I recently spoke with Chip Venters, CEO of Fairfax, VA-based Digital Containers, Inc. (“DCI”), a company that licenses intellectual property and reference implementations of its P2P DRM-enabled commerce software.
DCI is a restart of Deskgate Technologies, a company active in the 1990s. DCI's management team is comprised of many of the original Deskgate founders, architects and inventors of its technologies. DCI says that over $9.5 million has been invested in the technologies to date.
In the Fall of 2003 Venters and many of the original Deskgate team members bought the Deskgate IP from the bank that had been holding the assets of the predecessor company.
Venters says DCI is partnered with ThinkFire Services USA Ltd, an IP licensing and advisory services firm that was co-founded by Nathan Myhrvold, who stepped down at the end of 2004. Venters says, as would be expected, ThinkFire and Digital Containers entered into a relationship only after ThinkFire had completed substantial diligence on DCI’s IP portfolio.
Patents and Licensing Business Models
DCI joins two more well-known companies in the IP licensing business, ContentGuard Holdings, Inc., now owned by Microsoft, Time-Warner, and Thomson (the electronics company, not the publisher), and InterTrust Technologies, Inc., which was taken private by Sony, Philips, and investment bank Stephens, Inc. a few years ago. The value of ContentGuard’s licensing deals is not publicly known. InterTrust licensed its patent portfolio to Microsoft for nearly a half billion dollars. The InterTrust /Microsoft deal is an existence proof that big DRM-related licensing deals are possible. Of course, the value of any IP portfolio depends on several factors, including patent scope, quality, and priority dates.
DCI’s Intellectual Property
DCI uses DRM Technologies, LLC as an IP holding and licensing subsidiary. DCI is the software development and licensing parent company.
According to Venters, DCI’s intellectual property presently addresses these areas:
- Controlling access to digital content
- Delivering digital content
- Tracking digital content
- Securing digital content
- Streaming media containers
More specifically, DCI has two issued US patents and at least 5 pending US applications along with applications filed as part of the Patent Cooperation Treaty (“PCT”) in foreign jurisdictions. For pending applications, the PCT versions may or may not be identical to their US counterpart applications. Generally speaking, the differences between PCT applications and their US counterparts are typically small and may be ignored for the purposes of this overview article.
6,389,541, “Regulating Access to Digital Content,” now assigned to DRM Technologies.
6,751,670, “Tracking Electronic Content,” assigned to DRM Technologies.
US Published Pending:
20030028608, “Delivering Electronic Content,”
Foreign Published Versions of US Pending:
Secure Content Gateway, unpublished
Securing Digital Content, unpublished
The Benefits of IP
Issued patents provide the owner a monopoly to practice the invention(s) for a finite period of time, roughly 20 years. They provide a defensive barrier to entry in the country or jurisdiction in which the patent issued. PCT filings are at least suggest that DCI is pursuing its IP in several countries. If and when patents issue abroad, the protective umbrella would be extended commensurate with the commercial importance of the country in which the patent issued. One can safely assume that the value of DCI’s portfolio would be increased as well. I’ll return to patent issues in the concluding paragraphs.
P2P Software and Reference Implementation
DCI’s vision is clearly P2P DRM. The goal of P2P DRM architectures is to minimize interactions with central servers and empower client software to the greatest extent. DCI appears to have made good progress toward these goals, but the software isn’t fully there yet. Neither is anyone else’s software for that matter.
Those uninterested in technical issues can skip this part.
According to Venters, DCI relies on symmetric key encryption to protect content. “Symmetric key” means that the same key is used to encrypt and to decrypt protected information. Schneier’s book is a great source on these and related matters.
Symmetric key cryptography stands in contrast to asymmetric key cryptography in which one key typically is used to encrypt and a different, but mathematically related key is used to decrypt the protected information.
This kind of cryptography is often referred to as Public Key since one of the two mathematically related keys is usually published or made public while the other is kept as secret as possible. This makes it easy, for example, for anyone who has my public key to encrypt a message being sent to me that only I can decrypt using the related secret key (and assuming that no one else knows my secret key).
DCI believes that using symmetric key is an advantage because it’s simpler than the alternative and because using symmetric key encryption differentiates their IP and software from the IP and software implementations of other parties.
When a single key is used to protect content, that key must be protected as well. Venters says that the content key is itself encrypted and that other security methods are implemented as well.
