CPTWG Jan MacroSafe TM System A Solution for Secure Digital Media Distribution Presentation to the CPTWG Jan. 15, 2002

CPTWG Jan Problem Statement  The lack of a highly secure, flexible and easy to use system to protect, consume and distribute high value content via the Internet is one factor that has limited the distribution of high value content and the associated revenue opportunities

CPTWG Jan Customer Requirements  Highly secure, end-to-end solution  Seamless interface with existing e-Commerce infrastructures  Scalable architecture to cost effectively support growing demand  No change to existing content authoring workflows  Media agnostic – usable with any type of compression or file format  Support for different means of distribution  Support for flexible business models  Able to be ported to other devices: STBs, PVR, HMS  High quality user experience  Highly secure, end-to-end solution  Seamless interface with existing e-Commerce infrastructures  Scalable architecture to cost effectively support growing demand  No change to existing content authoring workflows  Media agnostic – usable with any type of compression or file format  Support for different means of distribution  Support for flexible business models  Able to be ported to other devices: STBs, PVR, HMS  High quality user experience

CPTWG Jan Macrovision’s Strategy  Leverage its “best in class” security technologies and products to develop a highly secure, end-to- end solution Analog Copy Protection –Customers: Content Owners, HW Man., IC Man. –Technology: Patented, analog-centric SafeWrap/SafeCast/SafeDisc consumer software copy protection and DRM –Customers: Microsoft, EA, Digital River, Borland –Technology: Tamper Hardening, Tamper Evidence, DRM Flexlm, GTlicensing business software license management –Customers: Sun, Cadence, SGI, AutoDesk, ReleaseNow –Technology: License Generation, DRM SafeAudio audio CD copy protection –Currently in trials  Leverage its “best in class” security technologies and products to develop a highly secure, end-to- end solution Analog Copy Protection –Customers: Content Owners, HW Man., IC Man. –Technology: Patented, analog-centric SafeWrap/SafeCast/SafeDisc consumer software copy protection and DRM –Customers: Microsoft, EA, Digital River, Borland –Technology: Tamper Hardening, Tamper Evidence, DRM Flexlm, GTlicensing business software license management –Customers: Sun, Cadence, SGI, AutoDesk, ReleaseNow –Technology: License Generation, DRM SafeAudio audio CD copy protection –Currently in trials

CPTWG Jan Macrovision’s Strategy (cont.)  Acquire new technology Investments in companies –Digimarc - watermarking –NTRU - encryption –RioPort – media distribution –Command Audio – media distribution –Widevine – encryption and tamper evidence –iVAST – MPEG-4 and media distribution –Digital Fountain – media distribution Purchase IP and patents –AudioSoft –MediaDNA –Others  Acquire new technology Investments in companies –Digimarc - watermarking –NTRU - encryption –RioPort – media distribution –Command Audio – media distribution –Widevine – encryption and tamper evidence –iVAST – MPEG-4 and media distribution –Digital Fountain – media distribution Purchase IP and patents –AudioSoft –MediaDNA –Others

CPTWG Jan MacroSafe System Architecture Analog Video Out Digital Video Out Analog Copy Protection Digital Copy Protection

CPTWG Jan MacroSafe System Architecture Analog Video Out Digital Video Out Analog Copy Protection Digital Copy Protection

CPTWG Jan Server-Side Components  Publisher Rights and encryption strategy defined IPMP placeholders added to content stream –During encryption, the placeholders are replaced with encrypted “content decryption keys” Metafile generated  Cypher Service 192-bit, AES encryption Content is encrypted before being stored in the content repository Manages the Key Escrow  Content Repository Series of one or more network disk volumes Stores encrypted content and metafile  Publisher Rights and encryption strategy defined IPMP placeholders added to content stream –During encryption, the placeholders are replaced with encrypted “content decryption keys” Metafile generated  Cypher Service 192-bit, AES encryption Content is encrypted before being stored in the content repository Manages the Key Escrow  Content Repository Series of one or more network disk volumes Stores encrypted content and metafile

