Over the years, we PC gamers had to give up freedom over our games
because of the various digital rights management (D.R.M) schemes. In
most cases, these end up punishing the legitimate customers than
discouraging piracy----like Uplay didn't let me play Assassins creed 2
after a clean format. But in the current scenario of rampant piracy in PC
games, simply cursing over D.R.M's can't lead to any solution. Think
about it for a while----totally removing these draconian schemes from
our games forever may not help PC gaming in any sustainable way. It
certainly won't do anything towards reducing piracy and at worst, many
AAA developers may stop developing for the PC platform altogether. What
we really need is an alternate content securing system that will never
get in the way of legitimate owners & reward them for their love of
gaming instead of making them fearful for losing access to their games.
It's not hard to notice the pattern in the majority of the D.R.M's----they create a win-lose scenario for the publisher & the customer in most cases. Sure the Safedisc based D.R.M in the PC version of Grand Theft Auto 4 or Crysis does make things easier for the users----unlimited installs in unlimited machines. Now compare these with the D.R.M used in Arkham City (limited 4-5 times installation) or Assassins Creed 2 (less said the better).
I've been thinking about an alternative to these systems which does not punish the legitimate customer in any way. Which doesn't prevent them from sharing their games with someone or installing as many times as they need. Could there be a system which beside doing all the above, can even prevent someone from stealing the game from the owner?
A system which truly works in favor of the legitimate owner & successfully creates a win-win scenario for both publishers & customers. A system which acknowledges the rights & needs of the owner & protects them----even from someone who wishes to cheat or steal the game from the owner. Can it be possible?
That's what I was thinking, too and for quite some time. But for the past few months, I think I have found something that can come close to the above mentioned idea & I would like to share it with you.
This is an idea of an imaginary system which shares some similarities with the existing D.R.M's but is remarkably different in a number of ways. It harnesses the strengths of all of them & the weaknesses of none. It's flexible, modular & adaptable. Simple on the surface but complex & intricate on the inside. I'd like to call it----Content Securing System (or CSS, if you please).
A word here----this system can only be applied to the retail versions. While it's true that the future of disc based retail PC games isn't looking very bright----with lower sales over several years.Digital distribution services like Steam may be the way of the future but in a country like India (where I live) the prospect of these online based services is still in question because of the less-than-steller bandwidth available here. While that may be a function of time more than anything else, but it seems that retail discs still has some life left in it. Also, for me it's hard to beat the feeling of holding a videogame case in my hands.
Now that you know this system will deal with retail discs, lets take a look at the scope of the physical disc based system----they're easy to install,easy to lend or let someone borrow, prone to damage & easy to steal. So any content securing system in the retail region have to properly deal with all these (obviously, minus the damage issue). These scope highlights one major obvious drawback of physical disc based system-----easy to steal. Of course it's the responsibility of the owner to take care of his/her dvds, but this system is well-prepared for any such mistakes on the owner's end.
On the sharing front, I think sharing a game with a friend or a sibling, letting someone borrow it for a while is not just a part of the liberty of a legitimate customer, it's a vital part of a culture as a whole. Maybe not on a corporate level but on a purely social level, sharing is intrinsic to humans. A retail based content securing system should naturally enable the owners to share their games with someone he/she wants.
The basic principle of this system is buyer empowerment. It grants total authority to the legitimate owner of the game. The owner can install/reinstall the game as many times as needed, can install & access the game on several different machines at any time & anywhere he/she wants, can let anyone borrow the game for a limited time & can even resell the game to anyone at any point in time----all while CSS makes absolutely sure that no one can access the game without the permission of the owner. That's really where the real power of this system lies----nothing, no operation, no transaction of the game can be done without the owner's consent. Simply put----the legitimate owner is at the center of the universe in this system. And did I say offline? Yes, you read it right. It's offline for most of the time.
This system only needs to be connected to the internet during a few key steps and it won't take more than a couple of minutes for those. Only when authenticating the game in a machine does this system require an internet connection which is pretty similar to every other drm's out there.
This system will be linked with the game and act like kind of a buffer between the user & the game similarly such as Rockstar games Social club, Steam or Games for Windows Live (GFWL). Just like it's impossible for anyone to access a GFWL game without going through GFWL, this system will act in a similar manner----the game & CSS will be pretty much inseparable.
Now that you know the what this system is like, it's time to focus on the "how" part. How this CSS will aim to accomplish all the above & at what cost. From here I'll explain the workings of the system in great detail. Dear reader, please sit tight & relax, there will be flowcharts, layouts & many other methods along the way so you can have fun while reading the entire time.
But first, we need to know the entities that are generally involved in the area of retail disc based games----there is the owner, who brought the game from a store, the borrower, who can borrow the game from the owner for a limited time & lastly, the second owner to whom the owner may sell the game at a point in time. All of these entities are considered in this system. CSS will acknowledge all 3 of them & adapt itself for each of them so that everyone can access the game under some terms & conditions. There will be restrictions in this system but they are there to such a degree that the cost will be out weighted by the liberty it'll provide to legitimate users.
Just like all the users of GFWL or Steam has their own account stored in the server, similarly there will be all 3 types of accounts in this system (for the owner, borrower & second owner) all connected in a database in the server.
The main trick in this system is that instead of the users, their machines will be authorized & authenticated. I think it will provide tighter security because after all, any password can be stolen or accounts can be hacked. But it's nigh impossible to steal a machine from the user (offline). So if a game is authorized to a machine, the chances of getting the user barred is much less than otherwise. That's why CSS provides authentication of the machine instead of the user.
Also, this will allow higher adaptability of the system based on the type of users. Whether it's the legitimate owner, the borrower or an user who bought the game from the user at any point in time, this system can regulate how they will be able to access the game by varying degree of authorization in their machines or setting the game up in different ways on different machines based on the type of users----it's necessary because the game will act differently on a borrower's machine as opposed to the owner's machine (we'll get there in a while).
The idea is that different types of users will be able to access the game differently----I know, it sounds much restrictive but this system was designed to cover one of the most damaging drawback of disc based retail games----they're easy to steal. CSS allows any owner to lend their game to anyone but at a cost----the game will run as a trial version of a software in a borrower's machine. Because that's what borrowing actually means, right? You get to borrow only for a while. The Borrower is free to choose the time for himself, however.
