Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2016 Readium LCP workshop at EPUB Summit


Published on

An overview of the way Readium LCP will work. Presented by Laurent Le Meur (EDRLab) at the EPUB Summit, Bordeaux, April 7th, 2016.

Published in: Technology
  • Be the first to comment

2016 Readium LCP workshop at EPUB Summit

  1. 1. European Digital Reading Lab Licensed Content Protection (LCP) EPUB Summit workshop Laurent Le Meur
  2. 2. Scope of the workshop ● Update the participants on the architecture of Readium LCP, the workflow, the state of the developments, the agenda, the costs involved; ● Detail the certification process; ● Exchange on the level of protection of Readium LCP; ● Exchange on the level of support of this new DRM by the participants.
  3. 3. DRM = Digital Rights Management Technical implementation of a business model (ex. Library lending) Protection against wild dissemination (anti- pirating) Are obligations more than rights Complexify access to e-books Lower interopérability and accessibility Hurt honest sharing Make archiving an illusion => push people to use anti- DRM tools
  4. 4. What the devil was he doing in that galley? LCP implémentation decided in november 2015, launched in january 2016. Why do we offer our beloved ebooks to the DRM Moloch? - Because public libraries need a better solution than the Adobe DRM - Because for most publishers, unprotected EPUB is a showstopper - Because the spec is almost ready for 2 years - Because we have been donated source code to help
  5. 5. Goals of Readium LCP ● Simplicity for the user ● Perfect interoperability in the LCP ecosystem ● No limitation on content accessibility ● Offline access to the documents always possible ● Dynamic update of licenses ● Unlimited access (in time) to the documents ● Family sharing possible ● No centralized server ● Low development costs ● Limited cost of certification
  6. 6. LCP - search for a good balance
  7. 7. Readium LCP = simplicity Encrypted content Associated decryption key (passphrase) The owner of the passphrase can read the document The App can store the key, so that the user can forget it
  8. 8. More details … 1/ encryption + = + Content Key Protected Content
  9. 9. 2/ License generation = + + + + + Protected content key Rights Provider certificate Passphrase hint Signature License Personal data Standard rights: start/end datetime, print (# pages), copy (# characters), tts (yes/no)
  10. 10. Choose a passphrase A user will usually have one passphrase per bookseller or public library. Must be easy to remember or find. A hint stored in the license by the licensor will help the user when needed. It MUST be clear to the user. In a public library, the user ID can be a good choice. The passphrase will usually be requested only when a protected document is side loaded in a new device.
  11. 11. 3/ LCP / EPUB file = + EPUB / LCP License Protected content
  12. 12. 4/ Open with a passphrase Hint User Passphrase Signature checking EPUB / LCP Content key Clear content content The passphrase may be acquired automatically and stored in the app without user action. The user will use the hint to “remember” the document passphrase.
  13. 13. 5/ Dynamic update of the license ● Early return ● Extended lending ● Requires an online connection ● The licensor can track the number of devices opening the document
  14. 14. Readium LCP ecosystem Publisher Distributor Bookseller 1 2 Distributor / Bookseller
  15. 15. What is the certification? ● Readium LCP is a DRM ecosystem ● Certification is ○ Guarantee of compliance ○ Guarantee of robustness ○ Guarantee of interoperability ● The specification will be public ● The source code will be open-source (BSD-like) ● But some confidential information will be transferred to the participants to an LCP ecosystem ○ Root certificate (ITU) ○ Provider certificate ○ Readium LCP 1.0 profile information (unavailable in the specification)
  16. 16. Compliance rules, Robustness rules ● Client and server side ● Compliance ○ Server app must alert if *many* devices use the same license ○ Client app must develop an anti-rollback clock (details to be defined) ○ etc. ● Robustness ○ A certain data type must be protected against a certain type of attack to a certain extent ■ Client app must obfuscate the decryption process ■ Client app must hide Readium LCP confidential information ■ Client app must securely store user keys ■ Server app must protect the provider private key
  17. 17. Agenda Q1 2016: development (iOS, MacOS, Android) Q2 2016: development (iOS, MacOS, Android); first tests; contractual documents; pricing; Q3 2016: interop tests; certificate authority setup Q4 2016: first certifications; launch