PachyDRM puts open source move on DRM

By Matt Whipp

Posted on 14 Jun 2006 at 15:21

DRM is going open source, at least according to Melodeo, the company behind PachyDRM.

The company yesterday announced its PachyDRM system would be available on an open source basis under a range of licences.

Rather than release a code base in the hope that the open-source community will develop it into commercially viable products, PachyDRM is already being licensed by content and network companies.

Melodea claims all four of the major labels have licensed the system, as well as network operators across the US and Europe.

The system can be deployed irrespective of device and format - the server platform is Java-based, while client platforms are available in both C/C++ and Java versions. It supports content protection on a number of schemes. Licence keys are transmitted over a secure AES128 encrypted link to the device on a subscription, pay-per-download and promotion basis. The latter sets a figure for the number of times a content item can be 'used'. The system can also be used for peer-to-peer distribution, wrapping each instance of the content on the fly so that it is unique to the recipient device.

At the server end, the system operators can run white- and black-lists to filter out device types that are not supported, can revoke licences on both a user and device basis and ban devices as necessary.

For the consumer, the DRM is invisible and follows them from device to device, so that should they change their phone, they will still have access to the same content on the new device.

However, the open source question is more complex. Melodeo claims that the fact it is open source does not detract from the security of the system. Licencees can make 'proprietary changes' and customise certain 'layers of code' and then 'keep those implementation details secret'. The only caveat is that you cannot customise an instance of the system to the point where it is no longer interoperable.

Which raises the question of whether it really is open source at all. For one thing it is certainly not 'Free' software. The latest draft of the GNU General Public License currently outlaws its use for DRM products.

The three licences offered by Melodeo for PachyDRM allow the free use of the platform specification as well as clean room implementations of the DRM system based on those specifications. Source code itself is free for R&D purposes, but once you taken that route it's difficult to subsequently claim that whatever you develop is a clean-room implementation. And systems derived from the source code are charged an annual fee of $5,000 per server and 5 cents per installed client.

Furthermore, none of the licences are Open Source Institute approved. Rather than open source, the licensing model appears more closely aligned with Sun Microsystem's 'stewardship' of Java if anything.

That's not to say PachyDRM can't be successful. The idea is to offer an open, unified, affordable and adaptable platform that will allow content owners and network operators to do away with the multifarious DRM systems currently vying for attention. But it doesn't make it open source either.

More information is available at the PachyDRM website.