Readium LCP

woman in library reading at a tablet with lock in her hand

What are the main objectives of LCP?

EDRLab decided to develop a new Digital Rights Management solution to ensure that digital publications in different formats (EPUB, PDF, Audiobooks and Divina comics) can easily be distributed across reading apps, when the enforcement of usage rights is required (think about library lending, where the reading experience must stop at some point).

Other DRMs are either developed for proprietary and closed silos (e.g. Amazon, Apple, Google) of highly deceptive because buggy and expensive (Adobe). By contrast, LCP is a standard and interoperable DRM, which focuses on ease of integration, ease of use, privacy, vendor neutrality and minimal cost.

Is Readium LCP vendor-neutral?

The LCP specification is maintained by the Readium Foundation, which is a non-profit organization managed by elected board members.

The interoperability and security of the Readium LCP ecosystem is guaranteed by EDRLab, chosen as worldwide Certification Authority. EDRLab is also a non-profit organization managed by elected board members.

Is LCP an open standard?

The LCP specification, split into two documents named Licensed Content Protection and License Status Document, is public and royalty free. It is an industrial standard.

LCP is also the first DRM solution accepted as an ISO (International Standards Organization) Technical Specification. It is identified as ISO TS 23078 part 2. The editors of the ISO specification are Taehyun Kim (DRM Inside) and Laurent Le Meur (EDRLab). The ISO document can be acquired online; it is a technically speaking identical to the Readium LCP Specification, with some language and presentation differences.

Is LCP open-source?

Readium is also offering a complete set of open-source software on Github for easing the implementation of LCP compliant Reading Systems and LCP Servers.

However, trusted companies or organizations who wish to use LCP to protect their content need to obtain confidential information and a small pre-compiled software library from EDRLab, and add these closed software libraries to their LCP software. This procedure is key to avoid the open-source software to be used for hacking LCP protected publications.

Who can implement LCP?

Anyone can develop an LCP compliant Reading System, and anyone can setup an LCP compliant distribution solution.

There is still a constraint to the implementation of LCP: any implementation (either client-side in a Reading System, or server-side in a distribution solution) must be certified by EDRLab (as Certification Authority) before it is deployed. This certification step ensures that solutions which claim to be LCP compliant are indeed interoperable.

Is Readium LCP able to protect PDF files?

An extension of the Readium LCP specification provides a way to protect PDF files.

PDF support has been added to the Readium LCP open-source server in Q1 2020. It has also been added to Readium Mobile iOS in Q1 2020 and will be added to the Readium Mobile Android codebase by Q4 2020.

Note that because Adobe products (Adobe Digital Editions especially) would not recognize LCP protected content, the publication format resulting from an LCP encryption is specific to the Readium Architecture, i.e. a zip file containing a Readium WebPub Manifest and the PDF document as a resource.

Is Readium LCP able to protect Audiobooks?

An extension of the Readium LCP specification provides a way to protect W3C Audiobooks and Readium Audiobooks.

Audiobook support has been added to the Readium LCP open-source server in Q3 2020. It has also been added to Readium Mobile Android and to Readium Desktop (and Thorium Reader) in Q3 2020. It will be added to Readium Mobile iOS by Q4 2020.

Is Readium LCP able to protect Web publications?

By Web publications, we mean here any set of web pages accessed online from a web browser. Many people call it streaming, even if technically speaking this is improper.

Like every other DRM, LCP is not applicable to web content. The reason is that DRMs are based on data encryption and some secret way to decrypt data. Web browsers are so transparent that no secret used for decryption can stay hidden for long into a web browser. The requirement to use DRMs for video on the Web, imposed by big VoD suppliers, have given birth to Encrypted Media Extensions (EME) and COntent Decryption Modules (CDM), controversial technologies that are not applicable to textual content.

The Readium community is studying if there is a way to protect web content, a technology that could be shared between all Readium Web implementations; but this web protection will not be call “LCP”.

