AI You Can Trust - Ensuring Success with Data Integrity Webinar
2016 Readium LCP workshop at EPUB Summit
1. European Digital Reading Lab
Licensed Content Protection (LCP)
EPUB Summit workshop
Laurent Le Meur
2. Scope of the workshop
● Update the participants on the architecture of Readium LCP, the workflow, the
state of the developments, the agenda, the costs involved;
● Detail the certification process;
● Exchange on the level of protection of Readium LCP;
● Exchange on the level of support of this new DRM by the participants.
3. DRM = Digital Rights Management
Technical
implementation of a
business model (ex.
Library lending)
Protection against wild
dissemination (anti-
pirating)
Are obligations more than
rights
Complexify access to e-books
Lower interopérability and
accessibility
Hurt honest sharing
Make archiving an illusion
=> push people to use anti-
DRM tools
4. What the devil was he doing in that galley?
LCP implémentation decided in november 2015,
launched in january 2016.
Why do we offer our beloved ebooks to the
DRM Moloch?
- Because public libraries need a better solution than
the Adobe DRM
- Because for most publishers, unprotected EPUB is a
showstopper
- Because the spec is almost ready for 2 years
- Because we have been donated source code to help
5. Goals of Readium LCP
● Simplicity for the user
● Perfect interoperability in the LCP ecosystem
● No limitation on content accessibility
● Offline access to the documents always possible
● Dynamic update of licenses
● Unlimited access (in time) to the documents
● Family sharing possible
● No centralized server
● Low development costs
● Limited cost of certification
7. Readium LCP = simplicity
Encrypted content
Associated decryption key
(passphrase)
The owner of the
passphrase can read the
document
The App can store the key,
so that the user can forget it
9. 2/ License generation
= + + + + +
Protected
content key
Rights Provider
certificate
Passphrase
hint
Signature
License
Personal
data
Standard rights: start/end datetime,
print (# pages),
copy (# characters),
tts (yes/no)
10. Choose a passphrase
A user will usually have one passphrase per bookseller or public library.
Must be easy to remember or find.
A hint stored in the license by the licensor will help the user when needed.
It MUST be clear to the user. In a public library, the user ID can be a good choice.
The passphrase will usually be requested only when a protected document is side
loaded in a new device.
12. 4/ Open with a passphrase
Hint User Passphrase
Signature
checking
EPUB / LCP Content key Clear content
content
The passphrase may be acquired automatically and stored in the
app without user action. The user will use the hint to “remember”
the document passphrase.
13. 5/ Dynamic update of the license
● Early return
● Extended lending
● Requires an online connection
● The licensor can track the number of devices opening the document
15. What is the certification?
● Readium LCP is a DRM ecosystem
● Certification is
○ Guarantee of compliance
○ Guarantee of robustness
○ Guarantee of interoperability
● The specification will be public
● The source code will be open-source (BSD-like)
● But some confidential information will be transferred to the participants to an
LCP ecosystem
○ Root certificate (ITU)
○ Provider certificate
○ Readium LCP 1.0 profile information (unavailable in the specification)
16. Compliance rules, Robustness rules
● Client and server side
● Compliance
○ Server app must alert if *many* devices use the same license
○ Client app must develop an anti-rollback clock (details to be defined)
○ etc.
● Robustness
○ A certain data type must be protected against a certain type of attack to a certain extent
■ Client app must obfuscate the decryption process
■ Client app must hide Readium LCP confidential information
■ Client app must securely store user keys
■ Server app must protect the provider private key
17. Agenda
Q1 2016: development (iOS, MacOS, Android)
Q2 2016: development (iOS, MacOS, Android); first tests; contractual documents;
pricing;
Q3 2016: interop tests; certificate authority setup
Q4 2016: first certifications; launch