Friday, April 1. 2005
DRMBlog Q & A - Simplima
DRMBlog Reader Question: Have you guys come across this Simplima co? Any info you could share?
DRMBlog Response:
Until this request, I had not heard of Simplima Co. I doubt that I'll be giving you any more information than you already know. We downloaded Simplima's eMaze client but were unable after several attempts to get a sample document to test the platform. The download document request page timed out while trying to submit its form. I did a bit of searching online and all I could readily find was a little bit about the company and only the barest business-language description of its DRM product. Most of the information that I found comes from Simplima's own company website, its entrepreneurial incubator's website (Van Leer Technology Center, formerly Docor-Shalem Technology Entrepreneurship Center), and a couple of other websites dedicated to finding more investor capital for high-tech groups (Incubators.org; trendlines.com).
Simplima Co is an Israeli digital rights management company that has recently emerged from incubation by Van Leer Technology Center in Jerusalem. Simplima is still very young and is looking for both seed investment and strategic partners to sell either their products or probably their entire company to.
Simplima's biggest (if not only) product is a technology called eMaze. eMaze is a digital rights management software package that's designed for multimedia: text, audio, images, and video. It allows the customer to download a multimedia file and view it on a specially-written multimedia player, or a "controller module" as Simplima calls it. It seems like the player is the actual controlling device for determining what rights are current or have expired. eMaze is written in Java, which makes sense that Simplima is selling it as cross-platform technology: Generic technology, providing portability to a large variety of devices such as PC, Palm, Cellular Phone, Digital TV. After the rights to the file have expired, based on the number of times it was accessed or a duration of time, the file automatically deletes itself (or the player deletes the file the next time it is accessed without rights). Simplima calls this its "Remote Object Control" technology or ROC.
So far, none of this sounds very interesting or "outside the box". The only really intriguing aspect of Simplima is that it acknowledges to both itself and its customers that all DRM schemes will be broken.
To compensate for the fallibility of all multimedia security platforms, Simplima supposedly designed eMaze to regularly cycle through both file formats and the security components of those formats. Simplima calls this its "Flexible Structure Component" (FSC).
While I do believe that they can cycle through their file formats and security components, there will be a random number generator of some type performing the task of choosing which formats to use when the file is sent. Anytime there is a computer calling the shots, a person can figure out the algorithm that was used to guide the computer. I'm not saying it's easy, but it's certainly possible, whether by person or by a script written by a person. Plus, since the control mechanism is written into the local player, that means that the player either already has the information to decode the file or will have it when the file is sent; this means that a person or script can intercept the decoding information.
Even though the file format and security components will be cycled randomly with each new file, eMaze can only have a limited number of possible formats. That number may be seven or two-thousand, but it's still a limited number. Each time a file format is broken and stripped, that information can be be placed into a word-bank of sorts. From then on it's simply a matter of matching up future files to the previously broken schemes.
Even though I've been highly critical of Simplima and its eMaze so far, I think that their attempts to reconcile former DRM shortcomings through a different, flexible approach is good. If it is to survive at all and actually fulfill the promises it makes to content owners and customers alike, the DRM industry needs to follow Simplima's lead in admitting that DRM's are made to be broken and tailor their systems to address that fact. Even if Simplima's eMaze isn't as indestructible as they say it is, creating a system that's more trouble than its worth to break is one step toward actually making a digital rights management scheme that works. But this new approach would work best if it was coupled with some effort from the content-owners. Throw in some incentives to make people prefer to pay for their content and you might one day be able to achieve a working DRM solution that takes advantage of human nature instead of butting heads with it.
Author: Ginger Cox
Disclaimer: Neither DRMBlog nor its contributors condone the act of breaking or reverse engineering digital rights management systems to steal content. Reverse engineering a product to work on a different platform or offer a feature that the market does not support is a different matter altogether. The discussion herein is strictly for academic and/or personal understanding of how DRM systems work, their shortcomings, and their potentially worthwhile features.
DRMBlog Response:
Until this request, I had not heard of Simplima Co. I doubt that I'll be giving you any more information than you already know. We downloaded Simplima's eMaze client but were unable after several attempts to get a sample document to test the platform. The download document request page timed out while trying to submit its form. I did a bit of searching online and all I could readily find was a little bit about the company and only the barest business-language description of its DRM product. Most of the information that I found comes from Simplima's own company website, its entrepreneurial incubator's website (Van Leer Technology Center, formerly Docor-Shalem Technology Entrepreneurship Center), and a couple of other websites dedicated to finding more investor capital for high-tech groups (Incubators.org; trendlines.com).
