Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

B.Rosenblatt presentation of LCP, epub summit


Published on

This presentation was given at the EPUB summit on April 7th, 2016, by Bill Rosenblatt, from GiantSteps, US. It presents the status of the Licensed Content Protection DRM, to be implemented as a plug-in of the Readium SDK.

Published in: Technology
  • I think you need a perfect and 100% unique academic essays papers have a look once this site i hope you will get valuable papers, ⇒ ⇐
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

B.Rosenblatt presentation of LCP, epub summit

  1. 1. Readium Licensed Content Protection (LCP) Bill Rosenblatt 7th April 2016
  2. 2. Why Readium LCP? DRM used to protect content and implement access models – Retail – Membership organizations – E-textbooks – Library lending – Subscriptions Need for DRM standard to help ensure interoperability
  3. 3. Current E-Book DRM Market Leading Retailers’ Own DRMs  Amazon  Apple  Kobo  Nook (Barnes & Noble) Independent DRMs  Adobe Content Server  VitalBooks DRM (e-textbooks)  Marlin (Intertrust, Sony)  Fasoo  MarkAny
  4. 4. Genesis of Readium LCP Begun in 2012 within IDPF – Subsequently integrated with Readium project EPUB2 standard did not include DRM – This has led to lack of interoperability and fragmentation Limitations with third-party DRMs – Costs, particularly for small retailers, libraries, non-profits – Vendor instability or lack of commitment – Complexity of implementation
  5. 5. Readium LCP Objectives  Low-cost, simple DRM for use with Readium  Seamless, friction-free reading experience – E.g. offline reading, no “phone home”  Enable interoperability among EPUB3 reading systems – While enabling other DRMs to integrate with Readium – Minimize “walled gardens”  Support primary content access models: – Permanent distribution (retail, giveaway) – Time-based distribution (lending, subscription) – Accessibility for print-disabled  Security comparable to commercial DRMs  Eliminate commercial vendor dependency
  6. 6. Components of Readium LCP Specification Encryption Profile Open source client and server code Key material License agreements Robustness rules
  7. 7. Open Source DRM? Code can be open source – Anyone can use or modify code – But not anyone can join interoperable ecosystem Other things required to join ecosystem – Secret keys – Digital certificates – Compliance testing – Robustness certification
  8. 8. Elements of LCP Security  Encryption algorithm – AES-256, U.S. government standard – Used in most commercial DRMs  Passphrase – Assigned by distributor or chosen by user  Encryption profile – Specifies how encryption scheme works – Contains secret key for protecting passphrase, to inhibit export of content beyond LCP ecosystem – Confidential to licensees  License Status Documents – Files that store keys and rights descriptions  Digital certificates – Secure identifiers of distributors, issued by trusted Certificate Authority – Establish and vouch for distributors’ identity
  9. 9. Open Source and Security  To hack a DRM: – Find unencrypted content – Find encryption keys  Robustness (“hardening”) techniques: – Obfuscate code at compile time to make reverse engineering hard – Include “guards” to detect suspicious activity – Require keys to be kept in secure memory – Generally, make it so knowing source code doesn’t help much – Analogous to using published crypto algorithm  Robustness rules: – Requirements that implementations do the above – Conditions of licensing
  10. 10. LCP and Interoperability Passphrase required to open EPUB file Any compliant reading system with LCP will open file with passphrase The reading system will observe rights on the file (e.g. time limits, text-to-speech conversion)
  11. 11. Readium LCP Logo Program  Membership in Readium LCP interoperable ecosystem  Requires signing license agreement  Must pass compliance test suite (supplied by EDRLab) – Tests conformance with Compliance Rules – Ensures interoperability, among many other things  Access to encryption profile  Agree to comply with robustness rules – Self-certification – Publisher(s) may require third party audit  Fees charged – To recover administrative costs – TBD but will be lower than commercial DRMs
  12. 12. Implementation Partners  EDRLab – Licensing – Compliance test suite administration – Key material supplier  Cartesian – Robustness rule consultants – Available for robustness audits as necessary  International Telecomm’s Union (ITU) – Certificate authority – Keepers of X.509 certificate standard
  13. 13. Status Github repositories (currently private) Expected availability: November 2016
  14. 14. Current & Potential Implementers  Bokbasen (NO)  De Marque (CA)  DRM Inside (KR)  Eden Livre (FR)  Feedbooks (FR)  Learning Ally (US)  Mantano (FR)  NY Public Library (US)  PNB (Pret Numerique en Bibliotheque) (FR)  TEA (FR)
  15. 15. Thank You! Email: LinkedIn: Blog: Twitter: @copyrightandtec