Controlling media

CORPORATE NETWORKS increasingly carry more company information in audio and video files: broadcasts of executive briefings, online training courses for employees and partners, and sales presentations, to name a few. Just as e-mail is a no-brainer for carrying corporate communications, these streams are rapidly becoming essential company assets.

Although many companies have taken advantage of rich media for years, they typically used it only on the corporate network, which had the bandwidth and security to warrant it. Transmitting proprietary information outside the firewall until recently has been bandwidth-constrained and risky. Further, PCs are open devices that offer would-be intruders many points to intercept the data streams.

As corporate use of audio and video increases, IT will need to increase control over those streams. The shift to multimedia communications, both inside and outside the firewall, means that DRM (digital rights management) is fast becoming another tool in the IT department’s information security kit.

New and soon-to-be-released media services products from RealNetworks and Microsoft, both of which contain proprietary DRM systems, take the next step toward transforming streaming audio and video into competitive essentials. Both companies’ DRM technologies provide granular approaches to media licensing, allowing IT to specify users’ abilities to access digital streams, what they can do with them, and for how long.

DRM systems typically are comprised of a server that stores and transmits the audio and video data, a licensing authority that often resides on the same server, and rights-enabled clients. Microsoft’s Windows Media Player 9 and accompanying server and media-encoding products entered beta on Sept. 4. RealOne Player 2 entered beta in late August. Meanwhile, RealNetworks shipped final code of its Helix Universal Server in July. Microsoft’s media server software will ship simultaneously with WMP9 later this year.

One question still to be addressed is what level of security can really be achieved? Both systems use PKI technology that allows only the intended receiver of a stream or a file to open it. Still, Microsoft’s DRM system was hacked last year, requiring the company to quickly upgrade it. Although that may strike fear into the hearts of record labels and movie studios more than into IT shops, it does give pause. Although RealNetworks’ DRM hasn’t been hacked, company officials acknowledge that it’s only a matter of time.

Both DRM systems provide extensibility in their architectures so that updates containing new algorithms to block further breaks can be quickly created and streamed to all servers and clients. When a break occurs, both systems also provide the ability to revoke previously issued licenses. They also block attempts to bypass expiration dates by turning back the computer’s clock. In a sense, this is an extension of “good enough” security. At the same time, the extensibility makes the licensing systems field upgradable to take advantage of new developments and help avoid technology obsolescence.

Both RealNetworks’ and Microsoft’s DRM systems have a packaging component that encrypts the content and generates a unique key that is stored in an encrypted license and distributed separately via a licensing server. One difference between the two systems is that RealNetworks provides both the front-and back-end components for DRM as its Media Commerce Suite, separate from its Universal Server.

In the case of Microsoft’s DRM system, the content is encrypted using a license key “seed,” which is a numeric value known only to the content owner and the license “clearinghouse,” and a key ID, which is created by the content owner for each file. When a user requests a license to listen to or view a particular piece of content, the Windows Media License Service uses the license key seed and the key ID to create a key that is encrypted in the license and sent to the user. The user is then able to recover the key and apply the license to the encrypted content.

The license also contains the terms under which the user is allowed to play the content, including when the file can be accessed, how many times, at what security level the player client must be set, whether the license can be backed up and restored, and many other parameters.

Both platforms provide significant granularity of control. Each piece of content can be assigned individual license rights. For instance, an executive briefing could be licensed to play back for each user only once, or to expire after a set time period, even if it hasn’t been viewed. The license can also block any attempts to copy or save the stream to a file.

Each user needs to use his or her key to unlock the license to view or listen to the media. Since these DRMs create unique identifiers for each client, it is possible to ascertain where a leaked presentation originated, should that happen.

Other rights include the ability to burn a training video to a CD or DVD once or a set number of times, or the ability to transfer it to another device, such as a PDA. The license may specify that a sales presentation may not be saved, copied, or transferred. Two additions to the DRM system in WMP9 are the ability to protect live content and to acquire licenses for Internet-connected devices, such as PDAs and smart phones. That may help ease IT and business concerns about the security of data exchanged with wireless devices.

Look for these systems to fully embrace Web services standards in the near future. After all, content requires metadata to describe it and license rights is only one example. Microsoft has already applied DRM to protect e-books, and Windows Media is already capable of being embedded in Office XP’s PowerPoint 2002. There is no reason DRM technology can’t be used to protect Office documents.

Even broader scenarios are possible down the road. As Microsoft’s .Net vision moves closer to reality, it’s easy to imagine synergies with Office documents and SharePoint Team Services, not to mention peer-to-peer collaborative scenarios involving Groove Networks’ Groove. Other applications yet to be tapped in the near term include help desk and customer service.

Furthermore, standards for rights management within a Web services environment have yet to be adopted. But there are several ongoing efforts, including XrML (Extensible Rights Markup Language) and MPEG-4. And because individual users can be uniquely identified, privacy will remain an issue. For the promise of rich media to be fulfilled, these and other issues need to be resolved.