So the key question is whether DCI’s use of symmetric key encryption is a difference that makes a difference. They answer is both yes and no. With respect to their IP, if symmetric key is a way to distinguish their invention(s) from others, great. No problem. The Patent Office has and/or will opine.
Practically, however, it seems to me to be a difference without much consequence. Here’s why. Let’s agree that prefect security does not and cannot exist, especially if consumers are to actually access protected content. So the goals of security are two-fold. First, make the level of effort required to compromise the system and content disproportional to the value of the content. Second, if security is compromised, make it difficult for the cracker to transfer professional knowledge to the naïve user through a software program, for example. This is exactly what happened with the DVD encryption system, the Content Scramble System. Programs to break CSS were widely distributed. The source code for the cracking program was even printed on T-shirts.
So the security of DCI’s software probably depends much more on the overall complexity of the security elements than on the kind of encryption used. For example, other DRM systems make use of both kinds of cryptography in part to make it more difficult to compromise the system.
Also, a best practice in creating DRM systems is to keep both halves of the asymmetric key pair out of sight of the user, and by doing so, increase the security of the system since the cracker can’t start with half of the key pair known. This stands in contrast to using Pretty Good Privacy for email security. Here I publish the public key and/or send it to those with whom I want to establish secure communications. Anyone who wants to send me a message that only I can decrypt can find my public key and use it to protect the message.
Thus the symmetric/asymmetric crypto controversy seems to be a bit overblown. But heck, marketing is important and one can give DCI high marks for good marketing and selling the differences. Before leaving this topic, let me again note that the use of symmetric key crypto may be one distinguishing feature of their intellectual property.
The Implemented P2P System
Enough about encryption and security. So what does the software do?
First of all, the distinction between client / server and P2P DRM is a matter of degree. There is no bright line difference. It’s clear that DCI’s goal is as much P2P DRM as possible. The architecture includes a protected file structure called a DigitalContainer and one or more back-end servers for payment processing, usage information collection, and the like. Let’s begin with the container.
A DigitalContainer is a secure data structure that may include some or all of the following elements:
- XML metadata describing the container and its protected content. A portion may be unencrypted to facilitate search
- Access controls
- Tracking controls
- E-commerce transaction capability
- Multiple encryption keys
In the reference implementation, there is no client software as such. All the resources are either in the DigitalContainer or on servers necessary to complete various transactions and functions.
The DigitalContainer authenticates the user request to access the protected content and binds the container to the user’s hardware by creating an entry in the Windows Registry file for each authorized container. Using the Registry in this way makes me a bit nervous since the integrity of that database is key to the operation of the entire Windows environment. Nonetheless, I experienced no problems with the two containers I opened.
The container also includes the appropriate content rendering tools as necessary. For instance, the sample container with the Frankenstein audio book downloaded from the DCI website, apparently included a DCI-provided MP3 player.
DCI also provides packaging tools and backend servers that support user authentication, audit data collection, aggregation, and reporting, and payment processing.
DCI has partnered for payment processing with ClickShare and with OnCaldera. Through ClickShare consumers can pay and distributors can receive funds. ClickShare supports micropayments by transaction aggregation at the back end server, thus reducing the cost of transaction clearing.
OnCaldera provides what is essentially a debit card in CD-ROM compatible form factor that in conjunction with a back end server, authenticates the user and uses the standard debit card transaction networks to handle funds credit and debit. However, the OnCaldera site does not indicate whether any banks have adopted their product and services.
DCI has created a reference implementation of DRM-enabled commerce system that provides the requisite basics regarding flexible controls, content vending, usage information, and payment processing. The implemented system supports redistribution of DigitalContainers using any of the standard distribution methods, including P2P, download from Web servers, FTP, optical media, flash and other memory devices, etc. An advantage is that there is no client-side software such as plugins since the DigitalContainer includes everything necessary locally to enable authorized use of protected content. The DCI implementation does depend on services provided by servers and in this architectural choice they are by no means alone.
Licensing the reference implementation software and related IP will depend in part on the strategic objectives of the licensee and how make / buy / rent decisions figure into strategies for achieving those objectives. Licensing the software from DCI may significantly improve time-to-market for someone who has not yet successfully built and deployed their own eCommerce system.
Licensing DCI’s intellectual property apart from the software may depend in large measure on the details of an DRM-enabled eCommerce implementation.