Presentation is loading. Please wait.

Presentation is loading. Please wait.

Availability: Public OMA Confidential

Published bySilas Burke Modified over 5 years ago

Similar presentations

Presentation on theme: "Availability: Public OMA Confidential"— Presentation transcript:

1 Availability: Public OMA Confidential
OMA-BCAST RD Comments Issues not addressed in BCAST Requirements Comments to slides #3 and #4 by Lucent Submitted To: BCAST Date: 4th November 2004 Availability: Public OMA Confidential Contact: Arieh Moller Arjen van der Vegt Herve Brugal Ilan Mahalal Source: NDS, Irdeto Access, Gemplus, Axalto X USE OF THIS DOCUMENT BY NON-OMA MEMBERS IS SUBJECT TO ALL OF THE TERMS AND CONDITIONS OF THE USE AGREEMENT (located at AND IF YOU HAVE NOT AGREED TO THE TERMS OF THE USE AGREEMENT, YOU DO NOT HAVE THE RIGHT TO USE, COPY OR DISTRIBUTE THIS DOCUMENT. THIS DOCUMENT IS PROVIDED ON AN "AS IS" "AS AVAILABLE" AND "WITH ALL FAULTS" BASIS.

2 Key Issues We believe that the current version of the BCAST requirement contain some serious security flaws. The area that we believe need requirements added is Service & Content Protection

3 Service & Content Protection
The issues that we still believe needs to be addressed are as follows: There needs to be a mechanism to allow for the application of “bug fixes” to deployed devices There needs to be a mechanism to allow for upgrading the key management systems if new business models are required to be supported There needs to be a method to allow for the key management system to be replaced if (and when) it gets compromised. There needs to be a mechanism that can complement device revocation, as revocation has many negative operational implications e.g. an annoyed user base the requirement as formulated calls for a specific solution to a potential problem (there is no business requirement that would call for replacable modules; the business requirement is to have a secure solution that supports mobility and interoperability) Conclusion: if experts in the DRM group conclude that a mechanism such as the proposed one is needed, this mechanism can and will be specified

4 S&CP requirements Therefore we suggest that the following requirement be added: The system SHALL support the defined key management system, and SHALL allow for an open standard secure mechanism to allow for system recovery, upgrades, and bug fixes. In light of preliminary comments we wish to stress that by no means does the above conflict with the following requirement: SPCP-2 Openness - All functions needed for service and content protection, including e.g. the key management, the delivery, and encryption and decryption operations of keys and content, and interfaces, SHALL be fully specified so that no proprietary extension to any part of the system are required. The above does not require any extension, but rather ALLOWS it. DO NOT VIEW IN SLIDE SHOW MODE. SEE BELOW FOR NOKIA and LUCENT COMMENTS NOKIA COMMENT upgrades shall be covered by device management if security of the upgrade mechanism is of concern, this can be brought into DM we need no standardized mechanism to distribute bug fixes bugs in the mechanism need to be eliminated in the specification and IOP phase bugs in the implementation are under the responsibility of the vendors what does system recovery mean? there can’t be a requirement for something we don’t know what it is Conclusion: the mechanisms that make up a secure service and content protection system, as well as the mechanisms that are required to keep it secure, shall be specified during specification work, but there is at this moment in time no genuine requirement that calls for a particular solution such as the proposed one. LUCENT COMMENT: To allow for an Open Standard Secure Mechanism for system recovery, upgrades or bug fixes. This standard does not exist and we should like to see evidence of work in progress for this if we are to support placing a requirement upon this Open Standard. SHALL, as discussed in the call 15th Dec, will mandate operators to pay for a costly and complex to manage feature. If this requirement stands, we feel this needs to become SHOULD. To call up the defined key management system is outside of requirements work and shall be left to stage 2/3 work. The call already agreed to remove the text up to the comma, that was my understanding. Device Management is now covering capabilities to download potential upgrades so this requirement becomes subsumed into a broader work. Bug fixes can be classed as maintenance work and not a security specific issue. System recovery, as mentioned in the call by several, appears to address system wide issues, not specifically security.

5 Thank you!

Download ppt "Availability: Public OMA Confidential"

Similar presentations

4 th DataGRID Project Conference, Paris, 5 March 2002 Testbed Software Test Plan I. Mandjavidze on behalf of L. Bobelin – CS SI; F.Etienne, E. Fede – CPPM;

4 th DataGRID Project Conference, Paris, 5 March 2002 Testbed Software Test Plan I. Mandjavidze on behalf of L. Bobelin – CS SI; F.Etienne, E. Fede – CPPM;
Doc.: IEEE 802.19-09-0061-00-tvws Submission September 2009 Stanislav Filin et al, NICTSlide 1 Comments to WS coexistence draft PAR Notice: This document.

Doc.: IEEE tvws Submission September 2009 Stanislav Filin et al, NICTSlide 1 Comments to WS coexistence draft PAR Notice: This document.
The International Security Standard

The International Security Standard
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
Professional Behaviour

Professional Behaviour
© 2008 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2008 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
© 2011 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2011 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
© 2011 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2011 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
Authentication, Access Control, and Authorization (1 of 2) 0 NPRM Request (for 2017) ONC is requesting comment on two-factor authentication in reference.

Authentication, Access Control, and Authorization (1 of 2) 0 NPRM Request (for 2017) ONC is requesting comment on two-factor authentication in reference.
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
Unit 15 Webpage Creator. Outlines Introduction Starter Listening Language Work Work study Speaking Writing.

Unit 15 Webpage Creator. Outlines Introduction Starter Listening Language Work Work study Speaking Writing.
© NOKIADEFAULT.PPT / 22.08.1997 / AO page: 1 USIM requirements and structure NOKIA Mobile Phones TSGT3#3(99)082.

© NOKIADEFAULT.PPT / / AO page: 1 USIM requirements and structure NOKIA Mobile Phones TSGT3#3(99)082.
CONTENTS 1.Work done in JUNE (22nd-30th)‏ i) Stage 1:Concept proposal acceptance module upload (Slide 2nd)‏ 2. Work done in JULY a) Stage 1: Improvised.

CONTENTS 1.Work done in JUNE (22nd-30th)‏ i) Stage 1:Concept proposal acceptance module upload (Slide 2nd)‏ 2. Work done in JULY a) Stage 1: Improvised.
Yang Shi (Richard), Yong Zhang IETF 74 th 26 March 2009, San Francisco CAPWAP WG MIB Drafts Report.

Yang Shi (Richard), Yong Zhang IETF 74 th 26 March 2009, San Francisco CAPWAP WG MIB Drafts Report.
Introduction to Software Development. Systems Life Cycle Analysis  Collect and examine data  Analyze current system and data flow Design  Plan your.

Introduction to Software Development. Systems Life Cycle Analysis  Collect and examine data  Analyze current system and data flow Design  Plan your.
© 2005 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2005 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.
Company Confidential Contact Center information package for new Device First Use flow 22 nd Dec 2009.

Company Confidential Contact Center information package for new Device First Use flow 22 nd Dec 2009.
© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

© 2003 Open Mobile Alliance Ltd. All Rights Reserved. Used with the permission of the Open Mobile Alliance Ltd. under the terms as stated in this document.

Similar presentations

Ads by Google