Digital Rights Management - The Difference Between DPM and CM



Similar documents
Digital Rights Management

Digital Rights Management (DRM) in Education - The Need for Standardisation

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

THE BRITISH LIBRARY. Unlocking The Value. The British Library s Collection Metadata Strategy Page 1 of 8

MovieLabs Specification for Enhanced Content Protection Version 1.0

Adaptive HTTP streaming and HTML5. 1 Introduction. 1.1 Netflix background. 1.2 The need for standards. W3C Web and TV Workshop, 8-9 February 2011

KM COLUMN. what is a content management system? JUNE CMS: A working definition. The business problem. Business benefits

Introduction to Service Oriented Architectures (SOA)

Plagiarism. Dr. M.G. Sreekumar UNESCO Coordinator, Greenstone Support for South Asia Head, LRC & CDDL, IIM Kozhikode

DIGIMARC CORPORATION 9405 SW Gemini Drive Beaverton, Oregon

Internet Technologies for Digital Libraries

INTRODUCTION WHY OPEN SOURCE?

WHITE PAPER. Creating your Intranet Checklist

Digital Archiving at the National Archives of Australia: Putting Principles into Practice

Enterprise Portfolio Management

PDF security - a brief history of development

UNIVERSAL UNIQUE IDENTIFIERS AN ENTERTAINMENT IDENTIFIER REGISTRY (EIDR) IN MOVIE AND TELEVISION SUPPLY CHAIN MANAGEMENT WHITEPAPER

Experimental DRM Architecture Using Watermarking and PKI

STORRE: Stirling Online Research Repository Policy for etheses

ENTERPRISE DOCUMENTS & RECORD MANAGEMENT

<workers> Online Claims and Injury Management

A refined architecture for DRM

WHITE PAPER MANAGING VALUABLE IMAGE ASSETS USING DIGITAL WATERMARKING FOR COPYRIGHT COMMUNICATION AND IMAGE SEARCH INTRODUCTION

James Hardiman Library. Digital Scholarship Enablement Strategy

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

northplains Whitepaper Differentiating DAM from ECM What Do You Really Need? Connecting your world. Visually.

ADRI. Digital Record Export Standard. ADRI v1.0. ADRI Submission Information Package (ASIP)

A Guide Through the BPM Maze

11 ways to migrate Lotus Notes applications to SharePoint and Office 365

Workflow description of digital rights management systems

Myths About Service-Oriented Architecture Demystifying SOA. producers can coexist, and still have no dependence on each other.

Information Management Advice 39 Developing an Information Asset Register

How To Build A Connector On A Website (For A Nonprogrammer)

Systems Software. Introduction to Information System Components. Chapter 1 Part 2 of 4 CA M S Mehta, FCA

3.2 TENDER FOR THE SUPPLY, INSTALLATION, AND SUPPORT OF A PROCURE TO PAY AND CONTRACT MANAGEMENT SYSTEM (CF ; MK:DW)

10 Steps to a Successful Digital Asset Management Implementation by SrIkAnth raghavan, DIrector, ProDuct MAnAgeMent

What is Digital Asset Management all about?

Suitable file formats for transfer of digital records to The National Archives

Digital Document Processing

DFG form /15 page 1 of 8. for the Purchase of Licences funded by the DFG

Cloud Solutions for HR

Enterprise Application Integration (EAI) Techniques

CAPABILITY MATURITY MODEL & ASSESSMENT

AHDS Digital Preservation Glossary

Managing Digital Assets for Profit

Mapping the Technical Dependencies of Information Assets

Business Process Management in the Finance Sector

Cloudbuz at Glance. How to take control of your File Transfers!

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

White Paper. Enterprise Information Governance. Date Released: September Author/s: Astral Consulting.

Current and Emerging Requirements for Digital Rights Management Systems Through Examination of Business Networks

Digital Rights Management for the Online Music Business

Introduction to SAML

/ WHITEPAPER / THE BIMODAL IT

Cite My Data M2M Service Technical Description

A License Aware P2P Client with URM

Comparison of Enterprise Digital Rights Management systems

Management of Official Records in a Business System

The Benefit of Experience: the first four years of digital archiving at the National Archives of Australia

WHITEPAPER MARKETING COMMUNICATION AND CRM

Intelledox Designer WCA G 2.0

Using Enterprise Content Management Principles to Manage Research Assets. Kelly Mannix, Manager Deloitte Consulting Perth, WA.

Retailer Operating Manual for e-books

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

PrivyLink Internet Application Security Environment *

Functional Requirements for Digital Asset Management Project version /30/2006

Image Gateway for Apeos 2.0

Service Modelling & Service Architecture:

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Master big data to optimize the oil and gas lifecycle

White Paper: AlfaPeople ITSM This whitepaper discusses how ITIL 3.0 can benefit your business.

