Readium LCP

woman in library reading at a tablet with lock in her hand

Why is an open-source foundation offering digital rights management software?

To help ensure that EPUB files can be shared across reading devices and apps even where some enforcement of usage rights is required – think about the library lending use case and its end of loan date. To help drive adoption of a standard and interoperable DRM through ease of implementation, minimal cost, and minimal vendor dependencies.

Is Readium LCP an open standard?

Readium LCP is not expected to be standardized by a formal standards group but rather remain an “industrial” specification for use by and among implementors who agree to participate in the interoperable Readium LCP ecosystem.

Is Readium LCP vendor-neutral?

Yes, Readium LCP is vendor-neutral, as the specifications are maintained by the Readium Foundation, which is an non-for-profit organization managed by elected board members.

The interoperability and security of the Readium LCP ecosystem is guaranteed by a Certification Authority; EDRLab has been chosen by Readium as Certification Authority for the years to come. EDRLab is also a non-for-profit organization managed by elected board members.

Who can implement Readium LCP?

Anyone can develop a Readium LCP compliant Reading System, and anyone can setup a Readium LCP compliant distribution solution.

But there is still a constraint to the implementation of Readium LCP: any implementation (either client-side in a Reading System, or server-side in a distribution solution) must be certified by the Certification Authority before it is deployed.

Is Readium LCP open-source?

Yes, with some caveats. The specification of Readium Licensed Content Protection and Readium License Status Document are public and royalty free.

Readium is offering for free open-source software on Github for easing the implementation of Readium LCP compliant Reading Systems and Readium LCP Servers.

However, companies, organizations or individuals who wish to use Readium LCP to protect their content will need to obtain the proper licensing from EDRLab and configure their software with confidential information.

What are the advantages of Readium LCP for publishers?

Readium LCP helps publishers by encouraging interoperability among e-reading platforms and service providers while maintaining an adequate level of content protection and supporting content access models that depend on access control, such as rental, subscription, and library lending. Readium LCP does not require publishers to send their master files in clear to a DRM vendor. Readium LCP helps publishers license content into a thriving, pro-competitive ecosystem by minimizing dependency on commercial vendors and avoiding “lock-in”.

What are the advantages of Readium LCP for users?

Users can obtain e-books from Readium LCP-based services and use Readium LCP-based apps and devices, secure in the knowledge that their e-books will interoperate across these devices, legally and with little or no effort (a simple passphrase to enter in some occasion) . Users can freely transfer a publication from one device to another. They can expect being able to continue reading it year after year after download, even if their bookseller closes its operation, thanks to the offline capabilities of the solution. Other advantages include a provision for accessibility to the print-disabled and the confidence that no usage data will leak through the Readium LCP technology to feed commercial appetites.

What are the advantages of Readium LCP for service providers?

Retailers, libraries, and other types of e-book service providers will benefit from costs that are much lower than those of existing commercial DRM systems, ease of deployment, and participation in what is expected to become a large ecosystem of interoperable technology components and services, while meeting publishers’ content protection requirements. Service providers will deploy their own License server and will therefore get real-time feedback on core data, like the number of delivered licenses or the number of active devices for a given license. Readium LCP’s open source model will also help ensure that Readium LCP evolves to meet future needs.

Is the Readium SDK required for implementing Readium LCP in my reading system?

Not at all. One can develop a Readium LCP compliant Reading System (application or e-reader) directly from the specification, using classic cryptographic libraries.

The open-source codebase provided on the Readium Github is currently optimized for use in the Readium architecture, but the core C++ code can be ported to any other environment, especially e-readers, for free.

Is Readium SDK designed to work with Readium LCP only?

Not at all. The Readium SDK is designed to work with multiple DRMs. This ensures that Readium-based apps and devices can be built if they have requirements for DRM features that go beyond what Readium LCP offers.

How does Readium LCP differ from other DRMs for Readium?

Readium LCP is intended to cover basic use cases (sale, rental) with an adequate level of security as well as a provision for accessibility to the print-disabled, with open source code for both client and server and an absolute minimum of vendor dependency.

Readium LCP is particularly well tailored for the library lending use case, with notions like early return and extended loan, the latter being uncovered by most DRMs. The high level of privacy offered by Readium LCP is another crucial aspect for public libraries.

