Vista and More: Piecing Together Microsoft's DRM Puzzle

Computerworld - If you ask five veteran Windows users to explain Vista's take on digital rights management (DRM), you're likely to get five different answers that have just one thing in common: Whatever it is, they know they don't like it.

In a nutshell, this is the dilemma Microsoft faces as it prepares to launch Windows Vista. By any standard, Vista's new DRM capabilities -- aimed at protecting the rights of content owners by placing limits on how consumers can use digital media -- hardly qualify as a selling point; after all, it's hard to sing the praises of technology designed to make life harder for its users.

Microsoft itself defines DRM in straightforward terms, as "any technology used to protect the interests of owners of content and services." In theory, it's an easy concept to grasp; in practice, however, modern DRM technologies include a multitude of hardware-, software- and media-based content-protection schemes, many of which have little or nothing in common.

DRM at the hardware level

Vista's DRM technologies fall into several distinct categories, all of which are either completely new to the operating system or represent a significant change from the technology found in previous versions of Windows. The Intel-developed Trusted Platform Module (TPM) makes DRM harder to circumvent by extending it beyond the operating system and into the PC's hardware components.

TPM is used with Vista's BitLocker full-drive encryption technology to protect a PC's data against security breaches. A TPM microchip embedded on the PC's motherboard stores unique system identifiers along with the BitLocker decryption keys. If a system is tampered with -- for example, if the hard drive is removed and placed in a different machine -- TPM detects the tampering and prevents the drive from being unencrypted.

A set of related technologies grouped under the name Output Protection Management (OPM) also takes DRM to the hardware level. Perhaps the most prominent (or notorious) OPM technology, known as Protected Video Path (PVP), provides a good example of how hardware-based DRM works and what it can do. PVP content-protection technology is supported both in Windows Vista and within a small but growing number of high-end graphics adapters, high-definition displays and even digital display connector cables. It is intended, first and foremost, to protect the high-quality digital content that is slowly becoming available on the next-generation Blu-ray and HD-DVD optical media technology.

Most commercial DVDs, of course, already include copy-protection technology. This protection, however, works only in conjunction with the DVD player itself. It cannot stop attempts to intercept and copy the protected content further downstream, as it moves first to the graphics card and finally to a user's display -- a problem sometimes referred to as the "analog gap."

PVP eliminates these security gaps, enabling a series of DRM measures that keep a high-resolution content stream encrypted, and in theory completely protected, from its source media all the way to the display used to watch it. If the system detects a high-resolution output path on a user's PC (i.e., a system capable of moving high-res content all the way to a user's display), it will check to make sure that every component that touches a protected content stream adheres to the specification. If it finds a noncompliant device, it can downgrade the content stream to deliver a lower-quality picture -- or it can even refuse to play the content at all, depending on the rights holder's preferences.