drm-part
DESCRIPTION
drm notesTRANSCRIPT
![Page 1: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/1.jpg)
P2P and DRM Interoperability
![Page 2: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/2.jpg)
References P2P and Content Distribution, ISA 767, Secure Electronic Comm
erce Xinwen Zhang, [email protected] George Mason University (Some slides of this talk are provided by Dr. Songqing Chen from GMU)
DRM Interoperability in Networked Environments, David P. Maher and A. D. Poonegar, Intertrust Technologies Corporation March 2005
Security and DRM, Joseph Chou, Texas Instruments Unstructured Routing : Gnutella and Freenet, Presented
By Matthew, Nicolai, Paul
![Page 3: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/3.jpg)
Outline P2P Overview P2P systems P2P and DRM DRM Interoperability
![Page 4: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/4.jpg)
P2P Definitions A class of systems and applications that employ distributed reso
urces to perform a function in a decentralized manner. The resources encompass computing power, data (storage and content), network bandwidth, and presence (computers, human, and other resources) - by Milojicic et al.
Any network that does not have fixed clients and servers, but a number of peer nodes that function as both clients and servers to the other nodes on the network - wikipedia
![Page 5: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/5.jpg)
More Definitions the sharing of computer resources and services by dir
ect exchange between systems . - Intel P2P working group
SETI@home: the computers at the edge provide power and those in the middle of the network are there only to coordinate them - David Anderson 2002.
Clay Shirky of O’Reilly and Associate A class of applications that takes advantage of resources available
at the edges of the Internet. Because accessing these decentralized resources means operating in an environment of unstable connectivity and unpredictable IP addresses, P2P nodes must operate outside the DNS system and have significant or total autonomy from central servers
![Page 6: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/6.jpg)
P2P Definitions Sharing Contribution Incentive of sharing and contribution Collaboration As reported in June 2004, P2P traffic makes up 80% t
raffic on the Internet, in which the share of BitTorrent is 53%.
Others are eDonkey, Gnutella, FastTrack, etc.
![Page 7: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/7.jpg)
P2P is not new ARPANET, late 60’s Usenet
Since 1979 UUCP (Unix to Unix copy protocol), NNTP (network news transport protocol) Copies files between computers without central control At the beginning, only UNC and Duke Later, using news server and ISP’s server
DNS Mix of p2p and hierarchical model Early Internet: Hosts.txt includes a set of names and IP addresses and copie
d around the Internet periodically In 1983, DNS was developed for better scalability Hierarchical DNS names
Windows workgroups Network File system
![Page 8: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/8.jpg)
P2P in 21st century Napster music file sharing Powerful home computing resources High Bandwidth networking Negative views on P2P
Illegal copy on copyrighted materials Too much bandwidth consumption of existing
networks Too much uncontrolled/inaccurate/junk contents
![Page 9: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/9.jpg)
P2P Applications andFunctionality Distributed computing
SETI@home (compute-intensive), 1996 SETI: Search for Extraterrestrial Intelligence Using computing power of home PCs to search for radio signals
from extraterrestrial civilizations Data/content sharing
Napster, Gnutella, FreeNet, etc. Communication and collaboration
Instant Messaging (ICQ, AIM), discussion board (Groove), games (Dooms), VOIP (skype)
![Page 10: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/10.jpg)
1st generation of P2P networks Napster Gnutella Super Peer DHT
![Page 11: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/11.jpg)
Napster Example1. When a peer (Bob)
connects to Napster, it informs center server with its IP address and song titles
2. Alice queries for a song, then central server returns bob’s address
3. Alice request the song to bob and download a copy directly
![Page 12: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/12.jpg)
Hybrid P2P Many hybrid application of decentralized and
centralized systems Usenet (backbone or heavy-duty peers) DNS (built in hierarchy) ICQ (direct client-to-client communication with
backup of a server) Napster (decentralized file sharing with centralized
file directory) Dramatically reduced latency Better search engine Not for illegal objects distribution
![Page 13: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/13.jpg)
What is Gnutella? Gnutella is a fully decentralized peer-to-peer protocol f
or locating resources Standard, not a program. There are many implementa
tions of Gnutella (BearShare, LimeWire, Morpheus) Each node in a Gnutella network acts as both a
client and server
![Page 14: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/14.jpg)
What is Gnutella? Peer to Peer, decentralized model for file
sharing Any type of file can be shared Nodes are called “Servents”
![Page 15: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/15.jpg)
What do Servents do? Servents “know” about other Servents Act as interfaces through which users can
issue queries and view search results Communicate with other Servents by sending
“descriptors”
![Page 16: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/16.jpg)
Descriptors Each descriptor consists of a header and a body.