Are there licensing fees associated with the use of LCP?

In order to guarantee the interoperability of the different LCP servers and reading apps which constitute the “LCP network”, the certification process is labor intensive and must be renewed yearly; managing the ecosystem (certificate authority …) is also expensive.

Therefore, being a Readium LCP implementer (either Reading System developer or License Provider) involves licensing fees. It is important to note that there is no transaction cost in the model, i.e. no DRM cost per license generated.

It’s a fix annual cost, based on the annual gross revenue (a.k.a. sales) of the LCP integrator, or its annual budget if it is a non-profit organization. We do not expose on this website the fee structure: please contact us to get details. You can fill this document with your gross revenue to speed up the process.

The fee structure has been decided by our board of directors; we are a non-profit association with members from the publishing sector; fees are therefore as low as possible. This money is used to support the cost of X509 provider certificates, the time spent testing the different apps and the maintenance of the LCP open-source software.

What are the advantages of LCP for publishers?

LCP helps publishers licensing content through a secure, user friendly, accessible, global and open ecosystem. Detailed information is found on Advantages of LCP for publishers.

What are the advantages of LCP for users?

Users can obtain e-books from LCP-based services and use LCP-based apps and devices, secure in the knowledge that their e-books will interoperate across these devices, legally and with little or no effort (a simple passphrase, given to the user by the ebook provider at the time the user has acquired the ebook, along with a hint used as a reminder for this passphrase).

The only situation where a user has to enter a passphrase is when he opens an ebook for the first time on a given device; the reading application will then store securely the passphrase and use it silently the next time the user opens the same ebook on this device. This same passphrase is also tested each time the user opens another ebook from the same provider: as long as the passphrase has not been modified, the user will therefore be able to open every ebook from the same provider without entering the corresponding passphrase.

Users can freely transfer a publication from one device to another. They can expect being able to continue reading it year after year after download, even if their bookseller closes its operation, thanks to the offline capabilities of the solution.

Other advantages include a provision for accessibility to the print-disabled and the confidence that no usage data will leak through the Readium LCP technology to feed commercial appetites.

What are the advantages of LCP for License Providers?

Retailers, libraries, and other service providers benefit from costs that are lower than those of existing commercial DRM systems, while meeting publishers’ content protection requirements. Our open source model also ensures that LCP will evolve to meet future needs.

The integration of an LCP Server on their platform is quite easy, thanks to a well documented REST API. To succeed, they still need to have a professional software team, and be able to modify their ebook distribution software in order to manage (and give access to) the user passphrase and textual hint required by LCP.

Retailers can therefore deploy an LCP Server is their premises and get real-time feedback on core data, like the number of delivered licenses or the number of active devices for a given license.

Alternatively, they can decide to use a hosted solution provided by a third-party. See the list of LCP Technology Providers for more info.

Why isn’t there a strict device limit on LCP licenses?

LCP has be built to avoid oversharing of published material. When a license is shared on the web, along with its passphrase, a large number of people will feel free to use the passphrase to read the corresponding ebook. A large number of devices will therefore register themselves on the LCP Server that generated the license. The ebook distributor will be immediately alerted, and he will be able to revoke the license immediately. This is how oversharing is stopped in the LCP case.

Limiting to a small number of devices (let’s say 6) is a bad idea, we think. People change their smarphone every 18 months. People can have good reasons to pass a license with its corresponding passphrase to a companion, a child, a friend. Limiting the number of registered devices to a low and unflexible number is a receipe for expenses in client support. And client support is what ebook distributors want to avoid.

Is the Readium SDK required for implementing Readium LCP in my reading system?

Not at all. One can develop a Readium LCP compliant Reading System (application or e-reader) directly from the specification, using classic cryptographic libraries.

The Readium LCP open-source codebase provided on the Readium Github is currently optimized for use within the Readium architecture, but the core C++ code can be ported to any other environment, especially e-readers, for free.

