The Content Management Licensing Administrator ("CMLA") is a Limited Liability Corporation ("LLC") created by four companies, Intel, Nokia, Panasonic and Samsung, to implement a "trust model" for the Open Mobile Alliance ("OMA") Digital Rights Management ("DRM") technical specification Version 2.0 standard and subsequent versions. The CMLA trust model defines a compliant implementation of this specification for use with a wide variety of digital client devices and applications (e.g. Smartphones, Tablets, CE Devices, Laptops, PCs and other digital clients and media distribution services. CMLA is not a standards body itself but enables the media ecosystem of the OMA standards body. The vision of CMLA is to enable a wide and trusted distribution of premium content to the large digital ecosystem. To accomplish this CMLA has these primary objectives:
CMLA provides the following operational functions:
A company becomes a licensee of the CMLA system when they enter into one of the three participation agreements: Client Adopter Agreement, Service Provider Agreement or Content Participant Agreement. By signing these agreements a company joins the CMLA ecosystem and receives the rights and obligations associated with it.
Similarly, a company wishing to join the UltraViolet™ ecosystem can simultaneously join both CMLA and UltraViolet™ by signing the chosen CMLA role agreement (and its UltraViolet™ Addendum) and its associated UltraViolet™ role agreement. CMLA is fully deployment approved in the UltraViolet™ ecosystem.
Similarly, a company wishing to join the Mobile Broadcast ecosystem can join both CMLA and the Mobile Broadcast system by signing the CMLA role agreement and it's Mobile Broadcast Addendum.
In the broadest sense, all participants in the digital ecosystem can benefit as CMLA makes operational a standards-based DRM system targeted to enable trusted distribution of premium media. Consumers gain expanded digital media experiences. Other beneficiaries include:
The CMLA operating principles have been developed with the intention of maximizing the trust of all participants in the value chain and providing as fair and neutral an operation as can be done within the objectives of CMLA. Both providers and consumers of content must have confidence in the CMLA trust model. Founders realize that trust is not achieved on the basis of a document or a declaration but earned but with collaboration, neutrality and non-discriminatory manner of making and applying its decisions. This must be balanced with the requirements to run CMLA operations efficiently and effectively over a long period of time. CMLA must also make decisions coming from the operational experience and feedback and requirements from all key constituencies maintaining a balance between the needs and priorities of adopters. Founders therefore have provided important participation to stakeholder groups in CMLA change management through the CMLA Advisory Board. Founders are bound by the same agreements as all other Service Providers, Client Adopters or Content Participants (as applicable) when they use the CMLA ecosystem for their products and services.
The technical foundation of the CMLA environment adheres to OMA DRM v2 specification. CMLA compliance is premised upon conformance with the OMA DRM v2 specification. The technology necessary to implement to the OMA DRM v2 specification is licensed by the relevant IPR owners and is not licensed by CMLA. For information about OMA IPR guidelines, interested parties must contact the OMA.
CMLA does have technology it licenses to implement the CMLA trust model. CMLA has developed the CMLA Technical Specification that sets forth the technical requirements that must be met by CMLA licensees in order to provide device and application clients or services that are CMLA compliant. This specification generally deals with issues related to distribution and management of keys and certificates issued by the CMLA. Key generation and provisioning must comply with the CMLA-specified security requirements and involves a compliant central facility for the root Certificate Authority and technical and administrative arrangements for the generation and distribution of keys and certificates for use by the service providers and client manufacturers. CMLA generates and distributes millions of keys and certificates. CMLA also maintains a revocation mechanism which makes it possible to prevent further consumption of new content by devices whose keys have become compromised. As the OMA DRM v2 specification changes over time, the updates are reviewed for viability, security, backwards compatibility and other factors at an appropriate time following the change. CMLA may minimally interpret OMA DRM specifications for the purpose of correction of errors and omissions in the CMLA Technical Specification without incorporating additional functionality. Modifications of the CMLA Technical Specification including for error correction will balance multiple factors, including backwards compatibility and user convenience. The CMLA Technical Specification does not change or alter the underlying OMA DRM specification in any way. CMLA does however advance as the OMA DRM specification advances. CMLA does support the OMA DRM specification version 2.1 for example.
In one material aspect the CMLA Technical Specification introduces additional functionality not shared by other (non-CMLA) OMA DRM v2 devices. This is a CMLA Trust Module adding an additional layer of trust in that devices that are able to respond to authentication challenges unique to CMLA will be recognized as coming from sources that have accepted the CMLA requirements regarding robustness and compliance. The Trust Module incorporates technology specially developed by CMLA to provide this necessary functionality for which patents exist (“CMLA IP”). An added benefit from including the Trust Module will be, subject to successful patent prosecution, the ability of CMLA to carry out legal IPR enforcement actions against parties using CMLA IP without signing license agreements. Such actions could be employed to stop such parties from making and selling circumvention devices. The ability to pursue such claims helps protect and enhance the success of the CMLA environment. The CMLA fee schedule does not include a royalty specific to the Trust Module. A license for the Trust Module is included in each of the Client Adopter, Service Provider, Content Participant, and Reseller license agreements. The cost for developing the Trust Module, including the patenting of IP, are reflected in the startup costs of the CMLA and will be recovered through the overall fee structure.
CMLA was developed to provide the business/legal and authentication system whereby trusted implementation in support of the OMA DRM v2 specification could be brought to market with confidence and new extensions could be enabled into new markets over time.
CMLA supports OMA DRM v2 specification but also extends its reach into new markets as opportunities arise. Founders also had active participation in the development of the OMA DRM 2.0 specification as did myriad other companies in the mobile digital ecosystem.
OMA DRM v2 provides the building blocks for interoperability through well-defined protocols and behaviors. However, DRM interoperability also contains an element of security measures. By introducing a common trust framework, CMLA seeks to improve DRM interoperability by introducing a system where devices from multiple vendors are expected to have equal access to DRM protected content because all CMLA devices conform to an agreed level of robustness and compliance. CMLA compliant devices and applications are also OMA DRM v2 compliant and therefore can be used in a non-CMLA environment.
The CMLA Frequently Asked Questions and Answers is available for download here.
You can find and download the CMLA License Agreements here.
You can find and download the CMLA Technical Specifications here.
You can find and download the CMLA Developer Resources here.
You can find all the latest CMLA News and Notices here.