The game can be installed/reinstalled unlimited times but only on the machines authorized by the right type of the users. The game won't even install in a machine that isn't authorized by the owner in any way----remember all the power of the system will be in the owner's hand. But I'm getting ahead of myself, hold on.
Yes, where was I? Oh, right----all the 3 types of accounts will be stored in the database & connected together. Here's how---
As you can see from this flowchart, there's no bypassing the owner. So, it''ll not be possible for any borrower to give the game to another borrower or sell it to another person without involving the owner. This eliminates any cheating or stealing the game.
That said, the owner's password and username can be stolen & then anyone can log into the owner's account & exploit this whole system. Right? Wrong & that's why this system authenticates the machines of different users instead of the users themselves & a scan of the system happens every time someone logs into the owner's account. As I said before it's practically impossible to steal a machine from an user.
But how can it be done? How can we uniquely identify a computer in this world full of millions of computers? This was one of the biggest challenges I faced coming up with an answer to that. But with a little help from my friends & the internet I have found an answer to that one----The MAC ADDRESS. The Mac address coupled with the complete specification of the machine (from hard drive serial number to keyboard) will be suffice to uniquely identify a computer, I think.
But users do upgrade their computers & operating system from time to time & the Mac address & specification will change----what then? Well that's covered too & will be discussed in a while. Please read on.
So you know this system accommodates itself to suit for different types of users of a game----the owner, the borrower & the second owner. There are different authentication processes for all 3 users to ensure everyone can play the game the way it's meant to, and the install/reinstall time is unlimited for all.
About the scan I was talking about----Whenever the owner or borrower logs in to his/her account, a scan of the system will take place automatically. This scan will be mandatory. After scanning the given machine the results will be checked against the specifications stored in the database to be certain about the current machine. Based on the results of this scan, some user specific options will be available. This is another step towards making sure that nobody can't cheat on the owner by knowing his/her password & misuse their rights.
At this point (if you're still here), all of this may seem a little confusing & a bit out of order, but when all these methods will be explained sequentially & how exactly they fit piece by piece into the big picture, things will seem more coherent.
Now we'll explore the authentication processes/how the game will work for each of the users in full detail-----
Authentication process for the Owner:
Alright, here's what & how it happens. The owner buys the game, the game comes with it's unique serial number & the owner inserts the dvd in the drive. Pretty standard affair & identical to the existing drms like GFWL. But here, the game won't be installed first. Remember I said the CSS system will be completely linked with the game? The owner needs to go to the website of CSS & create an account first----again, exactly like GFWL or Steam. Internet connection is required in this stage (obviously).
1. Owner enters name, username, email, mobile number, sets a password & enters the serial number that came with the game.This completes the account creation of the owner. The serial number is for one-time use only & never needed again. These steps can be done at any computer.
2. Now it's time for authenticating the owner's machine. This step MUST be done at the owner's computer. After account creation, the option for authenticating owner's machine will be available. The mac address along with the total configuration of the system is uploaded & stored in the database of the website. These should suffice as an unique identifier of a computer. This makes the online certification process complete. After that, a generated serial number will be sent to the owner's email
account. We'll see the purpose of this in a little while.
3. It's time for offline certification. In this step, several small hidden files will be put in the machine----now don't freak out, these files will be necessary for the installation/re installation of the game offline. How else will the software know that the computer is authenticated/identify the computer without the presence of some registry entries or files when offline? Nearly every piece of software creates some sort of record of it after installation. So I don't think this in any way qualifies as unusual or scary.
All this security will be necessary because it's very easy to steal a physical copy. Alright, let's get back on track.
After this step, the machine is successfully authorized. There will be no online requirement (unless playing multiplayer) further and unlimited number of installation can be done.
Now here's a flow chart of the complete process:
Now when re-installing the game, CSS will just check for the files in the machine. If it finds them, the game will install successfully offline & if it doesn't (in case of a drive format), then CSS will require an internet connection to check the machine with the record that's stored in the server (Mac address & specification). If the machines match, CSS will again create the files in the hard drive of that computer & the game can be re-installed like before.
Now it's the time to address the burning question----What happens when the user upgrades his/her machine? The Mac address is ought to change then. Yup, it will & to address this question, I want to first show you the layout of the owner's account/the options available in there:
A word here, remember every time an user logs in to his/her account, a mandatory scan of the machine will occur? The options available to the user is based on that scan. Now only when the user logs in to his/her account using the authorized machine, (most of) these options in the flow chart will appear. Because the user logs in to their account with their username & password----which can be stolen or hacked otherwise. The owner can log in to his/her account from any machine but can't make all of these changes. This is done to make sure that the rights of the owner is not misused in any way.
See that second option in the flow chart? Here's how it goes----The owner upgrades his/her computer, logs in to his/her account in the website from the new machine & clicks that option. Remember, after the online authentication, a serial number was sent to the owner's e-mail? That number is required here to complete the authentication process which is similar to the one described above but here the serial number is required first to start the process. Then the new machine will be recognized as the owner's machine. After the online certification is complete, another serial number is generated & sent to owner's email for similar purpose in the future.
Each time an owner successfully authenticates a machine, a new serial number is sent to their e-mail & each time he/she upgrades their machine, that number is required for authenticating the new machine.
Look, I believe that when it comes to physical disc based retail games, the authentication process have to be very different from the conventional way & one of the fundamental ideas of CSS is creating a bond between the game & the machine. While the owner is given full authority to change the said machine to another----according to their convenience & that's precisely what brings us to the next part of this system:
Free/Owner's slots
The idea behind free slots mean that the owner can authenticate & authorize a limited number of machines----essentially bringing the same functions of his/her machine to a limited number of machines of their own selection. Bringing/enlisting a machine in a free slot means the owner or anyone can access the game (almost) the same way like in the owner's certified machine.
Most people have more than one machines--like a PC & a laptop. Now limiting access to the game via only one of the machines can be restrictive for the owner----cause I think the owner should have the rights to access or play the game anytime & anywhere he/she wishes & that's exactly the sole purpose of free/owner's slots. It enables the above mentioned owner to access or play the game in the laptop/in any other machines while they are away from their certified machine. This way the legitimate owner is not restricted or bound to play the game on only one machine.
