The Long March to Interoperable Digital Rights
`Management
`
`ROB H. KOENEN, SENIOR MEMBER, IEEE, JACK LACY, MICHAEL MACKAY, AND
`STEVE MITCHELL, MEMBER, IEEE
`
`This paper discusses interoperability of digital rights manage-
`ment (DRM) systems. We start by describing a basic reference
`model for DRM. The cause of interoperability is served by under-
`standing and circumscribing what DRM is “in the whole.” Then
`we outline and contrast three different approaches to achieving
`interoperability. One approach relies on flexible network services
`to provide functionality where it is needed, perhaps by bridging
`different systems. We describe an experimental service orchestra-
`tion system (NEMO) that enables such an approach.
`
`Keywords—Digital media distribution, digital rights manage-
`ment (DRM), standards, trusted computing, Web services.
`
`I. INTRODUCTION
`
`Digital rights management (DRM) is a collection of
`technologies that enable technically enforced licensing of
`digital information. DRM makes it possible for commercial
`publishers to distribute valuable content electronically,
`without destroying the copyright holder’s revenue stream.
`DRM can also be used in other settings to enable safe distri-
`bution of digital content including, for example, document
`management within and between corporations, protected
`e-mail, medical patient records handling, and government
`service access.
`At a minimum, a well-designed DRM system provides the
`following.
`Governance: DRM is different from classical secu-
`rity and protection technologies [1]. Conventional
`media distribution systems based on conditional access
`techniques protect media during transmission using
`a control model based on direct cryptographic key
`exchange. DRM systems, on the other hand, implement
`control, or governance, via the use of programming
`language methods executed in a secure environment.
`Secure Association of Usage Rules With Infor-
`mation: DRM systems securely associate rules with
`content. These rules determine usage of the content
`
`Manuscript received September 12, 2003; revised December 22, 2003.
`The authors are with InterTrust Technologies Corp., Santa Clara, CA
`95054 USA (e-mail: mmackay@intertrust.com;
`rob@intertrust.com;
`lacy@intertrust.com; mitchell@intertrust.com).
`Digital Object Identifier 10.1109/JPROC.2004.827357
`
`throughout its life cycle. Rules can be attached to con-
`tent, embedded within content (e.g., via watermarking),
`or rules can be delivered independently of content.
`Persistent Protection: DRM systems are designed to
`protect and govern information on a persistent basis
`throughout the content’s commercial life cycle. Protec-
`tion is frequently provided using cryptographic tech-
`niques. Encrypted content is protected even as it travels
`outside of protected distribution channels.
`The use of DRM in commercial end-consumer media
`distribution is controversial for several reasons. DRM allows
`content providers to create licenses that are different from,
`and more rigidly enforceable than, the de facto generally
`understood licenses that have accompanied traditional media
`(CDs, VHS tapes, and DVDs). Conversely, the nature of
`today’s DRM technology makes it difficult to automate ac-
`curately some existing usage conventions, such as the United
`States’ fair use traditions or European privacy expectations.
`DRM license enforcement requires security safeguards on
`home equipment to protect the interests of content vendors.
`Although it is common for basic utility vendors to install
`security systems around home metering systems (e.g.,
`cable television, water, electricity and natural gas), some
`consumers are wary of DRM systems operating on their
`family PC, which is used for many personal tasks besides
`presenting media.
`Traditional media distribution (before the mid-1990s) has
`been tied to physical media, such as music CDs and video
`tapes. Making and distributing high-quality copies of music
`and video was difficult for the average consumer. Successful
`business models have been well established around the pro-
`cesses of manufacturing, distributing, merchandising, and
`charging consumers for individual copies of a work. Early
`electronic distribution systems have likewise been built
`around the notion of digital copies of works (“copy control
`systems”), but this paradigm is becoming less relevant as
`it becomes easier for consumers to manage content as disk
`files on their home network, in their cars, at work, and in
`school.