Customer contact solutions from Genesys and IBM: Improve your customers experience and reduce costs

White Paper Converting Lotus Notes Applications to the Cloud Using the CIMtrek converter Product

Everything You Wanted to Know About Content Management*

NSW Government Open Data Policy. September 2013 V1.0. Contact

Digital Continuity Plan

IBM Data Security Services for endpoint data protection endpoint encryption solution

STRATEGIC OUTLINES: BETWEEN VALUE AND DIGITAL ASSETS MANAGEMENT

Exploring ADSS Server Signing Services

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

User Guide of edox Archiver, the Electronic Document Handling Gateway of

Transcription:

WHITEPAPER SERIES 2003 IPR SYSTEMS Level 12, 77 Castlereagh Street Sydney, NSW 2000, AUSTRALIA info@iprsystems.com http://www.iprsystems.com Driving Content Management With Digital Rights Management Dr Renato Iannella Peter Higgs 2003-04-09 http://www.iprsystems.com/whitepapers/cm-drm-wp.pdf 1 Overview There is often confusion in the market between the functions of Content Management and Digital Rights Management systems. This is understandable as both are dealing with the production and supply of digital content and share common technologies and techniques. However they are best thought of two sides of the same coin bicycle: Both are necessary to have a valuable and practical marketplace that brings content and relevant usage rights from creators to customers. Typically, Content Management (CM) is inward-focused and Digital Rights Management (DRM) is outward-focused. For example, a CM system will support version control of a digital asset within an enterprise environment, and DRM will support the downstream usage of the digital asset after it is traded to a customer. The CMS Watch defines the objective of Content Management as being able to align the content lifecycle with core business and IPR Systems Pty Ltd, 2003 1 of 9

editorial processes to reduce production costs and realize greater value from media assets by enabling users to digitize, catalogue, convert, transform, and distribute them. Content Management has evolved and has now been segmented into Enterprise Content Management, Digital Asset Management, Media Asset Management, and Web Content Management. Similarly IPR Systems divides DRM into: Digital Property Management (DPM), and Digital Rights Enforcement (DRE). Digital Rights Management (DRM) involves the description, layering, analysis, valuation, trading and monitoring of the rights over an enterprise s assets; both in physical and digital form; and of tangible and intangible value. DRM covers the digital management of rights - be they rights in a physical manifestation of a work (eg a book), or be they rights in a digital manifestation of a work (eg an ebook). Clearly, systems that manage and supply content need to interface to, or be closely coupled with, systems that manage rights. Figure 1 shows the logical relationship between CM and DRM. As content is created and managed (eg version control, digitisation etc), traded via an ecommerce exchange, and delivered to the consumer, appropriate rights information is also captured and managed in parallel. Figure 1. CM and DRM Relationship In many cases the CM functions and the DRM functions have high dependencies, such as the protection of the content at the consumer end of the transaction. The terms and conditions agreed on in the trade will need to inform the content rendering systems to ensure that the content is only used for the purposes acquired. IPR Systems Pty Ltd, 2003 2 of 9

At the point of trading, all the rights information managed is termed upstream and conversely, downstream after that event. Most complete CM systems need to manage both upstream and downstream rights over media content. For example, the elearning sector has a high degree of re-use of learning content. In many cases the only thing that the original rights holders require is that they receive attribution in any new re-creations of the content. In other cases, royalty payments maybe required to reuse the content. Current rights management technologies are focused on managing downstream rights: the flow of content from a publishing organisation to consumers. This flow is predominantly of relative simple usages or passive consumption. For example, the sale of music content, in which the end consumer can only play the audio file. A more complex market requirement is the management of upstream (content sourcing) agreements which can then be aggregated, managed and transformed into downstream usage offers and agreements. A key feature of managing online rights will be the substantial increase in this re-use of digital material on the Web. The pervasive Internet is changing the nature of distribution of digital media from a passive one way flow (from Publisher to the End User) to a much more interactive cycle where creations are re-used, combined and extended ad infinitum. At all stages, the rights need to be managed and honoured with services of various degrees of sophistication. 2 What is CM In its various incarnations, Content Management is managing the content creations through metadata and relationships to digital files. In abstract terms CM handles: Versioning: May create new versions or manage versions created externally. Note however that new versions may have additional rights holder and be subject to additional legal content sourcing agreement that will affect how they can be used. Formats: Transforms content from one file or presentation format to another. For example, HTML, PDF, Quicktime. Workflows: Managing the sequence of steps through production and publishing and support for quality assurance. Conditional Access: Manage as part of the work flow different levels of user access to the content. Delivery and Publishing: Supply individual and aggregations of files through appropriate publishing technologies. For example, FTP, WebDAV, HTTP. Some CM vendors have added ecommerce facilities to their applications to support the sale of a specific digital files. Because of the tremendous duplication of data involved in capturing a rights usage IPR Systems Pty Ltd, 2003 3 of 9

