Philips & Sony To Purchase Intertrust DRM Tech

tuxlove writes "Reuters is reporting that Philips and Sony Corp, the parents of the compact disc, teamed up on Wednesday to buy InterTrust Technologies for $453 million -- a deal expected to speed up copyright security for digital media. The acquisition by Philips Electronics and Sony of the leading U.S.-based holder of intellectual property in the field of 'digital rights management' technology is widely seen as a way to prevent Microsoft, which has been embroiled in a legal battle with InterTrust, from grabbing control of the potentially lucrative business. Philips and Sony, the electronics giants who introduced the CD format 20 years ago, said the deal would enable secure distribution of content as more films and music are sold over the Internet and other media in digital format."

I've worked with Intertrust

[Twirlip+of+the+Mists]

My former employer had a strategic alliance with Intertrust. Guess this is bad news for them. Good.

Here's an overview of how Intertrust's stuff works, what's right with it, and what's wrong with it. This is really complex, but it's not hard to understand at all.

Intertrust's system basically works like this: the seller encrypts the media (video, picture, audio, whatever you want) into what they call a "package." The process also generates what they call a "rights package," which gets stored on a net-connected machine called a "rights server." Rights packages are, of course, also encrypted like crazy. Everything in this system is, with digital signatures like you wouldn't believe. Forgery of a rights package or of an authorization is the biggest vulnerability to the system, and Intertrust knows that.

When you buy the media, you download what they call an authorization. The authorization contains information about what rights package you bought (one media package can correspond to more than one rights package). The thing you're using to do all this-- it could be a computer running special software, or a set-top box, or an MP3 player in your car... whatever-- takes the authorization and downloads the content package from what they call a "content server," along with getting the rights package that defines what rights you bought from the rights server. At this point, you have three things: the content in its package, the rights that define how you can use that content in its package, and an authorization that ties them all together. The authorization, of course, contains some information that uniquely identifies your device, which means that only whole set-- the combination of the content package, the rights package, the device, and the authorization-- can work together.

All of that downloading and transacting is supposed to happen behind the scenes. To the user, it looks like this: Hmm, I think I want that song. Here I go, choosing a rights package from this list of three or four, and putting in my credit card number. Tap, tap, poof! Now I have the song on my MP3 player (or whatever), and I can listen to it according to the rights I bought. It's designed to be easy for the end-user and the provider both, with all the hard stuff happening in software.

Now, the interesting thing is the rights package. A record company might give away free authorizations for single-use rights packages. For instance, you might be able to go to RecordCo's web site and download any song for free and listen to it once; sort of a "try-before-you-buy" thing. If you decide you want the song, but you'll probably get sick of it, you can buy the rights pack that lets you listen to it all you want for a month, and then expires. Or you can buy an unlimited rights pack that lets you listen to it all you want forever. It's really flexible, which is something that DRM systems in general haven't been thus far.

It's worth mentioning, too, that Intertrust does not depend on a new, proprietary media format. You can encrypt anything as an Intertrust package. Intertrust controls how and when you get to access the data-- according to the rules defined in the rights package-- but what that data is and how it's formatted it is entirely flexible. You could wrap an Ogg file up in an Intertrust package if you wanted to, just by running it through the packager tool.

Also interesting is the idea that all of the pieces-- the content package, the rights package, and the authorization-- can be duplicated to your heart's content. Wanna make a copy of a CD so you don't have to worry about scratching the original? Go right ahead. But it'll only play in your CD player, because that's what the authorization says. You can make a copy and give it away, but your friend can't play it in his player because he doesn't have an authorization. He can, however, download an authorization for it quickly and easily. Intertrust calls this "superdistribution," and it's a big selling point for them.

All in all, I think Intertrust's model is the best I've seen. If the world ran on Intertrust, I think it would probably be pretty okay.

But there are problems. Intertrust's system depends on a hell of a lot of infrastructure: every device-- and I mean every device-- that interacts with the Intertrust system has to have an Intertrust client running on it, either in software or in hardware. If your MP3 player isn't Intertrust-compatible, you can forget being able to play those MP3s you downloaded from RecordCo. They simply won't work, because the device won't be able to decrypt the package. This basically means that Intertrust's system can never be used for general-purpose media content protection, because it relies too much on client code ubiquity.

The other obvious down-side is that the system is complex. I don't think it's needlessly complex, per se, but it's complex, and that means there are lots of ways that something could go wrong. That could mean inconvenience to the customer, which is death in this market.

So while it's an okay idea-- probably one that would work well for both sellers and customers if universally deployed-- it's got some serious flaws, too.

Just my two cents. I may have some of my facts wrong-- I never worked for Intertrust, but I got a ton of technical info from them under NDAs and shit, so I think I'm right in the broad sense on all of this. Hmm. NDAs. Oh, well. Fuck it. They can sue me, if they can find me.

Re:One basic problem

[Twirlip+of+the+Mists]

I have not yet understood how any DRM or copyprotection will overcome the problem, that when the content is downloaded/played through legitimate HW&SW it can at the same time be resaved without the copyprotection - atleast in the case of video and audio.

