スライド 1_1_

Document Sample
スライド 1_1_ Powered By Docstoc
					        Not only Safe
       but Competitive

             Presentation to
Copy Protection Technical Working Group
           October 22, 2003

   Far East Engineering Corp, Tokyo Japan
            Makoto Saito/Rie Saito
     Content Protection Technologies
          ~Industry Efforts Today and Tomorrow~

                       Local Reference Monitor            Home Network
                              Microsoft          DTCP          Establishment
                DRM            NGSCB                           of a Protected
                                                              Digital Domain
                               Intel             HDCP
Protection       CA                                                   through
                             LaGrande
at the Source                                                 Link Protection
Encryption                      ARM
                                                 CPRM           Technologies
                 CSS
Methods                      TrustZone
                                                              Internet
                CPPM          Others
                                                 Secure
                                                 Export
                                                                   Key Server
                        Consumer Platform                   Externally Controlling
                       PC, DTV, Mobile, etc…                 Reference Monitor
                    The Principle
                of Content Protection
                     Cipher Key(K1)     Cipher Key(K2)




Encrypted Content Input                            Encrypted Content Output

                          Decryption   RE-Encryption
                                       (Rights Enforcement Encryption)




               The Decryption and RE-Encryption Operations
                are accomplished entirely within the secure
                environment i.e. hardware such as chipset.
                  Three Models
              of Content Protection
                                                               Key
                                                               Server


        Platform         Platform
        Local Key        Local key              External Key




1. Passive Key Chain   2. Hybrid Key Chain   3. Active Key Chain
       Model                 Model                  Model
    How to make Digital Content
        Safe and Flexible ?
Policy on Content Protection under Content Owner Control
Reference Monitor is defined as software that lets a content owner
   set specific policies for determining how the content is used


                            Reference
                             Monitor


      Passive Key            Hybrid Key           Active Key
        Content               Content              Content
       Protection            Protection           Protection

         Local Key          A Combination         External Key
          built-in         of Local Key and       from Remote
     Consumer Platform       External Key           Key Server
    How to embed “Competitive-
      Advantage” in Policy ?
    Policy on User Choice under Content Owner Control
Competition would drive consumers to buy products from companies
       who allowed more freedom of use with their content
e.g. Digital First Sale, Digital Gift, Time-Shift, Space-Shift, Backup-Copy, Editing, etc…


                                     Reference
                                      Monitor


        Passive Key                   Hybrid Key                  Active Key
          Content                      Content                     Content
         Protection                   Protection                  Protection

            User                         User                         User
           Choice                       Choice                       Choice
          How to realize
     the “Balance” in Policy ?
      Using RE-Encryption and RE-Decryption
              for Policy Enforcement
          RE-Encryption is Content Protection
 and RE-Decryption is Fair-Use Execution as User Choice


                      Reference
                       Monitor


 Content Rights                         Fair-Use Rights
  Enforcement                            Enforcement
  Encryption                             Decryption
(RE-Encryption)                        (RE-Decryption)
    Equations of the “Balance”
C1=E(M,K1): Encryption for Digital Content Distribution

M=D(C1,K1): Decryption for Pay per Use

C i=E(D(C i-1,K i-1),K i): RE-Encryption for Content Protection

M=D(C i,K i): RE-Decryption for Fair-Use Execution as User Choice

i≧2
C : Cipher text
M : plaintext Material
K : Key
E : Encryption operation
D : Decryption operation
Encryption and Decryption normally utilize symmetric ciphers,
meaning that E and D are equivalent
               Scope of Implementation
           ~Enforcement of whatever Policy there is~

                                  Reference
                                   Monitor


   Rights     Passive Key                   Rights     Active Key
Enforcement     Content     Decryption   Enforcement    Content      Decryption
Decryption                               Decryption
               Protection                              Protection


   User          Rights     Pay per         User          Rights     Pay per
  Choice      Enforcement     Use          Choice      Enforcement     Use
              Encryption                               Encryption


                                  Hybrid Key
                                   Content
                                  Protection
          Our Feedback
     to Intel LT Policy Team
Standard       LaGrande Technology
Hardware         Protected Hardware



                     Reference
                      Monitor
Standard
   OS




 Apps
Adherence to Intel LT Policies
   ~Online Connection with Key Server~
          OS
 User                            System is ready
 Mode          Protected
                Kernel                                           Key Server
 Kernel        (Filter Driver)                       Idea No.2
 Mode                               Idea No.1
                                    Kernel to Kernel (Ring 0)

                                                Extension of TPM/SSC
                                                Active Key & Passive Key
LaGrande Technology
                                        Enforcing                          LPC
                                       Decryption                          AGP
 CPU                     Chip Set
                                       /Encryption                         USB
                                                                           PCI
                                                       Protected Channels
      Key Server based on
   Reference Monitor Concept
Standard Reference Monitor               External Reference Monitor


