Date post: | 16-Jan-2016 |
Category: |
Documents |
Upload: | harvey-mathews |
View: | 214 times |
Download: | 0 times |
CPTWG Jan. 2002
MacroSafeTM System
A Solution for Secure Digital Media Distribution
Presentation to the CPTWG
Jan. 15, 2002
MacroSafeTM System
A Solution for Secure Digital Media Distribution
Presentation to the CPTWG
Jan. 15, 2002
CPTWG Jan. 2002 2
Problem Statement Problem Statement
The lack of a highly secure, flexible and easy to use system to protect, consume and distribute high value content via the Internet is one factor that has limited the distribution of high value content and the associated revenue opportunities
The lack of a highly secure, flexible and easy to use system to protect, consume and distribute high value content via the Internet is one factor that has limited the distribution of high value content and the associated revenue opportunities
CPTWG Jan. 2002 3
Customer Requirements Customer Requirements Highly secure, end-to-end solution Seamless interface with existing e-Commerce infrastructures Scalable architecture to cost effectively support growing
demand No change to existing content authoring workflows Media agnostic – usable with any type of compression or file
format Support for different means of distribution Support for flexible business models Able to be ported to other devices: STBs, PVR, HMS High quality user experience
Highly secure, end-to-end solution Seamless interface with existing e-Commerce infrastructures Scalable architecture to cost effectively support growing
demand No change to existing content authoring workflows Media agnostic – usable with any type of compression or file
format Support for different means of distribution Support for flexible business models Able to be ported to other devices: STBs, PVR, HMS High quality user experience
CPTWG Jan. 2002 4
Macrovision’s Strategy Macrovision’s Strategy Leverage its “best in class” security technologies and
products to develop a highly secure, end-to-end solution• Analog Copy Protection
– Customers: Content Owners, HW Man., IC Man.– Technology: Patented, analog-centric
• SafeWrap/SafeCast/SafeDisc consumer software copy protection and DRM
– Customers: Microsoft, EA, Digital River, Borland– Technology: Tamper Hardening, Tamper Evidence, DRM
• Flexlm, GTlicensing business software license management– Customers: Sun, Cadence, SGI, AutoDesk, ReleaseNow – Technology: License Generation, DRM
• SafeAudio audio CD copy protection– Currently in trials
Leverage its “best in class” security technologies and products to develop a highly secure, end-to-end solution• Analog Copy Protection
– Customers: Content Owners, HW Man., IC Man.– Technology: Patented, analog-centric
• SafeWrap/SafeCast/SafeDisc consumer software copy protection and DRM
– Customers: Microsoft, EA, Digital River, Borland– Technology: Tamper Hardening, Tamper Evidence, DRM
• Flexlm, GTlicensing business software license management– Customers: Sun, Cadence, SGI, AutoDesk, ReleaseNow – Technology: License Generation, DRM
• SafeAudio audio CD copy protection– Currently in trials
CPTWG Jan. 2002 5
Macrovision’s Strategy (cont.) Macrovision’s Strategy (cont.) Acquire new technology
• Investments in companies– Digimarc - watermarking– NTRU - encryption– RioPort – media distribution– Command Audio – media distribution– Widevine – encryption and tamper evidence– iVAST – MPEG-4 and media distribution– Digital Fountain – media distribution
• Purchase IP and patents– AudioSoft– MediaDNA– Others
Acquire new technology• Investments in companies
– Digimarc - watermarking– NTRU - encryption– RioPort – media distribution– Command Audio – media distribution– Widevine – encryption and tamper evidence– iVAST – MPEG-4 and media distribution– Digital Fountain – media distribution
• Purchase IP and patents– AudioSoft– MediaDNA– Others
CPTWG Jan. 2002 6
MacroSafe System ArchitectureMacroSafe System Architecture
Encrypted Certificate
Transaction E-commerce Server
DRM Server
Publisher And
Parser
IPMP Insertion
Authoring System
Download Server
Content Repository
Media Control
Terminal Or
Codec
DRM Validation
Decryption Engine
Secure Registry
HTML Browser
MVSN Client
T A M P E R
R E S I S T A N C E
T A M P E R
E V I D E N C E
Quality of Service
Tamper Detection
DRM Control
PeopleSoft, SAP, Oracle
Cypher Service
With Signing
Verification
File Format Validation Tool
SOAP, TCP/IP, CORBA, RMI
Watermark Detection
Watermark Embedding
PUBLISHER
C L I E N T
Analog Video Out
Digital Video Out
Analog Copy
Protection
Digital Copy
Protection
CPTWG Jan. 2002 7
MacroSafe System ArchitectureMacroSafe System Architecture
Encrypted Certificate
Rights
Transaction E-commerce Server
DRM Server
Publisher And
Parser
IPMP Insertion
Authoring System
Streaming Server
Download Server
Dynamic Encryption
HW Content Repository
Installation And
Renewal Server
Media Control
Terminal Or
Codec
DRM Validation
Decryption Engine
Secure Registry
HTML Browser
MVSN Client
T A M P E R
R E S I S T A N C E
T A M P E R
E V I D E N C E
Quality of Service
Tamper Detection
DRM Control
PeopleSoft, SAP, Oracle
