Microsoft DRM interoperability strategy

Home > Samples > Update > May 2005

Back to associated article: Standard Language Could Aid DRM Interoperability

One Piece of the DRM Puzzle (Sidebar)

By Matt Rosoff [bio]
Posted: Apr. 18, 2005

0505slcadi_illo.gif (10,199 bytes)

The following is the full text of an article published by Directions on Microsoft, an independent research firm focused exclusively on Microsoft strategy & technology. Each month we make one or more key articles available to non-subscribers.

See more samples

See a list of upcoming articles and reports

A rights expression language (REL) is only one part of a solution for DRM interoperability. Shown here is a typical DRM scenario illustrating a plausible path that a DRM-protected piece of content might travel from its creator to multiple endpoints. In the case of digital media, the distributor might be an Internet music store; in the case of enterprise DRM, it might be a file share. The endpoints could be particular applications, users, or devices. In some cases, endpoints can also be distributors—for instance, a home PC might distribute content to other devices on the same network, or an employee in one company might send content via e-mail to employees in other organizations. The difficulty arises when the content creator, distributor, and endpoints are using DRM systems from different vendors.

When the creator first applies DRM to the file, he defines certain restrictions, such as "Read, but do not forward or print" for a document, or "Render unplayable one month from today" for a digital music file. With a common REL, all components in the system could understand the rights that the creator attached to the file.

However, there are other technical barriers to DRM interoperability that a common REL does not address, such as the following:

Authentication. The DRM system needs a way to authenticate every component in the system—that is, it must ensure that every distributor and endpoint in the system is what it claims to be, rather than an impostor, such as a hacker trying to get access to protected content by posing as a legitimate user. Currently, a component of one system (such as Windows Media DRM) has no way to authenticate a component of another (such as Apple's FairPlay).

Trust. The DRM system needs to know that it can trust each component requesting access—that is, it must be able to verify that all distributors and endpoints in the system will obey and enforce the rights appended to the file. This is a separate problem from authentication: a digital movie player, for instance, might correctly identify itself, but still support unauthorized copying. To accomplish this, each DRM system must define, create, issue, manage, and validate trusted credentials for the various components in the system. In practice, for two DRM systems to trust one another's credentials, there must be some arbiters to test and certify trusted components. For example, Microsoft tests and certifies that third-party audio components will enforce rights on content covered by Windows Media DRM. But there's no universal scheme for components in DRM systems to decide whether to trust one another.



	Member Log On \| Contact Us \| About Us \| Samples \| Subscribe \| Jobs