Playing in a free slot does have it's limitations----accessing a game through a machine which is recognized by CSS as a free slot (recorded in the database online) requires the DVD in the drive all the time. There can be only a maximum of 3 free slots for an owner & those can be revoked at any time.
Now that you know the "why"s & "what"s of the free slots, let's focus on the "how" part. You ready? Let's go-----
Procedure of Free slot creation:
1. The owner logs in to his/her account using a different machine than the certified machine. After logging in successfully (after the mandatory scan of the machine) there will be an option to use that machine as a free slot (see third flow-chart). If it's clicked, first the DVD drive of the machine will be checked to see if the drive contains the game disc or not.
2. If the machine contains the disc, the authentication process will commence----the system will be authenticated the same way (Mac address & spec recorded & hidden files placed).
3. There's another small step involved in the free slot authentication. A randomly generated code will be sent to the owner's mobile (remember owner's mobile number is recorded during account creation) & the owner is required to enter that code. This process is similar to the 2-way authentication process of Google. This is the last step involved in the free slot authentication process.
This step is required to ensure tighter security over the creation of free slots----if someone steals the discs & the owner's password, it'll still not be possible for him/her to enlist their computer in a free slot because the owner's mobile phone is involved in this process & it's nigh-impossible to separate anyone from their cellphone.
Here's a flow chart of the entire process:
CSS enables a way for the owner to carry their saved games on a free slot so that he/she can continue the game from anywhere. This provides a seamless interaction between the gamer (owner) & the game across different machines in different places.
See the last option? It enables the owner to simply upload their savegames to the website whenever he/she logs into their account from the certified (owner's) machine. The owner can also use this feature to backup their saved games.
Now whenever the owner logs into their account from a free slot, there will be an option to store/transfer the savegames on that machine. Clicking that option will automatically download all the saved game files into the free slot.
Here is the layout/list of options available to the owner in the website when accessing his/her account from a free slot:
Remember the free slots can be revoked at any time the owner wishes. It's real simple. Here's how:
Revoking a Free slot:
Whenever the owner or any user for that matter, logs in to his/her account through a free slot, the option to revoke the machine as a free slot will appear ( just like the usual process--after a mandatory scan the option will appear based on the machine----remember?). After clicking the option,simply a randomly generated code will be sent to the owner's mobile & that code is required to be entered----that's pretty much it. Then the machine will be successfully revoked.
During revocation, CSS will delete the records of that machine enlisted as a free slot in the database of the website. The game will be uninstalled by the system & all the hidden files will be removed----this is to ensure that the game can't be played again through that machine.
That's it----that's how CSS enables/empowers the owner to play the game from anywhere in any machine of his/her choice.
If you're getting impatient, I would suggest taking a break at this point. I'll be right here.
You're back? Alright. Now we will go into some different territories with CSS. Until now, we've seen how CSS deals with the owner & now we'll look at how it deals with the borrower & second owner. Here we will see how CSS supports game sharing or how this system enables the legitimate owner to share or let their friends/family members borrow their games.
CSS allows anyone to borrow the game from the owner at a cost----the game runs like a trial version of a software at the borrower's machine. Now this may seem overly restrictive & limiting at first glance but I assure you it's not. The borrower can install/re-install the game on his/her machine unlimited times & doesn't need the disc to play.
I've had some experience where letting someone borrow a game led me to losing the game altogether-----this made me realize how vulnerable disc based games can be. Now of course it's the owner's responsibility----who they choose to let borrow their games & it all comes down to trust issues but still I was thinking a lot on this----how can this fear be minimized if not eliminated entirely.
The best I can come up at this point is if somehow the game can be set up on a borrower's machine in such a way that it runs for a limited time then both ends can be met----the owner can let anyone borrow a game & any dishonest borrower can't cheat the owner in any way.
With that said, let's take a detailed look at how CSS will achieve this:
Authentication process for Borrower:
The account creation of the borrower is very different from owner or the second owner. The borrower can't create his/her own account, it has to be created by the user. The borrower can only log into his/her account from a machine. Remember I said no one can access the game without active intervention or permission of the owner? That's how it goes. Both the owner's & Borrower's machine is involved in this process, although the borrower can log into his/her account in any computer, the authentication process must be done in his/her own machine----just like the owner.
In the final stage of authentication, there will be a field for setting the time limit----the period of time the borrower will get to play the game. Now this is vital, the purpose of CSS is to create a win-win situation for both customers & publishers. Now don't hate me for this but if there is no time limit then a borrower might never feel like buying a game, he/she can simply borrow from a friend & play as long as he/she wants----this scenario can happen for older games. It can spell disaster for the sales of PC games. Again, I know that this is a bold step but please bear with me.
The borrower gets to choose the time limit themselves. After that, the borrower will just have to buy the game if they truly want to play it that bad. Think of it as extended try-before-you buy from the perspective of the borrower.
The rest of the authentication process will be same as the owner----Mac address & system configuration will be recorded into the database and the hidden files will be placed for offline authentication. In case of upgrading, the process is the same as the owner. You can say the difference between the experience of the owner & the borrower is the free slots & the time limit.
Alright, now that you know the different parts of this process, let's see how they fit together into the picture.
1. The account activation process of the borrower is divided in two steps. The first step occurs at the owner's machine. There will be an option to create one or several borrower's account in the owner's account when he/she logs into their account from their certified machine. The owner needs to enter the borrower's name & email id. After that, a random password will be generated & it will be tied to this newly created borrower's account.
2. The borrower needs to write down/keep a record of that password in the owner's home or the owner needs to inform the password to the borrower. This is the first step of the account activation of the borrower.
3. Now the borrower needs to activate his/her account. It's the second step of account activation. In the general layout of the website, there will be a field where any user can log in to their respective account.
He/she needs to click this "Login" field & enter the password (with his email-id,of course). After entering the password,the system will connect the earlier account where that password was generated to the newly logged user. CSS keeps record of every generated password & no two passwords will be the same. Then the borrower's account will be activated.
