They realized that they needed to transmit the code securely each time they used code or changed it.
But how would they do that?
What Did Ram & Shyam Do?
Narrator: The problem faced by the boys is a classic problem in data transmission. It is easy to use a codebook, create a secret message, and send it to the recipient but, how do you send the codebook to the recipient and prevent it from falling into the wrong hands?
Then one night, Shyam had a brainwave. He called Ram and said –
Shyam: Hey – suppose we ask Hari to join us in note passing? We’ll ask him to keep the codebook safe in his schoolbag. Each time you or I need to write or read a message, we’ll ask Hari for the codebook. What do you think?
Ram: Hey – that could work! But, will Hari agree to this?
Shyam: Yea – I thought of that too. Every time we ask him for the codebook, let’s give him a chocolate.
Ram: Ah – excellent idea!
Narrator: So, the boys decided to bring in their friend Hari into their plans and asked him to be a “trusted” third-party. And, his duties were to –
- invent a new code every day to reduce chances of someone cracking it and
- provide the code’s key to only Ram and Shyam in a way that nobody else can open and read it.
And the boys had to give him a bar of chocolate each time they asked for the codebook.
Yummy price to pay for privacy, huh?
Digital Rights Management (DRM)
In reality, what our creative 7th graders invented was a Digital Rights Management (DRM) system that not only provided security for their content (notes) but also allowed them to set some rules.
Digital Rights Management (DRM) is a method of protecting your content while having the flexibility to chose who gets to consume it via business rules and a secure, protected communication protocol.
For example, you could set rules to,
- block people from certain countries,
- allow access to the content for a certain period,
- prevent a user from casting the movie onto a screen,
- block free users from accessing premium content,
- block playback on specific devices,
DRM plays a vital role in reducing piracy and ensuring that content creators can monetize their efforts.
But, remember this – DRM is not the same as encryption.
DRM is a system or solution that
- uses encryption to protect the content
- uses specialized techniques to securely store and deliver the encryption/decryption keys (codebooks in our 7th graders’ example) and use the keys to decrypt the content in a way that it doesn’t get into the wrong hands.
- allows the content publishers to set business rules and control who can consume their content (expiry times, etc.).
We’ll learn more about this in future articles.
Back to Our 7th Graders
Now let’s go back and look at the simple solution that our 7th graders invented, which provided
- a high-security level through daily renewal and code rotation.
- authentication and rights management (read, write permissions)
- a well-defined pricing model.
The truly remarkable part about this scheme is that as Ram and Shyam get more popular in school, they can allow a few other classmates to only “read” their messages and not “write” any messages.
All they’d need to do is go to Hari, give him the names and photos of their “newly trusted” friends, and ask Hari to allow them only to read the messages.
And if the boys’ messages get super-popular, they can ask Hari to
- block or allow access to classmates based on where they sit in class: front-benchers not allowed (geo-blocking)
- Create a set of special notes and charge their classmates two chocolates to read them. All they need to do is tell Hari their subscribers’ names. (paid usage / subscribers / freemium model)
- deny access to messages that are more than 2 hours old (stale news!) (expiry date & time of day restriction)
And so on. Amazing, right?
A simple technique to prevent others from reading their messages has now turned into a full-blown business with
- heavy-duty encryption and
- business rules that decide access and usage rights.
Commercial DRM Solutions
Commercially, there are many trusted DRM technologies such as Microsoft’s PlayReady, Google’s Widevine, and Apple’s FairPlay. And there are DRM vendors who provide additional infrastructure around these DRM solutions by adding more business rules, analytics, and tools for publishers.
In future articles, we’ll examine the differences between them and see where they are applicable.
Until then, take care, and see you soon!
Note: DRM is seen as a contentious topic with people on both sides of the fence. This series of articles is a technology-explainer and stays clear of the other debates on DRM.