Managing Content Access End-to-End: Rights to Original Works Drive Business Models and Systems

The nascent and burgeoning landscape of content is a hacker's dream. Attackers seek to analyze an application and obtain access to content keys and decryption algorithms to obtain an unprotected file that can be pirated and distributed widely. But the music and movie industries have made it clear that any attempt to strip content owners of the revenues associated with granting usage rights for their original works will be met with serious consequences.

On-demand content alone represented $1 billion in consumer revenue in 2004, explains VeriSign's Jeff Treuhaft, director of security product marketing. Providers are banking on content as a way to drive broadband and mobile usage—yet content increases the complexity of a service provider's business model, and the potential for lost revenue associated with content only stands to grow.

Innovation always forces business models to play catch up, and content is proving to be no different. "Those who own the content are doing everything they can to protect this content," says Telution Chief Executive Officer Kent Steffen.

Currently, providers are chomping at the bit to be first to market with new content. However, Steffen warns, "The technology enables more than the business models allow." For content providers, this is a problem.

Content Challenges

Treuhaft believes that content owners have two main challenges in today's world: Increasing the number of distribution channels and making content as secure as possible. They want to avoid Napster-type scenarios.

Treuhaft says content providers often receive requests from content distributors to create a relationship to deliver content to their subscribers, but many back away from these deals because there is no secure and trusted system to protect the rights to that content.

Steffen believes this trend will continue until the necessary digital rights management systems are in place. "The Hollywood content guys are going to say, 'No way, you don't get to use this until you can prove this [DRM system] works,'" Steffen says. And, for service providers, he believes they will not want to begin offering content to consumers without the systems required. "The liability is too great," he notes.

Content distributors "don't really have a trusted technology story they can bring to the table," Treuhaft says, and therefore many content owners are choosing not to sign. Particularly outside of the United States, where laws governing piracy and the misuse of content are less strictly enforced, content providers are often leery. "What they see as potential value is overridden by the risks and potentially cannibalizing existing revenues," he says.

"The security of a lot of these DRM systems is not absolute," Treuhaft maintains. He believes the issues are not in the cryptography, but rather in the implementation of the DRM system.

At the same time, content distributors or service provider retailers are challenged to build relationships with content owners and to secure the best content and competitive windows for release. Distributors may have fragmented systems that make it difficult to present usage information back to the content providers for audit.

Currently, negotiating the rights to content is a difficult and tedious task for providers, which also may ultimately be slowing content's adoption. CSG Systems Senior Manager Kevin Dorton explains that in Europe such rights are often negotiated country by country. "It's an inhibitor to roll out the service Europe-wide," he notes. Hence, today, many companies will only launch in two or three markets.

Behind the Scenes

Content goes against traditional billing and OSS paradigms such as for voice, which is based on origin and destination. The rights to content drive billing for characteristics of the service provided: How long does the user have access to a movie? Was the customer able to share a video clip with a friend? Do multiple users in a household have access to the content? How many plays did a customer get in a game? Any special feature or use can make content more valuable. "What you're rating" Steffen says, "is really complex."

The rights to content are also driving the business models, as well as the business support systems that support these business models.

Traditional OSSs have been very network-focused. To supply content, there is a need to tie digital rights and media libraries to the device, regardless of what that device is. The question becomes to what extent DRM systems need to be integrated to back- and front-office systems to make this happen.

Steffen says OSSs are vital to facilitating content transactions, because they must interface with DRM systems to determine whether a customer can have access to the content, for how long and on what devices. Customer relationship management, order management and billing systems all need to understand what content is being offered to what customer and on what terms. Steffen says he has seen many carriers "dumb down" their marketing offers because their systems could not support the promotions.

"Unfortunately, there is going to be a latency between when technology is available and when these service providers can go out and support it," says Rob Kunzler, Telution's director of marketing.

Many customers may also want advice of charge to understand how much content will cost prior to purchase. This requires that systems work in "super real time," according to CSG Systems' Birger Thorburn, director of the company's global content practice.

Another challenge for service providers is to deliver a consistent set of offers for content across multiple devices. The call center, the Web, a television set, a laptop and a mobile phone all represent points of sale that must have a user interface to access content and provide a similar rich customer experience. Order management systems must sit behind this and integrate with the DRM license server to authenticate a user and authorize content delivery. There are many opportunities for error, and with content, Steffen says, fallout is just as much a front-office as a back-office issue.

The 'R' Is Key in DRM

David Beddow is the chief technology officer at Movielink, a modern-day online video rental store. He says DRM is nothing more than a sophisticated encryption system, but when it comes down to it, the usage rights granted to retail service providers' end customers are what shapes the business models. A provider could have all the technology in place to offer access to content and bill for it in dramatically innovative ways, but if the content creator will not allow the type of access needed, then even the most innovative business model is pointless.

According to Adam Cappio, senior program manager at Real Networks, content providers make it clear to DRM system manufacturers how their content must be kept secure—and they make it known what liabilities companies face, should original content slip through the cracks and end up in the wrong hands.