Also, Readium LCP is intended to operate on a cost recovery basis and therefore may be less expensive than commercial DRMs. Other DRMs for Readium may be offered through commercial entities, support content access models that Readium LCP does not support, have enhanced security features that are required for certain applications, and/or support additional related services.

How do I test my reading system for compliance with the specification?

Compliance testing tools are under development at EDRLab; they are included in the open-source code provided by the Readium LCP Server project.

What are Robustness Rules and how do I test my app or device against them?

Robustness Rules specify the levels of protection that a Readium LCP-based app or device must provide against the exposure of secrets, such as cryptographic keys, through reverse engineering, debugging, and other techniques. Compliance to Robustness Rules may involve some obfuscation of the app codebase. The Readium LCP Terms of Use require licensees to make sure that their implementations are compliant with Robustness Rules and to submit to reasonable requests to audit their implementations. EDRLab has no direct interest or involvement in Robustness Rule audits.

As a service provider, what do I have to install?

As a license provider (e.g. an EPUB service provider), you have to install a Readium LCP License server.

You may decide to acquire one from a solution provider (for instance DeMarque in Canada), or prefer to develop it from scratch after studying the specifications. In order to simplify your work, EDRLab has developed an open-source application written in Go (a cross platform language), which provides a simple and reliable implementation of the specifications, to be interfaced with your distribution frontend software.

Whatever your choice, your solution has to be checked and certified by EDRLab before it can serve Readium LCP licenses in an interoperable way.

How does licensing work?

It is important to note that there is no transaction cost in the model, i.e. no DRM cost per ebook purchase or lending.

The certification process is labor intensive and must be renewed yearly; managing the ecosystem (certificate authority …) is also expensive. Therefore being a Readium LCP implementer (either Reading System developer or License Provider) involves yearly fees.
EDRLab keeps these fees to a minimum, please contact us at contact@edrlab.org to get details.

What is the sustainability of Readium LCP?

EDRLab has a role of Certification Authority for the Readium LCP ecosystem. All confidential information will be archived by a key escrow agent. Should EDRLab activities end one day, the certification process will be easily taken over by another organization.

Is Readium LCP protected by anti-circumvention laws?

Many countries, including the United States, European Union Member States, Australia, New Zealand, Japan, Singapore, India, China, and Brazil have various forms of laws against circumvention (cracking) of DRM systems and distribution of circumvention tools. Such laws are intended to provide “legal backstops” for DRMs that can be cracked. Different countries’ laws contain different definitions of the systems to which such laws apply, and such laws have been clarified to greater or lesser degrees in each country through litigations. Neither Readium Foundation nor EDRLab represents or guarantees that an implementation based on Readium LCP enjoys protection under such laws; please consult qualified legal counsel.

Is Readium LCP at risk against patent infringement?

Various organizations exist that own portfolios of patents that they may claim are related to digital rights management. Some of these organizations maintain patent licensing programs that require royalty payments; some have engaged in litigation against service providers, application developers, and others for alleged infringement of those patents. Readium Foundation has not consulted with any such entity to determine whether or not any aspect of Readium LCP “reads on” their patents. Neither Readium Foundation nor EDRLab take a position on whether any system, device, application, or service that incorporates any aspect of Readium LCP “reads on” any particular patents, nor does Readium Foundation or EDRLab endorse any patent holder’s patent claims or patent licensing program; please consult qualified legal counsel.

No technology is immune against patent claims; Readium LCP is based on standard cryptographic technologies (AES-256, SHA-256 …) and processes; we are therefore confident that Readium LCP is a simple and reliable solution that does not put implementers at risk.

Is Readium LCP able to protect PDF files?

The current specification of Readium LCP makes reference to the EPUB format only.

Including Readium LCP support for PDF files is technically doable, but any open-source implementation would require quite a bit of work. The main issue being that Adobe products (Adobe Digital Editions especially) would not recognize this non-proprietary DRM, and this sole fact would be be a burden for many users. One can also wonder what is the use of PDF ebooks in an world tailored for EPUB ;-).

Other Readium projects

Readium-2

The major evolution of the Readium SDK codebase, the objectives being better performances and stability, clarity of source code and documentation.

Discover Readium-2

Readium SDK & JS

The reference EPUB 3 open-source reading engine for Web, desktop and mobile apps, on active maintenance by the Readium community.

Discover Readium SDK & JS


Copyright © 2016 EDRLab. Legal informations