A: DReaM stands for "Digital Rights Management - everywhere available," and originated in Sun Labs as an open standards-based DRM solution. The objective of DReaM is to make protected content available to consumers everywhere they want to consume it, and the architecture has been designed to address the content protection needs of many different markets.

DReaM is designed as a collection of components; those components can be used together to form a complete system, or they can be integrated with others system components to achieve an interoperable end-to-end system.

A: DReaM is an open framework for rights management where individual component services can be mixed and matched. The fundamental concept is that DRM systems need not be monolithic, end-to-end systems that can only be delivered by a single supplier employing only a limited set of pre-defined components. DReaM-based systems can be optimized end-to-end solutions or hybrid systems with components sourced from multiple suppliers (partners and competitors). The key point is that individual rights to content can be managed independently of the devices where rights can be asserted.

A: There are several key characteristics of DReaM that make it unique:

1. DReaM approaches DRM (and CAS) from a network identity-focused perspective, rather than an device-centric approach.
2. DReaM uses an open approach and fully specifies everything necessary to build heterogenous, interoperable, vendor neutral implementations.
3. DReaM's architecture does not follow the traditional model of "security through obscurity."

DReaM is designed to be royalty free, allowing developers to avoid encumbered technology that carries onerous licensing costs.

A:From the outset, DReaM has been designed to provide content protection for multiple market requirements:

1. We see "infotainment" as an immediate market opportunity. This market will be driven by major media owners and distributors, including network service providers.
2. We believe that rights management for "business" data objects will be very important for enterprise, healthcare, education, financial and government markets. The need to protect documents, spreadsheets and presentations will be critical. Cradle-to-grave protection of data will replace "access control"-only methods to enable better security and data protection.

We also see a massive "life" market opportunity. In the Participation Age, everyone is a producer of content, in addition to being a consumer of content. Anyone with a camera (video or still) or microphone is potentially a producer of content that they would like to share with others... either with compensation (real money or barter value credits) or simply restricted to certain access groups that could be specified by the content producer.

A: Millions of devices today are based on the concept that a user licenses content to the device, not to the individual, making it difficult for a user to easily access content across multiple devices. Sun believes that content should be licensed to the individual, regardless of what device that person is using - a concept we call "personal rights management."

A: Sun's vision is to create content rights management mechanisms that protect intellectual property, respect customer privacy, honor honest use of content, and encourage participation and innovation by all kinds of content providers and consumers. Such mechanisms will enable an open-network-based economic growth engine for both infrastructure and content providers.

Sun also believes that beyond the initial applications in the music/movie domain, DRM has important applications in business, healthcare and government domains. Consider the need for privacy of medical records in the healthcare industry, or the need for businesses to securely manage confidential data.

In addition, with more and more people and devices participating on the network, DRM technologies are increasingly necessary for the individual content creator who wants to securely share personal photographs, home videos or recordings. Sun believes that everyone should have access to the necessary tools to protect and manage their content, whether compensation is a factor or not.

A: Historically, proprietary end-to-end architectures have relied upon obscurity to avoid being cracked by hackers. These systems exist based upon a false foundation of security promises that have been cracked and will continue to be breached. Additionally, lack of interoperability between these proprietary DRM solutions stifles innovation, encumbers the consumer and increases the cost and effort involved in distributing content.

Techniques including code signing, digital signatures and trusted execution architectures such as defined by the Trusted Computing Group (TCG) represent a more robust approach to security and trust. Nearly every major CPU, DSP and SOC (system on a chip) supplier is incorporating dedicated security and trust functions into their current and next generation products. With these new functions becoming pervasive, the ability to deploy secure and trusted content protection systems becomes much more straightforward.

Sun believes that open system architectures are fundamentally more secure and robust than closed, proprietary systems. Open architectures allow for more diverse discussions of technology choices, and for more opportunities to review and improve code. Thus, shortcomings can be better evaluated and corrected to provide the greatest protection possible.

A: No. A DRM system has multiple levels of security, based on multiple layers of trust. The key to maintaining security within a DRM system is the ability to certify conformant components in the trust chain and be able to quarantine broken elements when detected, as well as refresh the various security components over time. No DRM system is perfect; however, with open systems, the opportunity to evaluate and improve protection mechanisms is much greater.

Consider the security that the open source SSL implementations allow. Knowing how a system functions does not help hack the individual ciphers. The root of this question is about the conformance provisions required to ensure that trusted players don't leak content. In order to avoid that problem, the players will need to undergo certification and compliance testing to meet the security requirements that have been specified.