Now the borrower can authenticate his/her machine. Remember game installation won't take place unless the machine is authenticated.
4. These steps must be done in the borrower's own machine. When the borrower logs into his/her account after activation, there will be an option for authenticating the machine. Clicking it will result in a recording of the machine which is similar to the owner's authentication (Mac address + system configuration). The hidden files will be created as usual.
5. Now it's time for the very last step of the authentication process. In this step, the borrower will be given a selection of time limits to choose from. The time limits will be----7 days, 15 days & 30 days.
After choosing a time limit from the above options, the authentication process of the borrower is completed.
Now, this part needs some explanation. Let's say the borrower chooses the time limit of 15 days. The system or buffer between the game & the user (CSS here) sets up the game in the borrower's machine in such a way that the borrower won't be able to access the game anymore beyond the time limit (the 15th day ) & the game will uninstall itself automatically.
And how does it do that? Well, as far as I know how trial versions work----the software creates a time counter generally in one of the system folders of the OS which after logged, stops at the specified time frame. The software also creates some registry keys & other hidden entries in the machine. After the time limit has been crossed, CSS removes the game completely from borrower's machine----that means uninstalling the game & removing all hidden files associated with the game.
Only after activation,the game can be installed in the borrower's machine. Installation/re-install time is unlimited, only under the time limit. The borrower can also upgrade his/her machine the same way the owner can.
Here's a flow chart of the entire process:
This wraps up how CSS enables game sharing or letting someone borrow a game from the owner.
Now that we've looked at how CSS enables a structured ( & vigilant) way of game sharing, let's take a look at how this system handles game re-selling & buying. Take a break at this point if you need one.
Alright, let's begin. CSS allows an owner to resale their games to a game store or another person at any point in time & it all starts with the owner----as everything else in this system. The second owner,whether bought the game directly from the owner or from a game store, has his/her account linked with the owner as shown in the very first flow chart.
The game selling & buying comes at a cost, though. The second owner doesn't get any free slots. Now don't be mad at me, he/she can still buy free slots as needed (maximum 3) from the publisher of the game.
The account creation process of the second owner is very different from the borrower & more in line with the owner.
In the third flowchart, you can see the option available to the owner to "deactivate game". When it's clicked, the deactivation process (discussed in detail below) commences & afterwards a serial number is generated & sent to the owner's e-mail. That serial number is required for account creation of a new owner. Deactivation of the game ensures that the owner won't be able to access the game again. Think of it as a wrapping up process for the previous owner.
Authentication process for the second owner:
1. Just like every operation in CSS, it all begins with the owner in his/her certified machine.After clicking the option to deactivate the game (internet connection is required in this step), these processes occur:
All the free/owner's slots are revoked (process described earlier).
The game is uninstalled from the owner's machine & all offline records are removed so that the game can't be accessed again from that machine.
A random serial number is generated & sent to the owner's e-mail.
------all these processes will execute sequentially & in order.
2. At this point,the owner can sell the game to a game store or to any person. The serial number which is generated in the previous step is necessary & is required along with the sold game. That's the key to the new owner's account creation process.
3. The buyer or second owner,after buying the game from a store or from the previous owner directly, can create his/her account in the same way as the previous owner (process described earlier)----using that serial number.
4. CSS remembers all the generated serial numbers & the users that logs in/creates account with those.Whenever someone creates an account with that serial number, CSS automatically links their account with the one from which that serial number was generated. The previous owner's account is not removed from the database of the website & CSS links the newly created account with that----this helps to recognize CSS that it is an account of a person who bought the game from the owner (the generated password is different in type than the borrower's one). With this knowledge, CSS sets up the game on the new owner's machine in a way that's different from the previous owner in only one way----the exclusion of the free slots.
The free slots (maximum 3) can be bought by the second owner from the publisher.
5. The second owner needs to authenticate his/her machine prior to the game installation. Again, the authentication process of the second owner is the same as the previous owner (process described earlier).
6. After that, the game is ready to install & play. Remember, the second owner can install/reinstall the game unlimited times, let anyone borrow the game----only he/she doesn't get any ready free slots.
Here's a flow chart of the entire process:
....and here's the layout of the options that are available to the new/second owner after logging into his/her account. Again, as per the mandatory scan, these options (except the second one) are only available to the second owner when they access their account from their certified machine.
So that wraps up things on the second owner's front. We've seen how CSS deals with all the 3 entities that are involved in the realm of retail based PC gaming, but hold on, we're not done yet. We're almost there but if you stayed this long, I encourage you to stay just a little longer.
Vigilance is the price to pay for safety & it's the safety of the rights of the legitimate owner that this system is geared to protect----at all costs. Now we will see what happens when the game is accessed by an unauthorized person in a machine that's not recognized by CSS in any way. Simply put, if someone steals the game & tries to run it from his/her machine, how will CSS respond to this? It's explained in full detail in the flow chart below:
It's always authentication first, installation second for CSS----and with that dear reader, we are now close to the end of this article.
Now that you know the 'why','what' & 'how' of this alternate content securing system in it's entirety (the parts I've managed to create, at least), it's time for the point of this article----What's it really all about? Frankly, I am just one PC gamer in the long line of gamers who felt cheated after getting barred from accessing the games they bought legitimately. Now instead of cursing & name calling, I found it more constructive & useful to seek out an idea of a different/alternate system which will never punish the legitimate customers in any way.
CSS doesn't exist anywhere except my mind. So I want to know what you really think about it. Do you believe that an alternate content securing system like CSS in needed to be created? Do you think a system like CSS can successfully create a win-win situation for both legitimate customers & the publishers? Do you believe that CSS can change disc based retail PC gaming for the better? I can't wait to know.
If I had the resources to turn this idea into a fully formed system, I surely would. But the fact is, the only thing I can do at this point with this idea is to share it with you. So if by chance you are a developer or you work for one of the major companies in the field of D.R.M's like Sony or Microsoft, please let me know what you think about this idea. There may be several technical barriers (that I don't know of yet) or loopholes in this system & as with any idea, the more people are involved in the development process,the more loopholes can be found or fixed.
