Software Design Division 秘 CONFIDENTIAL Panther Content Security Mar. 14, 2014 Sony Corporation.

Slides:

Advertisements

Similar presentations

Operating Systems Components of OS

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Dongyan Wang GlobalPlatform Technical Program Manager

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

Towards Application Security On Untrusted OS

Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Chapter 11: Dial-Up Connectivity in Remote Access Designs

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

4K CONTENT PLAN Sony Pictures Technologies. Consumer Offering Broadcast (Over the air, cable, satellite, IPTV) Premium Content (Movies, episodic TV) Premium.

Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Ajmer Singh PGT(IP) Software Concepts. Ajmer Singh PGT(IP) Operating System It is a program which acts as an interface between a user and hardware.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

SODA Archiving October 2013

UNIT - 1Topic - 1. An electronic device, operating under the control of instructions stored in its own memory unit, that can accept data (input), manipulate.

ENHANCED CONTENT PROTECTION OVERVIEW. Security Solution Characteristics Comprehensive security ecosystem All devices meet the same standard – No assumption.

Introduction to Interactive Media Interactive Media Tools: Software.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.

HDCP1.4+ Material for Certification 10 August 2012 Sony Corporation 2012/8/10 Sony Confidential 1.

Identity-Based Secure Distributed Data Storage Schemes.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

PAPER PRESENTATION ON NETWORK SECURITY ISSUES BY M.D SAMEER YASMEEN SULTHANA.

Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  

MagicNET: Security System for Protection of Mobile Agents.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Implementing Memory Protection Primitives on Reconfigurable Hardware Brett Brotherton Nick Callegari Ted Huffmire.

Chapter 2 Securing Network Server and User Workstations.

Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.

Wireless and Mobile Security

Ingredients of Security

Sponsored by the U.S. Department of Defense © 2008 by Carnegie Mellon University page 1 Pittsburgh, PA The Implications of a Single Mobile Computing.

F1 BOX/SECURITY/SERVER SYSTEM SPTECH FEEDBACK(DRAFT2) 12012/9/21Sony/SPTech Confidential.

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

Lecture 1: Network Operating Systems (NOS) An Introduction.

TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Building a Trustworthy Computer

Outline What does the OS protect? Authentication for operating systems

4k Content Delivery Sony Pictures Technologies.

Outline What does the OS protect? Authentication for operating systems

What is an Operating System?

4K Content protection overview

4K Content protection overview

4K Content protection overview

Sai Krishna Deepak Maram, CS 6410

SCONE: Secure Linux Containers Environments with Intel SGX

Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow

Presentation transcript:

Software Design Division 秘 CONFIDENTIAL Panther Content Security Mar. 14, 2014 Sony Corporation

Software Design Division 秘 CONFIDENTIAL Introduction: Panther/Lyon Panther is FY14 F1 Box implemented on new platform. 2 nd generation F1 Box Supports multiple network services including Video Unlimited 4K and playback of User Generated Contents Includes secure SoC “Lyon” Lyon is in-house secure SoC. Dedicated for Sony’s product Includes decryptor and AVC/HEVC decoder Handles (decrypts and decodes) Video Unlimited 4K contents 2

Software Design Division 秘 CONFIDENTIAL Panther/Lyon Security Improvement Lyon supports Trusted Execution Environment (cf. 1 st generation F1 Box does not support TEE) and H/W Root of Trust with Secure Boot. By introduction of TEE, the following items are improved from FMP-X1 (1 st generation F1 Box) Secure media pipeline Secure computation environment Memory protection The following items are fully supported as well as FMP-X1. Device Binding Device-unique private key HDCP2.2 Playback control watermark (Cinavia)  Note: Panther expands the coverage of Verance watermark screening to UGC in addition to VU 4K contents. UGC... User Generated Contents (e.g. contents from camcoder) Cf. FMP-X1 playbacks only Video Unlimited 4K contents 3

Software Design Division 秘 CONFIDENTIAL Panther Content Security About communication with Verance About WASU service 4

Software Design Division 秘 CONFIDENTIAL End 5

Software Design Division 秘 CONFIDENTIAL Backup 6

Software Design Division 秘 CONFIDENTIAL Memory Protection Lyon is able to protect memory of the secure zone against access from untrusted code. This means that Secure Data is still protected even if Normal Zone is rooted. Secure Data includes e.g. decrypted/decoded data. 7 Lyon Secure Process RAM Memory Protection: Secure Data cannot be accessed by untrusted code in Normal Zone. Secure ZoneNormal Zone Normal Process Normal MemorySecure Memory Secure Data

Software Design Division 秘 CONFIDENTIAL Secure Media Pipeline Panther implements a secure media pipeline that provides protection from Key Management to protected output (HDCP2.2). 8 Decryption Decode HDCP2.2 Secure Media Pipeline (Decryption - Protected Output) Key Management Secure Media Pipeline: Protection between Key Calculation to HDCP Lyon HDMI Bridge Main Board App. Processor Application

Software Design Division 秘 CONFIDENTIAL Secure Computation Environment Lyon supports a TEE isolated by hardware mechanisms running only authenticated code for performing secure operations (e.g. decryption). Lyon keeps integrity of secure process by TEE mechanism, i.e. can protect from unauthorized access to secure process. 9 Lyon Trusted RAM Flash Memory Signed & Encrypted Binary Keep Integrity of Secure Process: Unauthorized access is impossible by TEE. authorized Binary Verification ① Execution ② Authenticated Code: Only signed and encrypted process is running. Decryption

Software Design Division 秘 CONFIDENTIAL End of backup 10