Simplima Co is an Israeli digital rights management company that has recently emerged from incubation by Van Leer Technology Center in Jerusalem. Simplima is still very young and is looking for both seed investment and strategic partners to sell either their products or probably their entire company to.
Simplima's biggest (if not only) product is a technology called eMaze. eMaze is a digital rights management software package that's designed for multimedia: text, audio, images, and video. It allows the customer to download a multimedia file and view it on a specially-written multimedia player, or a "controller module" as Simplima calls it. It seems like the player is the actual controlling device for determining what rights are current or have expired. eMaze is written in Java, which makes sense that Simplima is selling it as cross-platform technology: Generic technology, providing portability to a large variety of devices such as PC, Palm, Cellular Phone, Digital TV. After the rights to the file have expired, based on the number of times it was accessed or a duration of time, the file automatically deletes itself (or the player deletes the file the next time it is accessed without rights). Simplima calls this its "Remote Object Control" technology or ROC.
So far, none of this sounds very interesting or "outside the box". The only really intriguing aspect of Simplima is that it acknowledges to both itself and its customers that all DRM schemes will be broken.
“…Simplima’s solution is based on entirely different concepts than current offerings in the marketplace, as Simplima’s basic assumption is that given enough means and opportunity, everything can be hacked. The challenge is to localize, complicate and limit the hackers’ ability to cause damage, and enable the content providers to engage in their ongoing business operations effectively and efficiently…”Simplima argues that its eMaze is written with this assumption in mind. And although I can't say that their eMaze will be any more or less effective than your average DRM, I will applaud them for trying to build a system that takes into account the inevitable nature of digital rights management and file security.
To compensate for the fallibility of all multimedia security platforms, Simplima supposedly designed eMaze to regularly cycle through both file formats and the security components of those formats. Simplima calls this its "Flexible Structure Component" (FSC).
Each time content is distributed to the user, it arrives in a different format which is randomized each and every time. Not only is the format randomized, but the components of the format (control and security) change randomly each and every time.Simplima argues that this randomly-chosen encryption will limit the total area of access that a hacker would have in each instance of breaking the system. If a user wanted access to more than one file, they'd have to break each new format and security components separately. They say, too, that their system can't be broken with a script.
While I do believe that they can cycle through their file formats and security components, there will be a random number generator of some type performing the task of choosing which formats to use when the file is sent. Anytime there is a computer calling the shots, a person can figure out the algorithm that was used to guide the computer. I'm not saying it's easy, but it's certainly possible, whether by person or by a script written by a person. Plus, since the control mechanism is written into the local player, that means that the player either already has the information to decode the file or will have it when the file is sent; this means that a person or script can intercept the decoding information.
Even though the file format and security components will be cycled randomly with each new file, eMaze can only have a limited number of possible formats. That number may be seven or two-thousand, but it's still a limited number. Each time a file format is broken and stripped, that information can be be placed into a word-bank of sorts. From then on it's simply a matter of matching up future files to the previously broken schemes.
Even though I've been highly critical of Simplima and its eMaze so far, I think that their attempts to reconcile former DRM shortcomings through a different, flexible approach is good. If it is to survive at all and actually fulfill the promises it makes to content owners and customers alike, the DRM industry needs to follow Simplima's lead in admitting that DRM's are made to be broken and tailor their systems to address that fact. Even if Simplima's eMaze isn't as indestructible as they say it is, creating a system that's more trouble than its worth to break is one step toward actually making a digital rights management scheme that works. But this new approach would work best if it was coupled with some effort from the content-owners. Throw in some incentives to make people prefer to pay for their content and you might one day be able to achieve a working DRM solution that takes advantage of human nature instead of butting heads with it.
Author: Ginger Cox
Disclaimer: Neither DRMBlog nor its contributors condone the act of breaking or reverse engineering digital rights management systems to steal content. Reverse engineering a product to work on a different platform or offer a feature that the market does not support is a different matter altogether. The discussion herein is strictly for academic and/or personal understanding of how DRM systems work, their shortcomings, and their potentially worthwhile features.