`It is easy today to find consumers who would think it
`appropriate to pay full price for a second factory-pressed
`
`PROCEEDINGS OF THE IEEE, VOL. 92, NO. 6, JUNE 2004
`
`883
`
`0018-9219/04$20.00 © 2004 IEEE
`
`IPR2016-01271
`UNIFIED 1006
`
`

`
`copy of a favorite music CD, but who have few misgivings
`about downloading free (unauthorized) digital compressed
`copies of music for which they (or someone in their family)
`already own a commercial CD. Consequently, consumers are
`developing their own ideas of what the right business models
`should be for commercial music licensing. Commercial
`publishers are scrambling to work through the business
`and technical hurdles to deploying business models that
`protect their interests and are acceptable to consumers,
`device manufacturers, and service providers.
`The result is the emergence of DRM-enabled digital
`music services, such as Roxio’s Napster service (originally
`known as pressplay), Apple’s iTunes Music Store, Music-
`match Downloads, and others. Apple’s music service has
`so far been the most popular with consumers, but we have
`not yet heard the last word in legal online music distribution
`[2]–[4]. BuyMusic, Musicmatch, MusicNow, Napster, and
`numerous others use Microsoft’s Windows Media Audio
`format, which bundles DRM capability with an audio codec
`and a file format. Apple’s iTunes uses an open standard
`audio codec [MPEG Advanced Audio Coding (AAC)] and a
`proprietary DRM system. The Microsoft and Apple formats
`are not compatible. Microsoft’s format is supported on the
`largest variety of portable music players, while Apple’s
`format is currently supported on only one—its own iPod.
`(Reportedly this is the current top-selling music player [3].)
`At the time of writing, no portable music player supports
`both formats.
`This paper focuses on the issue of DRM interoperability.
`There are several reasons why DRM interoperability is
`desirable. The content industry desperately needs to deploy
`legitimate content services that compete favorably (based
`on features, not on price) with unauthorized free services.
`A simple and seamless user experience must be part of that
`goal, and DRM interoperability is necessary to achieve it.
`Content providers and e-commerce service providers
`would like to see a healthy business climate from which
`they can multisource essential
`technologies like DRM,
`especially when these technologies must adapt rapidly to
`evolving industry needs and consumer expectations. The
`DRM market is strongly influenced by network effects: a
`DRM technology becomes more valuable as it becomes
`more widely adopted. Thus, there are strong forces pushing
`DRM technology providers toward interoperability, even as
`vendors attempt to differentiate their products based upon
`features.
`While many people have articulated a goal for media dis-
`tribution where any content is available to anyone, anytime,
`anywhere on any useful device using viable business models,
`significant barriers exist to the goal of an interoperable and
`secure world of media-related services.
`(cid:127) Overlapping de facto and formal standards.
`(cid:127) Implementation technologies are not interoperable.
`(cid:127) Consumer devices cannot locate and connect to needed
`services.
`(cid:127) Web services standards do not bridge services spanning
`Web distribution and personal area network protocols.
`
`(cid:127) Impedance mismatches between different trust and pro-
`tection models.
`(cid:127) No unified notion of content governance useful in
`peer-to-peer (P2P) distribution models.
`We outline some of the possible approaches to achieving
`interoperability and discuss related issues. We start in the
`next section by describing a basic reference model (RM)
`for DRM. The cause of interoperability is served by under-
`standing and circumscribing what DRM is “in the whole.”
`We then outline and contrast three different approaches to
`achieving interoperability. One approach relies on flexible
`network services to provide functionality where it is needed.
`Finally, we describe an experimental service orchestration
`system (NEMO) that enables such an approach.
