DRM made Easy

This is the second of a series of articles on the challenges faced by the global music publishing industry for a shift from print to digital.

Digital Rights Management (DRM) is a phrase that seems to strike fear in the hearts of copyright owners in any industry but none more so than for music publishing.

Publishers have a responsibility to protect their intellectual property, and many see a move a digital as simply making it easier for people to distribute unauthorised material.  DRM is supposed to provide publishers with the protection and control they require but rarely is any DRM system unbreakable, and the more onerous the DRM system the more odorous it is to the customer that has to use it.

In my opinion the best we can wish for in digital rights management is a system that is easy to administer but makes it difficult for someone to use a digital asset in a way that has not been licensed.  I also believe that DRM should be invisible to authorised users enjoying a product in a legitimate way.

How does DRM work?

When describing how DRM systems work, the analogy of a bank vault is often used because the processes are very similar.  Digital assets are locked (with various forms of encryption) into a vault and to gain access you require a key or combination to unlock them.   Without a key, the only other way to get in is with brute force.

With digital files, the keys use to unlock (or decrypt) information ideally have some unique features:

  1. they need to be quite complex to avoid someone being able to guess them too easily or make it impractical to try
  2. the same key should not be used again and again
  3. the keys should be difficult to share with unauthorised users

One common solution to get around these complexities is to NOT give the customer the key to unlock the file at all.  Every time the user wants access to a file, they must prove who they and the contents are unlocked at the source.    This is fine if there is access to the website or service that manages these keys, but if it is not available for any reason, then neither are the requested files (a bit risky if your concert depends on them).

A better solution is to use what is the equivalent of a 2-key system. One key is for the customer, and one key is for the publisher, and the only way you can gain access to the file is if BOTH keys are present.

This is how the emREADER DRM works.


When publishers submit publications to the emREADER cloud, every edition is encrypted with a unique key. Without the key the files are meaningless and every time files are uploaded or updated a new key is generated.

When a customer purchases an item, they must specify both the emREADER account AND the nominated the device that should receive the licensed files. The files are downloaded along with a special customer key that specifies how the copyright can be used and with the instructions how to view the contents of the encrypted file.  This customer key can only be read by the nominated user on the nominated device.

Different users, or different devices require different permissions, and publishers have the right to say how many users or devices can share the same material at the same time. If someone manages to break the DRM on a particular file, than that solution will only work for that edition of that title – a publisher need only update their files and the files will be protected again with a different key.

For emREADER customers that do the right thing, they need never know that there is any DRM on the content they acquire, which is surely the best DRM of all.

This entry was posted in emREADER. Bookmark the permalink.