Presentation is loading. Please wait.

Presentation is loading. Please wait.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights)

Published byMilton Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights)"— Presentation transcript:

1

2 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights) Oriented Access Control Commands for Optical Disk Device  "UDAC" is being registered as a trademark of Fujitsu Limited.

3 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 2 Requirements of Access Control Requirements Availability to set variable access conditions and enforce it for the IPR owner Network security Authentication of Users and Devices Access control over multiple domains Pre-distribution of protected contents (cache or distribution within disk ROM)

4 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 3 UDAC Architecture Feature Universal Distribution IPR Owner Content Procurer Access Control Use Encrypted Content

5 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 4 Basic Access Control Model Control Hardware Environment Content IPR owner Content Procurer Use IPR Owner Area Protected Area Open Area Hardware Protection Fire-wall UDAC- VPN Feature

6 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 5 High efficiency of IP distribution Fairly payment corresponding to the usage by the service user Certain pay corresponding to the provision by the service provider Robust Access Control Universal Distribution Simultaneous realization Feature

7 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 6 Features Satisfies all the access control requirements OS/Device independent Available the existing infrastructures IPR oriented Access Control of content Reflects hardware robustness Available the risk distribution to devices Feature

8 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 7 Support Generic Content Content played statically (Doc., Image) Stream Content (Sound, Movie) –Encryption of a unit content for accounting Interactive Content (Program code, Presentation) –Protection of the part as movie or sound –Protection of the kernel code Feature

9 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 8 Ex.: Protection from Illegal Use IPR Owner ACD Replication Content Key / Password I’d like to let only D play this content Play Content Access Control UDAC Protection Feature

10 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 9 Kernel Technique (1) Device Authentication (2) Network Model (3) UDAC-ACL (Access Control List) (4) UDAC-License (5) Inter-domain Administration Satisfies all the requirements Tech.

11 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 10 (1) Device Authentication Under access control after any replications Doc.ImageData Copy Check Environment Decode Network distribution Distribution by ROM-Disk Replication ??? Tech.

12 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 11 Device ID (PCSUE* ID) Tech. * PCSUE: Physical Component of a Specific Usage Environment

13 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 12 (2) Network Model Content IPR owner Content Procurer PCSUE Id Decryption Keys Content Decryption Key IPR owner area Protected area Open area PCSUE ID PCSUE 1) Protected 2) Copy / Distribute 3) 4) PCSUE ID 7) 5) License 6) 8) Tech. PCSUE Certificates PCSUE ID * PCSUE: Physical Component of a Specific Usage Environment LICENSE SERVER SYSTEMCLIENT SYSTEM Create & set access conditions Mutual authentication between IPR owner and devices

14 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 13 (3) UDAC-ACL cn=Movie1, ou=planning, o=fujitsu, c=jp Tech. To set the variable access conditions udac_acl play: ( (group = fujitsu OR group = mtfuji) AND 45661244 < MSN < 45661412) OR count < 1 ; edit: user = yuji OR user = hata OR smartCard = 1afd234fe4def458c3bae78497bbda6f ; copy: group = fujitsu OR count < 1 ; Group, members of which are able to Play Scope of MSN which must be insertedAvailable number PIN which must be inserted when the content is modified

15 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 14 Account Conditions Tech. 1) Max. Number of playing 2) Max. Length of playing 3) Max. Time to be able to play 4) Payment for a unit content 5) Limitation of date and time

16 UDAC( Universal Distribution with Access Control ) 15 Standard Format InformationProgram Reference Counter SuperdistributionCenter Redistribution of Income Charge Income Contents Provider Hardware Vendor Retailer Charge Income Usage Counter Usage Record Reference Record Tech. Copyright 1994-7, FUJITSU LIMITED, 013

17 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 16 A License Server Domain Y Domain X ACL of C 1 Client (4) UDAC-License License includes: C 1 Decryption Key and Subset of ACL. Tech. udac_license read: group = soft4soft AND MSN = 45661388; C1C1 Inter-domain licensing

18 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 17 Licensing Protocol Model License Server Procurer Client PCSUE1 PCSUE2 PCSUE N PCSUEi K Ci : Shared private key for class of PCSUEi K Pi : Private key in PCSUEi. K Ci, DSN, K Si. (1) Request to use IPR- protected content (4) Send license   I Ci : Identifier of PCSUE class K Si : Session key AC i : Access condition PCSUEi can enforce K C : Content decryption key (5) Decrypt licenses in turn (6) Decrypt K C and the content I Ci {T}K X : T can be decrypted by K X Network device I C1, {K S1, hash} K P1 +  I Ci, {K Si, hash} K Pi +  I CN, {K SN, hash} K PN I C1, {PCSUE-ID 1, hash} K S1 +  I Ci, {PCSUE-IDi, hash} K Si +  I CN, {PCSUE-ID N, hash} K SN {{... {K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC 1, hash} K P1 {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),...AC i, hash} K Pi Risk Distribution to each device (PCSUE) Tech. (2) Send Session Key (3) Report certificates

19 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 18 Structure of License {{... {K C, AC N, hash} K PN, AC N-1, hash} K P(N-1), AC i, hash} K Pi, AC 1, hash} K P1 Access Condition Enforceable in PCSUE i Private key in PCSUE i Content Decryption Key Tech.

