1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

Slides:



Advertisements
Similar presentations
CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.
Advertisements

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Web services security I
Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.
Public Key Infrastructure from the Most Trusted Name in e-Security.
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
1 Functional reference model for Digital Rights Management Systems Vural Ünlü / Prof. Dr. Thomas Hess Munich School of Management Berlin, 5. September2004.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Advanced Access Content System (AACS) Industry Briefing July 14, 2004.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
CPTWG Jan MacroSafe TM System A Solution for Secure Digital Media Distribution Presentation to the CPTWG Jan. 15, 2002.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
PKI interoperability and policy in the wireless world.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
DRM Building Blocks - Protecting and Tracking Content Adopted from Chapter 5, Digital Rights Management Business and Technology.
© Synergetics Portfolio Security Aspecten.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Rights Management and Watermarking of Multimedia Content for M-Commerce Applications Frank Hartung and Friedhelm Ramme, Ericsson Research, IEEE.
Chapter 21 Distributed System Security Copyright © 2008.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
Authorization for IoT Group Name: oneM2M SEC WG Source: Francois Ennesser, Gemalto NV Meeting Date: Agenda Item:
Sandbox enables System Integrators like Schakra to develop and evangelize mobile offerings such as Geoblogger to communication.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
WAP Architecture Presented by, Nithya Inbamani. WAP Background Wireless Application Protocol – secure specification. Wireless Application Protocol – secure.
Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
OMA Secure Content Delivery for the Mobile World ODRL Workshop, Vienna Dr. Willms Buhse Vice Chair, OMA Download and DRM group.
© 2015 Digital Rights Management in a 3G Mobile Phone and Beyond Thomas S.Messerges, Ezzat A. Dabbish ILKOO LEE.
IEEE CyberTrust workshop
PREPARED BY: RUMMY MIRANDA
Public Key Infrastructure from the Most Trusted Name in e-Security
Distributed Digital Rights Management
Presentation transcript:

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems

2 NTRU provides next generation public key technology with all the same basic security capabilities as RSA or ECC Public key authentication, digital signature and encryption capabilities are critical technologies for complete DRM solutions NTRU provides the fastest and smallest public key technology –Enables the only practical technology for the widest range of wired and wireless content capable devices and client solutions –Meets server side performance requirements for normal and peak security transaction loading –Facilitates establishing trusted devices and enhancing the user experience without sacrificing performance NTRU Background W3C DRM WORKSHOP NTRU delivers the fastest and most efficient security solutions which are especially well suited to complement DRM technologies and provide end-to-end content protection.

3 Content Owner: Strong protection of content and strong authentication of end user End User: Ease of use, portability, transparency Leverage Internet economies and paradigms (e.g. Napster) Support all media types: text, video, audio Support all platform types, PC, PDA, Mobile, CE Support wired and wireless, tethered and untethered players Support streaming and download models Standards: interoperability for broader adoption, competition and economies of scale Business Requirements W3C DRM WORKSHOP

4 Security at the system level Security needs to be designed into the system; only as good as its weakest link Public scrutiny of algorithms Renewability of security Protection of key material in storage and use Management and distribution of key material System Security Practices W3C DRM WORKSHOP

5 Digital Rights Languages Digitals Rights Management Systems and components Public Key based technology Symmetric key cryptographic components Watermarking Fingerprinting Available Technologies W3C DRM WORKSHOP

6 Three fundamental Public Key based services apply in this space: Authentication –Users –Devices –Servers –Trusted components Digital Signature –Data authenticity –Data integrity –Binding of content, metadata and rights –Non-repudiation, e.g. of payment authorization –Proof of purchase, e.g. for the user Key exchange (symmetric key typically used for bulk content encryption) –Content encryption Public Key Technology W3C DRM WORKSHOP

7 What components in the system need to be authenticated? And for what purposes? What is the value of the content being protected and the damage that might result from disclosure? What type of transactions and/or data are being signed? Who relies on the signature? Who are the potential trusted third parties? Who will assume liability if content or other sensitive information is disclosed? Public Key Related Requirements Analysis W3C DRM WORKSHOP

8 End User Example End User System Content Request Distribution Server Content/Rights Description, Payment Options Payment Rights Management Content Packaging Authenticate Server/Client Signed Purchase Authorization Signed Content Protection Public Key Transaction Log ID “Token” Packaged Content w/key(s) and signed receipt Media Client Rights Filters Key Management Content Player Purchase Log Establish Secure Session Green, bold text indicates transactions involving the use of Public Key W3C DRM WORKSHOP

9 End User Example with Trusted Device End User System Content Request Trusted Media Device Distribution Server Content/Rights Description, Payment Options Payment Rights Management Content Packaging Authenticate Server/Client Signed Purchase Authorization Signed Content Protection Public Key Transaction Log ID “Token” Packaged Content w/key(s) and signed receipt Media Locker Rights Filters Purchase Log Establish Secure Session W3C DRM WORKSHOP Green, bold text indicates transactions involving the use of Public Key

10 Learn from other PKI projects - SET, Identrus, US NACHA Pilot End User Experience –Performance – affected by local and server components –Portability of content between devices and users –Trust Scalability –Communications –Operational –Server Performance – e.g. cryptographic operations Key Lessons Learned W3C DRM WORKSHOP

11 Jeremy Wyant For more information, please contact:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.