Document

Download Report

Transcript Document

MacroSafe

TM

System

A Solution for Secure Digital Media Distribution Presentation to the CPTWG Jan. 15, 2002 CPTWG Jan. 2002

Problem Statement

 The lack of a highly secure, flexible and easy to use system to protect, consume and distribute high value content via the Internet is one factor that has limited the distribution of high value content and the associated revenue opportunities CPTWG Jan. 2002

2

Customer Requirements

 Highly secure, end-to-end solution  Seamless interface with existing e-Commerce infrastructures  Scalable architecture to cost effectively support growing demand  No change to existing content authoring workflows  Media agnostic – usable with any type of compression or file format  Support for different means of distribution  Support for flexible business models  Able to be ported to other devices: STBs, PVR, HMS  High quality user experience CPTWG Jan. 2002

3

Macrovision’s Strategy

 Leverage its “best in class” security technologies and products to develop a highly secure, end-to end solution • Analog Copy Protection – – Customers: Content Owners, HW Man., IC Man.

Technology: Patented, analog-centric • SafeWrap/SafeCast/SafeDisc consumer software copy protection and DRM – – Customers: Microsoft, EA, Digital River, Borland Technology: Tamper Hardening, Tamper Evidence, DRM • Flexlm, GTlicensing business software license management – – Customers: Sun, Cadence, SGI, AutoDesk, ReleaseNow Technology: License Generation, DRM • SafeAudio audio CD copy protection – Currently in trials CPTWG Jan. 2002

4

Macrovision’s Strategy (cont.)

 Acquire new technology • Investments in companies – – – – – – – Digimarc - watermarking NTRU - encryption RioPort – media distribution Command Audio – media distribution Widevine – encryption and tamper evidence iVAST – MPEG-4 and media distribution Digital Fountain – media distribution • Purchase IP and patents – – – AudioSoft MediaDNA Others CPTWG Jan. 2002

5

MacroSafe System Architecture

Authoring System File Format Validation Tool

PeopleSoft, SAP, Oracle

E-commerce Server Publisher And P U B Embedding L S H Cypher E With R Verification

SOAP, TCP/IP, CORBA, RMI

DRM Server

Transaction

Download Server Content Repository

Encrypted Certificate

HTML Browser Media Control Terminal Or Codec Watermark Detection C L DRM Validation I E N Engine T DRM Control Secure Registry T A M P E R R E S I S T A N C E T A M P E R E V I D E N C E Quality of Service Tamper Detection MVSN Client

Analog Copy Protection Analog Video Out Digital Copy Protection Digital Video Out CPTWG Jan. 2002

6

MacroSafe System Architecture

Authoring System File Format Validation Tool Publisher And Parser

PeopleSoft, SAP, Oracle

E-commerce Server

SOAP, TCP/IP, CORBA, RMI Transaction

Certificate Service DRM Server

Rights

Renewal Service Watermark Embedding IPMP Insertion Installation And Renewal Server

Encrypted Certificate

Cypher Service With Signing Verification Streaming Server Content Repository Download Server Dynamic Encryption HW HTML Browser Media Control Terminal Or Codec Watermark Detection DRM Validation Decryption Engine DRM Control Secure Registry Quality of Service Tamper Detection MVSN Client T A M P E R E V I D E N C E T A M P E R R E S I S T A N C E

Analog Copy Protection Analog Video Out Digital Copy Protection Digital Video Out CPTWG Jan. 2002

7

Server-Side Components

 Publisher • • Rights and encryption strategy defined IPMP placeholders added to content stream – During encryption, the placeholders are replaced with encrypted “content decryption keys” • Metafile generated  Cypher Service • • 192-bit, AES encryption Content is encrypted before being stored in the content repository • Manages the Key Escrow  Content Repository • • Series of one or more network disk volumes Stores encrypted content and metafile CPTWG Jan. 2002

8

Server-Side Components (cont.)

 DRM Server • Slave to the E-commerce system, but master to the DRM system – Coordinates all activities in the DRM system – Controls key generation, content encryption, content and certificate delivery  Streaming Server • Streams encrypted content to the client  Download Server • Transfers encrypted content files to the client CPTWG Jan. 2002

9

Client Components

 DRM Validation • Determines if the client has the rights to do the requested action, with the selected content • Compares the requested action vs. the rights given to the client in the certificates stored in the Secured Registry  Decryption Engine • • Decrypts content keys Decrypts content using decrypted content keys and enables viewing of content by authorized users  DRM Control • Manages and controls all access to the Secured Registry CPTWG Jan. 2002

10

Client Components (cont.)

