Quote:
Originally Posted by Shaggy
No. For eBook DRM, they give you the content and then hand you a copy of the key. That's why there is no such thing as DRM which cannot be circumvented. The entire point is that they have to allow you to circumvent/decrypt it in order to use the product in the first place.
|
It doesn't have to work that way.
For example, you could have a scheme whereby, when buying a book, the ebook reader generates a per-book public/private key pair and sends the public key to the fulfillment server, which then encrypts the book. The reader stores the private key in readout-protected memory. The decryption parts of the reader software are in write protected memory (such that reflashing that area of memory causes the readout protected area to be erased). This sort of readout protection of memory is very common in processors aimed at embedded use.
I.e. the reader can circumvent the protection, but you have no way of knowing the key used to do it (short of looking at the memory contents using some very high-tech and expensive scanning equipment - unlikely to be of interest for a single-book key).
Clearly there are other ways around this (e.g. you can decode the electrical signals which drive the screen), and the scheme as described is not complete (e.g. the fulfillment server has to authenticate the reader), but it's not the case that the decrypting key has to be *given* to the reading device.
/JB