Information technology -- Specification of DRM technology for digital publications

This document describes three types of copyright protection technologies in use in the publishing industry: — DRM free protection, i.e. technologies which does not rely on content encryption but rather use content fingerprinting or watermarking, adequate for use cases where user convenience is the top priority; — user key-based DRM protection, adequate where user constraints are limited; — device key-based DRM protection, adequate where the transfer of publications from one device to another is severely constrained.

Technologies de l'information -- Spécification de la technologie de gestion des droits numériques (DRM) pour les publications numériques

General Information

Status
Published
Publication Date
13-Sep-2020
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
24-Aug-2020
Completion Date
24-Aug-2020
Ref Project

Buy Standard

Technical specification
ISO/IEC TS 23078-1:2020 - Information technology -- Specification of DRM technology for digital publications
English language
6 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC PRF TS 23078-1 - Information technology -- Specification of DRM technology for digital publications
English language
6 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/IEC TS
SPECIFICATION 23078-1
First edition
2020-09
Information technology —
Specification of DRM technology for
digital publications —
Part 1:
Overview of copyright protection
technologies in use in the publishing
industry
Reference number
ISO/IEC TS 23078-1:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC TS 23078-1:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TS 23078-1:2020(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 2

5 DRM free protection .......................................................................................................................................................................................... 2

5.1 General ........................................................................................................................................................................................................... 2

5.2 Fingerprinting ......................................................................................................................................................................................... 2

5.3 Watermarking .......................................................................................................................................................................................... 2

6 DRM protection ...................................................................................................................................................................................................... 3

6.1 General ........................................................................................................................................................................................................... 3

6.2 User key-based protection ............................................................................................................................................................ 3

6.2.1 General...................................................................................................................................................................................... 3

6.2.2 Requirements from publishers and distributors ................................................................................. 4

6.2.3 Requirements from users ......................................................................................................................................... 4

6.3 Device key-based protection ....................................................................................................................................................... 5

6.3.1 General...................................................................................................................................................................................... 5

6.3.2 Requirements from publishers and distributors ................................................................................. 5

6.3.3 Requirements from users ......................................................................................................................................... 5

Bibliography ................................................................................................................................................................................................................................ 6

© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TS 23078-1:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC

list of patent declarations received (see http:// patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,

Subcommittee SC 34, Document description and processing languages.

A list of all parts in the ISO/IEC TS 23078 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TS 23078-1:2020(E)
Introduction

Ever since digital publications have grown in popularity, copyright protection has been an important

issue for authors and publishers.

While the distribution of digital publications around the world is mostly based on the open EPUB

standard, most retailers are using proprietary technologies to enforce usage constraints on digital

publications in order to impede oversharing of copyrighted content. The high level of interoperability

and accessibility gained by the use of a standard publishing format is therefore cancelled by the use of

proprietary and closed technologies: digital publications are only readable on specific devices or reading

applications (a retailer "locked-in" syndrome); digital publications may not be accessed anymore if

the distributor which protected the publication goes out of business or if the DRM technology evolves

drastically. As a result, users are deprived of any control over their digital publications.

In reaction to these hindrances, watermarking and fingerprinting technologies have also been

developed for digital publications. These are sometimes called "social DRM" which is a good way to

describe the effect of the visible marks embedded into the content. Thanks to their presence and the

personal information they contain, the “licensee” cares about the use of the content he/she has acquired:

one would not like to see content associated with one's personal information freely shared on the web.

But the term “social DRM” is misleading also, as watermarking and fingerprinting techniques do not

enforce technical control on the use of digital media.

Requirements related to security levels differ depending on which part of the digital publishing market

is addressed. Many trade publishers, in different countries, are satisfied with a protection based on

watermarking; but in many other situations, publishers require a solution which technically enforces

the digital rights they provide to their users. This is where DRM technologies come into play.

In most use cases, publishers are happy to adopt a DRM solution which guarantees an easy transfer

of publications between devices and a certain level of fair-use, and provides permanent access to the

publications acquired by their customers. However, in certain use cases, publishers require a stronger

protection measure, which limits the capability for users to transfer publications from one device to

another.
© ISO/IEC 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 23078-1:2020(E)
Information technology — Specification of DRM technology
for digital publications —
Part 1:
Overview of copyright protection technologies in use in the
publishing industry
1 Scope

This document describes three types of copyright protection technologies in use in the publishing

industry:

— DRM free protection, i.e. technologies which does not rely on content encryption but rather use

content fingerprinting or watermarking, adequate for use cases where user convenience is the top

priority;
— user key-based DRM protection, adequate where user constraints are limited;

— device key-based DRM protection, adequate where the transfer of publications from one device to

another is severely constrained.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
digital publication

set of constituent resources and associated metadata, organized together in a uniquely identifiable

grouping
3.2
digital rights management
DRM

systematic approach to copyright protection to prevent unauthorized redistribution of digital media

and restrict the ways consumers can use the content they've acquired
3.3
distributor

digital publication (3.1) retailer, public library, academic library or specialized distributor of electronic

content acting as an intermediary between publishers and retailers
© ISO/IEC 2020 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC TS 23078-1:2020(E)
3.4
protected publication
digital publication (3.1) on which a DRM (3.2) solution has been applied
4 Abbreviated terms
GDPR general data protection regulation
5 DRM free protection
5.1 General

Many users and librarians prefer plain digital publications to encrypted ones because of their

undeniable advantages in terms of usability, portability or long-term preservation. On the other hand,

many publishers are opposed to releasing their valuable contents in plaintext due to concerns about

copyright infringement. Under this circumstance, some service providers adopt a protection measure

which does not rely on encryption, such as fingerprinting or watermarking.
5.2 Fingerprinting

Fingerprinting means analysing content and extracting a unique set of inherent properties resilient

to content transformation. Fingerprinted content is identified in a non-ambiguous way and therefore

some use the term “content DNA” to describe a fingerprint.

