240 likes | 361 Views
MacroSafe TM System A Solution for Secure Digital Media Distribution Presentation to the CPTWG Jan. 15, 2002. Problem Statement.
E N D
MacroSafeTM SystemA Solution for Secure Digital Media DistributionPresentation to the CPTWGJan. 15, 2002
Problem Statement • The lack of a highly secure, flexible and easy to use system to protect, consume and distribute high value content via the Internet is one factor that has limited the distribution of high value content and the associated revenue opportunities
Customer Requirements • Highly secure, end-to-end solution • Seamless interface with existing e-Commerce infrastructures • Scalable architecture to cost effectively support growing demand • No change to existing content authoring workflows • Media agnostic – usable with any type of compression or file format • Support for different means of distribution • Support for flexible business models • Able to be ported to other devices: STBs, PVR, HMS • High quality user experience
Macrovision’s Strategy • Leverage its “best in class” security technologies and products to develop a highly secure, end-to-end solution • Analog Copy Protection • Customers: Content Owners, HW Man., IC Man. • Technology: Patented, analog-centric • SafeWrap/SafeCast/SafeDisc consumer software copy protection and DRM • Customers: Microsoft, EA, Digital River, Borland • Technology: Tamper Hardening, Tamper Evidence, DRM • Flexlm, GTlicensing business software license management • Customers: Sun, Cadence, SGI, AutoDesk, ReleaseNow • Technology: License Generation, DRM • SafeAudio audio CD copy protection • Currently in trials
Macrovision’s Strategy (cont.) • Acquire new technology • Investments in companies • Digimarc - watermarking • NTRU - encryption • RioPort – media distribution • Command Audio – media distribution • Widevine – encryption and tamper evidence • iVAST – MPEG-4 and media distribution • Digital Fountain – media distribution • Purchase IP and patents • AudioSoft • MediaDNA • Others
MacroSafe System Architecture Analog Copy Protection Analog Video Out Digital Copy Protection Digital Video Out
MacroSafe System Architecture Analog Copy Protection Analog Video Out Digital Copy Protection Digital Video Out
Server-Side Components • Publisher • Rights and encryption strategy defined • IPMP placeholders added to content stream • During encryption, the placeholders are replaced with encrypted “content decryption keys” • Metafile generated • Cypher Service • 192-bit, AES encryption • Content is encrypted before being stored in the content repository • Manages the Key Escrow • Content Repository • Series of one or more network disk volumes • Stores encrypted content and metafile
Server-Side Components (cont.) • DRM Server • Slave to the E-commerce system, but master to the DRM system • Coordinates all activities in the DRM system • Controls key generation, content encryption, content and certificate delivery • Streaming Server • Streams encrypted content to the client • Download Server • Transfers encrypted content files to the client
Client Components • DRM Validation • Determines if the client has the rights to do the requested action, with the selected content • Compares the requested action vs. the rights given to the client in the certificates stored in the Secured Registry • Decryption Engine • Decrypts content keys • Decrypts content using decrypted content keys and enables viewing of content by authorized users • DRM Control • Manages and controls all access to the Secured Registry
Client Components (cont.) • Secured Registry • A secure container to store: • Component Signatures used to detect tampering • Client’s certificates (ie. the user’s rights) • Locked to a specific computer • The only access to the Secured Registry is by using trust authenticated controls • Quality of Service • Validates that content has been received so that the E-Commerce system can complete the payment transaction
Macrovision’s Solution - MacroSafe • Highly secure, end-to-end solution • Frame-based deep encryption, 192-bit AES • Multi-layer encryption, similar to CA • Content key • License key • Signing and authentication • Ability to revoke compromised clients • Client to Server communication uses signatures for authentication
Macrovision’s Solution - MacroSafe • Highly secure, end-to-end solution (cont.) • Multiple layers of client security • Tamper Hardening – obfuscation, debugger detection, encryption, etc. • Tamper Evidence – Module signatures compared to signatures stored in Secure Registry • Tamper Detection – Self-revocation if tampering is detected, requiring renewal • Secure registry – contains module signatures and certificates • Trust authentication - During runtime, module-to-module communication checked for man-in-the-middles attacks • Client locked to a specific computer • Continuous security updates to code
Macrovision’s Solution - MacroSafe • Seamless interface with existing e-Commerce infrastructures • MacroSafe is a subsystem to the e-commerce system or SMS • Interfaces to e-commerce using industry standards • SOAP, RMI, TCP/IP, CORBA • Certificates generated using industry standards • XML, XrML, XMCL, ORDL
Macrovision’s Solution - MacroSafe • Scalable architecture to cost effectively support growing demand • Distributed architecture allows servers operating in parallel • Java-based server applications run on Unix, Linux and Windows platforms
Macrovision’s Solution - MacroSafe • No change to existing content authoring workflows • Separate authoring and publishing • Author once for multiple distribution methods • Pricing, usage rules and content package are independent
Macrovision’s Solution - MacroSafe • Media agnostic – usable with any type of compression or file format • Audio, Video, Software, Text, .pdf • MPEG-1, MPEG-2, MPEG-4 • AAC, MP3, WMA, others • Real, Microsoft, QuickTime
Macrovision’s Solution - MacroSafe • Support for different means of distribution: • Download, streaming, pre-packaged • “Push” and “Pull” business models supported • Download or stream to a specific consumer • Datacast to a large audience • Peer-to-Peer super-distribution supported
Macrovision’s Solution - MacroSafe • Support for flexible business models • Rental • Purchase • Subscription • Time restricted playback • Number restricted playback • PPV • VOD • Super Distribution
Macrovision’s Solution - MacroSafe • Able to be migrated to other devices: STB, PVR, HMS • Complements CA and other copy management schemes • Java-based client compatible with Windows, Linux and STBs running DVB-J • Client’s skin can be easily customized for branding or specific applications • Rights definitions map into CCI states
Macrovision’s Solution - MacroSafe • High Quality User Experience • Security is transparent to the user • DVD-like video and audio quality and user controls • Frame-based encryption enables trick-play of encrypted media • Java-based client compatible with • Win98, WinMe, WinNT, Win2K, WinXP • Linux • Mac OSX • QoS feedback loop signals e-commerce system when media has been successfully transferred • Supports “fair use”
Schedule • Content Download to PC Client • Customer Trials – 3Q2002 • Production Release – 4Q2002 • Streaming to PC Client • Customer Trials – 4Q2002 • Production Release – 1Q2003
Summary - MacroSafe • Highly secure, end-to-end solution • Seamless interface with existing e-Commerce infrastructures • Scalable architecture to cost effectively support growing demand • No change to existing content authoring workflows • Media agnostic – usable with any type of compression or file format • Support for different means of distribution • Support for flexible business models • Able to be ported to other devices: STBs, PVR, HMS • High quality user experience
For more information, contact: • Kirby J. Kish Macrovision 408-743-8510 kkish@macrovision.com