CPTWG Jan Server-Side Components (cont.)  DRM Server Slave to the E-commerce system, but master to the DRM system –Coordinates all activities in the DRM system –Controls key generation, content encryption, content and certificate delivery  Streaming Server Streams encrypted content to the client  Download Server Transfers encrypted content files to the client  DRM Server Slave to the E-commerce system, but master to the DRM system –Coordinates all activities in the DRM system –Controls key generation, content encryption, content and certificate delivery  Streaming Server Streams encrypted content to the client  Download Server Transfers encrypted content files to the client

CPTWG Jan Client Components  DRM Validation Determines if the client has the rights to do the requested action, with the selected content Compares the requested action vs. the rights given to the client in the certificates stored in the Secured Registry  Decryption Engine Decrypts content keys Decrypts content using decrypted content keys and enables viewing of content by authorized users  DRM Control Manages and controls all access to the Secured Registry  DRM Validation Determines if the client has the rights to do the requested action, with the selected content Compares the requested action vs. the rights given to the client in the certificates stored in the Secured Registry  Decryption Engine Decrypts content keys Decrypts content using decrypted content keys and enables viewing of content by authorized users  DRM Control Manages and controls all access to the Secured Registry

CPTWG Jan Client Components (cont.)  Secured Registry A secure container to store: –Component Signatures used to detect tampering –Client’s certificates (ie. the user’s rights) Locked to a specific computer The only access to the Secured Registry is by using trust authenticated controls  Quality of Service Validates that content has been received so that the E-Commerce system can complete the payment transaction  Secured Registry A secure container to store: –Component Signatures used to detect tampering –Client’s certificates (ie. the user’s rights) Locked to a specific computer The only access to the Secured Registry is by using trust authenticated controls  Quality of Service Validates that content has been received so that the E-Commerce system can complete the payment transaction

CPTWG Jan Macrovision’s Solution - MacroSafe  Highly secure, end-to-end solution Frame-based deep encryption, 192-bit AES Multi-layer encryption, similar to CA –Content key –License key –Signing and authentication Ability to revoke compromised clients Client to Server communication uses signatures for authentication  Highly secure, end-to-end solution Frame-based deep encryption, 192-bit AES Multi-layer encryption, similar to CA –Content key –License key –Signing and authentication Ability to revoke compromised clients Client to Server communication uses signatures for authentication

CPTWG Jan Macrovision’s Solution - MacroSafe  Highly secure, end-to-end solution (cont.) Multiple layers of client security –Tamper Hardening – obfuscation, debugger detection, encryption, etc. –Tamper Evidence – Module signatures compared to signatures stored in Secure Registry –Tamper Detection – Self-revocation if tampering is detected, requiring renewal –Secure registry – contains module signatures and certificates –Trust authentication - During runtime, module-to- module communication checked for man-in-the- middles attacks –Client locked to a specific computer –Continuous security updates to code  Highly secure, end-to-end solution (cont.) Multiple layers of client security –Tamper Hardening – obfuscation, debugger detection, encryption, etc. –Tamper Evidence – Module signatures compared to signatures stored in Secure Registry –Tamper Detection – Self-revocation if tampering is detected, requiring renewal –Secure registry – contains module signatures and certificates –Trust authentication - During runtime, module-to- module communication checked for man-in-the- middles attacks –Client locked to a specific computer –Continuous security updates to code

CPTWG Jan Macrovision’s Solution - MacroSafe  Seamless interface with existing e-Commerce infrastructures MacroSafe is a subsystem to the e-commerce system or SMS Interfaces to e-commerce using industry standards –SOAP, RMI, TCP/IP, CORBA Certificates generated using industry standards –XML, XrML, XMCL, ORDL  Seamless interface with existing e-Commerce infrastructures MacroSafe is a subsystem to the e-commerce system or SMS Interfaces to e-commerce using industry standards –SOAP, RMI, TCP/IP, CORBA Certificates generated using industry standards –XML, XrML, XMCL, ORDL

CPTWG Jan Macrovision’s Solution - MacroSafe  Scalable architecture to cost effectively support growing demand Distributed architecture allows servers operating in parallel Java-based server applications run on Unix, Linux and Windows platforms  Scalable architecture to cost effectively support growing demand Distributed architecture allows servers operating in parallel Java-based server applications run on Unix, Linux and Windows platforms