But technical barriers aside, I want to know what you think about the core ideas of this system. CSS is all about owner empowerment & takes into account all the entities that are involved in retail disc based PC gaming & enables game sharing & game reselling in a structured way.It's quite vigilant but I believe it's usefulness out-weights it's restrictions.
Honestly, at this this point I don't have any idea about it's future. All I know about this idea is that starts with me here but absolutely ends with you.
It's not hard to notice the pattern in the majority of the D.R.M's----they create a win-lose scenario for the publisher & the customer in most cases. Sure the Safedisc based D.R.M in the PC version of Grand Theft Auto 4 or Crysis does make things easier for the users----unlimited installs in unlimited machines. Now compare these with the D.R.M used in Arkham City (limited 4-5 times installation) or Assassins Creed 2 (less said the better).
I've been thinking about an alternative to these systems which does not punish the legitimate customer in any way. Which doesn't prevent them from sharing their games with someone or installing as many times as they need. Could there be a system which beside doing all the above, can even prevent someone from stealing the game from the owner?
A system which truly works in favor of the legitimate owner & successfully creates a win-win scenario for both publishers & customers. A system which acknowledges the rights & needs of the owner & protects them----even from someone who wishes to cheat or steal the game from the owner. Can it be possible?
That's what I was thinking, too and for quite some time. But for the past few months, I think I have found something that can come close to the above mentioned idea & I would like to share it with you.
This is an idea of an imaginary system which shares some similarities with the existing D.R.M's but is remarkably different in a number of ways. It harnesses the strengths of all of them & the weaknesses of none. It's flexible, modular & adaptable. Simple on the surface but complex & intricate on the inside. I'd like to call it----Content Securing System (or CSS, if you please).
A word here----this system can only be applied to the retail versions. While it's true that the future of disc based retail PC games isn't looking very bright----with lower sales over several years.Digital distribution services like Steam may be the way of the future but in a country like India (where I live) the prospect of these online based services is still in question because of the less-than-steller bandwidth available here. While that may be a function of time more than anything else, but it seems that retail discs still has some life left in it. Also, for me it's hard to beat the feeling of holding a videogame case in my hands.
Now that you know this system will deal with retail discs, lets take a look at the scope of the physical disc based system----they're easy to install,easy to lend or let someone borrow, prone to damage & easy to steal. So any content securing system in the retail region have to properly deal with all these (obviously, minus the damage issue). These scope highlights one major obvious drawback of physical disc based system-----easy to steal. Of course it's the responsibility of the owner to take care of his/her dvds, but this system is well-prepared for any such mistakes on the owner's end.
On the sharing front, I think sharing a game with a friend or a sibling, letting someone borrow it for a while is not just a part of the liberty of a legitimate customer, it's a vital part of a culture as a whole. Maybe not on a corporate level but on a purely social level, sharing is intrinsic to humans. A retail based content securing system should naturally enable the owners to share their games with someone he/she wants.
The basic principle of this system is buyer empowerment. It grants total authority to the legitimate owner of the game. The owner can install/reinstall the game as many times as needed, can install & access the game on several different machines at any time & anywhere he/she wants, can let anyone borrow the game for a limited time & can even resell the game to anyone at any point in time----all while CSS makes absolutely sure that no one can access the game without the permission of the owner. That's really where the real power of this system lies----nothing, no operation, no transaction of the game can be done without the owner's consent. Simply put----the legitimate owner is at the center of the universe in this system. And did I say offline? Yes, you read it right. It's offline for most of the time.
This system only needs to be connected to the internet during a few key steps and it won't take more than a couple of minutes for those. Only when authenticating the game in a machine does this system require an internet connection which is pretty similar to every other drm's out there.
This system will be linked with the game and act like kind of a buffer between the user & the game similarly such as Rockstar games Social club, Steam or Games for Windows Live (GFWL). Just like it's impossible for anyone to access a GFWL game without going through GFWL, this system will act in a similar manner----the game & CSS will be pretty much inseparable.
Now that you know the what this system is like, it's time to focus on the "how" part. How this CSS will aim to accomplish all the above & at what cost. From here I'll explain the workings of the system in great detail. Dear reader, please sit tight & relax, there will be flowcharts, layouts & many other methods along the way so you can have fun while reading the entire time.
But first, we need to know the entities that are generally involved in the area of retail disc based games----there is the owner, who brought the game from a store, the borrower, who can borrow the game from the owner for a limited time & lastly, the second owner to whom the owner may sell the game at a point in time. All of these entities are considered in this system. CSS will acknowledge all 3 of them & adapt itself for each of them so that everyone can access the game under some terms & conditions. There will be restrictions in this system but they are there to such a degree that the cost will be out weighted by the liberty it'll provide to legitimate users.
Just like all the users of GFWL or Steam has their own account stored in the server, similarly there will be all 3 types of accounts in this system (for the owner, borrower & second owner) all connected in a database in the server.
The main trick in this system is that instead of the users, their machines will be authorized & authenticated. I think it will provide tighter security because after all, any password can be stolen or accounts can be hacked. But it's nigh impossible to steal a machine from the user (offline). So if a game is authorized to a machine, the chances of getting the user barred is much less than otherwise. That's why CSS provides authentication of the machine instead of the user.
Also, this will allow higher adaptability of the system based on the type of users. Whether it's the legitimate owner, the borrower or an user who bought the game from the user at any point in time, this system can regulate how they will be able to access the game by varying degree of authorization in their machines or setting the game up in different ways on different machines based on the type of users----it's necessary because the game will act differently on a borrower's machine as opposed to the owner's machine (we'll get there in a while).
The idea is that different types of users will be able to access the game differently----I know, it sounds much restrictive but this system was designed to cover one of the most damaging drawback of disc based retail games----they're easy to steal. CSS allows any owner to lend their game to anyone but at a cost----the game will run as a trial version of a software in a borrower's machine. Because that's what borrowing actually means, right? You get to borrow only for a while. The Borrower is free to choose the time for himself, however.
The game can be installed/reinstalled unlimited times but only on the machines authorized by the right type of the users. The game won't even install in a machine that isn't authorized by the owner in any way----remember all the power of the system will be in the owner's hand. But I'm getting ahead of myself, hold on.