I just posted a long-ass dissertation on how Intertrust works, and I'm not going to repeat it here. But the short version is that Intertrust doesn't care about your ability to copy the encrypted media. In fact, making it easy for customers to copy encrypted media from each other is a big selling point for Intertrust, because it lets the content providers focus on what they like to do: sell licenses. If you copied the Britney Spears CD from your friend but bought your license from us, then we just saved money manufacturing, storing, and shipping that particular CD. Yay.

So copying encrypted content is good and fine. So Intertrust spends is energy instead trying to make sure that encrypted content stays encrypted all the time, up to the point where it goes analog and hits your screen or your speakers or your whatever.

It's not too hard, in principle, to do this. The ancient PGP client had an "eyes only" mode that did the same thing: it decrypted the data, displayed it, then wiped the memory where the cleartext had been, never writing anything to disk. It would have been impossible to get the cleartext out of PGP without some really intrusive method, like somehow reading the actual memory pages of the PGP process, or trojaning the PGP binary itself. So that basic methodology is not a terrible idea.

The key to this is that Intertrust isn't meant to be a general-purpose content encryption system. For example, it wouldn't work for something like stock photography, where you need to be able to place the photo-- unencrypted-- in a page layout program and do all sorts of interactive stuff to it. Intertrust wouldn't work for that at all, because as soon as you decrypted the image, the system would stop protecting it.

But think of Intertrust instead for something like video-on-demand. The set-top box and the upstream servers have Intertrust bits in them that allow you to download (or stream) HDTV-resolution movies to your home over fibre or whatever, with all sorts of customer-friendly rights features. For example, you might be able to spend $5 and get the right to download a movie to your (Intertrust-savvy) PVR and watch it all you want until you feel like deleting it. Or you might be able to spend $19 to be able to download it and burn it (with your Intertrust-savvy disc burner) to a disc that you can own and watch whenever. Or-- and this is the cool part-- you might be able to spend $1 and only have the right to watch the movie in real time once.

In general, instead of saying "you can't do that" to the customers all the time, Intertrust could (in principle) let media distributors say "you can do that, if you buy the rights to" instead, and the system would enforce the arrangement in both directions.

I worked FOR Intertrust

[Longing]

After the stock market collapsed - we'd gone public in October and couldn't sell until April, a month after March collapse, shattering most of our paper-millionaire dreams - lots of people started leaving for various reasons. When I started working there in the beginning of '98 there were just over 100 employees. By the time we'd gone public, we'd more than doubled, and many of the people we'd hired were blubbering idiots. I didn't interview a single person who was worth hiring, and yet somehow, people kept getting hired. Stock price plummeted, layoffs, layoffs, layoffs. Last I checked, it was just a handful of people. All of my ex-coworkers from there have moved on, willingly or not.

The technology was good, and somewhat complex, but not frighteningly so, but when I was maintaining running instances of the software it was not terribly stable, in ways that would make most sysadmins cry. Instead, I quit in Dec '00, as the developers weren't putting in the features I requested - needed! - to know if the software was even running properly. Makes me laugh now, but it wasn't that funny then.

Intertrust had been around for years, and in it's beginnings was staffed primarily by folk with PhDs in Computer Science and related fields. They had a research team that was brilliant, and Intertrust has such an impressive patent portfolio that I am surprised that they didn't manage to successfully sue Microsoft, as has been commented here in slashdot before. Several references in google, and there's a techdirt.com and a kuro5hin article around for those who are interested.

Re:I worked FOR Intertrust

[Longing]

Yes, that was an accurate summary of the technology, kudos.

Here are some more comments for those interested:

If you're licensed for (n) views of a piece of content, you can image your system and keep reverting back to that particular system image. However, you're forever stuck at that system image, and you can't let the software ever talk to the license server again. This is a pain for even determined persons, and if the content is really that important, the content provider can require in the rights package that the computer must talk to the license server before each use.

You can't use their software on an OS running in VMWare. That's my fault for mentioning it was possible. Sorry. :)

If a consumer's system crashes beyond repair, there are provisions to restore all of your licenses, but there are also provisions to flag people who request restores of their licenses an abnormally large number of times so that The Man can investigate.

Before Napster and rampant music theft, er, sharing (sorry, still brainwashed :), one of ITRU's primary target audiences was actually the medical field - ITRU envisioned doctors, insurance companies, and patients having patients' medical records in packages, with only authorized persons being able to access them.

That's all I can think of for now. Cheers!

Re:css for CD's ?

[l1gunman]

CSS was not "cracked" in five lines of Perl code, though it can be expressed in five lines of Perl code.

It was cracked, sooner rather than later, because engineers at Xing created a frivolous implementation of a software CSS descrambler - one that could be disassembled, analyzed and reverse engineered *far* more easily than it would have been had they taken steps to encrypt and otherwise protect their code.

Once reverse engineered and exposed, it was leaked and expressed in many different languages. (My favorite is the 'C' implementation on the back of my CopyLeft t-shirt! ;-)