record for every piece of content, these systems usually know very little about who should get paid in the case of each sale (eg royalties) nor how the explicit terms and conditions for usage should be treated. This is not what CM should be trying to manage and is much more efficiently managed by DPM. 3 What is DPM Digital Property Management (DPM) is concerned with managing intellectual property over content including: The rights holders of content and any existing terms of agreements. The making of offers to consumers that include the terms and conditions for use of content. The creation of agreements for usage licenses to downstream users for content. Interfacing to CM systems to supply the appropriate content once an agreement is made. Interfacing to Party and Identity management systems. Interfacing to ecommerce systems for billing acquirers. Reporting on license activity and disbursing revenue for the usage of rights. The area of most confusion between CM and DPM is with user access rights. In CM systems, designated user roles (such as Editor, Administrator, Approver) may have certain rights to support them in the content creation lifecycle (such as changing content or approving content for publication). These are usually defined by business rules. However, there is usually no correlation between these user/roles and ownership of intellectual property over the same content. Trading of content has to deliver two parts of the deal: The rights to use the content in a range of ways from very specific (eg consumer can only read once) through to totally unrestricted (eg use, reprint, lend, give etc). The delivery of the content in a digital format that supports (or limits) its use in the permitted ways. Supplying content without associated usage rights could be legitimate or an act of piracy. The end acquirer does not usually know unless they are provided with clear evidence of the title of rights to the content - both for themselves and from the party providing it to them. After all there is no value for someone providing supposedly good title to use a work if they have pirated it themselves. Key requirements for achieving this is the use of Rights Expression Languages (REL) for describing the terms and conditions of offers and agreements. These computer readable agreements when embedded in the content enable the management and tracking of asset usages when IPR Systems Pty Ltd, 2003 4 of 9

distributed in controlled environments. An example of a REL is the Open Digital Rights Language (ODRL). A profile of ODRL has been endorsed as the international standard for mobile content by the Open Mobile Alliance (OMA). 4 What is DRE Digital Rights Enforcement (DRE) is the process of ensuring that content is only used for the terms and conditions that it was acquired under. These include such functions as: Ensuring that only the usage permissions allowed are enabled. Ensuring that any constraints on usage (such as time-based or count-based) are honoured. Ensuring that tracking of content (for example, to support peruse fees) is reported Ensuring that content is not publicly distributed Supporting the encryption and authorised decryption of digital content, including public key management Ensuring users of content are authorised. DRE is the public face of DRM systems that the majority of endusers are exposed to. As such, the enforcement approach to DRM has left many with serious concerns about usability and long-term interoperability of encrypted content. Additionally, DRE is constantly under attack from the community who are keen to break unbreakable encryption techniques. The most sound strategy is therefore to invest in the DPM system that can capture and store agreements which in combination then interface with and drive whatever combination of DRE technologies are currently relevant. For instance on instruction from the DPM system the Rights Enforcement module will apply a series of appropriate protection techniques: These could include: Embed into the file the usage agreement including the identity of the party downloading the file. This agreement can also be digitally signed to become Tamper Evident packaging. Place visible and invisible personalised watermarks on each page of a document or within a video file or image. Using a standard Content Packaging format which would be generated on demand, include placing all content into a Zip file and including an XML based Usage agreement. Using a public key based content encryption system to protect sensitive files. Supplying the content to Edge Devices such as the latest mobile phones that understand and honour a number of the usages and constraints as ODRL expressions that are embedded in the content. IPR Systems Pty Ltd, 2003 5 of 9

5 CM Access Rights versus DRM Usage Rights CM Access Rights are defined in relationship to the role of the various parties (ie, Author, Editor, Administrator, Approver, Supervisor, etc) and are broadly applied via business rules to types of content. DRM Usage Rights include Access Rights but also encompass the type of usage a defined role is allowed to have once they are given access to content or a database record. For instance, a user may have access to a record in a database, but do they have the usage right to print it, extract a copy and email it? The limitations of managing content based on Access Rights versus a more sophisticated strategy of relying on Usage Rights is outlined in the below table: Access Rights Controls access to files, documents, or records Conditional on a users Identity and Role (sometimes multiple roles) Once files and records are accessed the content usages are not easily controlled No understanding of upstream agreements Usage Rights Manages types of usage of content Conditional on the Usage rights held over the content Usage Rights can be conditional on the Identity and role of the User Usage controls can persist after access has been gained to content Explicit Usage Agreements are embedded in the content allowing for Usage Forensics and prosecution of breeches Understand upstream and downstream content agreements 6 CM and DRM Architecture Supplying content without the usage rights could be piracy, or it could be legitimate. The acquirer cannot know unless they are provided with evidence of clear title: both for themselves and from the party providing it to them. After all there is no value to you for someone providing supposedly good title to use a work if they have pirated the content. Rights Management systems in the past have included their own proprietary but limited media handling modules that understand rights. Now that Rights Expression Languages are becoming standardised and the role of rights is better understood, Rights Management functionality will be provided by much more capable but specialised rights modules that interface with rights enabled full featured Content Management systems and media handling modules. IPR Systems Pty Ltd, 2003 6 of 9

