Readium: Difference between revisions

Line 18:

==Readium LCP==

The design of Readium Licensed Content Protection (LCP) was influenced by a 2012 paper called "EPUB Lightweight Content Protection: Use Cases & Requirements" by Bill Rosenblatt (link in the External Links section).

It is also an international standard, referenced as: ISO/IEC 23078-2:2024.

===Basics===

One of the most important concepts in Readium LCP is the '''LCP license file'''. It is generated by a '''Readium LCP License Server''' and contains: <blockquote>"

*A set of rights; standard rights are:

** A start and end access date and time, especially useful for library lending;

**The number of pages the user is allowed to print;

**The number of characters the user is allowed to copy/paste;

*The passphrase hint; this information is important; more details below, in section “Interaction with the Reading System”;

*The content key, encrypted; the reading system will use the user passphrase in order to get this data in clear;

*The provider certificate and a digital signature; this information will be used by the reading system for checking that the license has not been modified by anyone other than the provider;

Optional:

*Some limited personal data; LCP can act as a “social DRM”; such information is encrypted for privacy protection, and the License Server does not store this information.

*Optionally, the URL of the protected content associated with this license, used if the license is delivered as a stand-alone file (.lcpl).

"</blockquote>

(The following summarizes what is referred to as the “Interaction with the Reading System” section in the quote above, as well as a few other sections.)

A license file can either be distributed as a standalone file or embedded into an [[wikipedia:EPUB|EPUB]] file.<blockquote>"A protected EPUB file is simply the association of protected content with a license."</blockquote> Users can buy ebooks from the reading system and receive license a license file. The reading system then automatically downloads the appropriate EPUB file and embeds the license into it. With this arrangement: <blockquote>"the EPUB file with its included license can be opened by the reading system, archived, exported to another reading system etc. and the user has only one file to care about."</blockquote> In an alternative arrangement, the distributor can embed license files into EPUB files, before sending them to the reading system.

===Encryption and decryption===

Its encryption is based on [[wikipedia:Advanced Encryption Standard |AES]]. Keys that unlock files are referred to as '''passphrases'''. It can either be generated or chosen by the user. Users have one passphrase for each bookstore or library. LCP licenses also include password hints in case a user forgets their password. <blockquote>"The software transforms the passphrase into a user key (h = hash(pp) then uk = userkey(h), with “userkey” a simple string transfom). The user key can decrypt the content key provided in the user license. The content key can decrypt the content.

The Readium LCP library software is mostly open-source, only uk = userkey(h) isn’t (in the open-source version it is void). Only trusted licence providers and trusted app developers know what this string transform is. Therefore one cannot take the open-source software and simply add a “save as clear epub” feature applied on ebooks provided by certified servers."</blockquote>

<ref>{{Cite web |title=LCP principles |website=edrlab.org |url=https://www.edrlab.org/readium-lcp/principles/ |url-status=live}}</ref>

==Incidents==

@@ Line 18: / Line 18: @@
 ==Readium LCP==
+The design of Readium Licensed Content Protection (LCP) was influenced by a 2012 paper called "EPUB Lightweight Content Protection: Use Cases & Requirements" by Bill Rosenblatt (link in the External Links section).
+It is also an international standard, referenced as: ISO/IEC 23078-2:2024.
+===Basics===
+One of the most important concepts in Readium LCP is the '''LCP license file'''. It is generated by a '''Readium LCP License Server''' and contains: <blockquote>"
+*A set of rights; standard rights are:
+** A start and end access date and time, especially useful for library lending;
+**The number of pages the user is allowed to print;
+**The number of characters the user is allowed to copy/paste;
+*The passphrase hint; this information is important; more details below, in section “Interaction with the Reading System”;
+*The content key, encrypted; the reading system will use the user passphrase in order to get this data in clear;
+*The provider certificate and a digital signature; this information will be used by the reading system for checking that the license has not been modified by anyone other than the provider;
+Optional:
+*Some limited personal data; LCP can act as a “social DRM”; such information is encrypted for privacy protection, and the License Server does not store this information.
+*Optionally, the URL of the protected content associated with this license, used if the license is delivered as a stand-alone file (.lcpl).
+"</blockquote>
+(The following summarizes what is referred to as the “Interaction with the Reading System” section in the quote above, as well as a few other sections.)
+A license file can either be distributed as a standalone file or embedded into an [[wikipedia:EPUB|EPUB]] file.<blockquote>"A protected EPUB file is simply the association of protected content with a license."</blockquote> Users can buy ebooks from the reading system and receive license a license file. The reading system then automatically downloads the appropriate EPUB file and embeds the license into it. With this arrangement: <blockquote>"the EPUB file with its included license can be opened by the reading system, archived, exported to another reading system etc. and the user has only one file to care about."</blockquote> In an alternative arrangement, the distributor can embed license files into EPUB files, before sending them to the reading system.
+===Encryption and decryption===
+Its encryption is based on [[wikipedia:Advanced Encryption Standard |AES]]. Keys that unlock files are referred to as '''passphrases'''. It can either be generated or chosen by the user. Users have one passphrase for each bookstore or library. LCP licenses also include password hints in case a user forgets their password. <blockquote>"The software transforms the passphrase into a user key (h = hash(pp) then uk = userkey(h), with “userkey” a simple string transfom). The user key can decrypt the content key provided in the user license. The content key can decrypt the content.
+The Readium LCP library software is mostly open-source, only uk = userkey(h) isn’t (in the open-source version it is void). Only trusted licence providers and trusted app developers know what this string transform is. Therefore one cannot take the open-source software and simply add a “save as clear epub” feature applied on ebooks provided by certified servers."</blockquote>
+<ref>{{Cite web |title=LCP principles |website=edrlab.org |url=https://www.edrlab.org/readium-lcp/principles/ |url-status=live}}</ref>
 ==Incidents==