UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights)

Slides:



Advertisements
Similar presentations
Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
Advertisements

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Crime and Security in the Networked Economy Part 4.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
OCS Library Systems TIMED ACCESS GATEKEEPER ON-LINE PRINT VENDING.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Module 5: Configuring Access for Remote Clients and Networks.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
FIT3105 Smart card based authentication and identity management Lecture 4.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Figure 1.1 Interaction between applications and the operating system.
CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT
Windows Media DRM Device Porting Kit Review Scott Plette Program Manager Media Technology Group microsoft.com Microsoft Corporation.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Matthew Rothmeyer. Digital Rights Management (DRM) “ A class of technologies that are used by hardware manufacturers, publishers, copyright holders, and.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
70-411: Administering Windows Server 2012
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Phosphor A Cloud based DRM Scheme with Sim Card th International Asia-Pacific Web Conference Author : Peng Zou, Chaokun Wang, Zhang Liu, Dalei.
EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Media Center and OTT. 10 years ago Now Offerings Spectrum: PPV, Pay TV, Basic cable, Free to air IP: VOD, SVOD, FVOD, AVOD Windows: early window, home.
Digital Rights Management and Watermarking of Multimedia Content for M-Commerce Applications Frank Hartung and Friedhelm Ramme, Ericsson Research, IEEE.
Cisco’s Secure Access Control Server (ACS)
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Module 3: Configuring File Access and Printers on Windows 7 Clients
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Lecture 24 Wireless Network Security
Security fundamentals Topic 5 Using a Public Key Infrastructure.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
1 SAMSUNG BCMCS Security Architecture and Key Management JUNHYUK SONG SAMSUNG Incorporated grants a free, irrevocable license to 3GPP2 and its Organization.
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
Fundamentals of Information Systems, Sixth Edition
e-Health Platform End 2 End encryption
Managing a Web Server and Files
Secure Electronic Transactions (SET)
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED UDAC IPR (Intellectual Property Rights) Oriented Access Control Commands for Optical Disk Device  "UDAC" is being registered as a trademark of Fujitsu Limited.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Requirements of Access Control Requirements Availability to set variable access conditions and enforce it for the IPR owner Network security Authentication of Users and Devices Access control over multiple domains Pre-distribution of protected contents (cache or distribution within disk ROM)

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED UDAC Architecture Feature Universal Distribution IPR Owner Content Procurer Access Control Use Encrypted Content

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Basic Access Control Model Control Hardware Environment Content IPR owner Content Procurer Use IPR Owner Area Protected Area Open Area Hardware Protection Fire-wall UDAC- VPN Feature

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED High efficiency of IP distribution Fairly payment corresponding to the usage by the service user Certain pay corresponding to the provision by the service provider Robust Access Control Universal Distribution Simultaneous realization Feature

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Features Satisfies all the access control requirements OS/Device independent Available the existing infrastructures IPR oriented Access Control of content Reflects hardware robustness Available the risk distribution to devices Feature

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Support Generic Content Content played statically (Doc., Image) Stream Content (Sound, Movie) –Encryption of a unit content for accounting Interactive Content (Program code, Presentation) –Protection of the part as movie or sound –Protection of the kernel code Feature

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Ex.: Protection from Illegal Use IPR Owner ACD Replication Content Key / Password I’d like to let only D play this content Play Content Access Control UDAC Protection Feature

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Kernel Technique (1) Device Authentication (2) Network Model (3) UDAC-ACL (Access Control List) (4) UDAC-License (5) Inter-domain Administration Satisfies all the requirements Tech.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED (1) Device Authentication Under access control after any replications Doc.ImageData Copy Check Environment Decode Network distribution Distribution by ROM-Disk Replication ??? Tech.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Device ID (PCSUE* ID) Tech. * PCSUE: Physical Component of a Specific Usage Environment

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED (2) Network Model Content IPR owner Content Procurer PCSUE Id Decryption Keys Content Decryption Key IPR owner area Protected area Open area PCSUE ID PCSUE 1) Protected 2) Copy / Distribute 3) 4) PCSUE ID 7) 5) License 6) 8) Tech. PCSUE Certificates PCSUE ID * PCSUE: Physical Component of a Specific Usage Environment LICENSE SERVER SYSTEMCLIENT SYSTEM Create & set access conditions Mutual authentication between IPR owner and devices

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED (3) UDAC-ACL cn=Movie1, ou=planning, o=fujitsu, c=jp Tech. To set the variable access conditions udac_acl play: ( (group = fujitsu OR group = mtfuji) AND < MSN < ) OR count < 1 ; edit: user = yuji OR user = hata OR smartCard = 1afd234fe4def458c3bae78497bbda6f ; copy: group = fujitsu OR count < 1 ; Group, members of which are able to Play Scope of MSN which must be insertedAvailable number PIN which must be inserted when the content is modified

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Account Conditions Tech. 1) Max. Number of playing 2) Max. Length of playing 3) Max. Time to be able to play 4) Payment for a unit content 5) Limitation of date and time

UDAC( Universal Distribution with Access Control ) 15 Standard Format InformationProgram Reference Counter SuperdistributionCenter Redistribution of Income Charge Income Contents Provider Hardware Vendor Retailer Charge Income Usage Counter Usage Record Reference Record Tech. Copyright , FUJITSU LIMITED, 013

