ISO/IEC TS 23078-1:2020

TECHNICAL ISO/IEC TS
SPECIFICATION 23078-1
First edition
Information technology —
Specification of DRM technology for
digital publications —
Part 1:
Overview of copyright protection
technologies in use in the publishing
industry
PROOF/ÉPREUVE
Reference number
ISO/IEC TS 23078-1:2020(E)
©
ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC TS 23078-1:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 23078-1:2020(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 DRM free protection . 2
5.1 General . 2
5.2 Fingerprinting . 2
5.3 Watermarking . 2
6 DRM protection . 3
6.1 General . 3
6.2 User key-based protection . 3
6.2.1 General. 3
6.2.2 Requirements from publishers and distributors . 4
6.2.3 Requirements from users . 4
6.3 Device key-based protection . 5
6.3.1 General. 5
6.3.2 Requirements from publishers and distributors . 5
6.3.3 Requirements from users . 5
Bibliography . 6
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE iii

---------------------- Page: 3 ----------------------
ISO/IEC TS 23078-1:2020(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,
Subcommittee SC 34, Document description and processing languages.
A list of all parts in the ISO/IEC TS 23078 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TS 23078-1:2020(E)

Introduction
Ever since digital publications have grown in popularity, copyright protection has been an important
issue for authors and publishers.
While the distribution of digital publications around the world is mostly based on the open EPUB
standard, most retailers are using proprietary technologies to enforce usage constraints on digital
publications in order to impede oversharing of copyrighted content. The high level of interoperability
and accessibility gained by the use of a standard publishing format is therefore cancelled by the use of
proprietary and closed technologies: digital publications are only readable on specific devices or reading
applications (a retailer "locked-in" syndrome); digital publications may not be accessed anymore if
the distributor which protected the publication goes out of business or if the DRM technology evolves
drastically. As a result, users are deprived of any control over their digital publications.
In reaction to these hindrances, watermarking and fingerprinting technologies have also been
developed for digital publications. These are sometimes called "social DRM" which is a good way to
describe the effect of the visible marks embedded into the content. Thanks to their presence and the
personal information they contain, the “licensee” cares about the use of the content he/she has acquired:
one would not like to see content associated with one's personal information freely shared on the web.
But the term “social DRM” is misleading also, as watermarking and fingerprinting techniques do not
enforce technical control on the use of digital media.
Requirements related to security levels differ depending on which part of the digital publishing market
is addressed. Many trade publishers, in different countries, are satisfied with a protection based on
watermarking; but in many other situations, publishers require a solution which technically enforces
the digital rights they provide to their users. This is where DRM technologies come into play.
In most use cases, publishers are happy to adopt a DRM solution which guarantees an easy transfer
of publications between devices and a certain level of fair-use, and provides permanent access to the
publications acquired by their customers. However, in certain use cases, publishers require a stronger
protection measure, which limits the capability for users to transfer publications from one device to
another.
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE v

---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 23078-1:2020(E)
Information technology — Specification of DRM technology
for digital publications —
Part 1:
Overview of copyright protection technologies in use in the
publishing industry
1 Scope
This document describes three types of copyright protection technologies in use in the publishing
industry:
— DRM free protection, i.e. technologies which does not rely on content encryption but rather use
content fingerprinting or watermarking, adequate for use cases where user convenience is the top
priority;
— user key-based DRM protection, adequate where user constraints are limited;
— device key-based DRM protection, adequate where the transfer of publications from one device to
another are severely constrained.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
digital publication
set of constituent resources and associated metadata, organized together in a uniquely identifiable
grouping
3.2
digital rights management
DRM
systematic approach to copyright protection to prevent unauthorized redistribution of digital media
and restrict the ways consumers can use the content they've acquired
3.3
distributor
digital publication (3.1) retailer, public library, academic library or specialized distributor of electronic
content acting as an intermediary between publishers and retailers
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE 1

---------------------- Page: 6 ----------------------
ISO/IEC TS 23078-1:2020(E)

3.4
protected publication
digital publication (3.1) on which a DRM (3.2) solution has been applied
4 Abbreviated terms
GDPR general data protection regulation
5 DRM free protection
5.1 General
Many users and librarians prefer plain digital publications to encrypted ones because of their
undeniable advantages in terms of usability, portability or long-term preservation. On the other hand,
many publishers are opposed to releasing their valuable contents in plaintext due to concerns about
copyright infringement. Under this circumstance, some service providers adopt a protection measure
which does not rely on encryption, such as fingerprinting or watermarking.
5.2 Fingerprinting
Fingerprinting means analysing content and extracting a unique set of inherent properties resilient
to content transformation. Fingerprinted content is identified in a non-ambiguous way and therefore
some use the term “content DNA” to describe a fingerprint.
Content fingerprint does not involve modifying the publication: the fingerprint is kept in a database and
used to check if some random content is identical to the fingerprinted content. A user will never see any
visible evidence that a digital fingerprint exists for the content he/she has acquired.
Digital fing
...