Cypher Service
With Signing
Verification
Renewal Service
Certificate Service
File Format Validation Tool
SOAP, TCP/IP, CORBA, RMI
Watermark Detection
Watermark Embedding
Analog Video Out
Digital Video Out
Analog Copy
Protection
Digital Copy
Protection
CPTWG Jan. 2002 8
Server-Side ComponentsServer-Side ComponentsPublisher
• Rights and encryption strategy defined• IPMP placeholders added to content stream
– During encryption, the placeholders are replaced with encrypted “content decryption keys”
• Metafile generated
Cypher Service• 192-bit, AES encryption• Content is encrypted before being stored in the content
repository• Manages the Key Escrow
Content Repository• Series of one or more network disk volumes• Stores encrypted content and metafile
Publisher• Rights and encryption strategy defined• IPMP placeholders added to content stream
– During encryption, the placeholders are replaced with encrypted “content decryption keys”
• Metafile generated
Cypher Service• 192-bit, AES encryption• Content is encrypted before being stored in the content
repository• Manages the Key Escrow
Content Repository• Series of one or more network disk volumes• Stores encrypted content and metafile
CPTWG Jan. 2002 9
Server-Side Components (cont.)Server-Side Components (cont.)DRM Server
• Slave to the E-commerce system, but master to the DRM system
– Coordinates all activities in the DRM system– Controls key generation, content encryption,
content and certificate delivery
Streaming Server• Streams encrypted content to the client
Download Server• Transfers encrypted content files to the
client
DRM Server• Slave to the E-commerce system, but
master to the DRM system– Coordinates all activities in the DRM system– Controls key generation, content encryption,
content and certificate delivery
Streaming Server• Streams encrypted content to the client
Download Server• Transfers encrypted content files to the
client
CPTWG Jan. 2002 10
Client ComponentsClient ComponentsDRM Validation
• Determines if the client has the rights to do the requested action, with the selected content
• Compares the requested action vs. the rights given to the client in the certificates stored in the Secured Registry
Decryption Engine• Decrypts content keys• Decrypts content using decrypted content keys and
enables viewing of content by authorized users
DRM Control• Manages and controls all access to the Secured Registry
DRM Validation• Determines if the client has the rights to do the
requested action, with the selected content• Compares the requested action vs. the rights given to
the client in the certificates stored in the Secured Registry
Decryption Engine• Decrypts content keys• Decrypts content using decrypted content keys and
enables viewing of content by authorized users
DRM Control• Manages and controls all access to the Secured Registry
CPTWG Jan. 2002 11
Client Components (cont.)Client Components (cont.)Secured Registry
• A secure container to store:– Component Signatures used to detect tampering– Client’s certificates (ie. the user’s rights)
• Locked to a specific computer• The only access to the Secured Registry is by
using trust authenticated controlsQuality of Service
• Validates that content has been received so that the E-Commerce system can complete the payment transaction
Secured Registry• A secure container to store:
– Component Signatures used to detect tampering– Client’s certificates (ie. the user’s rights)
• Locked to a specific computer• The only access to the Secured Registry is by
using trust authenticated controlsQuality of Service
• Validates that content has been received so that the E-Commerce system can complete the payment transaction
CPTWG Jan. 2002 12
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Highly secure, end-to-end solution• Frame-based deep encryption, 192-bit AES• Multi-layer encryption, similar to CA
– Content key– License key– Signing and authentication
• Ability to revoke compromised clients• Client to Server communication uses signatures
for authentication
Highly secure, end-to-end solution• Frame-based deep encryption, 192-bit AES• Multi-layer encryption, similar to CA
– Content key– License key– Signing and authentication
• Ability to revoke compromised clients• Client to Server communication uses signatures
for authentication
CPTWG Jan. 2002 13
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe Highly secure, end-to-end solution (cont.)
• Multiple layers of client security– Tamper Hardening – obfuscation, debugger detection,
encryption, etc.– Tamper Evidence – Module signatures compared to
signatures stored in Secure Registry– Tamper Detection – Self-revocation if tampering is detected,
requiring renewal– Secure registry – contains module signatures and certificates– Trust authentication - During runtime, module-to-module
communication checked for man-in-the-middles attacks– Client locked to a specific computer– Continuous security updates to code
Highly secure, end-to-end solution (cont.)• Multiple layers of client security
– Tamper Hardening – obfuscation, debugger detection, encryption, etc.