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED A License Server Domain Y Domain X ACL of C 1 Client (4) UDAC-License License includes: C 1 Decryption Key and Subset of ACL. Tech. udac_license read: group = soft4soft AND MSN = ; C1C1 Inter-domain licensing

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Licensing Protocol Model License Server Procurer Client PCSUE1 PCSUE2 PCSUE N PCSUEi K Ci : Shared private key for class of PCSUEi K Pi : Private key in PCSUEi. K Ci, DSN, K Si. (1) Request to use IPR- protected content (4) Send license   I Ci : Identifier of PCSUE class K Si : Session key AC i : Access condition PCSUEi can enforce K C : Content decryption key (5) Decrypt licenses in turn (6) Decrypt K C and the content I Ci {T}K X : T can be decrypted by K X Network device I C1, {K S1, hash} K P1 +  I Ci, {K Si, hash} K Pi +  I CN, {K SN, hash} K PN I C1, {PCSUE-ID 1, hash} K S1 +  I Ci, {PCSUE-IDi, hash} K Si +  I CN, {PCSUE-ID N, hash} K SN {{... {K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC 1, hash} K P1 {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),...AC i, hash} K Pi Risk Distribution to each device (PCSUE) Tech. (2) Send Session Key (3) Report certificates

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Structure of License {{... {K C, AC N, hash} K PN, AC N-1, hash} K P(N-1), AC i, hash} K Pi, AC 1, hash} K P1 Access Condition Enforceable in PCSUE i Private key in PCSUE i Content Decryption Key Tech.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Inter-PCSUE Licensing PCSUE i+1 PCSUE i PCSUE i-1 K Pi : K Ci, DSN or K Si. : Licenser in the view point of PCSUEi : Licensee in the view point of PCSUEi {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1), AC i, hash} K Pi {...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1) Tech.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Ex. - Applying to Current PC PCSUE i+1 PCSUE i PCSUE i-1 Pass through Tech. Procurer Client (Host) {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1), AC i, hash} K Pi {...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1) Pass through Licenser Licensee Licensing Relation Licenser Licensee Licensing Relation

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Ex. - Applying to STB / DTV PCSUE i+1 PCSUE i PCSUE i-1 Procurer Client (Host) {{...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1), AC i, hash} K Pi {...{K C, AC N, hash} K PN, AC N-1, hash} K P(N-1),... AC i-1, hash} K P(i-1) Tech. (Logical Unit) License Server

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Commands to Disk Device a) SEND KEY (Session Key) b) REPORT KEY (Certificates) c) SEND KEY (Optical Disk Device License) d) REPORT KEY (The Next Device License) I CL, {RN, K S, hash} K P {RN, DSN [, MSN], hash} K S {, AC, hash} K P {, hash} K S Procurer Client (Host) Optical disk device (Logical Unit) : PCSUE i I CL I CL : Identifier of device class K CL : Shared private key for device class of the device. DSN: Device Serial Number. MSN: Medium Serial Number. AC: Access condition the device can enforce. Such as MSN K P : Private key for the device. K CL, DSN or K S {T} K X : T can be decrypted by K X [ ]: Optional support RN: Random Number Tech.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED State Diagram of Disk Device Initial State SEND KEY (Session Key) Session Key Shared Mutually Authenticated REPORT KEY (Certificates) No Grants Available License Authorized SEND KEY (Optical Disk License) Error, Authentication Failed / Algorithm Not Supported Begin Sequence REPORT KEY (Request AGID) Region Code Errors(s) from REPORT KEY Command REPORT KEY (The Next Device License) Tech.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Applications Variable and Robust IPR-protection Each Device Authentication Enforcement of Variable Account Conditions Availability of each LSI Authentication ROM-Disk Distribution Broadcast Distribution Network (Internet) Distribution Mobile Content Distribution Appl.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Protected Disk Device & Player In the case of medium oriented accounting Medium DSN Storage Device MSN : protected {{AC,K C }K PD, MSN}DSN 1) Send UDAC-license Player Device LICENSE SERVER SYSTEM {X}K : X can be decrypted by K {AC,K C }K PD 3) Send Player-license AL K C K PD DSN MSN K PD {Content}K C AC,K C Content 4) Check AC & decrypt content AC : Access Conditions 2) Check MSN Appl.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Profiles for Disk Device Medium DSN MSN {{AC,K C }K PD, [MSN] } K P UDAC-license LICENSE SERVER SYSTEM ACL K C : X is optional [X] K S : Session key temporally created in a session. K CL : Key shared by a device class. Appl.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Medium base Guard Simple Content Guard without Network Only to set “Play rights with MSN condition for EVERYONE” Distribution together with: Medium (in which the followings are recorded) Encrypted Content License (with MSN) Appl.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED Pre-paid in Smart Card K SC {{{K C, AC PD }K PD, AC SC } K SC, MSN}DSN Player Device LICENSE SERVER {K C, AC PD }K PD ACL K C Storage Device Smart card Card Device {{K C, AC PD }K PD, AC SC } K SC K PD Account Information : Account Condition AC X Appl.

UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED For Any Distribution / Player Digital Appliances : DigitalTV, Set Top Box, PC,... Secure HD/OD ) Satelite Radio/TV Tower PBX CATV Digital Information Super Highway Cheap delivery through Magazine Channel Cheap delivery through Magazine Channel Using Media Channel Personal HyperKnowledgeBase Processing PCPC Personal Computing DigitalTV Appl.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.