CPTWG Jan Macrovision’s Solution - MacroSafe  No change to existing content authoring workflows Separate authoring and publishing Author once for multiple distribution methods Pricing, usage rules and content package are independent  No change to existing content authoring workflows Separate authoring and publishing Author once for multiple distribution methods Pricing, usage rules and content package are independent

CPTWG Jan Macrovision’s Solution - MacroSafe  Media agnostic – usable with any type of compression or file format Audio, Video, Software, Text,.pdf MPEG-1, MPEG-2, MPEG-4 AAC, MP3, WMA, others Real, Microsoft, QuickTime  Media agnostic – usable with any type of compression or file format Audio, Video, Software, Text,.pdf MPEG-1, MPEG-2, MPEG-4 AAC, MP3, WMA, others Real, Microsoft, QuickTime

CPTWG Jan Macrovision’s Solution - MacroSafe  Support for different means of distribution: Download, streaming, pre-packaged “Push” and “Pull” business models supported –Download or stream to a specific consumer –Datacast to a large audience Peer-to-Peer super-distribution supported  Support for different means of distribution: Download, streaming, pre-packaged “Push” and “Pull” business models supported –Download or stream to a specific consumer –Datacast to a large audience Peer-to-Peer super-distribution supported

CPTWG Jan Macrovision’s Solution - MacroSafe  Support for flexible business models Rental Purchase Subscription Time restricted playback Number restricted playback PPV VOD Super Distribution  Support for flexible business models Rental Purchase Subscription Time restricted playback Number restricted playback PPV VOD Super Distribution

CPTWG Jan Macrovision’s Solution - MacroSafe  Able to be migrated to other devices: STB, PVR, HMS Complements CA and other copy management schemes Java-based client compatible with Windows, Linux and STBs running DVB-J Client’s skin can be easily customized for branding or specific applications Rights definitions map into CCI states  Able to be migrated to other devices: STB, PVR, HMS Complements CA and other copy management schemes Java-based client compatible with Windows, Linux and STBs running DVB-J Client’s skin can be easily customized for branding or specific applications Rights definitions map into CCI states

CPTWG Jan Macrovision’s Solution - MacroSafe  High Quality User Experience Security is transparent to the user DVD-like video and audio quality and user controls Frame-based encryption enables trick-play of encrypted media Java-based client compatible with –Win98, WinMe, WinNT, Win2K, WinXP –Linux –Mac OSX QoS feedback loop signals e-commerce system when media has been successfully transferred Supports “fair use”  High Quality User Experience Security is transparent to the user DVD-like video and audio quality and user controls Frame-based encryption enables trick-play of encrypted media Java-based client compatible with –Win98, WinMe, WinNT, Win2K, WinXP –Linux –Mac OSX QoS feedback loop signals e-commerce system when media has been successfully transferred Supports “fair use”

CPTWG Jan Schedule  Content Download to PC Client Customer Trials – 3Q2002 Production Release – 4Q2002  Streaming to PC Client Customer Trials – 4Q2002 Production Release – 1Q2003  Content Download to PC Client Customer Trials – 3Q2002 Production Release – 4Q2002  Streaming to PC Client Customer Trials – 4Q2002 Production Release – 1Q2003

CPTWG Jan Summary - MacroSafe  Highly secure, end-to-end solution  Seamless interface with existing e-Commerce infrastructures  Scalable architecture to cost effectively support growing demand  No change to existing content authoring workflows  Media agnostic – usable with any type of compression or file format  Support for different means of distribution  Support for flexible business models  Able to be ported to other devices: STBs, PVR, HMS  High quality user experience  Highly secure, end-to-end solution  Seamless interface with existing e-Commerce infrastructures  Scalable architecture to cost effectively support growing demand  No change to existing content authoring workflows  Media agnostic – usable with any type of compression or file format  Support for different means of distribution  Support for flexible business models  Able to be ported to other devices: STBs, PVR, HMS  High quality user experience

CPTWG Jan For more information, contact:  Kirby J. Kish Macrovision  Kirby J. Kish Macrovision