Not only Safebut Competitive

Presentation toCopy Protection Technical Working Group

October 22, 2003

Far East Engineering Corp, Tokyo JapanMakoto Saito/Rie Saito

DRM

CA

CSS

SecureExport

DTCP

CPRM

IntelLaGrande

MicrosoftNGSCB

ARMTrustZone

HDCP

CPPM

Protectionat the SourceEncryptionMethods

Establishment of a Protected

Digital Domainthrough

Link ProtectionTechnologies

Consumer PlatformPC, DTV, Mobile, etc…

Content Protection Technologies

Others

~Industry Efforts Today and Tomorrow~

Local Reference Monitor

Key Server Externally Controlling

Reference Monitor

Internet

Home Network

Decryption RE-Encryption(Rights Enforcement Encryption)

Encrypted Content Input Encrypted Content Output

The Decryption and RE-Encryption Operations

are accomplished entirely within the secure

environment i.e. hardware such as chipset.

The Principle of Content Protection

Cipher Key(K1) Cipher Key(K2)

1. Passive Key ChainModel

2. Hybrid Key ChainModel

3. Active Key ChainModel

PlatformLocal Key

Key Server

Three Modelsof Content Protection

PlatformLocal key External Key

Policy on Content Protection under Content Owner Control

Reference Monitor is defined as software that lets a content owner set specific policies for determining how the content

is usedReference

Monitor

Active KeyContent

Protection

Passive KeyContent

Protection

How to make Digital Content Safe and Flexible ?

Hybrid KeyContent

Protection

Local Key built-in

Consumer Platform

External Key from Remote

Key Server

A Combination of Local Key and

External Key

ReferenceMonitor

Active KeyContent

Protection

Passive KeyContent

Protection

How to embed “Competitive- Advantage” in Policy ?

User Choice

User Choice

User Choice

Hybrid KeyContent

Protection

Policy on User Choice under Content Owner ControlCompetition would drive consumers to buy products from companies who allowed more freedom of use with their

contente.g. Digital First Sale, Digital Gift, Time-Shift, Space-Shift, Backup-Copy,

Editing, etc…

ReferenceMonitor

Content RightsEnforcementEncryption

(RE-Encryption)

Fair-Use RightsEnforcementDecryption

(RE-Decryption)

How to realizethe “Balance” in Policy ?Using RE-Encryption and RE-Decryption

for Policy EnforcementRE-Encryption is Content Protection

and RE-Decryption is Fair-Use Execution as User Choice

i ≧ 2C : Cipher textM : plaintext MaterialK : KeyE : Encryption operationD : Decryption operationEncryption and Decryption normally utilize symmetric ciphers, meaning that E and D are equivalent　

　

Ｃ 1 ＝Ｅ（Ｍ，Ｋ 1 ） : Encryption for Digital Content Distribution

Ｍ＝Ｄ（Ｃ 1 ，Ｋ 1 ） : Decryption for Pay per Use Ｃ i ＝Ｅ（Ｄ（Ｃ i-1 ，Ｋ i-1 ），Ｋ i ） : RE-Encryption for Content Protection

Ｍ＝Ｄ（Ｃ i ，Ｋ i ） : RE-Decryption for Fair-Use Execution as User Choice

Equations of the “Balance”

ReferenceMonitor

UserChoice

Pay perUse

UserChoice

Pay perUse

Active KeyContent

Protection

Passive KeyContent

ProtectionDecryptionDecryption

RightsEnforcementEncryption

Scope of Implementation~Enforcement of whatever Policy there is~

RightsEnforcementEncryption

RightsEnforcementDecryption

RightsEnforcementDecryption

Decryption

Hybrid KeyContent

Protection

Our Feedbackto Intel LT Policy Team

Apps

StandardOS

Standard Hardware

LaGrande TechnologyProtected Hardware

ReferenceMonitor

CPU 　　 Chip Set

LPCAGPUSBPCI

User Mode

Kernel Mode

LaGrande Technology

Adherence to Intel LT Policies ~Online Connection with Key Server~

Protected Channels

Kernel to Kernel (Ring 0)

Idea No.1

OS

ProtectedKernel

（ Filter Driver)

　　　　

Idea No.2

System is ready

Key Server

Extension of TPM/SSC Active Key & Passive Key

Enforcing Decryption

/Encryption

Policy

Enforcement Enforcement

Policy

Standard Reference Monitor

DecisionRemote DecisionSeparation of

Policy and Enforcement

Key Server based onReference Monitor Concept

External Reference Monitor

Local Reference Monitor

Billing and TraceabilityWho Accessed, Which Data,

When and Where ?

