ISO/IEC 23078-1:2024

International
Standard
ISO/IEC 23078-1
First edition
Information technology —
2024-06
Specification of digital rights
management (DRM) technology for
digital publications —
Part 1:
Overview of copyright protection
technologies in use in the
publishing industry
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 DRM free protection . 2
4.1 General .2
4.2 Fingerprinting .2
4.3 Watermarking .2
5 DRM protection . 3
5.1 General .3
5.2 User key-based protection .3
5.2.1 General .3
5.2.2 Requirements from publishers and distributors .3
5.2.3 Requirements from users .4
5.3 Device key-based protection . .5
5.3.1 General .5
5.3.2 Requirements from publishers and distributors .5
5.3.3 Requirements from users .5
Bibliography . 6

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,
Subcommittee SC 34, Document description and processing languages.
This document cancels and replaces ISO/IEC TS 23078-1:2020, which has been technically revised.
The main changes are as follows:
— in 3.3, the definition has been improved.
A list of all parts in the ISO/IEC 23078 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
Ever since digital publications have grown in popularity, copyright protection has been an important issue
for authors and publishers.
While the distribution of digital publications around the world is mostly based on the open EPUB standard,
most retailers are using proprietary technologies to enforce usage constraints on digital publications in
order to impede oversharing of copyrighted content. The high level of interoperability and accessibility
gained by the use of a standard publishing format is therefore cancelled by the use of proprietary and closed
technologies: digital publications are only readable on specific devices or reading applications (a retailer
"locked-in" syndrome); digital publications may not be accessed anymore if the distributor which protected
the publication goes out of business or if the DRM technology evolves drastically. As a result, users are
deprived of any control over their digital publications.
In reaction to these hindrances, watermarking and fingerprinting technologies have also been developed for
digital publications. These are sometimes called "social DRM" which is a good way to describe the effect of
the visible marks embedded into the content. Thanks to their presence and the personal information they
contain, the “licensee” cares about the use of the content he/she has acquired: one would not like to see
content associated with one's personal information freely shared on the web. But the term “social DRM” is
misleading also, as watermarking and fingerprinting techniques do not enforce technical control on the use
of digital media.
Requirements related to security levels differ depending on which part of the digital publishing market
is addressed. Many trade publishers, in different countries, are satisfied with a protection based on
watermarking; but in many other situations, publishers require a solution which technically enforces the
digital rights they provide to their users. This is where DRM technologies come into play.
In most use cases, publishers are happy to adopt a DRM solution which guarantees an easy transfer
of publications between devices and a certain level of fair-use, and provides permanent access to the
publications acquired by their customers. However, in certain use cases, publishers require a stronger
protection measure, which limits the capability for users to transfer publications from one device to another.

© ISO/IEC 2024 – All rights reserved
v
International Standard ISO/IEC 23078-1:2024(en)
Information technology — Specification of digital rights
management (DRM) technology for digital publications —
Part 1:
Overview of copyright protection technologies in use in the
publishing industry
1 Scope
This document describes three types of copyright protection technologies in use in the publishing industry:
— digital rights management (DRM) free protection, i.e. technologies which do not rely on content
encryption but rather use content fingerprinting or watermarking, adequate for use cases where user
convenience is the top priority;
— user key-based DRM protection, adequate where user constraints are limited;
— device key-based DRM protection, adequate where the transfer of publications from one device to
another is severely constrained.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
digital publication
set of constituent resources and associated metadata, organized together in a uniquely identifiable grouping
3.2
digital rights management
DRM
systematic approach to copyright protection to prevent unauthorized redistribution of digital media and
restrict the ways consumers can use the content they've acquired
3.3
distributor
digital publication (3.1) retailer, public library, academic library or specialized intermediary that facilitates
the distribution of electronic content between publishers and retailers
3.4
protected publication
digital publication (3.1) on which a DRM (3.2) solution has been applied

© ISO/IEC 2024 – All rights reserved
4 DRM free protection
4.1 General
Many users and librarians prefer plain digital publications to encrypted ones because of their undeniable
advantages in terms of usability, portability or long-term preservation. On the other hand, many publishers
are opposed to releasing their valuable contents in plaintext due to concerns about copyright infringement.
Under this circumstance, some service providers adopt a protection measure which does not rely on
encryption, such as fingerprinting or watermarking.
4.2 Fingerprinting
Fingerprinting means analysing content and extracting a unique set of inherent properties resilient to
content transformation. Fingerprinted content is identified in a non-ambiguous way and therefore some use
the term “content DNA” to describe a fingerprint.
Content fingerprint does not involve modifying the publication: the fingerprint is kept in a database and
used to check if some random content is identical to the fingerprinted content. A user never sees any visible
evidence that a digital fingerprint exists for the content he/she has acquired.
Digital fingerprinting can be used to track overshared content across the web with the help of monitoring
services using specific web crawlers. But this technology is most actively used when a user wants to upload
a digital publication onto a content sharing platform; before the upload is accepted, this platform may use a
fingerprinting service and database to know if the upload is legal, which mitigates the risk of a lawsuit.
The difficulty is that a proper fingerprinting solution should be able to identify content independently of
potential minor transformations and independently of a packaging format (e.g. EPUB vs PDF), which may be
in practice more difficult for the digital publications than it is for audio-visual content. This document does
not in
...