`
`II. TOWARD A DRM BASIC RM
`
`Commercial practice across a variety of DRM systems
`has matured to a point where robust technical patterns can
`be identified as a basis for establishing a DRM basic RM.1
`In this section, we consider the architecture of current DRM
`systems in order to identify common technical elements
`and the requirements they try to address. Proceeding from
`this analysis, we then outline an RM that may serve as
`a basis for coordinating evolution and interoperability
`of next-generation DRM systems. Establishing a general
`vocabulary and a set of reference concepts is the first step in
`building a framework for interoperability of heterogeneous
`systems.
`
`A. Current DRM Architectures and Industry Practice
`Fig. 1 illustrates an abstract system architecture based on
`DRM application and service elements representative of a
`variety of contemporary commercial DRM systems. Key
`concepts in this diagram are as follows.
`(cid:127) Content and associated usage rights enter the system
`through a packaging process, typically under the au-
`thority of the content licensor.
`(cid:127) Packaging services produce protected content and ei-
`ther full licenses, or rules and metadata as input to a
`licensing and reference service. Licenses can usually
`be personalized based on the particular parameters of
`the license-requesting party [5].
`(cid:127) Consumers use a local consuming application to
`transact with the licensing and reference services for
`licenses, and interact with streaming or download
`services for acquisition of the protected content. Often,
`the licensing service provides the reference to the
`correct content and associated distribution source.
`(cid:127) The consumer may be licensed to transfer protected
`content to another peer system (e.g., other “full-fea-
`tured hosts”), or to a portable device with DRM capa-
`bilities. Portable or “tethered” devices interact with the
`DRM system by proxy via a more capable upstream
`
`1The CEN/ISSS Digital Rights Management Final Report [16] provides
`an overview of evolving DRM technical architectures with the goal of “iden-
`tifying the current status of DRM usage and possible means to ensure effec-
`tive implementation of DRM in the marketplace.”
`
`884
`
`PROCEEDINGS OF THE IEEE, VOL. 92, NO. 6, JUNE 2004
`
`

`
`Fig. 1. Abstract DRM systems elements.
`
`system (e.g., the “full-featured host”). The host may for
`example create a restricted form of the original license
`better suited to the capabilities the device, or may buffer
`or cache certain usage information on behalf of the less
`capable device.
`Each of the elements in Fig. 1 may consist of multiple sys-
`tems in a real-world implementation. For example, licensing
`services may embody an entire distribution value chain con-
`sisting of retail, subscription or download services.
`Each element may be hosted by different business entities,
`acting in cooperation with other parties’ systems based on
`contractual business relationships. Current deployment sce-
`narios for DRM systems involve mutually well-known busi-
`ness partners, carefully architected technical responsibilities,
`and negotiated business relationships. However, increased
`business automation and more dynamic business relation-
`ships create the need for flexible provisioning and manage-
`ment of DRM infrastructure.
`DRM applications and services (consumption, packaging,
`license services, provisioning services, etc.) are all built
`on elements of the trusted computing framework, which
`includes secure software distribution and execution envi-
`ronments, trusted identity management, secure policy and
`rule processing and enforcement, supporting cryptographic
`functions and key management, and tamper resistance.
`Provisioning services support adding new participants and
`
`services, and supplying DRM systems with supporting
`software, certificates, etc.
`The ability to programmatically configure and manage
`trusted and secure relationships between the participants and
`the underlying DRM technology is paramount [6]. All of the
`parties in the value chain must trust that distributed content
`or information and its source are authentic, is accessible
`only by intended or contracted receivers, and is used by
`those receivers consistently with the contracted rights.
`Devices and services must be qualified as trustworthy and
`then maintained as such.
`
`B. Value Chains and DRM Systems
`
`Understanding roles in the commerce value chain and how
`these interact with DRM services is essential.
`A detailed model of roles involved in electronic copy-
`right management systems was developed by the European
`Commission-funded Imprimatur project. Completed in 1998,
`the goal of Imprimatur was to “understand and analyze the
`context in which Electronic Copyright Management Systems
`are to be developed,” and which “reflect[s] current business
`practices for trading and licensing multimedia documents
`[by identifying] relevant roles, their relationships and cor-
`responding transactions” [5]. Roles and responsibilities ad-
`dressed by the Imprimatur model include the following.
