Sun streaks ahead in open source DRM and CAS
DReaM to come true?
We can see from last week's story on Sun Microsystems DReaM DRM that it is rapidly honing in on a future open source DRM market, with a completely new vision of how DRM should work, and it's running at least six months ahead of schedule by our reckoning.
Last week we revealed how one Korean IPTV service was planning to use a simplified version of the DReaM specification known as DReaM CAS, or D-CAS to protect its IPTV service and also bring a Korean conditional Access system to market.
Now Sun says it will have version 1.0 for its DReaM MMI software out by the summer and will then launch straight into building a compliance organisation under the Common Development and Distribution License (CDDL) that came out of the Mozilla development process.
And next month at its Java One conference in San Francisco, Sun will demonstrate using the next generation Java SIM smart card, the upgrade to the one that is used in most mobile handsets phones today, as a basis for identity in an IPTV set up. The one big innovation that Sun has brought to this system, and something that we pointed out in our discussion of it back in October, is that Sun will use its own Liberty Alliance ideas on identity and allow a single copy of a person’s true identity to reside securely on a network and allow communication between servers to track this identity and offer services to multiple devices the identity owns or uses, without carrying around all that data baggage and responsibility that goes with a person’s identity.
At the Java One conference, Sun will show a phone being used to prove its proximity to a set top, and authorise the delivery of content to the owner of a phone, over a separate TV network. What Sun hopes to end up with is an architecture which separately delivers authentication, licensing, rights management, and protection technologies under the same framework by disintermediating each of those functions.
Usage rights will be defined as a separate license management system allowing the unmodified use of players and DRM clients which are already installed on devices.In this way, Sun hopes to retrofit onto existing systems a whole variety of new usage models, that were not previously possible.
We talked this week to Tom Jacobs, director of engineering at the Sun Labs, Open Media Commons project on DReaM, who agreed that perhaps Sun had missed an earlier opportunity to get the message out there on the Open Media Commons approach to DReaM. We had covered the basic idea in October, but not the Commons approach.
"That's why we held a workshop on it in March where we put a lot of substantive technical detail on the bones of the DReaM ideas and discussed how it could be successful with some of the companies that have downloaded the code."
But will this be another technology that Sun fails to dominate, despite creating the opportunity?
"We understand just how important DRM is going forwards. We were brought into this debate by the cellular community that is worried that it will end up with a huge royalty bill for DRM. We’ve had the codec wars, and the network protocol wars, and every other technology in pay TV is free and standard except for conditional access," Jacobs said.
Sun Microsystems has contributed a lot of work towards the Java based standard OCAP/MHP set top environment that is only just rolling out onto cable and other TV networks.
"There has been a smear campaign by traditional conditional access suppliers to try to put Fear Uncertainty and Doubt into AES based DRM systems, suggesting they are not as secure as those already in place, but funnily enough Conditional Access specialist NDS was one of the first companies to download the source code," said Jacobs.
Does that mean that NDS might contribute to the open source process for a royalty free DRM system?
"Anything that NDS contributes will become royalty free, so we don’t expect any of its core technology to be offered up. Maybe they are just interested in seeing what they may be up against in the future."
So how do you go about navigating the CDDL process in a world that is full of patents and litigation over patent infringements?
"The DCAS technology is already pretty well cleared legally. Many of the lawyers that worked on the Digital Cinema Initiative also joined up to work on this, doing both a claims analysis and a technical analysis. Some of the technology in here was patented back in the 1970s forthe first round of pay TV and has since expired. There is pre-existing IP such as PKI (Public Key Infrastructure) and AES has always been offered royalty free and was mandated as such by the National Institute of Standards and Technology when it was developed.
"We don’t want to develop technology that is wholly different, we just want it to be simple, sufficient, and to make sure we can cite all the prior art. Some of the new technology comes from Sun, but we are committing that to be royalty free as well, which is one of the conditions for contributions made under the CDDL.
"It's a form of patents commons, where each contributor agrees to pool intellectual property. A company can't both include their contribution in code and also charge a license for it."
The CDDL allows for commercial implementations and for companies to commercially benefit and improve upon the code, both with changes to the code and additional segments of code which they add to it.
"There will be a requirement for code interoperability and to that extent a certification and conformance program will be put in place. That is likely to require a new legal entity, which will come into existence once version 1.0 is released, which will be this summer for both D-CAS and MMI. Currently the code is at release 0.7. Once version 1.0 is out then copyright will be extended to the specifications.
"Currently we are offering downloads in three modes, CAS which is designed for use with IPTV; DRM for a stored content model, which is more complex, and MMI which will convey rights information from server to client.
"DReaM-MMI is the mechanism for clients to negotiate with a networked licensing service for rights (including keys) for content, while DReaM-CAS assumes a network connection and network delivery model by the nature of its focus on MPEG-2 TS delivery systems."
DReaM-MMI is the technology focusing on stored content of all types. Network connections are not required to assert rights already negotiated and stored, but a network connection is needed when new rights are negotiated. The specifications for both types of systems are available now (DReaM-CAS and DReaM-MMI) as is the source code for a prototype DReaM-CAS system. Source code for MMI is targeted for release later this month. Surely MMI must overlap with the intellectual property in Content- Guard’s Rights Expression Language if it can store persistent content rights?
"We don't do this using a Rights Expression Language, but a protocol that stores the rights conversation that is had with the server. The trouble with Right Expression Languages is that they are tied to the network identity of a particular device. You buy something, get a license and decryption keys, delivery it to a device and you’re done.
"But what about a situation where you are watching the content in a QCIF file (176 x 144 pixels) on a phone and want to switch to watching it on a High Definition TV, that switch needs to be made at the server level and if needs to know that it is you making the request.
"You might use Blutooth or Infra Red from your mobile to demonstrate that you are present in the same room as a particular TV and use this proof of proximity to send a higher definition version of the content to the TV screen. Of course the TV will also have to have a trusted identity and be somehow associated with the individual."
For tethered devices DReaM-MMI will negotiate on behalf of a portable client which is not directly attached to the network, rather like the way in which PC held copy of iTunes does this for an iPod. The networked device will know the private key of the portable device and negotiate for content on that device. The version of content it will get will be encrypted only for use on the tethered client device, not for use on the device even that negotiated the license. If that is, for instance, a PC, then if a customer also wants to view it on the PC, he will need a different copy of the content, encrypted for the PC private key.
Both will need a secure execution environment and data paths, and a tamper proof clock, which of course could easily be implemented as a Java download to devices like OCAP set tops.
First talked about in October, DReaM was not supposed to be ready for implementation until the second quarter of 2007, and as such was likely to miss out on being a candidate for mobile handset DRM, but at its current pace of development, the lure of no royalty payouts for protection on handset content is likely to be too tempting for many mobile operators around the world.
Copyright © 2006, Faultline 
Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here .