Yes, where was I? Oh, right----all the 3 types of accounts will be stored in the database & connected together. Here's how---
This is how all the different accounts will be connected
As you can see from this flowchart, there's no bypassing the owner. So, it''ll not be possible for any borrower to give the game to another borrower or sell it to another person without involving the owner. This eliminates any cheating or stealing the game.
That said, the owner's password and username can be stolen & then anyone can log into the owner's account & exploit this whole system. Right? Wrong & that's why this system authenticates the machines of different users instead of the users themselves & a scan of the system happens every time someone logs into the owner's account. As I said before it's practically impossible to steal a machine from an user.
But how can it be done? How can we uniquely identify a computer in this world full of millions of computers? This was one of the biggest challenges I faced coming up with an answer to that. But with a little help from my friends & the internet I have found an answer to that one----The MAC ADDRESS. The Mac address coupled with the complete specification of the machine (from hard drive serial number to keyboard) will be suffice to uniquely identify a computer, I think.
But users do upgrade their computers & operating system from time to time & the Mac address & specification will change----what then? Well that's covered too & will be discussed in a while. Please read on.
So you know this system accommodates itself to suit for different types of users of a game----the owner, the borrower & the second owner. There are different authentication processes for all 3 users to ensure everyone can play the game the way it's meant to, and the install/reinstall time is unlimited for all.
About the scan I was talking about----Whenever the owner or borrower logs in to his/her account, a scan of the system will take place automatically. This scan will be mandatory. After scanning the given machine the results will be checked against the specifications stored in the database to be certain about the current machine. Based on the results of this scan, some user specific options will be available. This is another step towards making sure that nobody can't cheat on the owner by knowing his/her password & misuse their rights.
At this point (if you're still here), all of this may seem a little confusing & a bit out of order, but when all these methods will be explained sequentially & how exactly they fit piece by piece into the big picture, things will seem more coherent.
Now we'll explore the authentication processes/how the game will work for each of the users in full detail-----
Authentication process for the Owner:
Alright, here's what & how it happens. The owner buys the game, the game comes with it's unique serial number & the owner inserts the dvd in the drive. Pretty standard affair & identical to the existing drms like GFWL. But here, the game won't be installed first. Remember I said the CSS system will be completely linked with the game? The owner needs to go to the website of CSS & create an account first----again, exactly like GFWL or Steam. Internet connection is required in this stage (obviously).
1. Owner enters name, username, email, mobile number, sets a password & enters the serial number that came with the game.This completes the account creation of the owner. The serial number is for one-time use only & never needed again. These steps can be done at any computer.
2. Now it's time for authenticating the owner's machine. This step MUST be done at the owner's computer. After account creation, the option for authenticating owner's machine will be available. The mac address along with the total configuration of the system is uploaded & stored in the database of the website. These should suffice as an unique identifier of a computer. This makes the online certification process complete. After that, a generated serial number will be sent to the owner's email
account. We'll see the purpose of this in a little while.
3. It's time for offline certification. In this step, several small hidden files will be put in the machine----now don't freak out, these files will be necessary for the installation/re installation of the game offline. How else will the software know that the computer is authenticated/identify the computer without the presence of some registry entries or files when offline? Nearly every piece of software creates some sort of record of it after installation. So I don't think this in any way qualifies as unusual or scary.
All this security will be necessary because it's very easy to steal a physical copy. Alright, let's get back on track.
After this step, the machine is successfully authorized. There will be no online requirement (unless playing multiplayer) further and unlimited number of installation can be done.
Now here's a flow chart of the complete process:
Now when re-installing the game, CSS will just check for the files in the machine. If it finds them, the game will install successfully offline & if it doesn't (in case of a drive format), then CSS will require an internet connection to check the machine with the record that's stored in the server (Mac address & specification). If the machines match, CSS will again create the files in the hard drive of that computer & the game can be re-installed like before.
Now it's the time to address the burning question----What happens when the user upgrades his/her machine? The Mac address is ought to change then. Yup, it will & to address this question, I want to first show you the layout of the owner's account/the options available in there:
A word here, remember every time an user logs in to his/her account, a mandatory scan of the machine will occur? The options available to the user is based on that scan. Now only when the user logs in to his/her account using the authorized machine, (most of) these options in the flow chart will appear. Because the user logs in to their account with their username & password----which can be stolen or hacked otherwise. The owner can log in to his/her account from any machine but can't make all of these changes. This is done to make sure that the rights of the owner is not misused in any way.
See that second option in the flow chart? Here's how it goes----The owner upgrades his/her computer, logs in to his/her account in the website from the new machine & clicks that option. Remember, after the online authentication, a serial number was sent to the owner's e-mail? That number is required here to complete the authentication process which is similar to the one described above but here the serial number is required first to start the process. Then the new machine will be recognized as the owner's machine. After the online certification is complete, another serial number is generated & sent to owner's email for similar purpose in the future.
Each time an owner successfully authenticates a machine, a new serial number is sent to their e-mail & each time he/she upgrades their machine, that number is required for authenticating the new machine.
Look, I believe that when it comes to physical disc based retail games, the authentication process have to be very different from the conventional way & one of the fundamental ideas of CSS is creating a bond between the game & the machine. While the owner is given full authority to change the said machine to another----according to their convenience & that's precisely what brings us to the next part of this system:
Free/Owner's slots
The idea behind free slots mean that the owner can authenticate & authorize a limited number of machines----essentially bringing the same functions of his/her machine to a limited number of machines of their own selection. Bringing/enlisting a machine in a free slot means the owner or anyone can access the game (almost) the same way like in the owner's certified machine.
Most people have more than one machines--like a PC & a laptop. Now limiting access to the game via only one of the machines can be restrictive for the owner----cause I think the owner should have the rights to access or play the game anytime & anywhere he/she wishes & that's exactly the sole purpose of free/owner's slots. It enables the above mentioned owner to access or play the game in the laptop/in any other machines while they are away from their certified machine. This way the legitimate owner is not restricted or bound to play the game on only one machine.
Playing in a free slot does have it's limitations----accessing a game through a machine which is recognized by CSS as a free slot (recorded in the database online) requires the DVD in the drive all the time. There can be only a maximum of 3 free slots for an owner & those can be revoked at any time.
