The connected e-book and CPRM: Keeping content secure

February 01, 2009


The connected e-book and CPRM: Keeping content secure

The e-book raises fundamental business questions about the way books are distributed and consumed.


Reading will never be the same again. E-books are finally making their presence felt as electronic mobile devices. The appeal of universal access to an unlimited supply of books, newspapers, magazines, and blogs is winning over more and more consumers. The popularity of Amazon's Kindle wireless reading device is testament to this trend.

Beyond the convenience and cool user experience, the e-book raises fundamental business questions about the way books are distributed and consumed as well as how their content is protected. Publishers and Content Service Providers (CSPs) must address these key questions to sustain business viability.

E-book readers proliferating

An e-book reader is a dedicated hardware device used for reading an e-book. These devices are currently available on the market, sold for $300-$700. Lighter and thinner than typical paperbacks, e-book readers are designed to provide users with maximum ease of use.

With built-in high-speed wireless modems, e-book readers can be used to purchase, download, and read e-books, magazines, and newspapers anytime and anywhere. Revolutionary electronic paper displays provide sharp, high-resolution screens that look like real paper. E-book readers let users carry hundreds of books in a device weighing less than one pound.

Some examples of e-book readers on the market include:

  • Amazon's Kindle
  • Plastic Logic reader
  • Bookeen's Cybook Gen3
  • Jinke Electronics' Hanlin eReader
  • Sony Reader and LIBRI√©
  • iRex Technologies' iLiad

Portable, convenient storage

As the content available for e-books grows daily, so does the need for increased storage. Secure Digital (SD) flash memory cards offer a cheap, reliable solution.

SD cards (shown in Figure 1) have become the de facto standard for mobile phones, digital cameras, MP3 music players, car navigation systems, and other consumer electronic devices. Thousands of products spanning dozens of categories and more than 8,000 models already use SD cards. The widely deployed SD cards account for more than 70 percent of the flash memory card market.

With the increasing volume of dedicated e-book readers, the use of portable storage like SD cards for transferring e-books between e-book readers is inevitable. In fact, most of the e-book readers on the market today include SD card expansion slots.

Figure 1



The use of SD card technology in e-book readers results in benefits for the user and the publisher. SD cards help maximize portability and convenience; enable books to be offloaded to an SD card library to make room for new content on the reader or for backup purposes; and let users share e-books and other content with friends.

CSPs and Digital Rights Management (DRM)

Sharing is great for consumers but can be a nightmare for CSPs, such as Amazon, Audible, and CyberRead, who serve as distributors for publishing houses.

CSPs walk a fine line, balancing the responsibility to prevent unauthorized copying and distribution with the demand for ease of access and convenience, to speak nothing of the need to turn a profit. iTunes' complete domination of the digital music market has not gone unnoticed by CSPs and publishers, with the former anxious to replicate Apple's success and the latter looking to avoid a single dominant player at all costs.

In the world of mobile communications, downloadable content (ringtones, full-track MP3 music, and video) is protected by DRM software. The emergence of always connected e-book readers that can be used to download proprietary content drives a similar need for content protection schemes. Publishers require DRM support from the CSP for downloadable content. Preloaded content also requires DRM to prevent illegal copying. However, DRM is far more than a copy protection scheme; it enables a broad range of business model and distribution strategies that can revolutionize the e-book industry.

With the goal of keeping readers' e-book experience similar to reading a printed book, CSPs aim to provide additional value through the convenience gained from e-books. At the same time, CSPs want to protect content so that a sustainable distribution channel model is possible.

Cryptographic content protection

While e-book content protection is necessary, an industry-standard scheme is also desirable to promote interoperability and help vendors offer compatible systems. One such scheme is Content Protection for Recordable Media (CPRM), which was developed by the 4C Entity (, comprising IBM, Intel, Panasonic, and Toshiba. CPRM is standard on all SD cards, making it a logical choice for use in e-book readers. The content protection mechanism has two primary technical components: the Cryptomeria cipher (C2) algorithm and the Media Key Block (MKB).

C2 is a 10-round Feistel network block cipher with a 64-bit block size and a 56-bit key. The C2 cipher is used to both encrypt and decrypt content and act as the basis of one-way and hash functions. C2 was designed because no other prevalent cipher provided the necessary balance of hardware and software implementation suitability, minimal licensing fees, and the ability to be licensed exclusively for use in 4C-compliant content protection schemes.

MKBs are tables of cryptographic values that implement a form of broadcast key distribution and provide for renewability in 4C content protection schemes. Generated by the 4C Entity, MKBs enable compliant, licensed products to calculate a common media key. Each licensed product (including hardware and software) is given a set of device keys used to process the MKB to calculate the media key.

If a set of device keys is compromised in a way that threatens the integrity of a system, updated MKBs can be released on the new generations of media, causing the compromised set of keys to calculate a different media key than is computed by the remaining compliant devices. In this way, the compromised device keys are revoked by new MKBs. In existing 4C systems, MKBs are carried on compliant portable storage media, and devices use the corresponding medium's key as the basis for encrypting and decrypting protected content stored on that medium.

A CPRM client package

One implementation of CPRM and other DRM strategies for e-book readers is Discretix's Multi-Scheme DRM Client, shown in Figure 2.

Figure 2



In most cases, e-books, magazines, and newspapers are downloaded from the CSP's online store to the e-book reader for viewing. The content can also be saved to an SD card inserted in the device. The Multi-Scheme DRM Client binds the content to a specific device ID, user ID, or SD card. This allows the CSP to set the consumption rules for each particular piece of content with respect to its use on other devices or by other users in accordance with the relevant business model. The software allows content to be shared among multiple devices, enabling a broad range of business models.

Using software based on CPRM and other DRM features, e-book CSPs can offer a differentiated set of business options to meet consumers' myriad reading habits and usage scenarios while still keeping distribution channel interests intact.

Raanan Tzemach is executive VP and content protection business unit manager for Discretix Technologies Ltd. (Kfar Netter, Israel), which he joined in 2007. He previously served as VP of advanced services and Internet at Cellcom and maintained several R&D and operation positions in the communication branch of the Israeli Defense Forces. Raanan holds a B.Sc. in Electrical Engineering from Tel Aviv University.

Discretix Technologies Ltd.


[email protected]


Raanan Tzemach (Discretix Technologies Ltd.)