`
`KOENEN et al.: THE LONG MARCH TO INTEROPERABLE DIGITAL RIGHTS MANAGEMENT
`
`885
`
`

`
`and its cryptographic material. Consumers and associated
`consumption processes may also be enabled to package their
`own content.2
`Content packaging can be closely associated with rules
`and license generation or may be completely independent
`from it. Content identifiers couple the protected content with
`rules and content protection keys. Therefore, rules, packaged
`content, and content keys may be generated together or sep-
`arately, at the same time or at different times. They may be
`delivered together, through the same channels, or separately,
`at different times, through different channels. In a produc-
`tion environment, content may be packaged initially without
`rules. Alternatively, content may be packaged on-demand
`and immediately associated with rules.
`The content may contain directions as to where licenses
`or offers associated with the content can be acquired or other
`offer metadata that can be used to automate downstream dis-
`tribution processes.
`Content protection is typically accomplished using crypto-
`graphic processing, where content protection keys are made
`available to one value chain participant or consumer, and are
`not exposed in the clear to other value chain participants or
`consumers. Key management procedures can bind or asso-
`ciate a content package to any security principal, including
`individual consumers, devices, certain types of secure media,
`or content-sharing networks (e.g., a network of home media
`devices). Associating content with a consumer allows the
`protected content and license to be transported to other sys-
`tems on which the consumer is also authorized.
`b) Rules Generation and Modification: Any autho-
`rized member of the value chain from packager to consumer
`may create rules to be associated with a content package.
`Rules may be used to govern consumer access to content as
`well as to govern the actions of other value chain members
`on the content or information associated with the content.
`For example, usage rules may require authentication on
`access or usage, or require license updates to be obtained
`before operating on the content.3
`Rules may specify consequences such as generation of
`audit records based on content usage actions or attempts at
`usage, such that the audit records are securely delivered to
`a designated authority prior to execution of the action gov-
`erned by the rule.
`Rules are often associated with the whole piece of con-
`tent, but may also be managed at the granularity of a content
`subelement (e.g., stream, component, etc.). Rules can also be
`associated with a class of content (e.g., all content belonging
`to a particular owner, all audio content, all low-bitrate con-
`tent, etc.) rather than a specific content instance.
`Rules can be delivered as separate files (e.g., a license),
`or combined with the protected content (integrated with the
`content data format itself), or both. Alternatively, the rules
`
`2The term “consumer” typically refers to retail end users but may also
`apply to other value chain participants—regardless, consumers are partici-
`pants of the managed value chain and may participate in a broader class of
`functions than strictly consumption and rendering.
`3For example, expired rights might require license updates to enable ac-
`cess or usage.
`
`Fig. 2. DRM basic RM.
`
`(cid:127) The creator—the party responsible for delivering their
`creation to the creation provider.
`(cid:127) Creators may assign exploitation rights to a rights
`holder (e.g., a collection or licensing agency).
`(cid:127) The relationship between creators and rights holders
`and associated contracts are maintained in an IPR data-
`base.
`(cid:127) The media distributor is expected to pass appropriate
`royalties to the rights holder according to the current
`payment details stored in the IPR database.
`(cid:127) The purchaser (consumer) may use the creation, and if
`they generate a new composite document based on it
`then they also become a creator. In order for the pur-
`chaser to perform functions associated with the creator
`role, they must have obtained the required permission
`from the corresponding rights holder of the original
`creation. Rights holders of original creations automat-
`ically have rights on composite creations—the flow of
`royalties is determined according to the IPR database.
