I'm told that IP hinders if not entirely obviates the possibility of creating a reasonable open-source DRM solution. That may well be the case.

In addition to that, the point of security is to protect the user from external attackers. But in the DRM threat model, the user is the attacker essentially and the rights owner is the defender.

Most (streaming) DRM approaches simply try to hide the key and make it time-bound. But in cryptography it's hard to make that anything other than an all or nothing proposition. How can the user be trusted to decrypt the asset and not take advantage of access to the unencrypted data? Are there any frameworks that can be applied to solve the problem and deliver (what I believe to be) a needed solution?

I could be totally wrong and maybe this approach has already been considered but what about finding a way to put the content on a blockchain with multi-signature smart contracts? Granted the information would live on the blockchain but access is only granted through a mutual agreement and everyone else would be locked out. I know blockchains are a buzzword lately but I do see a lot of potential in their application. I'm not sure if what you're proposing is more for a full-fledged streaming service like Netflix or simply giving someone from the press access from home for a preview. I think the blockchain approach might work better for a preview rather than a full streaming service.

Keep in mind that DRM isn't about encryption, that's just a means to an end. DRM is about preventing piracy and enabling flexible pricing models. If you come up with a better way of encrypting the data, without giving a better outcome to those goals, then it's a non-starter. Likewise if you come up with a better way of achieving those goals that doesn't use encryption at all, that's something worth considering.

Michael Hall
mhall119@...

High Fidelity recently (March 22,2018) announced an alliance for publishing assets such as identity, textures, 3D objects, animations and scenes over http using blockchain for the DRM. 

Content developers can already register their creations on the High Fidelity blockchain using our Digital Asset Registry (DAR), which tracks the provenance and ownership of each item. 

Founder Philip Rosedale is also the founder of Second Life, so his approach should be taken seriously. 

https://blog.highfidelity.com/janusvr-and-high-fidelity-found-virtual-reality-blockchain-alliance-3f894ee64ca7

FWIW, Sun Labs came up with an "open" DRM system back in the mid 2000s called DReaM. I don't think it ever took off because of Microsoft's stranglehold on commercial DRM systems. While it's difficult to create a system that will defeat the most advanced of attackers, the requirement for DRM is probably closer to "defend the integrity of the system against attackers arms with an electron microscope, an oscilloscope and a dewar of liquid nitrogen." I'm not sure you need to make your DRM system perfect, just good enough to dissuade casual hackers.