Contents

• Summary
• From the RSA Security DRM Announcement
• RSA on Content Portability through Open Standards
• About Open Digital Rights Language (ODRL)
• About OMA DRM Version 2.0
• About Open Mobile Alliance (OMA)
• Principal References

An announcement from RSA Security Inc. describes the company's plans to "offer a standards-based solution for digital rights management (DRM) that represents a consumer-friendly alternative to the DRM methods currently deployed by several major digital content providers." The RSA Security DRM solution will leverage open standards such as the Open Mobile Alliance (OMA) DRM 2.0 and the Open Digital Rights Language (ODRL) Version 1.1.

The Open Mobile Alliance (OMA) Digital Rights Management technology based upon XML "enables the distribution and consumption of digital content in a controlled manner, where content is distributed and consumed on authenticated devices per the usage rights expressed by the content owners. OMA DRM work addresses the various technical aspects of this system by providing appropriate specifications for content formats, protocols, and rights expression languages."

The OMA DRM 2.0 Enabler Release Specification Baseline introduces the five principal documents: DRM Rights Expression Language V2.0 defines the XML/ODRL-based rights expression language used to describe the permissions and constraints governing the usage of DRM protected media objects. The DRM Specification V2.0 defines the the format and semantics of the cryptographic protocol, messages, processing instructions and certificate profiles, including the Rights Object Acquisition Protocol (ROAP) messages, the domains functionality, transport mappings for ROAP, binding rights to user identities, exporting to other DRMs, the certificate profiles, and application to other services"; these features are outlined in the OMA DRM Requirements. A DRM Architecture document defines the overall architecture for DRM 2.0 including informative descriptions of the technologies and their uses. DRM Content Format V2.0 defines the content format for DRM protected (encrypted) media objects.

The OMA DRM Rights Expression Language (REL) V2.0 is defined as a mobile profile of the Open Digital Rights Language (ODRL). ODRL is an XML-based rights expression language free of licensing restrictions, providing a lightweight formal mechanism for specifying rights independently of the content type and transport mechanism.

RSA Security's DRM solution uses the OMA model which "adds the much needed concept of consumer identity protection — something currently missing from today's DRM technologies. This DRM solution will enable several fundamental requirements for broad-based adoption and usage of both PC-based and mobile content services, including (1) an open, flexible platform built on widely-supported standards; (2) content portability through rights portability; (3) a frictionless digital content experience through transparency to consumers; (4) new revenue opportunities for content owners through support of legal peer-to-peer distribution and subscription services; (5) rights protection that can span all playback devices including mobile phones, personal computers, portable digital music players, car audio systems, and PDAs."

RSA observes that the number of competing DRM implementations are problematic for users, saying that the current infighting between major content providers over technology is creating roadblocks between consumers and their content: "Apple Computer's iTunes application program uses Apple's homegrown FairPlay technology, Yahoo! and Microsoft's services use Microsoft DRM technology, and Sony's Connect service has its its own DRM technology." A superior approach, and the one advocated by RSA, is a "common DRM technology standard that is free for anyone to implement and allows both consumers and the entertainment industry to achieve common ground on a solution that works." In the model proposed by RSA Security, "both content and usage rights would be downloaded as 'rights objects' from a download service onto a user's device. Objects would be encrypted using strong encryption technology, like RSA BSAFE software."

From the RSA Security DRM Announcement

RSA Security Inc. announced today that it plans to offer a standards-based solution for digital rights management (DRM) that represents a consumer-friendly alternative to the DRM methods currently deployed by several major digital content providers. RSA Security is planning to release a DRM solution that will leverage open standards such as the Open Mobile Alliance (OMA) DRM 2.0 and the Open Digital Rights Language (ODRL) v1.1, and will help solve the security challenges associated with DRM in ways that deliver equal benefit to consumers, content owners and content distributors.

Current estimates from JupiterResearch indicate that the digital content market will more than double from $3 billion this year to $7.5 billion by 2009. The market potential for digital content distribution has resulted in a conflict between consumers and content delivery services. Consumers expect to easily download content and have the freedom to play it back on any of their devices. However, content providers and consumer device manufacturers have deployed proprietary systems as a means to prevent copyright violations. These proprietary DRM technologies are preventing consumers from easily "sharing" rights from device to device, and as more and more consumers migrate to digital content services, they will increasingly become frustrated with the lack of compatibility and interoperability.