A complete architecture - shown in Figure 2 - consists of the three core managed entities of Content, Parties, and Rights. The separation of functionality into these three specialised entities is critical to allow future flexibility in the types of usages able to be offered, the level of content protection provided and the range of supported revenue models. Within these managed entities there are numerous and overlapping systems, such as Metadata and Discovery systems. Many of these systems, such as Identity and Agreements will be closely coupled. Figure 2. CM and DRM Architecture Supporting all these systems are a collection of services that provide the operational instances to enable the service offerings, such as Delivery and Payment services. Again, some of these are common across the systems and also need to support interoperability across the three core managed entities. The content supply chain extends across the breath of the three core managed entities with the support of some of the Services, such as Workflow and Delivery, for example. The greater the scope of parties, from content creation, trade, use, and re-use, the more capable the supply chain. The content value chain extends across the depth of the three core managed entities with the support of some of the systems, such as Agreement and Packaging, for example. The greater the provision of such services for the end-user experience, the greater the value created by the supply chain. IPR Systems Pty Ltd, 2003 7 of 9

7 Evolution of DRM Like all technologies, DRM is constantly evolving. We have identified three generations of DRM. 1st Generation 2nd Generation 3rd Generation First Generation DRM approaches simply stated as unformatted text the rights holders name and claimed all rights over a work when it was provided to a customer. This statement could be in metadata, in a Click License, as a Shrink Wrap license or as a footer. Details of any usage agreements for acquired content would be held in legal agreements in paper form with no easy way of locating or interpreting them. Second Generation downstream DRM approaches utilized Digital Rights Enforcement (DRE) technologies to ensure that the permissions the creator or trader wanted to make available were not breached. A media file was encrypted to a cryptographic key that is specific to a computer. The key can permit certain functionality such as reading of an ebook only. This obviated the need to clearly state and manage the provenance and rights-holders of a work as only simple consumption rights were available to acquirers. Second Generation upstream DRM approaches extended flat-file Content Management systems to include some unstructured information about rights holders and the rights held over each media asset. New versions of a media asset are often managed by Version Control features, but the linkages between the rights and the versions can easily be lost or become meaningless as multiple assets are combined and re-used. Third Generation DRM approaches, such as those created by IPR Systems, manage the upstream and downstream rights separately from the content and the parties, as shown in Figure 3. In a small implementation the three functional modules may be included in a single application. In a larger implementation a Content Management system would manage the metadata and digital files of the Content, a Customer Relationship Management application (CRM), Liberty or LDAP/X500 directories would form the basis of the Party identity management and they would both co-ordinate with the Upstream and Downstream Rights Management applications. The rights are also aware of the layers of content - as defined by the International Federation of Library Associations (IFLA) - to enable works/expressions/manifestations/items of the same content to be identified and assigned rights. This advanced 3rd generation DRM model manages: The agreements or offers separately from the content that is the subject of the agreement/offer. A single agreement that can cover many works in many different formats and layers. IPR Systems Pty Ltd, 2003 8 of 9

Figure 3. 3rd Generation DRM Model A single work that may be subject to many upstream/ downstream agreements and offers. The changing terms of an agreement/offer over time which will affect the content files being managed and traded. Linkages with the identity of parties and supporting authentication and authorisation services. Linkages with content and the delivery of traded content. 8 Conclusion The next two years will see an explosion in the production and distribution of digital content over the Internet. Much of this content will be re-used, aggregated and transformed to increase its applicability to its various markets. Content Management systems alone will not be able to cope with this need without addressing the rights management requirements. There are applications that are currently being developed that couple Rights Enabled Content Management Systems with open, standards based Rights Management Systems. When the integration is completed they will be at the forefront of the revolution in digital content marketing. 9 References CMS Watch ODRL OMA <http://www.cmswatch.com/> <http://odrl.net/> <http://www.openmobilealliance.org/> IPR Systems Pty Ltd, 2003 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information