The header includes (among other things) A descriptor ID number A Time-To-Live number
The body includes: Port information IP addresses Query information Etc… depending on the descriptor
![Page 17: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/17.jpg)
Gnutella Descriptors Ping: Used to discover hosts on the network. Pong: Response to a Ping Query: Search the network for data QueryHit: Response to a Query. Provides
information used to download the file Push: Special descriptor used for sharing with
a firewalled servent
![Page 18: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/18.jpg)
Routing 1/2 Node forwards Ping and Query descriptors to
all nodes connected to it Except:
If descriptor’s TTL is decremented to 0 Descriptor has already been received before
Loop detection is done by storing Descriptor ID’s
Pong and QueryHit descriptors retrace the exact path of their respective Ping and Query descriptors
![Page 19: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/19.jpg)
Routing 2/2
A
C
BQuery
Query
QueryHit
Note: Ping works essentially the same way, except that a Pong is sent as the response
D
![Page 20: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/20.jpg)
Joining a Gnutella Network Servent connects to the network using
TCP/IP connection to another servent. Could connect to a friend or
acquaintance, or from a “Host-Cache”. Send a Ping descriptor to the network Hopefully, a number of Pongs are
received
![Page 21: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/21.jpg)
Querying Servent sends Query descriptor to nodes it is
connected to. Queried Servents check to see if they have
the file. If query match is found, a QueryHit is sent back to
querying node
![Page 22: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/22.jpg)
Downloading a File File data is never transferred over the Gnutella
network. Data transferred by direct connection Once a servent receives a QueryHit descriptor, it
may initiate the direct download of one of the files described by the descriptor’s Result Set.
The file download protocol is HTTP. Example:GET /get/<File Index>/<File Name>/ HTTP/1.0\r\nConnection: Keep-Alive\r\nRange: bytes=0-\r\nUser-Agent: Gnutella\r\n3
![Page 23: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/23.jpg)
Direct File Download
A
C
BQuery
Query
QueryHitTCP/IP
Connection
![Page 24: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/24.jpg)
Problems with Flood Query Scales poorly: Querying and Pinging generate a lot of
unnecessary traffic Example:
If TTL = 10 and each site contacts six other sites Up to 10^6 (approximately 1 million) messages could be generated. On a slow day, a GnutellaNet would have to move 2.4 gigabytes per second
in order to support numbers of users comparable to Napster. On a heavy day, 8 gigabytes per second (Ritter article)
Heavy messaging can result in poor performance
![Page 25: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/25.jpg)
Problems with Flood Query Traditional Gnutella flood query
has a number of problems Very large number of packets generated to fulfill
queries Most searches on Gnutella can be satisfied with a
search that visits fewer nodes Essentially, just a Breadth First Search (BFS) Some proposals attempt to address this with
alternate schemes for searching
![Page 26: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/26.jpg)
Alternatives to Flood Query Iterative Deepening Directed BFS Local Indices Random Walkers
![Page 27: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/27.jpg)
Issues Several alternatives (Local Indices, Iterative Deepenin
g) require a global policy to be understood by all nodes
Sharing information about file index (Local Indices) or even statistics (Directed BFS) leads to possible security risks
Most, require at least some modification to the servents
![Page 28: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/28.jpg)
Overall Simple Protocol Not a lot of overhead for routing Robustness?
No central point of failure However: A file is only available as long as the file-
provider is online.
Vulnerable to denial-of-service attacks
![Page 29: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/29.jpg)
P2P and DRM
![Page 30: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/30.jpg)
P2P P2P networks are good for distribution of
unprotected files. Uniformed copies obtained by different peers Difficult to define rights More difficult to enforce
>90% of files in P2P are unauthorized. Leveraging P2P for legal content distribution is
a new problem.
![Page 31: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/31.jpg)
Current Situations P2P networks are popular.
Mainly for unauthorized copies of IP Fighting between content
owners/manufactures/providers and P2P users/developers
Recent Supreme Court has ruled that developers can be held responsible for the copyright infringement that their P2P file sharing products allow.
![Page 32: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/32.jpg)
DRM Basic requirements of DRM:
Package, publish, and protect object content Expression of digital rights Authentication of user/devices and
Authorization to access/use the content Enforcement mechanisms
Client side Payment integration
![Page 33: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/33.jpg)
DRM Common Architecture
![Page 34: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/34.jpg)
P2P vs. DRM To IP owner:
P2P offers open invitations to copyright infringement and IP theft.
DRM is the way to protect their revenue on Internet.
To end users/consumers: P2P is the open functionality of the Internet,
and provides freedom of information era. DRM restricts user behaviors.
![Page 35: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/35.jpg)
P2P vs. DRM As a technical issue, P2P supports many new
business models with DRM P2P streaming Paid access with controlled sharing
iTunes
![Page 36: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/36.jpg)
P2P and DRM Integration of DRM into P2P network
Embracing the functionality of P2P Maintaining control over IP
Multiple vendors in value chain: P2P publisher, IP owner, license agent,
payment agent, etc.
