Readium Foundation is a non profit that produces "reading system toolkits" that can be deployed across multiple platforms and digital publishing formats. According to its certificate of incorporation, it was incorporated in Delaware, USA in 2013. It has multiple members including: The European Digital Reading Lab (EDRLab), Bibliovault (University of Chicago Press), Columbia University Library, eKitabu, New York Public Library, New York University Library and DRM Inside Co., Ltd.[1][2][3]
| Basic information | |
|---|---|
| Founded | 2013-01-29 |
| Legal Structure | Non-profit |
| Industry | Software |
| Also known as | Readium Foundation |
| Official website | https://readium.org/ |
Background
"The Readium project was started by the IDPF in 2012 because the EPUB 3.0 specification had been released late in 2011, but no implementation yet existed (or, at least, had been publicly released). So IDPF provided some funding and encouragement and two firms, Evident Point and Bluefire, took the lead in developing a JavaScript implementation of a significant part of the EPUB 3 spec."
The JavaScript implementation lacked features and was written as a Google Chrome extension. It also didn't provide native implementations for devices and "it couldn’t support DRM securely." After additional development, they released the open source Readium SDK Core.
"The SDK was designed from the beginning to support DRM ( Digital Rights Management ), a mandatory feature for digital library lending, and also required by many publisher for anti-piracy matters. It was moreover designed to be DRM-agnostic, able to support multiple DRM implementations. However, while that capability existed in the SDK, there was also an increasing perception over time that the existing DRM implementations (Adobe, Kobo, Sony) were too heavyweight and proprietary and there existed a need for a new open-source DRM specification and implementation. The result was the Readium LCP (Licensed Content Protection) specification and implementation, which is rolling out in 2017."
Consumer-impact summary
While it is commendable that Readium and its partners (like EDRLab) promote open source code and wished to design a DRM system that aimed to avoid vendor lock-in (which could have caused a lack of innovation, diversity, features and would have handed one vendor total control), aimed to be more interoperable, simpler, secure and ensuring that:
"The solution is designed to be minimally intrusive for end-users, who don’t need to create a third-party account. User can share their ebooks with their family or close friends"
[5] it can be argued that DRM in itself is negatively affecting consumers.
Moreover, the Readium SDK was reportedly developed so that it would support multiple DRM technologies, allowing other DRM vendors to easily integrate their systems with Readium. This in effect lowers the barrier to entry, because companies with existing DRM implementations can more easily migrate to Readium and keep using their DRM. The variety also allows for companies that would otherwise be hesitant to pick and choose and implement DRM in a way that might be cheaper or more for them.[6]
In addition to this, Readium has filed DMCA takedown requests to force tools which circumvented Readium LCP to remove code from their repositories. As a result, it is currently not possible for users to archive their own ebooks without Readium LCP DRM in an easy way (or perhaps any way). And as it turns out, there are several examples of users complaining or asking for help with this exact issue.
Readium LCP
The design of Readium Licensed Content Protection (LCP) was influenced by a 2012 paper called "EPUB Lightweight Content Protection: Use Cases & Requirements" by Bill Rosenblatt (link in the External Links section). It is also an international standard, referenced as: ISO/IEC 23078-2:2024.
Basics
One of the most important concepts in Readium LCP is the LCP license file. It is generated by a Readium LCP License Server and contains:
"
- A set of rights; standard rights are:
- A start and end access date and time, especially useful for library lending;
- The number of pages the user is allowed to print;
- The number of characters the user is allowed to copy/paste;
- The passphrase hint; this information is important; more details below, in section “Interaction with the Reading System”;
- The content key, encrypted; the reading system will use the user passphrase in order to get this data in clear;
- The provider certificate and a digital signature; this information will be used by the reading system for checking that the license has not been modified by anyone other than the provider;
Optional:
- Some limited personal data; LCP can act as a “social DRM”; such information is encrypted for privacy protection, and the License Server does not store this information.
- Optionally, the URL of the protected content associated with this license, used if the license is delivered as a stand-alone file (.lcpl).
"
(The following summarizes what is referred to as the “Interaction with the Reading System” section in the quote above, as well as a few other sections.)
A license file can either be distributed as a standalone file or embedded into an EPUB file.
"A protected EPUB file is simply the association of protected content with a license."
Users can buy ebooks from the reading system and receive license a license file. The reading system then automatically downloads the appropriate EPUB file and embeds the license into it. With this arrangement:
"the EPUB file with its included license can be opened by the reading system, archived, exported to another reading system etc. and the user has only one file to care about."
In an alternative arrangement, the distributor can embed license files into EPUB files, before sending them to the reading system.
Encryption and decryption
Its encryption is based on AES. Keys that unlock files are referred to as passphrases. It can either be generated or chosen by the user. Users have one passphrase for each bookstore or library. LCP licenses also include password hints in case a user forgets their password.
"The software transforms the passphrase into a user key (h = hash(pp) then uk = userkey(h), with “userkey” a simple string transfom). The user key can decrypt the content key provided in the user license. The content key can decrypt the content. The Readium LCP library software is mostly open-source, only uk = userkey(h) isn’t (in the open-source version it is void). Only trusted licence providers and trusted app developers know what this string transform is. Therefore one cannot take the open-source software and simply add a “save as clear epub” feature applied on ebooks provided by certified servers."
Incidents
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the Readium category.
Example incident one (date)
- Main article: link to the main CR Wiki article
Short summary of the incident (could be the same as the summary preceding the article).
Example incident two (date)
...
Products
- Readium LCP
- Readium Mobile
- Readium Desktop
- Readium Web
- Readium Web Publication Manifest
External Links
See also
References
- ↑ "Membership Overview". readium.org. Archived from the original on 23 Jun 2026.
- ↑ "READIUM FOUNDATION CERTIFICATE OF INCORPORATION" (PDF). readium.org. Archived (PDF) from the original on 1 Aug 2024. Retrieved 23 Jun 2026.
- ↑ "Readium Project Goals". readium.org. Archived from the original on 11 Mar 2026. Retrieved 23 Jun 2026.
- ↑ "A Bit of History". readium.org. Archived from the original on 23 Jun 2026.
- ↑ "Readium LCP". edrlab.org. Archived from the original on 17 Jun 2026. Retrieved 23 Jun 2026.
- ↑ "Overview of the DRM ecoystem". edrlab.org. Archived from the original on 23 Jun 2026.
- ↑ "LCP principles". edrlab.org.
{{cite web}}: CS1 maint: url-status (link)