`Few DRM systems take all of these types of roles, relation-
`ships, and activities directly into account as part of their
`intrinsic design, leaving contract management and auditing
`and accounting issues to a diverse array of largely unin-
`tegrated back office systems. With increased end-to-end
`systems automation and sophisticated digital content ma-
`nipulation and aggregation services, models like Imprimatur
`will likely receive increased attention in new architectures.
`Possibly the most thorough attempt to date in a single
`DRM system was undertaken by InterTrust in its Com-
`merce system [7].
`
`C. DRM Systems Functionality
`The proposed basic DRM RM is illustrated in Fig. 2. We
`now frame the functional characteristics of the five main do-
`mains of our proposed basic RM.
`1) Packaging, Rules Generation, and Modification: The
`point of entry to the DRM-managed content and gover-
`nance life cycle includes technologies supporting content
`packaging, specification of rights and associated data, and
`generation and modification of digital items.
`the
`a) Content Packaging: Content packaging is
`process of preparing content for DRM protection—placing
`content into a secure container, usually by encrypting it,
`associating the necessary identifiers and metadata, and log-
`ging and cataloging the content, its identifiers and metadata,
`
`886
`
`PROCEEDINGS OF THE IEEE, VOL. 92, NO. 6, JUNE 2004
`
`

`
`can be provided as input to value chain management and li-
`censing services or applied in conjunction with processes for
`resolving references to the content.
`Rules, terms and conditions, and consequences can be rep-
`resented in a variety of different ways. For example, one ap-
`proach is to use a standardized rights expression language
`such as the MPEG-21 Rights Expression Language (REL)
`[8] or the Open Digital Rights Language (ODRL) [9]. Alter-
`natively, rules may also be encoded in formatted text (such
`as XML or named key-value pairs), or possibly via compiled
`or interpretive code as part of an application.
`In some systems, it is possible to modify or extend rules
`after their initial creation. For example, value chain manage-
`ment and licensing services may support the ability to select
`and apply rules that have been updated to reflect up-to-the-
`minute changes in business offers, regardless of when the
`content was packaged and placed into the system.
`In the final stage of rules generation, rules are embedded
`into data structures that can be linked to the content. There
`are a variety of mechanisms available for packaging rules.
`For example, sets of rules may be organized into “offers”
`that describe the content and the associated license for pre-
`sentation to a consumer or other value chain member. Offers
`may be delivered to a content distributor, who may choose to
`present some or all of the offers to other participants further
`down the value chain. Associated collateral information and
`promotional content can be included in a separate package
`for use in retail promotion and downstream distribution.
`2) Value Chain Management and License Services: A
`common characteristic of systems that support nontrivial
`operational models (such as subscriptions, superdistribution,
`push-distribution, etc.) is the ability to produce, modify,
`assemble, and aggregate rules and negotiate conflicts in-
`volving rules from one or more sources.
`Consumer licenses are sometimes the result of a collab-
`oration of multiple value chain participants. Authorized
`value chain members may insert new rules into the licensing
`structures, using processes that are themselves governed.
`The rights of various services to interact with the content’s
`distribution process may be encoded in rules delivered
`directly to the service or that are referenced using the same
`identifiers or references that are associated with the content.
`Value chain management services may include posttrans-
`action processing (e.g., allocation of the value exchanged
`such as financial payment, usage data, etc.) per contractual
`obligations [5]. Such posttransaction processing rules can be
`included in the license associated with the content (whether
`packaged together with the license or separately), or created
`as an electronic contract covering specific offers or content
`and delivered separately.
`Historically, the terms by which value chain participants
`are allowed to interact with the content and rights to its use
`are expressed via contractual relationships between creators
`(or creation providers) and other value chain participants. We
`anticipate that contractual relationships may be automated
`using similar mechanisms (e.g., electronic contracts) as those
`used to control access to content by consumer applications.
`
`Contracts may be encoded using a contract expression lan-
`guage [10], similar to RELs used for encoding content usage
`rights. Electronic contracts are then delivered to participating
`entities and used by trusted applications to manage content
`distribution rights. The ways in which these terms are deliv-
`ered and managed are discussed in greater detail in the next
`section.