Content fingerprint does not involve modifying the publication: the fingerprint is kept in a database and

used to check if some random content is identical to the fingerprinted content. A user will never see any

visible evidence that a digital fingerprint exists for the content he/she has acquired.

Digita
...

TECHNICAL ISO/IEC TS
SPECIFICATION 23078-1
First edition
Information technology —
Specification of DRM technology for
digital publications —
Part 1:
Overview of copyright protection
technologies in use in the publishing
industry
PROOF/ÉPREUVE
Reference number
ISO/IEC TS 23078-1:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC TS 23078-1:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TS 23078-1:2020(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 2

5 DRM free protection .......................................................................................................................................................................................... 2

5.1 General ........................................................................................................................................................................................................... 2

5.2 Fingerprinting ......................................................................................................................................................................................... 2

5.3 Watermarking .......................................................................................................................................................................................... 2

6 DRM protection ...................................................................................................................................................................................................... 3

6.1 General ........................................................................................................................................................................................................... 3

6.2 User key-based protection ............................................................................................................................................................ 3

6.2.1 General...................................................................................................................................................................................... 3

6.2.2 Requirements from publishers and distributors ................................................................................. 4

6.2.3 Requirements from users ......................................................................................................................................... 4

6.3 Device key-based protection ....................................................................................................................................................... 5

6.3.1 General...................................................................................................................................................................................... 5

6.3.2 Requirements from publishers and distributors ................................................................................. 5

6.3.3 Requirements from users ......................................................................................................................................... 5

Bibliography ................................................................................................................................................................................................................................ 6

© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/IEC TS 23078-1:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC

list of patent declarations received (see http:// patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,

Subcommittee SC 34, Document description and processing languages.

A list of all parts in the ISO/IEC TS 23078 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TS 23078-1:2020(E)
Introduction

Ever since digital publications have grown in popularity, copyright protection has been an important

issue for authors and publishers.

While the distribution of digital publications around the world is mostly based on the open EPUB

standard, most retailers are using proprietary technologies to enforce usage constraints on digital

publications in order to impede oversharing of copyrighted content. The high level of interoperability

and accessibility gained by the use of a standard publishing format is therefore cancelled by the use of

proprietary and closed technologies: digital publications are only readable on specific devices or reading

applications (a retailer "locked-in" syndrome); digital publications may not be accessed anymore if

the distributor which protected the publication goes out of business or if the DRM technology evolves

drastically. As a result, users are deprived of any control over their digital publications.

In reaction to these hindrances, watermarking and fingerprinting technologies have also been

developed for digital publications. These are sometimes called "social DRM" which is a good way to

describe the effect of the visible marks embedded into the content. Thanks to their presence and the

personal information they contain, the “licensee” cares about the use of the content he/she has acquired:

one would not like to see content associated with one's personal information freely shared on the web.

But the term “social DRM” is misleading also, as watermarking and fingerprinting techniques do not

enforce technical control on the use of digital media.

Requirements related to security levels differ depending on which part of the digital publishing market

is addressed. Many trade publishers, in different countries, are satisfied with a protection based on

watermarking; but in many other situations, publishers require a solution which technically enforces

the digital rights they provide to their users. This is where DRM technologies come into play.

In most use cases, publishers are happy to adopt a DRM solution which guarantees an easy transfer

of publications between devices and a certain level of fair-use, and provides permanent access to the

publications acquired by their customers. However, in certain use cases, publishers require a stronger

protection measure, which limits the capability for users to transfer publications from one device to

another.
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 23078-1:2020(E)
Information technology — Specification of DRM technology
for digital publications —
Part 1:
Overview of copyright protection technologies in use in the
publishing industry
1 Scope

This document describes three types of copyright protection technologies in use in the publishing

industry:

— DRM free protection, i.e. technologies which does not rely on content encryption but rather use

content fingerprinting or watermarking, adequate for use cases where user convenience is the top

priority;
— user key-based DRM protection, adequate where user constraints are limited;

— device key-based DRM protection, adequate where the transfer of publications from one device to

another are severely constrained.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
digital publication

set of constituent resources and associated metadata, organized together in a uniquely identifiable

grouping
3.2
digital rights management
DRM

systematic approach to copyright protection to prevent unauthorized redistribution of digital media

and restrict the ways consumers can use the content they've acquired
3.3
distributor

digital publication (3.1) retailer, public library, academic library or specialized distributor of electronic

content acting as an intermediary between publishers and retailers
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 6 ----------------------
ISO/IEC TS 23078-1:2020(E)
3.4
protected publication
digital publication (3.1) on which a DRM (3.2) solution has been applied
4 Abbreviated terms
GDPR general data protection regulation
5 DRM free protection
5.1 General

Many users and librarians prefer plain digital publications to encrypted ones because of their

undeniable advantages in terms of usability, portability or long-term preservation. On the other hand,

many publishers are opposed to releasing their valuable contents in plaintext due to concerns about

copyright infringement. Under this circumstance, some service providers adopt a protection measure

which does not rely on encryption, such as fingerprinting or watermarking.
5.2 Fingerprinting

Fingerprinting means analysing content and extracting a unique set of inherent properties resilient

to content transformation. Fingerprinted content is identified in a non-ambiguous way and therefore

some use the term “content DNA” to describe a fingerprint.

Content fingerprint does not involve modifying the publication: the fingerprint is kept in a database and

used to check if some random content is identical to the fingerprinted content. A user will never see any

visible evidence that a digital fingerprint exists for the content he/she has acquired.

Digital fing
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.