BBC iPlayer Mobile Downloads & DRM
Mobile BBC iPlayer has been around in various forms since March on the iPhone and iPod touch.
It's proved very popular, yet we've always been aware that by only offering streaming, it misses out on one of the key use cases of mobile and portable devices - offline playback of programmes on planes, trains etc.
The Nokia N96 is the first device we've come across that really ticks all the boxes in terms of having all the features and capabilities we need to offer this: it's got a powerful browser, 3G and WLAN support and, crucially, it supports the OMA DRM 2 specification.
The BBC only has rights to make TV programmes available in iPlayer for a limited number of days after the original broadcast - so, when we provide downloadable programmes, we have to use DRM (Digital Rights Management) technology which ensures that the programme is only available to users on the phone for the allowed number of days.
OMA DRM 2 is such a DRM solution. It was designed a few years ago by the Open Mobile Alliance (the main mobile industry group that creates such things) and has been emerging in phones for the last year or so, now including the Nokia N96.
Until now, it's largely only the mobile operators that have been using it, but in order to provide the download experience we want to offer, we've decided to license the technology and build the server systems necessary to package and distribute our programmes in the OMA DRM 2 format.
As well as enabling us to provide downloadable programmes to the N96, the OMA DRM 2 system is available on a growing number of handsets, and so we expect our investment here to help enable us to provide mobile BBC iPlayer on a range of mobiles.
In order to build the necessary DRM servers, the BBC has taken licenses from three companies: CoreMedia, who provided us with a software development kit which allowed us to build the system in a few short weeks; Intertrust, which is a leading inventor and patent owner of technology in the OMA DRM 2 specification and CMLA (Content Management License Administrator), which is the leading Certificate Authority (CA) and "Root Of Trust" for the OMA DRM 2 system. I think this last one warrants a little more explanation.
On a technical level, the OMA DRM 2 system uses a certificate system similar to that used in SSL and other secure communication systems to identify the various parties involved in the download of DRM content to a phone (device model, device manufacturer, content distributor, CA etc).
The certificates provided by CMLA are preinstalled on the phones and integrated with our server system, and this allows each party to identify each other and confirm that the certificate is genuine and issued by CMLA - and, crucially, the server and phone are able to check the other party's certificates status with CMLA to determine whether the certificate is still trusted. This is the essence of "trust" in a DRM system.
The content creators and owners "trust" CMLA to manage the certificate status of devices and service providers like us so that, should a device implementation become compromised, or a service provider go "bad", they can be taken out of the system easily and without any explicit action by any other party (e.g. the BBC).
There is a lot more subtlety, complexity and technical detail underneath the surface in this topic. Interested readers will find more detail on the internet.
Matthew Postgate is Controller, BBC Mobile.