Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Published byDion Worrel Modified over 10 years ago

Similar presentations

Presentation on theme: "Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk."— Presentation transcript:

1 Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk

2 Introduction DRM Concepts and Strategies Our DRM System DRM Manager Trusted Application Agents Security Agent DRM Credential Security Issues Family Domain Example Use Cases Conclusion

3 3G mobile phone High communication rates 144K ~ 2Mbps Personal Area Networking capability P2P sharing of digital item over short-range networks High Internet Connectivity Losses from piracy Digital Rights Management(DRM) will be an important component for future Mobile phone

4 License File Metadata Usage Rules Encrypted Key Hash Signature Protected Content File Encrypted Content With key in license file DRM System Rendering Software DRM Services

5

6 MAC of RO Protected RO RO Rights Content Encryption Key (CEK) Permission Digest of Content Content ID Digital Signature of Rights (optional) Right Encryption Key (REK) and MAC Key Decrypt

7 How to interface the DRM and security S/W with the phones OS and applications Two approaches of Schnecks paper Replace the I/O elements of OS with new modules Hyperadvisor Our approach The OS is extended to support DRM functionality Access these extended system services through API

8 Authenticate Licenses and Content Before use protected digital content Need to verify the integrity and authenticity of the license file Computation of hash in the license file Verifying the signature of the license Enforce Rights Application can ask the DRM manager To do Actions like Play, display, copy Actions can be associated with 3 fundamental types of rights Render rights, Transport rights, Derivative work rights Some additional events Need to use a secure database to track events Rights to an action are assigned to a device Decrypt Content

9 Access and manipulate decrypted content Rendering Agents Provide application to render the protected content Provide the low-level driver Convert the digital data The execution of a DRM-protected software application is categorized as a rendering operation Transport Agents Provide services that move content from one location to another The establishment of a Secure Authenticated Channel(SAC) with help of security agent Derivative Work Agents Used to extract and transform protected content into a different form Installation of DRM-protected software or data

10 Memory and file management Access-controlled file system Store decrypted digital content Store a secure database Encrypted private keys and data Memory separation system Configure a hardware monitor to define available memory area to task Secure memory system Prevent critical data from leaking out of the system Linked to tamper detection circuitry Cryptographic operations Symmetric key Hash Public key Key/Certificate manager Securely handling a database of the phones credentials (keys, certificates, ID)

11 Serial number Unchangeable number that identifies the phone Model number Number that identifies HW and SW version Root key Check the authenticity and integrity of the credentials Private keys and Certificates KuPri and UniCert Used for establishing Secure Authenticate Channel(SAC) to a phone KdPri and DRMCert Used for assigning content to a device Content encryption key is encrypted with KdPub and decrypted with KdPri

12 License Four essential items A hash value that links the license to the digital item The rights allowed for that digital item A key to decrypt the digital item A signature of the license Integrity and Authenticity Established through a Public-Key Infrastructure(PKI) or a shared secret Rights Enforcement DRM manager needs to parse the license file and recognize rights expressions DRM manager needs to be able to recognize the version of the license file Content Protection Privacy Issues User information and identity in a license must not disclosed without the consent of the user

13 Consumers wish to user content on any of their devices Suitable for devices with limited or no networking capability Device only needs to register with DA once and can access to all the content in a domain with domain private key

14

15 Our proposed DRM framework is also applicable to other devices PDA, set-top box, automobile, or a PC Family domain concepts could be make content be more seamlessly shared amongst all devices

Download ppt "Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.

UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.

Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.
Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London

Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Similar presentations

Ads by Google