Not only Safe but Competitive Presentation to Copy Protection Technical Working Group October 22, 2003 Far East Engineering Corp, Tokyo Japan Makoto Saito/Rie Saito
DRM CA CSS Secure Export DTCP CPRM Intel LaGrande Microsoft NGSCB ARM TrustZone HDCP CPPM Protection at the Source Encryption Methods Establishment of a Protected Digital Domain through Link Protection Technologies Consumer Platform PC, DTV, Mobile, etc… Content Protection Technologies Others ~Industry Efforts Today and Tomorrow~ Local Reference Monitor Key Server Externally Controlling Reference Monitor Internet Home Network
DecryptionRE-Encryption (Rights Enforcement Encryption) Encrypted Content InputEncrypted Content Output The Decryption and RE-Encryption Operations are accomplished entirely within the secure environment i.e. hardware such as chipset. The Principle of Content Protection Cipher Key(K1) Cipher Key(K2)
1. Passive Key Chain Model 2. Hybrid Key Chain Model 3. Active Key Chain Model Platform Local Key Key Server Three Models of Content Protection Platform Local key External Key
Policy on Content Protection under Content Owner Control Reference Monitor is defined as software that lets a content owner set specific policies for determining how the content is used Reference Monitor Active Key Content Protection Passive Key Content Protection How to make Digital Content Safe and Flexible ? Hybrid Key Content Protection Local Key built-in Consumer Platform External Key from Remote Key Server A Combination of Local Key and External Key
Reference Monitor Active Key Content Protection Passive Key Content Protection How to embed “Competitive- Advantage” in Policy ? User Choice User Choice User Choice Hybrid Key Content Protection Policy on User Choice under Content Owner Control Competition would drive consumers to buy products from companies who allowed more freedom of use with their content e.g. Digital First Sale, Digital Gift, Time-Shift, Space-Shift, Backup-Copy, Editing, etc…
Reference Monitor Content Rights Enforcement Encryption (RE-Encryption) Fair-Use Rights Enforcement Decryption (RE-Decryption) How to realize the “Balance” in Policy ? Using RE-Encryption and RE-Decryption for Policy Enforcement RE-Encryption is Content Protection and RE-Decryption is Fair-Use Execution as User Choice
i ≧ 2 C : Cipher text M : plaintext Material K : Key E : Encryption operation D : Decryption operation Encryption and Decryption normally utilize symmetric ciphers, meaning that E and D are equivalent C 1 =E(M,K 1 ) : Encryption for Digital Content Distribution M=D(C 1 ,K 1 ) : Decryption for Pay per Use C i =E(D(C i-1 ,K i-1 ),K i ) : RE-Encryption for Content Protection M=D(C i ,K i ) : RE-Decryption for Fair-Use Execution as User Choice Equations of the “Balance”
Reference Monitor User Choice Pay per Use User Choice Pay per Use Active Key Content Protection Passive Key Content Protection Decryption Rights Enforcement Encryption Scope of Implementation ~Enforcement of whatever Policy there is~ Rights Enforcement Encryption Rights Enforcement Decryption Rights Enforcement Decryption Hybrid Key Content Protection
Our Feedback to Intel LT Policy Team Apps Standard OS Standard Hardware LaGrande Technology Protected Hardware Reference Monitor
CPU Chip Set LPC AGP USB PCI User Mode Kernel Mode LaGrande Technology Adherence to Intel LT Policies ~Online Connection with Key Server~ Protected Channels Kernel to Kernel (Ring 0) Idea No.1 OS Protected Kernel ( Filter Driver) Idea No.2 System is ready Key Server Extension of TPM/SSC Active Key & Passive Key Enforcing Decryption /Encryption
Policy Enforcement Policy Standard Reference Monitor Decision Remote Decision Separation of Policy and Enforcement Key Server based on Reference Monitor Concept External Reference Monitor Local Reference Monitor
Billing and Traceability Who Accessed, Which Data, When and Where ? Externally Controlled Content Migration Digital Contents Pay per Use ∞ Key Sever K1/K2 Transfer (K2) K2/K3 Transfer (K3) Transfer (K4) K3/K4 K4/K5 K1 (K1)
Copyrights Management Unit Copyrights Management Unit Fair-use Management Unit Fair-use Management Unit Authentication Management Unit Authentication Management Unit How Key Server works Key Generation Unit Key Generation Unit User Choice 1. Digital First Sale 2. Digital Gift 3. Time-Shift 4. Space-Shift 6. Backup-Copy 7. Editing 8. If any RE-Decryption Key for User Choice RE-Encryption Key for Content Protection Decryption Key for Pay per Use
Policy on User Choice under Content Owner Control Policy on Content Protection under Content Owner Control Key Server Decryption Key for Pay per Use Consumer Platform Fair-Use Execution Domain for Consumer RE-Encryption Key for Content Protection Encrypted Content InputEncrypted Content Output RE-Decryption Key for User Choice Content Protection Domain for Content Owner Enforcement The Goal of Key Server Model
For further information URL :
Thank you
Appendix : Passive Key Chain Model Encrypted Content Migration Platform Local Key Decryption for Pay per Use RE-Encryption for Copyright Protection RE-Encryption for Copyright Protection RE-Decryption for Fair-Use Execution as User Choice Digital Contents
Key Server Appendix : Hybrid Key Chain Model Key1 K1 K2 Encrypted Content Migration K2 Platform Local Key Digital Contents Decryption for Pay per Use RE-Encryption for Copyright Protection RE-Encryption for Copyright Protection RE-Decryption for Fair-Use Execution as User Choice
Encrypted Content Key1 Key Server Migration K1 K2 K3 Appendix : Active Key Chain Model K2K3 Decryption for Pay per Use RE-Encryption for Copyright Protection RE-Decryption for Fair-Use Execution as User Choice RE-Encryption for Copyright Protection Digital Contents
Appendix : Case Study of Digital Paradox Content Owner’s Question How to get rid of consumer’s copy after they resell the content to someone else via Internet ? Consumer’s Question Consumers can resell CDs purchased in a music shop, but what about digital music files downloaded from an online store ? Service Provider’s Question Digital content services that develop techniques for easily reselling and transferring contents as gifts would have a competitive advantage over those of rivals. Are such techniques now available ?
There are two solutions to achieve data migration. One is decrypting data temporarily on migration and the other is encrypting data on migration. Temporary decryption is more suitable for data migration without raising fears of remote-controlled PCs. But piracy is possible in this case, so content owners rarely allow consumers temporary decryption. Though migration of encrypted data needs to be controlled externally by remote Key Server, there is no fear of piracy. This means it’s easy for content owners to allow consumers more freedom of use with their contents. Appendix : Data Migration Issues to be discussed
TV DVD Player Mobile Phone PC Car Appendix : Key for Digital Economy ~You can get the Key anytime and anywhere~ Distributed Key Server Network Copyrighted Content Migration New Infrastructure balancing Consumer Rights with Creator Rights Creator Society
How to protect both Digital Copyrights and Fair-Use Rights at the same time How to protect both Digital Copyrights and Fair-Use Rights at the same time Content Protection Patents (RE-Encryption) Fair-Use Execution Patents (RE-Decryption) Key Server Patents (Externally Controlling Reference Monitor) Appendix : Patent Information Other Patents (Watermarking and etc….)
The End