When
we discussed Violano's (VP of eReader) view on digital right management (DRM) yesterday, I had the idea to make a flowchart of how eReader DRM appears to work.
You can find the chart attached. I hope it sheds some light...
Some important notes that I have also mentioned in the chart:
- the hash function applied is a one-way function: the generated output (hash value) is not dependent on the input (credit card number) in any discernible way. Plus, given a hash value, it is computationally unfeasible to find a pre-image (credit card number) that hashes to that value.
- the decryption process is continuous; the eReader software doesn't decrypt the entire e-book at once (this would take too long, and total memory twice the size of the e-book). Instead, only blocks of a fixed size are decrypted as the user turns the pages of his book.
- the flow chart doesn't show additional steps such as inflating (decompressing) of the e-book. eReader e-books are compressed to reduce the final file size. The inflating process happens on-the-fly after the decryption.
- the credit card number is not stored for later decryption; only the computed hash is needed since it is the actual key to the decryption process.
- even though the credit card number is not stored on your device, it is stored on ereader.com's database server. A potential hacker may thus obtain this number by hacking the server (in other words, your card number is not 100% safe!).