new one drm to rule them all - cosic · 2008. 6. 4. · one drm to rule them all ecrypt 2008...
TRANSCRIPT
© 2007 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
One DRM to Rule them AllECRYPT 2008
Antwerp, May 28, 2008
Ton KalkerDistinguished TechnologistHewlett-Packard Laboratories, Palo Alto
CRAP
Executive Summary – Goal of the Talk
•Create a better understanding of the concept of Digital Rights Management, •What interoperability problems arise from the use of DRM,•How these problems can be solved using interoperability frameworks•Who is playing
Introduction
Yesterday• Multimedia Content
− Audio− Images / Video− (Games) /(Software)− (Documents)
• Good Old Days (from a content owner’s perspective)− Content inherently bound to physical world
• Artist• Radio / Television• Vinyl Record / Audio Cassette / VHS• (CD / DVD)
• Good New Days (from a end-user perspective)− Content Is virtual (just bits)− Easy transportation (Internet)− Easy handling (rendering / editing / copying / sampling / … )
Birth of Digital Rights Management
NAPSTER
Digital Rights Management• DRM
−Technical measures used to protect (digital) content in digital media devices and services
−Control for the operator of DRM protected content
−Restrictions for the user of DRM protected content
Friction• Content Owner Priorities
− Make me happy• Be profitable
− Make consumer happy• Consumer Priorities
− Make me happy• Watch movie
− Pay the bill• Points of disagreement
− Fair use• First sale doctrine / personal copy / ….
− Price / performance settings• From $0 to $xxx
− Transaction models• Leasing or Buying
Legal Consequences
• Audio Home Recording Act (AHRA)− http://en.wikipedia.org/wiki/Audio_Home_Recording_Act
• Digital Millennium Copyright Act (DMCA)− http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act
How it works• Modern DRM Systems−Content Encryption
• symmetric encryption (AES)• fast• static
−Content Key delivered in separate package• License, Rights Object, …• Content Key + Usage Rules
−Triggers• Separating purchase and delivery
How it works
WebBrowser
DRMClient SDK
ProtectedLicense DB
Client
Server
WebServer
TransactionDB
WebApplication
Server
ApplicationLogic
DRMLicense Server
Browse
Record
Trigger
Trigger
Trigger
Authorize?
Check Request
License
License
License
License
How it worksContent
Issuer
Rights
Issuer
1. Browse to website and download protected content
4. Deliver protected
rights object
3. Purchase “rights”and establish trust
2. Transfer content Encryption key
5. Super-distribute content to a friend
6. Establish trust; purchase and deliver rights object
Share content within your domain
George’s devices
Sarah’s
phone
Unconnected
Devices
What it does• Control access to and use of digital content− enforcement of copyright
• Enable new business models−Traditional
• Buy to own• Rent until
−New• Play once• Play on maximal 5 devices• …
Interoperability
The Multitude
FairPlay
OMA
MarlinHelix
Play4Sure
Zune
PlayReady
The Multitude
FairPlay
OMA
MarlinHelix
Play4Sure
Zune
PlayReady
Media
Crypto
• AES, SHA, DSS, …
Rights
• XrML, ODRL, …
Keys
• Certificate Authority, …Formats
• AAC, WM, AVC, …
Identifiers
• Users, devices, domains, …
TrustRobustness
• TPM, obfuscation, …
Why Non-Interoperability is Bad• Consumers are put off by content and services that do
not work with all of their devices• Device Makers must choose to either integrate a single
DRM technology and thereby limit the flexibility of their devices or implement multiple DRM technologies adding to the cost of their devices.
• Distributors must choose DRM systems supported by popular devices, limiting their ability to address a broader set of consumers with different devices
• Content Providers see a smaller addressable market due to the fragmented nature of the downstream value chain.
Bricks and Builders• Digital Rights Management−Tools to enforce copyright and enable business models
• Devices & Applications• Service Providers
• Service Providers−Builders of the ecosystem−Providing the experience−Using the tools
Learn to speak 15+ languages
Agree upon a common language
Provide for translation services
Four approaches to Interoperability• Simultaneously deploy all DRM standards• Agree upon a standard DRM−Which one?−Who is in control?−Does not solve the business issues!
• Bi-lateral agreements−Does not scale well!−Difficult to retain consistency
• Interoperability Framework−Coral
Coral Mission Statement• Cross-industry group (including HP) formed to promote
interoperability between digital rights management (DRM) technologies in the consumer media market.
• The mission statement of Coral is to create a common technology framework for content, device, and service providers, regardless of the DRM technologies they use. This open technology framework will enable a simple and consistent digital entertainment experience for consumers.