 Secured Registry • A secure container to store: – Component Signatures used to detect tampering – Client’s certificates (ie. the user’s rights) • • Locked to a specific computer The only access to the Secured Registry is by using trust authenticated controls  Quality of Service • Validates that content has been received so that the E-Commerce system can complete the payment transaction CPTWG Jan. 2002

11

Macrovision’s Solution - MacroSafe

 Highly secure, end-to-end solution • • Frame-based deep encryption, 192-bit AES Multi-layer encryption, similar to CA – Content key – License key – Signing and authentication • • Ability to revoke compromised clients Client to Server communication uses signatures for authentication CPTWG Jan. 2002

12

Macrovision’s Solution - MacroSafe

 Highly secure, end-to-end solution (cont.) • Multiple layers of client security – Tamper Hardening – obfuscation, debugger detection, encryption, etc.

– Tamper Evidence – Module signatures compared to signatures stored in Secure Registry – Tamper Detection – Self-revocation if tampering is detected, requiring renewal – Secure registry – contains module signatures and certificates – Trust authentication - During runtime, module-to module communication checked for man-in-the middles attacks – Client locked to a specific computer – Continuous security updates to code CPTWG Jan. 2002

13

Macrovision’s Solution - MacroSafe

 Seamless interface with existing e-Commerce infrastructures • MacroSafe is a subsystem to the e-commerce system or SMS • Interfaces to e-commerce using industry standards – SOAP, RMI, TCP/IP, CORBA • Certificates generated using industry standards – XML, XrML, XMCL, ORDL CPTWG Jan. 2002

14

Macrovision’s Solution - MacroSafe

 Scalable architecture to cost effectively support growing demand • Distributed architecture allows servers operating in parallel • Java-based server applications run on Unix, Linux and Windows platforms CPTWG Jan. 2002

15

Macrovision’s Solution - MacroSafe

 No change to existing content authoring workflows • • • Separate authoring and publishing Author once for multiple distribution methods Pricing, usage rules and content package are independent CPTWG Jan. 2002

16

Macrovision’s Solution - MacroSafe

 Media agnostic – usable with any type of compression or file format • • • • Audio, Video, Software, Text, .pdf

MPEG-1, MPEG-2, MPEG-4 AAC, MP3, WMA, others Real, Microsoft, QuickTime CPTWG Jan. 2002

17

Macrovision’s Solution - MacroSafe

 Support for different means of distribution: • • Download, streaming, pre-packaged “Push” and “Pull” business models supported – Download or stream to a specific consumer – Datacast to a large audience • Peer-to-Peer super-distribution supported CPTWG Jan. 2002

18

Macrovision’s Solution - MacroSafe

 Support for flexible business models • • • • • • • • Rental Purchase Subscription Time restricted playback Number restricted playback PPV VOD Super Distribution CPTWG Jan. 2002

19

Macrovision’s Solution - MacroSafe

 Able to be migrated to other devices: STB, PVR, HMS • Complements CA and other copy management schemes • • Java-based client compatible with Windows, Linux and STBs running DVB-J Client’s skin can be easily customized for branding or specific applications • Rights definitions map into CCI states CPTWG Jan. 2002

20

Macrovision’s Solution - MacroSafe

 High Quality User Experience • • • Security is transparent to the user DVD-like video and audio quality and user controls Frame-based encryption enables trick-play of encrypted media • Java-based client compatible with – – – Win98, WinMe, WinNT, Win2K, WinXP Linux Mac OSX • • QoS feedback loop signals e-commerce system when media has been successfully transferred Supports “fair use” CPTWG Jan. 2002

21

Schedule

 • • Content Download to PC Client Customer Trials – 3Q2002 Production Release – 4Q2002  • • Streaming to PC Client Customer Trials – 4Q2002 Production Release – 1Q2003 CPTWG Jan. 2002

22

Summary - MacroSafe

 Highly secure, end-to-end solution  Seamless interface with existing e-Commerce infrastructures  Scalable architecture to cost effectively support growing demand  No change to existing content authoring workflows  Media agnostic – usable with any type of compression or file format  Support for different means of distribution  Support for flexible business models  Able to be ported to other devices: STBs, PVR, HMS  High quality user experience CPTWG Jan. 2002

23

For more information, contact: Kirby J. Kish Macrovision 408-743-8510 [email protected]

CPTWG Jan. 2002

24