Philips & Sony To Purchase Intertrust DRM Tech

tuxlove writes "Reuters is reporting that Philips and Sony Corp, the parents of the compact disc, teamed up on Wednesday to buy InterTrust Technologies for $453 million -- a deal expected to speed up copyright security for digital media. The acquisition by Philips Electronics and Sony of the leading U.S.-based holder of intellectual property in the field of 'digital rights management' technology is widely seen as a way to prevent Microsoft, which has been embroiled in a legal battle with InterTrust, from grabbing control of the potentially lucrative business. Philips and Sony, the electronics giants who introduced the CD format 20 years ago, said the deal would enable secure distribution of content as more films and music are sold over the Internet and other media in digital format."

I've worked with Intertrust

[Twirlip+of+the+Mists]

My former employer had a strategic alliance with Intertrust. Guess this is bad news for them. Good.

Here's an overview of how Intertrust's stuff works, what's right with it, and what's wrong with it. This is really complex, but it's not hard to understand at all.

Intertrust's system basically works like this: the seller encrypts the media (video, picture, audio, whatever you want) into what they call a "package." The process also generates what they call a "rights package," which gets stored on a net-connected machine called a "rights server." Rights packages are, of course, also encrypted like crazy. Everything in this system is, with digital signatures like you wouldn't believe. Forgery of a rights package or of an authorization is the biggest vulnerability to the system, and Intertrust knows that.

When you buy the media, you download what they call an authorization. The authorization contains information about what rights package you bought (one media package can correspond to more than one rights package). The thing you're using to do all this-- it could be a computer running special software, or a set-top box, or an MP3 player in your car... whatever-- takes the authorization and downloads the content package from what they call a "content server," along with getting the rights package that defines what rights you bought from the rights server. At this point, you have three things: the content in its package, the rights that define how you can use that content in its package, and an authorization that ties them all together. The authorization, of course, contains some information that uniquely identifies your device, which means that only whole set-- the combination of the content package, the rights package, the device, and the authorization-- can work together.

All of that downloading and transacting is supposed to happen behind the scenes. To the user, it looks like this: Hmm, I think I want that song. Here I go, choosing a rights package from this list of three or four, and putting in my credit card number. Tap, tap, poof! Now I have the song on my MP3 player (or whatever), and I can listen to it according to the rights I bought. It's designed to be easy for the end-user and the provider both, with all the hard stuff happening in software.

Now, the interesting thing is the rights package. A record company might give away free authorizations for single-use rights packages. For instance, you might be able to go to RecordCo's web site and download any song for free and listen to it once; sort of a "try-before-you-buy" thing. If you decide you want the song, but you'll probably get sick of it, you can buy the rights pack that lets you listen to it all you want for a month, and then expires. Or you can buy an unlimited rights pack that lets you listen to it all you want forever. It's really flexible, which is something that DRM systems in general haven't been thus far.

It's worth mentioning, too, that Intertrust does not depend on a new, proprietary media format. You can encrypt anything as an Intertrust package. Intertrust controls how and when you get to access the data-- according to the rules defined in the rights package-- but what that data is and how it's formatted it is entirely flexible. You could wrap an Ogg file up in an Intertrust package if you wanted to, just by running it through the packager tool.

Also interesting is the idea that all of the pieces-- the content package, the rights package, and the authorization-- can be duplicated to your heart's content. Wanna make a copy of a CD so you don't have to worry about scratching the original? Go right ahead. But it'll only play in your CD player, because that's what the authorization says. You can make a copy and give it away, but your friend can't play it in his player because he doesn't have an authorization. He can, however, download an authorization for it quickly and easily. Intertrust calls this "superdistribution," and it's a big selling point for them.

All in all, I think Intertrust's model is the best I've seen. If the world ran on Intertrust, I think it would probably be pretty okay.

But there are problems. Intertrust's system depends on a hell of a lot of infrastructure: every device-- and I mean every device-- that interacts with the Intertrust system has to have an Intertrust client running on it, either in software or in hardware. If your MP3 player isn't Intertrust-compatible, you can forget being able to play those MP3s you downloaded from RecordCo. They simply won't work, because the device won't be able to decrypt the package. This basically means that Intertrust's system can never be used for general-purpose media content protection, because it relies too much on client code ubiquity.

The other obvious down-side is that the system is complex. I don't think it's needlessly complex, per se, but it's complex, and that means there are lots of ways that something could go wrong. That could mean inconvenience to the customer, which is death in this market.

So while it's an okay idea-- probably one that would work well for both sellers and customers if universally deployed-- it's got some serious flaws, too.

Just my two cents. I may have some of my facts wrong-- I never worked for Intertrust, but I got a ton of technical info from them under NDAs and shit, so I think I'm right in the broad sense on all of this. Hmm. NDAs. Oh, well. Fuck it. They can sue me, if they can find me.

Re:One basic problem

[Twirlip+of+the+Mists]

I have not yet understood how any DRM or copyprotection will overcome the problem, that when the content is downloaded/played through legitimate HW&SW it can at the same time be resaved without the copyprotection - atleast in the case of video and audio.

I just posted a long-ass dissertation on how Intertrust works, and I'm not going to repeat it here. But the short version is that Intertrust doesn't care about your ability to copy the encrypted media. In fact, making it easy for customers to copy encrypted media from each other is a big selling point for Intertrust, because it lets the content providers focus on what they like to do: sell licenses. If you copied the Britney Spears CD from your friend but bought your license from us, then we just saved money manufacturing, storing, and shipping that particular CD. Yay.

So copying encrypted content is good and fine. So Intertrust spends is energy instead trying to make sure that encrypted content stays encrypted all the time, up to the point where it goes analog and hits your screen or your speakers or your whatever.

It's not too hard, in principle, to do this. The ancient PGP client had an "eyes only" mode that did the same thing: it decrypted the data, displayed it, then wiped the memory where the cleartext had been, never writing anything to disk. It would have been impossible to get the cleartext out of PGP without some really intrusive method, like somehow reading the actual memory pages of the PGP process, or trojaning the PGP binary itself. So that basic methodology is not a terrible idea.

The key to this is that Intertrust isn't meant to be a general-purpose content encryption system. For example, it wouldn't work for something like stock photography, where you need to be able to place the photo-- unencrypted-- in a page layout program and do all sorts of interactive stuff to it. Intertrust wouldn't work for that at all, because as soon as you decrypted the image, the system would stop protecting it.

But think of Intertrust instead for something like video-on-demand. The set-top box and the upstream servers have Intertrust bits in them that allow you to download (or stream) HDTV-resolution movies to your home over fibre or whatever, with all sorts of customer-friendly rights features. For example, you might be able to spend $5 and get the right to download a movie to your (Intertrust-savvy) PVR and watch it all you want until you feel like deleting it. Or you might be able to spend $19 to be able to download it and burn it (with your Intertrust-savvy disc burner) to a disc that you can own and watch whenever. Or-- and this is the cool part-- you might be able to spend $1 and only have the right to watch the movie in real time once.

In general, instead of saying "you can't do that" to the customers all the time, Intertrust could (in principle) let media distributors say "you can do that, if you buy the rights to" instead, and the system would enforce the arrangement in both directions.