Now that you know the "why"s & "what"s of the free slots, let's focus on the "how" part. You ready? Let's go-----
Procedure of Free slot creation:
1. The owner logs in to his/her account using a different machine than the certified machine. After logging in successfully (after the mandatory scan of the machine) there will be an option to use that machine as a free slot (see third flow-chart). If it's clicked, first the DVD drive of the machine will be checked to see if the drive contains the game disc or not.
2. If the machine contains the disc, the authentication process will commence----the system will be authenticated the same way (Mac address & spec recorded & hidden files placed).
3. There's another small step involved in the free slot authentication. A randomly generated code will be sent to the owner's mobile (remember owner's mobile number is recorded during account creation) & the owner is required to enter that code. This process is similar to the 2-way authentication process of Google. This is the last step involved in the free slot authentication process.
This step is required to ensure tighter security over the creation of free slots----if someone steals the discs & the owner's password, it'll still not be possible for him/her to enlist their computer in a free slot because the owner's mobile phone is involved in this process & it's nigh-impossible to separate anyone from their cellphone.
Here's a flow chart of the entire process:
CSS enables a way for the owner to carry their saved games on a free slot so that he/she can continue the game from anywhere. This provides a seamless interaction between the gamer (owner) & the game across different machines in different places.
See the last option? It enables the owner to simply upload their savegames to the website whenever he/she logs into their account from the certified (owner's) machine. The owner can also use this feature to backup their saved games.
Now whenever the owner logs into their account from a free slot, there will be an option to store/transfer the savegames on that machine. Clicking that option will automatically download all the saved game files into the free slot.
Here is the layout/list of options available to the owner in the website when accessing his/her account from a free slot:
Remember the free slots can be revoked at any time the owner wishes. It's real simple. Here's how:
Revoking a Free slot:
Whenever the owner or any user for that matter, logs in to his/her account through a free slot, the option to revoke the machine as a free slot will appear ( just like the usual process--after a mandatory scan the option will appear based on the machine----remember?). After clicking the option,simply a randomly generated code will be sent to the owner's mobile & that code is required to be entered----that's pretty much it. Then the machine will be successfully revoked.
During revocation, CSS will delete the records of that machine enlisted as a free slot in the database of the website. The game will be uninstalled by the system & all the hidden files will be removed----this is to ensure that the game can't be played again through that machine.
That's it----that's how CSS enables/empowers the owner to play the game from anywhere in any machine of his/her choice.
If you're getting impatient, I would suggest taking a break at this point. I'll be right here.
You're back? Alright. Now we will go into some different territories with CSS. Until now, we've seen how CSS deals with the owner & now we'll look at how it deals with the borrower & second owner. Here we will see how CSS supports game sharing or how this system enables the legitimate owner to share or let their friends/family members borrow their games.
CSS allows anyone to borrow the game from the owner at a cost----the game runs like a trial version of a software at the borrower's machine. Now this may seem overly restrictive & limiting at first glance but I assure you it's not. The borrower can install/re-install the game on his/her machine unlimited times & doesn't need the disc to play.
I've had some experience where letting someone borrow a game led me to losing the game altogether-----this made me realize how vulnerable disc based games can be. Now of course it's the owner's responsibility----who they choose to let borrow their games & it all comes down to trust issues but still I was thinking a lot on this----how can this fear be minimized if not eliminated entirely.
The best I can come up at this point is if somehow the game can be set up on a borrower's machine in such a way that it runs for a limited time then both ends can be met----the owner can let anyone borrow a game & any dishonest borrower can't cheat the owner in any way.
With that said, let's take a detailed look at how CSS will achieve this:
Authentication process for Borrower:
The account creation of the borrower is very different from owner or the second owner. The borrower can't create his/her own account, it has to be created by the user. The borrower can only log into his/her account from a machine. Remember I said no one can access the game without active intervention or permission of the owner? That's how it goes. Both the owner's & Borrower's machine is involved in this process, although the borrower can log into his/her account in any computer, the authentication process must be done in his/her own machine----just like the owner.
In the final stage of authentication, there will be a field for setting the time limit----the period of time the borrower will get to play the game. Now this is vital, the purpose of CSS is to create a win-win situation for both customers & publishers. Now don't hate me for this but if there is no time limit then a borrower might never feel like buying a game, he/she can simply borrow from a friend & play as long as he/she wants----this scenario can happen for older games. It can spell disaster for the sales of PC games. Again, I know that this is a bold step but please bear with me.
The borrower gets to choose the time limit themselves. After that, the borrower will just have to buy the game if they truly want to play it that bad. Think of it as extended try-before-you buy from the perspective of the borrower.
The rest of the authentication process will be same as the owner----Mac address & system configuration will be recorded into the database and the hidden files will be placed for offline authentication. In case of upgrading, the process is the same as the owner. You can say the difference between the experience of the owner & the borrower is the free slots & the time limit.
Alright, now that you know the different parts of this process, let's see how they fit together into the picture.
1. The account activation process of the borrower is divided in two steps. The first step occurs at the owner's machine. There will be an option to create one or several borrower's account in the owner's account when he/she logs into their account from their certified machine. The owner needs to enter the borrower's name & email id. After that, a random password will be generated & it will be tied to this newly created borrower's account.
2. The borrower needs to write down/keep a record of that password in the owner's home or the owner needs to inform the password to the borrower. This is the first step of the account activation of the borrower.
3. Now the borrower needs to activate his/her account. It's the second step of account activation. In the general layout of the website, there will be a field where any user can log in to their respective account.
He/she needs to click this "Login" field & enter the password (with his email-id,of course). After entering the password,the system will connect the earlier account where that password was generated to the newly logged user. CSS keeps record of every generated password & no two passwords will be the same. Then the borrower's account will be activated.
Now the borrower can authenticate his/her machine. Remember game installation won't take place unless the machine is authenticated.
4. These steps must be done in the borrower's own machine. When the borrower logs into his/her account after activation, there will be an option for authenticating the machine. Clicking it will result in a recording of the machine which is similar to the owner's authentication (Mac address + system configuration). The hidden files will be created as usual.
