[Paper Overview] [DRM-Workshop Homepage]

Establishing security requirements for more effective
and scalable DRM Solutions

NTRU W3C Position Paper

Jeremy Wyant


There is a growing demand for electronic delivery of copyrighted and/or sensitive intangible goods. Lack of trust in the ability of existing infrastructure to protect these goods is a significant barrier to growth in these sectors. Standards based DRM that incorporates appropriate security technology is a critical enabler for trusted intangible goods distribution systems. Equally important to the security of the overall system is the acceptability of the system to the end user. A secure system must also meet customer expectations for convenience, performance and an ability to deal with intangible goods in ways they have come to expect and demand.

DRM Security Requirements

DRM technologies have their own inherent security requirements for protecting sensitive rights information, authenticating entities in transactions and providing data integrity. Understanding and defining security requirements is a fundamental part of establishing effective, interoperable DRM standards, the technologies that implement these standards and the systems that incorporate these technologies.

When establishing the standards for digital rights many security related questions must be considered including:

In addition to understanding the security requirements related to the rights standards themselves, it is important to understand the predominant technologies that could be used today and the implications for how any proposed standards can be applied to these technologies to build effective, practical solutions. Questions to consider include:

Trusted DRM Solutions

There are strong incentives for providers of DRM solutions and complementary technology to work together to establish appropriate standards to facilitate growth in the distribution of intangible goods. Systems enhanced by secure DRM can provide the trust that distributors of valuable or sensitive content require before widely adopting electronic distribution methods.

Trusted end user devices are a foundation component in the delivery of intangible goods. These devices must provide content providers with a high degree of certainty that they are delivering content to authenticated, trusted devices and specific authorized users. But the security mechanisms used on these devices must be cost effective to implement, virtually transparent to the end user and designed to adapt to new security paradigms and transactions that require DRM related security services.

NTRU and other suppliers of encryption and authentication technology can provide insight into appropriate security requirements that apply directly to DRM standards. Considering security requirements during the process of establishing DRM standards is important to ensure that end systems will be:

NTRU Background

NTRU Cryptosystems, Inc. provides fast and efficient security solutions that are especially well suited to complement DRM solutions to provide end-to-end content protection. The high performance NTRU Public Key algorithm meets the demanding requirements of constrained end user devices and provides the ability for servers to scale up to handle heavy secure transaction loads. NTRU?s unprecedented performance allows for new security paradigms including field level encryption and authentication and disposable keys in wired and wireless environments.