`Frequently, rights and contractual obligations associated
`with a piece of content already exist as a result of prior inter-
`actions with the content (e.g., as part of prior distribution ar-
`rangements). Rights discovery refers to a set of functions pro-
`vided either by technically automated or other means, such
`as conventional business processes, for referencing these ex-
`isting rights and obligations.
`a) Value Chain Management: Value chain manage-
`ment refers to those system facilities that track, serve, and
`govern value chain participants. Value chain participants
`have interests in the distribution of products and provide
`decision-making, reporting, and other processing services
`affecting the digital content under their control. Just as rules
`govern the use of protected content, rules and policy govern
`the ways in which value chain participants interact with one
`another and with their associated content.
`Static value chain management refers to approaches
`where offer and consumption rules are computed at content
`packaging time. An expression of rules can be distributed
`with content packages for examination or modification by
`other participants in the value chain.
`In the static model, content packages are created for a
`particular set of distribution participants. The value chain
`management process is parameterized at packaging time with
`information about the known and identified participants, and
`the packager output conveys the necessary information in ad-
`vance of actual participation. Once packaged, modification
`to the value chain information is governed by the associated
`rule set. The upshot of this early-binding approach is that
`unanticipated business model changes might necessitate con-
`tent and/or rules repackaging from an original source.
`The dynamic value chain management model is late
`binding. In the dynamic model, rules governing the use of
`value chain information are accessed on demand through
`network services, rather than being carried as they were
`encoded at packaging in an early-bound and immutable con-
`figuration. Rather than copying packaged files to each value
`chain participant, content may be distributed by reference
`[10]. The rights to the content are distributed based on these
`references and the references may be incorporated in or used
`by other structures, such as licenses. Reference services
`fulfill requests for content consumption by consulting their
`current rule sets [10].
`Dynamic value chain management allows for modification
`of the value chain information as references to the content
`move through the distribution channel. The dynamic model
`allows content to be packaged without advance knowledge of
`distribution configurations. Distribution configurations can
`change in response to new contracts, law, or business models.
`In addition to enabling greater adaptability and responsive-
`
`KOENEN et al.: THE LONG MARCH TO INTEROPERABLE DIGITAL RIGHTS MANAGEMENT
`
`887
`
`

`
`ness to changes in the business environment, dynamic value
`chain management may provide better ways to accommodate
`complex rights management issues, such as fair use rights.
`b) Licensing Processes: License services manage and
`distribute content licenses. DRM functions associated with
`license services commonly include the following.
`(cid:127) Management of data structures carrying rules (e.g., li-
`censes or offers) and cryptographic information (e.g.,
`content protection keys).
`(cid:127) Discovery, delivery, authentication, and management
`of offers.
`(cid:127) License request processing, license generation, license
`association (binding), and delivery of resulting licenses
`to requesting entities (devices, services, applications,
`or security principals associated with authenticated
`user identities) consistent with the requirements of the
`rights holders and governing contracts.
`(cid:127) Validation of trusted status of entities requesting ser-
`vices of the system (e.g., authentication of value chain
`participants and the business relationships between
`them).
`(cid:127) Validation of transactions from peer value chain sys-
`tems authorizing generation and association of licenses
`on behalf of a third party.
`(cid:127) Processing and validation of any rules required for de-
`livery of the license, such as enforcement of geographic
`restrictions; enforcement of time restricted offers; and
`validation of credentials from the requesting party.
`(cid:127) Management and enforcement of subscription data.
`(cid:127) Event reporting for payment functions (or any other
`exchange of value).
`(cid:127) Event reporting for usage tracking and overall system
`assurance.
`3) Consumption Services: Consumption services are
`functions through which consumers interact with DRM
`content according to some governed action (e.g., playback
`rendering, editing, printing, annotation, aggregation, etc.).
