Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Similar presentations

Presentation on theme: "Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk."— Presentation transcript:

1 Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk

2 Introduction DRM Concepts and Strategies Our DRM System DRM Manager Trusted Application Agents Security Agent DRM Credential Security Issues Family Domain Example Use Cases Conclusion

3 3G mobile phone High communication rates 144K ~ 2Mbps Personal Area Networking capability P2P sharing of digital item over short-range networks High Internet Connectivity Losses from piracy Digital Rights Management(DRM) will be an important component for future Mobile phone

4 License File Metadata Usage Rules Encrypted Key Hash Signature Protected Content File Encrypted Content With key in license file DRM System Rendering Software DRM Services


6 MAC of RO Protected RO RO Rights Content Encryption Key (CEK) Permission Digest of Content Content ID Digital Signature of Rights (optional) Right Encryption Key (REK) and MAC Key Decrypt

7 How to interface the DRM and security S/W with the phones OS and applications Two approaches of Schnecks paper Replace the I/O elements of OS with new modules Hyperadvisor Our approach The OS is extended to support DRM functionality Access these extended system services through API

8 Authenticate Licenses and Content Before use protected digital content Need to verify the integrity and authenticity of the license file Computation of hash in the license file Verifying the signature of the license Enforce Rights Application can ask the DRM manager To do Actions like Play, display, copy Actions can be associated with 3 fundamental types of rights Render rights, Transport rights, Derivative work rights Some additional events Need to use a secure database to track events Rights to an action are assigned to a device Decrypt Content

9 Access and manipulate decrypted content Rendering Agents Provide application to render the protected content Provide the low-level driver Convert the digital data The execution of a DRM-protected software application is categorized as a rendering operation Transport Agents Provide services that move content from one location to another The establishment of a Secure Authenticated Channel(SAC) with help of security agent Derivative Work Agents Used to extract and transform protected content into a different form Installation of DRM-protected software or data

10 Memory and file management Access-controlled file system Store decrypted digital content Store a secure database Encrypted private keys and data Memory separation system Configure a hardware monitor to define available memory area to task Secure memory system Prevent critical data from leaking out of the system Linked to tamper detection circuitry Cryptographic operations Symmetric key Hash Public key Key/Certificate manager Securely handling a database of the phones credentials (keys, certificates, ID)

11 Serial number Unchangeable number that identifies the phone Model number Number that identifies HW and SW version Root key Check the authenticity and integrity of the credentials Private keys and Certificates KuPri and UniCert Used for establishing Secure Authenticate Channel(SAC) to a phone KdPri and DRMCert Used for assigning content to a device Content encryption key is encrypted with KdPub and decrypted with KdPri

12 License Four essential items A hash value that links the license to the digital item The rights allowed for that digital item A key to decrypt the digital item A signature of the license Integrity and Authenticity Established through a Public-Key Infrastructure(PKI) or a shared secret Rights Enforcement DRM manager needs to parse the license file and recognize rights expressions DRM manager needs to be able to recognize the version of the license file Content Protection Privacy Issues User information and identity in a license must not disclosed without the consent of the user

13 Consumers wish to user content on any of their devices Suitable for devices with limited or no networking capability Device only needs to register with DA once and can access to all the content in a domain with domain private key


15 Our proposed DRM framework is also applicable to other devices PDA, set-top box, automobile, or a PC Family domain concepts could be make content be more seamlessly shared amongst all devices

Download ppt "Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk."

Similar presentations

Ads by Google