• Sub-mission: without the need to modify existing DRM systems
• http://www.coral-interop.org
Status• Specs are ready at version 4.1− Ingredients
• Data structures• Roles• Interfaces• Communication protocol• Trust
−Partitioning• Core – base layer for any eco-system• Domain tool kit – common components for domain based eco-
systems
Basic Idea• Decouple the proof of purchase and its encoding
a DRM license
• Provide a standard DRM independent method for encoding a proof of purchase−Rights Token
• Provide for native DRM license generation authorized by Rights Tokens
NowPurchase
License
Content
License
Content
ThenPurchase
License
Content
License
Content
RightsToken
Coral Rights Object: Rights Token• A Rights Token is a
standardized DRM-independent data structure (P,C,U) that asserts that principal P is allowed to access content resource C under the usage model specified by U.− P : e.g. “device A”− C : e.g. “V for Vendetta”− U : e.g. “play once”
<xsd:complexType name="rights-token-type"><xsd:sequence>
<xsd:element ref="manager"/><xsd:element ref="principal-identifier"><xsd:element ref="resource-identifier"/><xsd:element ref="usage-model"/>
</xsd:sequence><xsd:attribute name="valid-until“
type="xsd:dateTime“use="optional"/>
</xsd:complexType>
How it works
WebBrowser
DRMClient SDK
ProtectedLicense DB
Client
Server
WebServer
TransactionDB
WebApplication
Server
ApplicationLogic
DRMLicense Server
Browse
Record
Trigger
Trigger
Trigger
Authorize?
Check Request
License
License
License
License
Coral Content Delivery
WebBrowser
WebServer
TransactionDB
Browse
Record
Rights Registry
Coral Interoperability
Protected Content Delivery
WebBrowser
DRMClient SDK
ProtectedLicense DB
Client
Server
WebServer
TransactionDB
WebApplication
Server
ApplicationLogic
DRMLicense Server
Trigger
Trigger
Trigger
Authorize?
Check Request
License
License
License
License
Rights Registry
Rights Instantiator
Coral
DLNA Content Protection Subgroup
DLNA• DLNA = Digital Living Network Alliance
− http://www.dlna.org• Standardization/profiling of in-home networks• uPnP• Copy Protection subgroup
− Already defined: link protection for streaming content• DTCP-IP (Intel)• Cardea (Microsoft)
− In progress: DRM interoperability• Domain-based
• Coral submission
35
DRM Interoperability: Initial State• Home digital media server can store content regardless of underlying DRM technology
• Device 1 is a digital media server (DMS) and stores “Battlestar Galactica” usable by Marlin DRM.
• The Device 2 is a portable combi device embedding a mobile digital media server (M-DMS) and supporting OMA DRM.
• User has established a domain MyDomain. Device 1 is a member of MyDomain.
• The Rights Locker and Domain Manager are on-line services
• Ecosystem A’s DRM-whitelist includes OMA, WMDRM, Marlin
MyDomainDevice 2 (OMA) – M-DMSDevice 1 (Marlin) - DMS
“BSG” Content + License
RT{BSG, MyDomain, own} Marlin
CDS
36
Device 2 gets BSG through re-acquisition
MyDomain
OMA
Server
Ecosystem A Marlin
ServerRights Locker Domain Manager
O M
2
2. Device 2 joins MyDomain
3
3. Device 2 joins native OMA domain
4
4. Request OMA version of BSG from RL
This step will fail if OMA is not on the DRM Whitelist
8
1
1. Discover BSG on MyDomain
Device 1 (Marlin) - DMS
“BSG” Content + License
RT{BSG, MyDomain, own} Marlin
CDS
Location of Domain Manager and Rights Locker is indicated in the RT
Device 2 (OMA) – M-DMS
5
5. RL checks if device 2 is member of MyDomain
6
6. Return OMA ROAP trigger for OMA Combined Delivery of BSG
7
7. Get license and content based on trigger8. Update CDS on the device 2
“BSG” Content + License
RT{BSG, MyDomain, own} OMA
CDS
Example of Device 1 CDS Object with Coral Information
<DIDL-Lite xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:upnp="urn:schemas-upnp-org:metadata-1-0/upnp/"
xmlns:coral="http://www.coral-interop.org/arch/core/4-1"
xmlns="urn:schemas-upnp-org:metadata-1-0/DIDL-Lite/">
<item id="AV_Item_00001" parentID="0" restricted="false">
<dc:title>BSG</dc:title>
<upnp:class>object.item.videoItem</upnp:class>
<coral:rights-token>Coral rights token XML is embedded here</coral:rights-token>
<res protocolInfo="http-get:*:application/vnd.coral.drm-system-identifier Marlin;
CONTENTFORMAT=video/vnd.mpeg-tts:DLNA.ORG_PN=MPEG_TS_HD_NA;
DLNA.ORG_OP=10;DLNA.ORG_FLAGS=01100000000000000000000000000000"
duration="2:05:03">
http://192.168.1.1/res_mpeg?id=123
</res>
</item>
</DIDL-Lite>
Coral and DLNA• Taking care of plumbing issues−Extending the uPnP stack
• Provides tools to service providers−Applicable beyond Coral
• Business aspects are not part of the equation−Outside of DLNA scope (for many reasons)
Final NoteAn interoperable video download ecosystem
Coral Architecture• Coral Core−Building blocks
• Ecosystems−Actual Interoperable Environments
The Open Market Media Product
Usage Model Copy Never
Format MPEG2
DRM CSS
Business Models Sell-Thru, Rental, Subscr.
Usage Model Domain
Formats Multiple
DRMs Multiple
Business Models Sell-Thru, Rental, Subscr.
Confidential
Who We Are
Digital Entertainment
Content Ecosystem (DECE) LLC
Summary• Have shown−Basic principles of modern DRM systems−How a fractured universe of DRM technologies stands
in the way of ease-of-use of download content−Have indicated how separation of authorization
(RightsToken) and fulfillment (native DRM license) might help to alleviate the problem
• Introduced the players−Coral−DLNA−OpenMarket
Thank you for your attention