`Consumption services are typically associated with con-
`sumer client systems, but may also be associated with any
`value chain participant that accesses or processes protected
`content, metadata, or rules. Systems incorporating DRM
`consumption services can take a variety of forms, including
`the following.
`(cid:127) Application software incorporating DRM functions for
`protected media services running on a general purpose
`operating system using PC hardware.
`(cid:127) Consumer electronics (CE) devices such as set-top
`boxes, multimedia appliances or game consoles, etc.
`(cid:127) Wireless or personal digital appliances,
`including
`those capable of participating in online transactions
`with value chain management and license services, and
`supporting operational and trust management services.
`Supporting elements of distributed DRM systems, such as
`value chain management services and license services, must
`be able to establish and maintain trust with systems that host
`consumption services. Trusted consumption hosts must pro-
`
`tect their operation against circumvention of local DRM pro-
`cessing functions, must enforce rules governing access to
`packaged data, and must render and otherwise use protected
`content. Systems that consume protected content typically
`employ a variety of security mechanisms and may interact
`with local or distributed security services.
`Consuming systems request and acquire protected content
`through transactions with licensing and potentially other ser-
`vices. These transactions may include information about the
`requesting system environment and user context—including
`possibly personalization data, locale, system capabilities, se-
`curity level or evidence of current certification, and infor-
`mation about the content. Due to the potentially sensitive
`nature of some of this information, privacy protection is a
`paramount concern in these functions [11].
`Although many systems associate protected content, using
`cryptographic techniques, to the identity of the requesting
`system (e.g., using a fingerprint based on characteristic at-
`tributes of the specific system, or an indelible identifier or
`key), it is also possible (and increasingly desirable) to license
`the protected content to an identity associated with an authen-
`ticated security principal, (e.g., the user or a role associated
`with the user). Establishing this type of association allows
`the protected content and license to be transported to other
`systems on which the user is also authorized.
`Once the license is received, the consuming system is able
`to manipulate the content according to the specified rules.
`Rules may express, for example, limitations on the number
`of plays, time-based usage or expiration, requirements for
`enrollment in a subscription service, budget transactions with
`a local stored-value database, authorization from a content
`management system within a business or between business
`partners, etc.
`The consuming system’s DRM components are respon-
`sible for enforcing the rules and maintaining any state as-
`sociated with them. State information must be protected in
`order to assure integrity against circumvention for purposes
`such as unauthorized replay or redistribution.
`If the rules specify consequences, the consuming system’s
`DRM components are responsible for any required local or
`distributed transactions such as usage auditing, event re-
`porting,4 or metered payment. Unsuccessful event reporting
`or auditing may result in prohibitions against further access
`until such records can be successfully processed.
`Rules may also specify whether the consuming system
`has the right to copy content to another peer or portable
`device. In this case, the system’s DRM components must
`support device interfaces and nonvolatile state (such as copy
`and check-in/check-out counts) used to maintain compliance
`with the rules. A device or application to which the content
`is being transferred must be able to enforce the applicable
`content usage rules to a required level of conformance.
`a) Consumption and Portable Devices: In many ways,
`portable devices are just another class of consuming system.
`Examples of portable devices include personal digital music
`
`4Event reporting includes activities such as successful download notifica-
`tion.
`
`888
`
`PROCEEDINGS OF THE IEEE, VOL. 92, NO. 6, JUNE 2004
`
`

`
`players and various types of imaging, games, or electronic
`book devices. The primary characteristic of a portable device
`is that it is usually managed by a more capable system, what
`we might call a “full-featured host,” that is capable of direct
`transactions with distributed value chain management and li-
`cense services. Portable devices typically rely on a secure
`communications channel managed by the host system for
`functions such as copying and (re-)associating protected con-
`tent to the portable device (or a removable secure memory)
`for offline usage and rendering.
`Portable devices typically incorporate