Is Readium software designed to work with Readium LCP only?

Not at all. The Readium development kits are designed to work with multiple DRMs. This ensures that Readium-based apps and devices can be built if they have requirements for DRM features that go beyond what Readium LCP offers.

How does Readium LCP differ from other DRMs for Readium?

Readium LCP is intended to cover basic use cases (sale, rental) with an adequate level of security as well as a provision for accessibility to the print-disabled, with open source code for both client and server and an absolute minimum of vendor dependency.

Readium LCP is particularly well tailored for the library lending use case, with notions like early return and extended loan, the latter being uncovered by most DRMs. The high level of privacy offered by Readium LCP is another crucial aspect for public libraries.

Also, Readium LCP is intended to operate on a cost recovery basis and therefore may be less expensive than commercial DRMs. Other DRMs for Readium may be offered through commercial entities, support content access models that Readium LCP does not support, have enhanced security features that are required for certain applications, and/or support additional related services.

How do I test my reading system for compliance with the specification?

Compliance testing tools are under development at EDRLab; they are included in the open-source code provided by the Readium LCP Server project.

As a service provider, what do I have to install?

Please follow the steps detailed here.

What are Robustness Rules and how do I test my app or device against them?

Robustness Rules specify the levels of protection that a Readium LCP-based app or device must provide against the exposure of secrets, such as cryptographic keys, through reverse engineering, debugging, and other techniques. Compliance to Robustness Rules may involve some obfuscation of the app codebase. The Readium LCP Terms of Use require licensees to make sure that their implementations are compliant with Robustness Rules and to submit to reasonable requests to audit their implementations. EDRLab has no direct interest or involvement in Robustness Rule audits.

What is the sustainability of Readium LCP?

EDRLab has a role of Certification Authority for the Readium LCP ecosystem. All confidential information will be archived by a key escrow agent. Should EDRLab activities end one day, the certification process will be easily taken over by another organization.

Is Readium LCP protected by anti-circumvention laws?

Many countries, including the United States, European Union Member States, Australia, New Zealand, Japan, Singapore, India, China, and Brazil have various forms of laws against circumvention (cracking) of DRM systems and distribution of circumvention tools. Such laws are intended to provide “legal backstops” for DRMs that can be cracked. Different countries’ laws contain different definitions of the systems to which such laws apply, and such laws have been clarified to greater or lesser degrees in each country through litigations. Neither Readium Foundation nor EDRLab represents or guarantees that an implementation based on Readium LCP enjoys protection under such laws; please consult qualified legal counsel.

Is Readium LCP at risk against patent infringement?

Various organizations exist that own portfolios of patents that they may claim are related to digital rights management. Some of these organizations maintain patent licensing programs that require royalty payments; some have engaged in litigation against service providers, application developers, and others for alleged infringement of those patents. Readium Foundation has not consulted with any such entity to determine whether or not any aspect of Readium LCP “reads on” their patents. Neither Readium Foundation nor EDRLab take a position on whether any system, device, application, or service that incorporates any aspect of Readium LCP “reads on” any particular patents, nor does Readium Foundation or EDRLab endorse any patent holder’s patent claims or patent licensing program; please consult qualified legal counsel.

No technology is immune against patent claims; Readium LCP is based on standard cryptographic technologies (AES-256, SHA-256 …) and processes; we are therefore confident that Readium LCP is a simple and reliable solution that does not put implementers at risk.

Other Readium projects

Readium-2

The major evolution of the Readium SDK codebase, the objectives being better performances and stability, clarity of source code and documentation.

Discover Readium-2

Readium SDK & JS

The reference EPUB 3 open-source reading engine for Web, desktop and mobile apps, on active maintenance by the Readium community.

Discover Readium SDK & JS

Copyright © 2018 EDRLab. Legal informations

Log in with your credentials

Forgot your details?