5. Now it's time for the very last step of the authentication process. In this step, the borrower will be given a selection of time limits to choose from. The time limits will be----7 days, 15 days & 30 days.
After choosing a time limit from the above options, the authentication process of the borrower is completed.
Now, this part needs some explanation. Let's say the borrower chooses the time limit of 15 days. The system or buffer between the game & the user (CSS here) sets up the game in the borrower's machine in such a way that the borrower won't be able to access the game anymore beyond the time limit (the 15th day ) & the game will uninstall itself automatically.
And how does it do that? Well, as far as I know how trial versions work----the software creates a time counter generally in one of the system folders of the OS which after logged, stops at the specified time frame. The software also creates some registry keys & other hidden entries in the machine. After the time limit has been crossed, CSS removes the game completely from borrower's machine----that means uninstalling the game & removing all hidden files associated with the game.
Only after activation,the game can be installed in the borrower's machine. Installation/re-install time is unlimited, only under the time limit. The borrower can also upgrade his/her machine the same way the owner can.
Here's a flow chart of the entire process:
This wraps up how CSS enables game sharing or letting someone borrow a game from the owner.
Now that we've looked at how CSS enables a structured ( & vigilant) way of game sharing, let's take a look at how this system handles game re-selling & buying. Take a break at this point if you need one.
Alright, let's begin. CSS allows an owner to resale their games to a game store or another person at any point in time & it all starts with the owner----as everything else in this system. The second owner,whether bought the game directly from the owner or from a game store, has his/her account linked with the owner as shown in the very first flow chart.
The game selling & buying comes at a cost, though. The second owner doesn't get any free slots. Now don't be mad at me, he/she can still buy free slots as needed (maximum 3) from the publisher of the game.
The account creation process of the second owner is very different from the borrower & more in line with the owner.
In the third flowchart, you can see the option available to the owner to "deactivate game". When it's clicked, the deactivation process (discussed in detail below) commences & afterwards a serial number is generated & sent to the owner's e-mail. That serial number is required for account creation of a new owner. Deactivation of the game ensures that the owner won't be able to access the game again. Think of it as a wrapping up process for the previous owner.
Authentication process for the second owner:
1. Just like every operation in CSS, it all begins with the owner in his/her certified machine.After clicking the option to deactivate the game (internet connection is required in this step), these processes occur:
All the free/owner's slots are revoked (process described earlier).
The game is uninstalled from the owner's machine & all offline records are removed so that the game can't be accessed again from that machine.
A random serial number is generated & sent to the owner's e-mail.
------all these processes will execute sequentially & in order.
2. At this point,the owner can sell the game to a game store or to any person. The serial number which is generated in the previous step is necessary & is required along with the sold game. That's the key to the new owner's account creation process.
3. The buyer or second owner,after buying the game from a store or from the previous owner directly, can create his/her account in the same way as the previous owner (process described earlier)----using that serial number.
4. CSS remembers all the generated serial numbers & the users that logs in/creates account with those.Whenever someone creates an account with that serial number, CSS automatically links their account with the one from which that serial number was generated. The previous owner's account is not removed from the database of the website & CSS links the newly created account with that----this helps to recognize CSS that it is an account of a person who bought the game from the owner (the generated password is different in type than the borrower's one). With this knowledge, CSS sets up the game on the new owner's machine in a way that's different from the previous owner in only one way----the exclusion of the free slots.
The free slots (maximum 3) can be bought by the second owner from the publisher.
5. The second owner needs to authenticate his/her machine prior to the game installation. Again, the authentication process of the second owner is the same as the previous owner (process described earlier).
6. After that, the game is ready to install & play. Remember, the second owner can install/reinstall the game unlimited times, let anyone borrow the game----only he/she doesn't get any ready free slots.
Here's a flow chart of the entire process:
....and here's the layout of the options that are available to the new/second owner after logging into his/her account. Again, as per the mandatory scan, these options (except the second one) are only available to the second owner when they access their account from their certified machine.
So that wraps up things on the second owner's front. We've seen how CSS deals with all the 3 entities that are involved in the realm of retail based PC gaming, but hold on, we're not done yet. We're almost there but if you stayed this long, I encourage you to stay just a little longer.
Vigilance is the price to pay for safety & it's the safety of the rights of the legitimate owner that this system is geared to protect----at all costs. Now we will see what happens when the game is accessed by an unauthorized person in a machine that's not recognized by CSS in any way. Simply put, if someone steals the game & tries to run it from his/her machine, how will CSS respond to this? It's explained in full detail in the flow chart below:
It's always authentication first, installation second for CSS----and with that dear reader, we are now close to the end of this article.
Now that you know the 'why','what' & 'how' of this alternate content securing system in it's entirety (the parts I've managed to create, at least), it's time for the point of this article----What's it really all about? Frankly, I am just one PC gamer in the long line of gamers who felt cheated after getting barred from accessing the games they bought legitimately. Now instead of cursing & name calling, I found it more constructive & useful to seek out an idea of a different/alternate system which will never punish the legitimate customers in any way.
CSS doesn't exist anywhere except my mind. So I want to know what you really think about it. Do you believe that an alternate content securing system like CSS in needed to be created? Do you think a system like CSS can successfully create a win-win situation for both legitimate customers & the publishers? Do you believe that CSS can change disc based retail PC gaming for the better? I can't wait to know.
If I had the resources to turn this idea into a fully formed system, I surely would. But the fact is, the only thing I can do at this point with this idea is to share it with you. So if by chance you are a developer or you work for one of the major companies in the field of D.R.M's like Sony or Microsoft, please let me know what you think about this idea. There may be several technical barriers (that I don't know of yet) or loopholes in this system & as with any idea, the more people are involved in the development process,the more loopholes can be found or fixed.
But technical barriers aside, I want to know what you think about the core ideas of this system. CSS is all about owner empowerment & takes into account all the entities that are involved in retail disc based PC gaming & enables game sharing & game reselling in a structured way.It's quite vigilant but I believe it's usefulness out-weights it's restrictions.
Honestly, at this this point I don't have any idea about it's future. All I know about this idea is that starts with me here but absolutely ends with you.
Comments
Post a Comment