20 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 19 Inter-PCSUE Licensing PCSUE i+1 PCSUE i PCSUE i-1 K Pi : K Ci, DSN or K Si. : Licenser in the view point of PCSUEi : Licensee in the view point of PCSUEi {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1), AC i, hash} K Pi {...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1) Tech.

21 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 20 Ex. - Applying to Current PC PCSUE i+1 PCSUE i PCSUE i-1 Pass through Tech. Procurer Client (Host) {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1), AC i, hash} K Pi {...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1) Pass through Licenser Licensee Licensing Relation Licenser Licensee Licensing Relation

22 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 21 Ex. - Applying to STB / DTV PCSUE i+1 PCSUE i PCSUE i-1 Procurer Client (Host) {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1), AC i, hash} K Pi {...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1) Tech. (Logical Unit) License Server

23 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 22 Commands to Disk Device a) SEND KEY (Session Key) b) REPORT KEY (Certificates) c) SEND KEY (Optical Disk Device License) d) REPORT KEY (The Next Device License) I CL, {RN, K S, hash} K P {RN, DSN [, MSN], hash} K S {, AC, hash} K P {, hash} K S Procurer Client (Host) Optical disk device (Logical Unit) : PCSUE i I CL I CL : Identifier of device class K CL : Shared private key for device class of the device. DSN: Device Serial Number. MSN: Medium Serial Number. AC: Access condition the device can enforce. Such as MSN K P : Private key for the device. K CL, DSN or K S {T} K X : T can be decrypted by K X [ ]: Optional support RN: Random Number Tech.

24 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 23 State Diagram of Disk Device Initial State SEND KEY (Session Key) Session Key Shared Mutually Authenticated REPORT KEY (Certificates) No Grants Available License Authorized SEND KEY (Optical Disk License) Error, Authentication Failed / Algorithm Not Supported Begin Sequence REPORT KEY (Request AGID) Region Code Errors(s) from REPORT KEY Command REPORT KEY (The Next Device License) Tech.

25 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 24 Applications Variable and Robust IPR-protection Each Device Authentication Enforcement of Variable Account Conditions Availability of each LSI Authentication ROM-Disk Distribution Broadcast Distribution Network (Internet) Distribution Mobile Content Distribution Appl.

26 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 25 Protected Disk Device & Player In the case of medium oriented accounting Medium DSN Storage Device MSN : protected {{AC,K C }K PD, MSN}DSN 1) Send UDAC-license Player Device LICENSE SERVER SYSTEM {X}K : X can be decrypted by K {AC,K C }K PD 3) Send Player-license AL K C K PD DSN MSN K PD {Content}K C AC,K C Content 4) Check AC & decrypt content AC : Access Conditions 2) Check MSN Appl.

27 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 26 Profiles for Disk Device Medium DSN MSN {{AC,K C }K PD, [MSN] } K P UDAC-license LICENSE SERVER SYSTEM ACL K C : X is optional [X] K S : Session key temporally created in a session. K CL : Key shared by a device class. Appl.

28 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 27 Medium base Guard Simple Content Guard without Network Only to set “Play rights with MSN condition for EVERYONE” Distribution together with: Medium (in which the followings are recorded) Encrypted Content License (with MSN) Appl.

29 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 28 Pre-paid in Smart Card K SC {{{K C, AC PD }K PD, AC SC } K SC, MSN}DSN Player Device LICENSE SERVER {K C, AC PD }K PD ACL K C Storage Device Smart card Card Device {{K C, AC PD }K PD, AC SC } K SC K PD Account Information : Account Condition AC X Appl.

30 UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 29 For Any Distribution / Player Digital Appliances : DigitalTV, Set Top Box, PC,... Secure HD/OD ) Satelite Radio/TV Tower PBX CATV Digital Information Super Highway Cheap delivery through Magazine Channel Cheap delivery through Magazine Channel Using Media Channel Personal HyperKnowledgeBase Processing PCPC Personal Computing DigitalTV Appl.

Download ppt "UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights)"

Similar presentations

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
OCS Library Systems TIMED ACCESS GATEKEEPER ON-LINE PRINT VENDING.

OCS Library Systems TIMED ACCESS GATEKEEPER ON-LINE PRINT VENDING.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT

CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT
Windows Media DRM Device Porting Kit Review Scott Plette Program Manager Media Technology Group microsoft.com Microsoft Corporation.

Windows Media DRM Device Porting Kit Review Scott Plette Program Manager Media Technology Group microsoft.com Microsoft Corporation.

Similar presentations

Ads by Google