– Tamper Evidence – Module signatures compared to signatures stored in Secure Registry
– Tamper Detection – Self-revocation if tampering is detected, requiring renewal
– Secure registry – contains module signatures and certificates– Trust authentication - During runtime, module-to-module
communication checked for man-in-the-middles attacks– Client locked to a specific computer– Continuous security updates to code
CPTWG Jan. 2002 14
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Seamless interface with existing e-Commerce infrastructures• MacroSafe is a subsystem to the e-commerce
system or SMS• Interfaces to e-commerce using industry
standards– SOAP, RMI, TCP/IP, CORBA
• Certificates generated using industry standards– XML, XrML, XMCL, ORDL
Seamless interface with existing e-Commerce infrastructures• MacroSafe is a subsystem to the e-commerce
system or SMS• Interfaces to e-commerce using industry
standards– SOAP, RMI, TCP/IP, CORBA
• Certificates generated using industry standards– XML, XrML, XMCL, ORDL
CPTWG Jan. 2002 15
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Scalable architecture to cost effectively support growing demand • Distributed architecture allows servers operating
in parallel• Java-based server applications run on Unix,
Linux and Windows platforms
Scalable architecture to cost effectively support growing demand • Distributed architecture allows servers operating
in parallel• Java-based server applications run on Unix,
Linux and Windows platforms
CPTWG Jan. 2002 16
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
No change to existing content authoring workflows• Separate authoring and publishing• Author once for multiple distribution methods• Pricing, usage rules and content package are
independent
No change to existing content authoring workflows• Separate authoring and publishing• Author once for multiple distribution methods• Pricing, usage rules and content package are
independent
CPTWG Jan. 2002 17
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Media agnostic – usable with any type of compression or file format• Audio, Video, Software, Text, .pdf• MPEG-1, MPEG-2, MPEG-4• AAC, MP3, WMA, others• Real, Microsoft, QuickTime
Media agnostic – usable with any type of compression or file format• Audio, Video, Software, Text, .pdf• MPEG-1, MPEG-2, MPEG-4• AAC, MP3, WMA, others• Real, Microsoft, QuickTime
CPTWG Jan. 2002 18
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Support for different means of distribution: • Download, streaming, pre-packaged• “Push” and “Pull” business models supported
– Download or stream to a specific consumer– Datacast to a large audience
• Peer-to-Peer super-distribution supported
Support for different means of distribution: • Download, streaming, pre-packaged• “Push” and “Pull” business models supported
– Download or stream to a specific consumer– Datacast to a large audience
• Peer-to-Peer super-distribution supported
CPTWG Jan. 2002 19
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Support for flexible business models• Rental• Purchase• Subscription• Time restricted playback• Number restricted playback• PPV• VOD• Super Distribution
Support for flexible business models• Rental• Purchase• Subscription• Time restricted playback• Number restricted playback• PPV• VOD• Super Distribution
CPTWG Jan. 2002 20
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe
Able to be migrated to other devices: STB, PVR, HMS• Complements CA and other copy management
schemes• Java-based client compatible with Windows,
Linux and STBs running DVB-J• Client’s skin can be easily customized for
branding or specific applications• Rights definitions map into CCI states
Able to be migrated to other devices: STB, PVR, HMS• Complements CA and other copy management
schemes• Java-based client compatible with Windows,
Linux and STBs running DVB-J• Client’s skin can be easily customized for
branding or specific applications• Rights definitions map into CCI states
CPTWG Jan. 2002 21
Macrovision’s Solution - MacroSafe Macrovision’s Solution - MacroSafe High Quality User Experience
• Security is transparent to the user• DVD-like video and audio quality and user controls• Frame-based encryption enables trick-play of encrypted
media• Java-based client compatible with
– Win98, WinMe, WinNT, Win2K, WinXP– Linux– Mac OSX
• QoS feedback loop signals e-commerce system when media has been successfully transferred
• Supports “fair use”
High Quality User Experience• Security is transparent to the user• DVD-like video and audio quality and user controls• Frame-based encryption enables trick-play of encrypted
media• Java-based client compatible with
– Win98, WinMe, WinNT, Win2K, WinXP– Linux– Mac OSX
• QoS feedback loop signals e-commerce system when media has been successfully transferred
• Supports “fair use”
CPTWG Jan. 2002 22
ScheduleSchedule
Content Download to PC Client• Customer Trials – 3Q2002• Production Release – 4Q2002
Streaming to PC Client• Customer Trials – 4Q2002• Production Release – 1Q2003
Content Download to PC Client• Customer Trials – 3Q2002• Production Release – 4Q2002
Streaming to PC Client• Customer Trials – 4Q2002• Production Release – 1Q2003
CPTWG Jan. 2002 23
Summary - MacroSafe Summary - MacroSafe Highly secure, end-to-end solution Seamless interface with existing e-Commerce infrastructures Scalable architecture to cost effectively support growing
demand No change to existing content authoring workflows Media agnostic – usable with any type of compression or file
format Support for different means of distribution Support for flexible business models Able to be ported to other devices: STBs, PVR, HMS High quality user experience
Highly secure, end-to-end solution Seamless interface with existing e-Commerce infrastructures Scalable architecture to cost effectively support growing
demand No change to existing content authoring workflows Media agnostic – usable with any type of compression or file
format Support for different means of distribution Support for flexible business models Able to be ported to other devices: STBs, PVR, HMS High quality user experience
CPTWG Jan. 2002 24
For more information, contact:For more information, contact:
Kirby J. KishMacrovision408-743-8510
Kirby J. KishMacrovision408-743-8510