![Page 37: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/37.jpg)
DRM Technology Features forP2P Networks (Rosenblatt) Reasonable usage support for users:
Use on any devices Space shifting
Interoperability of identity schemes for both users and devices
Format conversions or transcoding
![Page 38: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/38.jpg)
DRM Technology Features forP2P Networks (Rosenblatt) Lightweight superdistribution
User-defined business models and easy to implement
![Page 39: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/39.jpg)
DRM Technology Features forP2P Networks (Rosenblatt) Standards Support
Rights Expression Languages Define rights for peers
Network Identification Universal or interoperable identity schemes for users
and devices Windows Live ID (formerly .NET Passport) Liberty Alliance (Federated id)
Web Services Services for DRM schemes
authentication, payment, license, etc. Minimize cost and complexity for peers in P2P
![Page 40: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/40.jpg)
DRM Technology Features forP2P Networks (Rosenblatt) User Experience:
Installation of the DRM has to be seamless Use cross-platform technologies (Java, XML, etc)
Payment process should be integrated with ISP and other service providers.
E.g., cell phone SP Content usage track should respect user
privacy.
![Page 41: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/41.jpg)
Gaps in Existing DRM Cost-related functionality limitations Device Tethering
A content object only can be supported on a specific device.
Lack of superdistribution support Complexity of integration
![Page 42: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/42.jpg)
P2P Architecture for DRM Hybrid P2P
Decentralized content distribution Centralized management:
License, authentication, payment, etc.
![Page 43: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/43.jpg)
DigitalContainersHybrid P2PFile Trading
• All transactions tracked• No bottlenecks• DRM• E-commerce• Great use of resources
From Secure File Delivery System for Consumer and Enterprise Peer-to-Peer Networks, DigitalContainer Inc.
![Page 44: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/44.jpg)
What are Digital Containers?
DigitalContainers “wrap” files in a secure multimedia digital shell that can only be opened with a “key”.
Simple as a password Unique as an individual’s fingerprint (Biometric) Created and delivered in a patented process in which the container “talks” to r
emote authorization authorities Any combination of the above: Multi-Factor Authentication
The containers are tracked perpetually as their content is passed securely from person to person, with only authorized individuals being able to access the protected content.
Who, Why, Where, When, How Much? Credit/Debit/Phone card payments
![Page 45: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/45.jpg)
Basic Container Structure
![Page 46: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/46.jpg)
Basic P2P Business Model
![Page 47: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/47.jpg)
Basic P2P Business Model
Packager widely available and easy to use Content owners package digital goods in Digital
Container They register content, set price, and agree to payment
terms P2P network provider gets percentage Content owner gets percentage People get paid all along the value chain
![Page 48: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/48.jpg)
Sample P2P Integration Scheme
![Page 49: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/49.jpg)
External Control-based DRM Separated distribution of content and
meta information Control set (or rules, policies) are
distributed separated from content Service-oriented architecture for
authentication, control, payment, etc
![Page 50: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/50.jpg)
DRM and P2P Pure P2P networks:
trust management in P2P Web of trust Datta et al, “Beyond “web of trust”: Enabling P2p E-com
merce”, IEEE International Conf. on E-Commerce,2003. Reputation management in P2P
eBay
![Page 51: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/51.jpg)
DRM Interoperability
![Page 52: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/52.jpg)
Overview What is the DRM interoperability problem?
DRM systems work as closed domains Unsatisfactory consumer experience
Why should we care? Consumers will subscribe to illicit services, seeking a
better experience Approaches to a Solution
Coral’s approach: standardize interoperability NEMO technology Summary
![Page 53: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/53.jpg)
Security and DRM DRM is Based on Security Principals
Authentication (device, user, service) Key management, data encryption and
signature for data confidentiality and integrity
Secured delivery of premium content usage rights
Can be used for personal content protection DRM Interoperability is Needed PERM Interoperability Framework
![Page 54: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/54.jpg)
Issues with DRM System Diversity
Lack of a unified and open DRM system standard for PC, CE and mobile handheld devices for content interoperability
Current DRM system implementations are not interoperable
Diversity of smart card implementations Diversity of internet DRM system implementations Diversity of packaged media content protection
implementations Mismatches between different trust and protection
models Mismatches between rights expression languages Consumer devices cannot locate and connect to all
needed services/content
![Page 55: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/55.jpg)
DRM Interoperability Problem
DRM systems operate as closed domains or “silos”
Content is not portable outside silo – by design Consumer confusion and dismay
Consumers’ media needs are changing Home networks include CE, mobile, and PC-based
devices Different possible media gateways: Cable box, PC,
Mobile device Expect seamless play of acquired content on all
their devices Ripping and P2P networks offer content
portability and ease of use
![Page 56: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/56.jpg)
Limited Consumer Experience
Consumers expect to use content on any oftheir devices. They are dissatisfied when their content is not portable because of DRM.