Externally ControlledContent Migration

DigitalContents

Pay per Use∞ Key Sever

K1/K2

Transfer(K2)

K2/K3

Transfer(K3)

Transfer(K4)

K3/K4

K4/K5

K1 (K1)

CopyrightsManagement

Unit

CopyrightsManagement

Unit

Fair-useManagement

Unit

Fair-useManagement

Unit

AuthenticationManagement

Unit

AuthenticationManagement

Unit

How Key Server works

Key Generation

Unit

Key Generation

Unit

　 User Choice1. Digital First Sale2. Digital Gift3. Time-Shift4. Space-Shift6. Backup-Copy7. Editing8. If any

RE-Decryption Keyfor User Choice

RE-Encryption Keyfor Content Protection

Decryption Keyfor Pay per Use

Policy on User Choiceunder Content Owner Control

Policy on Content Protectionunder Content Owner Control

Key Server

Decryption Key for Pay per Use

Consumer Platform

Fair-Use Execution Domain

for Consumer

RE-Encryption Key for Content Protection

Encrypted Content Input Encrypted Content Output

RE-Decryption Keyfor User Choice

Content ProtectionDomain

for Content Owner

Enforcement

The Goal of Key Server Model

For further informationURL : www.h4.dion.ne.jp/~drm e-mail : drm-saito@k3.dion.ne.jp

Thank you

Appendix : Passive Key Chain Model

Encrypted Content

Migration

PlatformLocal Key

Decryption

for Pay per Use

RE-Encryption

for Copyright Protection

RE-Encryption

for Copyright Protection

RE-Decryption

for Fair-Use Execution as User Choice

DigitalContents

Key Server

Appendix : Hybrid Key Chain Model

Key1

K1

K2

Encrypted Content Migration

K2

PlatformLocal Key

DigitalContents

Decryption

for Pay per Use

RE-Encryption

for Copyright Protection

RE-Encryption

for Copyright Protection

RE-Decryption

for Fair-Use Execution as User Choice

Encrypted Content

Key1 Key Server

Migration

K1 K2 K3

Appendix : Active Key Chain Model

K2 K3

Decryption

for Pay per Use

RE-Encryption

for Copyright Protection

RE-Decryption

for Fair-UseExecution as User Choice

RE-Encryption

for CopyrightProtection

DigitalContent

s

Appendix : Case Study of Digital Paradox

Content Owner’s QuestionHow to get rid of consumer’s copy after they resell the content to someone else via Internet ?

Consumer’s QuestionConsumers can resell CDs purchased in a music shop, but what about digital music files downloaded from an online store ?

Service Provider’s QuestionDigital content services that develop techniques for easily reselling and transferring contents as gifts would have a competitive advantage over those of rivals.Are such techniques now available ?

There are two solutions to achieve data migration.One is decrypting data temporarily on migration and the other is encrypting data on migration.

Temporary decryption is more suitable for data migration without raising fears of remote-controlled PCs.But piracy is possible in this case, so content owners rarely allow consumers temporary decryption.

Though migration of encrypted data needs to be controlled externally by remote Key Server, there is no fear of piracy. This means it’s easy for content owners to allowconsumers more freedom of use with their contents.

Appendix : Data Migration Issues

to be discussed

TV

DVD Player

Mobile PhonePC

Car

Appendix : Key for Digital Economy~You can get the Key anytime and anywhere~

Distributed Key Server

Network

Copyrighted Content Migration

New Infrastructure balancing Consumer Rights with Creator Rights

Creator Society

How to protect bothDigital Copyrights

andFair-Use Rights

at the same time

How to protect bothDigital Copyrights

andFair-Use Rights

at the same time

Content ProtectionPatents

(RE-Encryption)

Fair-Use ExecutionPatents

(RE-Decryption)

Key ServerPatents

(Externally Controlling Reference Monitor)

Appendix : Patent Information

Other Patents (Watermarking and etc….)

The End