First baby-step to MPEG-4 DRM

ISMA (Internet Streaming Media Alliance) has completed its MPEG-4 Content Protection Specification, and it’s now available for peer review for experts in network security, content protection and cryptography.

The encryption method chosen for the new specification is based on the National Institute of Standards & Technology’s (NIST) 128-bit AES encryption standard. Importantly, this method is unencumbered by any additional royalty fees and intellectual property concerns. It’s also compatible with established IETF (Internet Engineering Task Force) specifications.

Many people seem to be misinterpreting this announcement as meaning, “Great! Now I can do DRM for MPEG-4!” However, the specification doesn’t specify a specific rights and key management system, and so doesn’t actually enable DRM (much less DRM interoperability) of any sort. Rob Koenen, president of the MPEG-4 Industry Forum, notes:

I see it as another step toward more interoperability in DRM. But that’s a difficult problem to solve. There are many little steps to be taken on the road to more interoperable DRM and agreeing on encryption is only one of them.

Assuming it passes peer review, the specification is expected to be finalized in June.