The EDRLab LCP Working Group has worked for some time on a way to allow seamless upgrades of the official Readium LCP Encryption Profile. This work is now achieved and we are happy to release a detailed documentation of the processing model required to make such Encryption Profile upgrade possible.
The notion of Encryption Profile is described in the section 6 of the Readium LCP specification. A “profile” in Readium LCP defines the set of encryption algorithms used in a specific Protected Publication and associated Licence Document. Reading Systems which implement the algorithms identified in the Encryption Profile are able to decrypt Protected Publications encoded using that Encryption Profile.
The LCP specification only defines a public Basic Encryption Profile, which is fully implemented in Readium open-source software but can only be used for testing purpose. EDRLab has defined a confidential production profile, which is only implemented in software developed by trusted parties; this specific production profile ensures that only trusted parties, nodes of a global “Readium LCP Network”, can decrypt protected publications conforming with this profile. An evolution of this production profile after some years will constitue a supplemental protection against potential hacks; this feature will achieve convincing publishers worldwide that Readium LCP is the best interoperable Digital Rights Management solution for all sorts of publications.
The process by which the Readium LCP production profile may be upgraded is now detailed in three parts:
- Readium LCP profile upgrade – Requirements
- Readium LCP profile upgrade – Technical Solution
- Readium Licensed Status Document 1.0.1 (a minor evolution of version 1.0)
EDRLab requests that other commercial implementations implement this (light) evolution by the end of the year 2019 on their client and server software.
Many thanks to the Korea Copyright Commission (KCC) for their financial support on this study, which will be integrated in the work on a standardized DRM for ebooks, now in scope for the International Organization for Standarization (ISO).