Many content providers are concerned about the capabilities afforded to the end user when their content is displayed on a personal computer. Essentially, it is easier to forward content, copy it or burn it to a CD, says CSG Systems' Thorburn. As such, the content providers have strict rules for the use of their content, particularly on a computer.

Thorburn says that mobile devices offer a somewhat more controlled environment. On devices other than computers, it is somewhat easier to control forwarding and copying of the content.

Cappio says that because the studios had a format that was not feasible to trade online via peer-to-peer sharing, they ultimately lucked out, while the music industry had to duke it out with companies like Napster.

He notes that content owners have passed down rules to DRM system developers stating that an intruder must have to exert a real effort to break the system and get access to content. The system cannot be circumvented, for example, by using a widely available tool. These guidelines, according to Cappio, essentially spell out a company's legal liability if it does not architect a system that can protect the content.

No One Model

Many different models exist for how and where to authorize content, Thorburn says. There is a lot of talk about "content ecosystems" to which various content providers can be linked and which support various billing models.

Some business models lend themselves to simplicity, such as those for iTunes and Movielink. But it is easy to see how content dramatically increases the complexity of the business models and the systems that support them, particularly in a mobile environment. Take, for example, Verizon Wireless's V Cast rolled out in February, which allows customers to play back audio and video clips. From football playbacks to weather forecasts, content stands to mature—and as it does, it will demand more of back-office systems.

Convergys's Curt Champion, senior director of marketing, explains a current scenario: A customer on a mobile phone wants a ring tone. The customer initiates the order through the phone. The mobile operator receives a request that must be validated: Is this customer eligible for this service, or is the customer delinquent on payments? Will this information actually work on the customer's device? Does the customer have a preset limit for spending on content, and when does the customer exceed that limit?

The customer must be authorized to receive the content, and an external server is told to deliver the ring tone to the device. The information wrapped around the content tells how long the ring tone can be used. Upon receipt of the content, a rating system must determine how much the customer's account will be charged and whether this is something that is immediately deducted from a prepaid balance or if it goes on the customer's next postpaid statement, for example. This information could be queried in real time from a rating system, or information about charges could be kept in a separate database. Often, content is kept on a content server then synched up with rating and billing to involve fewer steps.

In the future, Thorburn explains, one could envision forwarding a song to a friend to listen to it, and if the friend likes the song he could go back to a central location to purchase it.

How business models are formed and how things work behind the scenes are still being flushed out. "It's still a little bit in flux," Thorburn says, "and it's also driven by the type of content you're trying to consume."

He says systems today have built up to jump-start content service and get it to market. If content usage explodes as expected, however, systems will need to scale on a huge level.

Treuhaft at VeriSign says content delivery becomes an issue of rights management on the front end and connectivity to billing and settlements on the back end. Thorburn says DRM will be the enforcer, while the billing system will be responsible for rating and charging for this access and use.

The industry is still dealing with questions about how content, such as songs downloaded to an iPod, would be replaced if the user somehow lost the content. For example, if the user purchased the unlimited use of the song, then should that song be replaced if a device is lost or destroyed? If so, how is this facilitated?

A Content Clearinghouse

Capitalizing on its security capabilities, VeriSign has partnered with Thomson, which plans to use its Technicolor and RCA brands to provide end-to-end capabilities to assist content creators, video network operators and retailers with content delivery. The two have worked together to create a digital content authentication and authorization service. Slated for launch in mid-2005, the concept is that of a digital utility in which the rights to content can be aggregated in one system that can be used by multiple providers. It is a hosted or managed infrastructure aimed at allowing service providers, the content retailers, to share the cost of the platform. It is designed to be the single system that can manage the rights to and delivery of the content, and facilitate the revenue settlements between content providers and retail distributors.

VeriSign allows the creation of an electronic contract for content that spells out what has been negotiated on paper—the wholesale royalties, terms and conditions, and other necessary information.

The content owner loads its electronic license onto the VeriSign platform. Then the distributor adds retail pricing data around the content. Above any restrictions that the content provider places on the content, the distributor may want to further restrict usage to meet its business plan, especially if the way the content provider will allow the content to be used might impair the distributor's customer care operations.

In a video-on-demand scenario, a customer might select a movie. VeriSign receives a request from a consumer to see the movie. VeriSign collects information about the product and the retailer, as well as a transaction identification to track down a license stored in the company's system. VeriSign then delivers the DRM license back to the device so the user can view the content. The license allows the range of uses that the content provider spelled out in the electronic contract, married with the restrictions placed on it by the distributor via its business plan.

The company captures enough information during the licensing process to apply this information to rate the services used for payment. The system captures transaction information by retailer and by content title. For privacy reasons, the company does not capture customer information associated with the content.

To collect revenue for content, VeriSign can price and rate a transaction within its infrastructure and apply this back to a retailer's billing system. In a mobile phone scenario, VeriSign can use the terminating number for the transaction to access the billing system and place a variable charge on it.