         Policy                                    Policy



                         Separation of       Remote Decision
        Decision
                         Policy and
                         Enforcement


      Enforcement                              Enforcement



                                          Local Reference Monitor
                Externally Controlled
                 Content Migration
                                                                    Digital
                                                                   Contents
           Billing and Traceability
           Who Accessed, Which Data,
              When and Where ?                 K1                    (K1)



∞
                                                             Pay per Use
               K4/K5                            K1/K2
                                 Key Sever

                                             K2/K3
                              K3/K4
Transfer
(K4)
                                                        Transfer
                                                        (K2)


                              Transfer
                              (K3)
 How Key Server works

                                                            User Choice
                                                        1. Digital First Sale
 Copyrights                          Fair-use           2. Digital Gift
                                                        3. Time-Shift
Management                         Management           4. Space-Shift
    Unit                               Unit             6. Backup-Copy
                                                        7. Editing
                                                        8. If any




Authentication                        Key
 Management                         Generation
    Unit                               Unit           RE-Decryption Key
                                                      for User Choice



                 Decryption Key    RE-Encryption Key
                 for Pay per Use   for Content Protection
  The Goal of Key Server Model
                                 Key Server
         Policy on User Choice              Policy on Content Protection
      under Content Owner Control          under Content Owner Control



         Fair-Use Execution                        Content Protection
               Domain                                    Domain
            for Consumer                           for Content Owner

                                 Decryption Key
          RE-Decryption Key      for Pay per Use      RE-Encryption Key
          for User Choice                             for Content Protection
                                   Enforcement

Encrypted Content Input                                   Encrypted Content Output


                              Consumer Platform
For further information
 URL : www.h4.dion.ne.jp/~drm
 e-mail : drm-saito@k3.dion.ne.jp
Thank you
Appendix : Passive Key Chain Model

   Digital
  Contents



Encrypted
Content
             Decryption        RE-Encryption           RE-Decryption    RE-Encryption
                                                                                        Migration
             for Pay per Use   for Copyright           for Fair-Use     for Copyright
                               Protection              Execution        Protection
                                                       as User Choice




                                                Platform
                                               Local Key
  Appendix : Hybrid Key Chain Model
             Key1                           Key Server
   Digital
  Contents
                                K1                                K2                          K2
Encrypted
Content       Decryption                                                     RE-Encryption
                                                                                             Migration
              for Pay per Use                                                for Copyright
                                                                             Protection



                                RE-Encryption               RE-Decryption


                                for Copyright               for Fair-Use
                                Protection                  Execution
                                                            as User Choice




                                                Platform
                                                Local Key
    Appendix : Active Key Chain Model
                                                Key Server
   Digital   Key1
  Contents
                               K1         K2           K2        K3           K3

Encrypted
Content
             Decryption         RE-Encryption            RE-Decryption    RE-Encryption
                                                                                          Migration
             for Pay per Use    for Copyright            for Fair-Use     for Copyright
                                Protection               Execution        Protection
                                                         as User Choice
           Appendix :
   Case Study of Digital Paradox
Consumer’s Question
Consumers can resell CDs purchased in a music shop,
but what about digital music files downloaded from
an online store ?
Content Owner’s Question
How to get rid of consumer’s copy after they resell
the content to someone else via Internet ?
Service Provider’s Question
Digital content services that develop techniques for
easily reselling and transferring contents as gifts would
have a competitive advantage over those of rivals.
Are such techniques now available ?
Appendix : Data Migration Issues
        to be discussed
There are two solutions to achieve data migration.
One is decrypting data temporarily on migration and
the other is encrypting data on migration.

Temporary decryption is more suitable for data migration
without raising fears of remote-controlled PCs.
But piracy is possible in this case, so content owners
rarely allow consumers temporary decryption.

Though migration of encrypted data needs to be controlled
externally by remote Key Server, there is no fear of piracy.
This means it’s easy for content owners to allow
consumers more freedom of use with their contents.
Appendix : Key for Digital Economy
~You can get the Key anytime and anywhere~

New Infrastructure balancing Consumer Rights with Creator Rights



                           Distributed
   TV                      Key Server                     Car
                            Network

DVD Player               Creator Society

                                                    PC
                         Mobile Phone

                 Copyrighted Content Migration
 Appendix : Patent Information

Content Protection                               Fair-Use Execution
     Patents                                           Patents
    (RE-Encryption)                                  (RE-Decryption)

                           How to protect both
                            Digital Copyrights
                                    and
                             Fair-Use Rights
                            at the same time
    Key Server
     Patents                                       Other Patents
                                                 (Watermarking and etc….)
 (Externally Controlling
   Reference Monitor)
The End

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:7
posted:6/26/2011
language:English
pages:25