"Failure to deploy industry standards for DRM could bring the market to a screeching halt," said Rick Welch, vice president of developer solutions and professional services at RSA Security. "The current infighting between major content providers over technology is creating roadblocks between consumers and their content. Through standards-based DRM solutions, RSA Security plans to help remove those roadblocks and make the technology an enabler — not a hindrance."

RSA Security's leadership in development and support of standards such the OMA DRM specification will help drive the market toward delivery of interoperable and trusted devices based on open standards. The OMA model adds the much needed concept of consumer identity protection — something currently missing from today's DRM technologies.

"Securing and validating online identities and those of the individual devices are paramount to creating content rights portability," Welch added. "That requires a trusted network of devices backed by a solid identity and access management infrastructure that binds users to their devices, devices to their content, and both to a trusted content delivery service. A successful trusted network of devices is unachievable in a market of competing, incompatible DRM technologies. RSA Security is committed to helping consumers achieve secure content and rights portability, while still protecting the revenue streams of the content owners."

Standards-based DRM technology based on the OMA DRM 2.0 specification delivers benefits for all parties in the digital content value chain, including device manufacturers, mobile network operators, content service providers and content owners.

• Device manufacturers including those who make mobile phones, PDAs, PCs, and portable digital music players can offer compelling, premium devices to consumers while meeting the evolving list of requirements expressed by their service provider partners. This is especially important in the mobile device market, where service providers drive sales of devices and are calling for premium capabilities to meet the demands of their new content services.

• Mobile network operators will be able to drive additional revenue from rich content services as they face increasing price pressure in their traditional telephony businesses, and as a result will be able differentiate themselves from competitors.

• Content delivery companies, including traditional "brick and mortar" retail outlets, can diversify by providing high-margin digital content services to complement their traditional retail distribution channels.

• Content owners have the opportunity to build new distribution channels and retain ownership of their property, while at the same time protecting the crucial relationship between consumers and content originators and artists.

RSA on Content Portability through Open Standards

"There are currently many different DRM implementations out on the market. The sheer variety of DRM technologies is leading to frustration for consumers, especially as they begin to upgrade older devices for newer ones that might come from different manufacturers...

"One solution is to create a common DRM technology standard that is free for anyone to implement and allows both consumers and the entertainment industry to achieve common ground on a solution that works.

RSA Security is a supporter of the Open Mobile Alliance (OMA), a consortium of 200 companies that develops technology standards primarily for the mobile industry. The goal of an open standard is to eventually erase lines of demarcation by having every consumer electronic device and all digital content using the same standard technology.

RSA Security and other members of the consortium, which includes most major record labels and music studios, believe that an open, standards-based architecture will allow both device manufacturers and content providers to give consumers the portability they desire. Standards also open up new opportunities for the entertainment industry to get content to consumers in exciting ways difficult to achieve with proprietary solutions.

RSA Security has co-authored the DRM 2.0 standard with the OMA. This standard was designed to accommodate any type of content or device, including next-generation mobile devices. Many mobile device manufacturers like Nokia, Motorola, and Ericsson have already committed to delivering products that use this standard..." [from RSA's "DRM: Why Standards Are Important"]

About Open Digital Rights Language (ODRL)

ODRL was selected by the Open Mobile Alliance as the basis for OMA DRM Rights Expression Language in OMA DRM 1.0 and OMA DRM 2.0. The Open Digital Rights Language (ODRL) Initiative is "an international effort aimed at developing and promoting an open standard for the Digital Rights Management expression language."

The ODRL specification "supports an extensible language and vocabulary (data dictionary) for the expression of terms and conditions over any content including permissions, constraints, requirements, conditions, and offers and agreements with rights holders.

ODRL is intended to provide flexible and interoperable mechanisms to support transparent and innovative use of digital resources in publishing, distributing and consuming of digital media across all sectors including Publishers, Education, Entertainment, Mobile, and Software, ODRL also supports protected digital content and honours the rights, conditions and fees specified for digital contents.