VeriSign charges a fee per transaction that is paid by the retail service provider. The content owner receives its portion of the revenue generated, and the retailer retains the remaining amount. The revenue settlements are not electronically managed in VeriSign's system.

Convergys's Champion notes that in scenarios where a company other than a service provider controls the content, there is a huge demand for being able to synchronize data on demand to deliver content to the customer. The service provider must be able to pull data from multiple sources into a universal product catalog and provide a seamless experience to the user, regardless of which content provider is actually supplying the content.

Straightforward DRM

Real Networks is meeting the world of content with its DRM system Helix. The system has four major components. Helix DRM for devices enables business models to be deployed to a variety of devices. The packager module applies encryption algorithms to prepare content for delivery. The license server allows retailers to authorize and report content transactions and delivers billing information that allows royalty payments to be made to content providers. The client component provides a secure environment for content playback, coordinating the license guidelines with a retailer's business rules.

In an example scenario, a consumer browses for and selects content in an online storefront to play on his or her computer. The option to buy, rent or borrow the content triggers the storefront to ask the consumer to log in or provide account information to proceed with the transaction. The storefront application then checks with the license server about authorization for the consumer and granting access to the content. Real Networks' Cappio explains that Helix relies on all of the systems operating outside of it. The request to the license server includes information about an encryption key, which is given to a content management system during content production. The encrypted media file is sent along with metadata needed by the user to unlock the content.

While Helix provides raw usage logs for revenue settlements, Cappio explains, it has no knowledge of the money associated with the transactions.

More Than One Regulator

Content can have more than one regulator. One example would be parents who want to restrict the content on their child's mobile phone. Another is the enterprise telecom manager who wants to control costs and ensure that employees are not using business phones to receive unauthorized content at a cost to the company.

Juniper Research estimates that the value of the worldwide mobile adult content market will rise 50 percent to $1 billion in 2005 and to $2.1 billion by 2009. For some parents, this might be alarming.

Bcgi's Chief Technology Officer Tom Erskine says that when it comes to adult content, operators are trying to determine how to self-regulate so they are not themselves regulated. In Israel, the government announced that operators must offer content filtering to be considered for a 3G spectrum license. The United Kingdom has adopted a code of conduct stipulating that subscribers must be 18 or older to receive adult content, Erskine explains.

Bcgi is conducting trials of a system to address the end user's need to control access to content and the provider's ability to allow that. The company's Mobile Guardian product performs content filtering by inspecting WAP browser packets. Operators deploy the filter in their network to prohibit inappropriate content. The filter inspects the content as it passes through the network and then compares it against known categories of content. Artificial intelligence algorithms and a comparison with known banned URLs provide a multi-layer approach to restricting access. The filter actually learns what kinds of content are restricted and starts to categorize this content, creating a cache in which it stores content that should be restricted. An operator can also create its own whitelist or blacklist. The filtering process is designed not to cause latency.

A profile manager determines an end user's access to content. A customer's profile could sit either in bcgi's data center or in a database owned and managed by the operator. Bcgi provides a user interface, and the provider customizes that to its own brand.

For the parent, providers are seeking to allow them to control voice service in a family share plan, for example. They believe that when trying to obtain customers in the 10 to 14 age demographic, offering more controls over voice service and content could be a big differentiator. This could mean, for example, restricting a child's usage to prevent gaming nightly between 6 p.m. and 8 p.m.—homework time.

For the enterprise telecom manager controlling content access by employees, lines can be managed individually or as a group. The manager can identify content categories that are allowable and those that are not.

Erskine says enterprise telecom managers have noticed a shortcoming in telecom expense management software. While this software aims at controlling a company's costs, it does not control access to control the cost. "It's about cost," he says, "but it's becoming more about content." Telecom managers "are all a little underwhelmed" with expense management software, Erskine says—and with content making the scenario even more complex, he notes, "This just isn't going to get any simpler."

Managing Content's Dynamics in the Future

Some service providers are striving to create their own content ecosystems, and some may rely on aggregated content models or a clearinghouse, but some content providers may bypass the service provider and sell their work independently through ISPs, which can make service providers feel threatened.

A service provider's saving grace, however, is that it has robust customer care systems that can enhance customer care and differentiate service for the end user.

Yet service providers must be sure to install secure DRM systems so they will be able to lure more content providers into their own media libraries.

They also must walk a fine line in ensuring that they remit all the revenues owed for content to avert skirmishes with content providers, who often will not hesitate to take action if they feel their revenue is being miscalculated.

While a service provider needs to control access to content as defined by the rights associated with that content, in the future it may also need to manage access and controls via profiles that an end user may desire. And all this has to be done with the customer's privacy in mind.

Between managing the content provider's rights, the end user's access and the billing for usage, service providers must grapple with increasingly complex business models and pricing plans. What happens behind the scenes to facilitate content delivery, seamlessly and without headaches for the customer, will ultimately determine who succeeds in making content drive the next generation of usage on their networks.