![Page 57: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/57.jpg)
Why DRM interoperability? Intuitive Anytime, anywhere consumer
experience with licensed content Reduces dependency on a single
technology silo Anticipates further convergence between
CE, mobile, and PC platforms Future-proof business models Illegal P2P content distribution networks
already offer it
![Page 58: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/58.jpg)
Possible Customer Experience
Technology exists to allow consumers to usetheir DRM-protected content seamlessly,whenever and wherever they want.
![Page 59: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/59.jpg)
Alternate Approaches Allow a de facto standard to evolve
Value chain participants can be at the mercy of a single technology provider
Standardize a universal end-to-end DRM system Unfeasible to address requirements of entire
value chain from CE, mobile, and PC markets in a single system
Standardize a DRM-neutral interoperability architecture
![Page 60: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/60.jpg)
Diversity of Security, ContentProtection/DRM Implementations
Pre-recorded/Recordable content (DVD, DVD-Audio) CSS (Prerecorded DVD) CPPM (Prerecorded Audio) CPRM (Recordable Audio/Video)
Internet streaming audio/video content Various DRMs
WM DRM 10, Fairplay, Real, Open Magic Gate, OMA, SDMI and etc. Broadcast content
Smart Card DRMs DigiCipher, Cable Card ITU-T SG9, DVB-CSA, DirectTV, Multi-2, NDS (ICAM), Irdeto, Nagr
a, DVB Content Protection and Copy Management (CPCM) and many others. Between media client and TV/display
HDCP (HDMI/DVI) DTCP/1394/USB (1394/USB) Macrovision (analog TV)
![Page 61: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/61.jpg)
Rationales of DRM InteroperabilityFramework
Users are able to locate and connect to the content services that they need
A security protocol can be used to protect personal contents or clear contents from the original content owners
An open DRM interoperability standard accelerates content consumption in the home network and propels device volume growth and thus benefits the consumers, the content owners and the device manufacturers
![Page 62: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/62.jpg)
DRM Interoperability
![Page 63: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/63.jpg)
Coral Approach Unite consumer media value chain participants
Include content owners, device makers, technology and service providers
Create open standards for interoperability between consumer DRMs
Avoid changes in current DRM systems Define roles, services, interfaces, and tools to bridge betwe
en incompatible systems Develop a compliance infrastructure
Develop program to certify that solutions comply with architecture and ecosystem specifications
Content providers publish to Coral usage models Ecosystem matches usage model to a device DRM
![Page 64: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/64.jpg)
Decomposition of DRM Components and Services
Content packaging Licenses, Rules and their management Identity management for individuals, groups, other
entities Policy management for services Offer management Fraud management Key and token management Security components and methods
Secure packaging Secure transport, storage Secure execution and process isolation
Different components and services can be offered by different expert providers
![Page 65: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/65.jpg)
Decomposition into functional Tiers
Asset Management and Content Origination
Bundling and Distribution Services
Home and Enterprise Gateways
Devices and Personal Networks
![Page 66: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/66.jpg)
Coral Architecture Specification
Consists of three layers Roles
Describe functionality and behavior Act as a hook for compliance
Interfaces between roles Provide interoperable messaging
Nodes Group roles together in a secure deployment container
Nodes and roles are certified for secure, trusted, policy-managed communications across implementations
Works online and offline Application of NEMO, Intertrust’s reference technolog
y for DRM interoperability
![Page 67: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/67.jpg)
NEMO Technology Stands for: Networked Environment for
Media Orchestration Service-oriented architecture Framework for building distributed
applications that include: Security Trust management Policy management
![Page 68: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/68.jpg)
How Coral uses NEMO Uses NEMO framework to define services
such as: Rights mediation: maps usage models
between DRM systems Principal identity provider: maps usage
identities between DRM systems Rights registry: used to implement rights
locker-type services These and other services form the
foundation of an interoperability layer
![Page 69: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/69.jpg)
How NEMO works
![Page 70: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/70.jpg)
Possible Scenarios Online Scenario
both content and licenses are acquired online
Offline Scenario content and licenses are transformed locally
Hybrid Scenario licenses are acquired from an online service content is transformed locally
![Page 71: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/71.jpg)
Online Scenario
![Page 72: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/72.jpg)
Offline Scenario
![Page 73: drm-part](https://reader036.vdocuments.mx/reader036/viewer/2022062522/577cc0ad1a28aba71190c2bd/html5/thumbnails/73.jpg)
Hybrid Scenario