The ODRL Initiative believes strongly in the benefits of free and open standards to the wider community. As a result, all ODRL specifications are available without any obligations and have no licensing requirements. This is in the spirit of the 'open source' community..." [overview brochure]

About OMA DRM Version 2.0

Exterpted from "Digital Rights Management for Interoperable Mobile Services. How the Open Mobile Alliance Enables Increased Revenues for Handset Vendors and Mobile Operators." By Willms Buhse (CoreMedia). In SYS-CON Wireless Business and Technology Volume 4, Issue 3 (September/October 2004):

"Since February 2004, several draft specifications have been announced as part of the OMA DRM 2.0 enabler release. The enhanced version includes countless benefits for content owners as well as end consumers. Content owners will profit from the following features:

• Enhanced security, enabled by the binding of rights objects to user identity: Individually encrypted rights objects use a device's public key to provide cryptographic binding (to SIM/WIM), integrity protection for content and rights objects.
• Explicit trust mechanisms, including mutual authentication between a device and the rights issuer as well as device revocation: The rights issuer can identify the device revocation status.
• Support of secure multicast and unicast streaming: Collaboration with 3GPP and 3GPP2 on a file format for protected streaming and progressive download.
• Export to other copy protection schemes: For example, the transfer of music to the SD Card (which incorporates its own DRM mechanism) for a mobile music player.
• Support for a wide variety of business models: These include metered time and usage constraints, subscription rights for content bundles, and gifting.
• Support for messaging and peer-to-peer (i.e., super-distribution): Viral marketing and a reward mechanism.

OMA DRM v.2.0 implements a DRM, REL v.2.0, defined as a mobile profile of the ODRL. This expression language addresses the principal concerns of content providers - protection of sensitive information and purchased content that is in possession of the customer; prevention of unauthorized use and distribution of content; and avoidance of tampering with content, either during transmission or as a case of unauthorized reuse. Accordingly, numerous content suppliers have announced support for OMA DRM v.2.0, among them Sony and Time Warner. Carriers and handset vendors, who see significant revenue enhancement opportunities by offering pervasive mobile access to premium rich content, are expected to release handsets that have implemented OMA DRM v.2.0 by 2005...

The success of premium 3G applications and high-value media and entertainment content delivery lies in security, ease of use, and in the market penetration of suitable handsets. Handsets and other mobile devices that support OMA-defined DRM technology are already on the market. Currently about 80 models are available in all categories. Given that the specifications were released 14 months ago, this can be considered a tremendous success. As OMA DRM has penetrated into the OS and into, for example, Nokia's widely used Series 60, it has become easy for handset manufacturers to implement DRM. Some leading handset vendors have decided to release DRM in all of their phone models. For these devices, the enhanced DRM v.2.0 specifications represent the next step in pervasive mobile access. The new enabler, the specifics of which have just been released, takes advantage of expanded device capabilities — multimedia applications, processing speed, and storage, among others — and offers improved support for the downloading and streaming of content as well as for sophisticated business models..."

About Open Mobile Alliance (OMA)

"The mission of the Open Mobile Alliance is to facilitate global user adoption of mobile data services by specifying market driven mobile service enablers that ensure service interoperability across devices, geographies, service providers, operators, and networks, while allowing businesses to compete through innovation and differentiation... Since its inception in June 2002, the Open Mobile Alliance has grown to more than 300 companies representing mobile operators, device and network suppliers, information technology companies, and content providers.

The purpose of the Open Mobile Alliance is to grow the market for the entire mobile industry by removing barriers to interoperability, supporting a seamless and easy to use mobile experience for users and a market environment that encourages competition through innovation and differentiation.

The Open Mobile Alliance is designed to be the center of all mobile application standardization work, enabling the creation of mobile services designed to meet the needs of the end-user. To grow the mobile market, the companies supporting the Open Mobile Alliance will work towards stimulating the fast and wide adoption of a variety of new, enhanced mobile information, communication and entertainment services. The implementation of OMA specifications results in benefits to the end-users, providing easy to use mobile services that are interoperable across countries, operators and mobile terminals.

The OMA Technical Plenary is responsible for the delivery of technical specifications for application and service frameworks, with certifiable interoperability, enabling deployment of rich mobile applications and services. In addition, the Technical Plenary oversees the technical specification drafting activities, approval and maintenance of technical specifications, as well as the resolution of technical issues within the OMA organization. The Technical Plenary is organized around a collection of technical working groups, each focusing on a particular technology area. Currently, there are 15 Technical Working Groups and 2 Committees of the Technical Plenary..." [OMA home page]