Compliance and Robustness

Last updated

Compliance and Robustness, sometimes abbreviated as C&R, refers to the legal structure or regime underlying a Digital Rights Management (DRM) system. In many cases, the C&R regime for a given DRM is provided by the same company that sells the DRM solution. For example, RealNetworks Helix or Microsoft Windows Media DRM.

RealNetworks company

RealNetworks, Inc. is a provider of Internet streaming media delivery software and services based in Seattle, Washington, United States. The company also provides subscription-based online entertainment services and mobile entertainment and messaging services.

Microsoft U.S.-headquartered technology company

Microsoft Corporation (MS) is an American multinational technology company with headquarters in Redmond, Washington. It develops, manufactures, licenses, supports and sells computer software, consumer electronics, personal computers, and related services. Its best known software products are the Microsoft Windows line of operating systems, the Microsoft Office suite, and the Internet Explorer and Edge web browsers. Its flagship hardware products are the Xbox video game consoles and the Microsoft Surface lineup of touchscreen personal computers. As of 2016, it is the world's largest software maker by revenue, and one of the world's most valuable companies. The word "Microsoft" is a portmanteau of "microcomputer" and "software". Microsoft is ranked No. 30 in the 2018 Fortune 500 rankings of the largest United States corporations by total revenue.

Windows Media DRM or WMDRM, is a Digital Rights Management service for the Windows Media platform. It is designed to provide delivery of audio or video content over an IP network to a PC or other playback device in such a way that the distributor can control how that content is used.

Contents

However, for standardised DRM systems, it is fairly common for a separate body to be established to run the C&R regime.

Elements

C&R Body

The legal entity that establishes and maintains the regime. Usually this will be a joint venture or forum with representation from multiple companies, structured in such as way as to avoid accusations of antitrust violations. The nature of the business is that such bodies will generally be composed of manufacturers and content owners, with little or no direct representation from consumer advocates.

A Joint Venture (JV) is a business entity created by two or more parties, generally characterized by shared ownership, shared returns and risks, and shared governance. Companies typically pursue joint ventures for one of four reasons: to access a new market, particularly emerging markets; to gain scale efficiencies by combining assets and operations; to share risk for major investments or projects; or to access skills and capabilities.

Trust Model

The C&R body is responsible for ensuring a chain of trust, such that the original content provider is sufficiently satisfied that their content will remain adequately secure throughout all future links in the chain. This may include export of content from one DRM system to another.

To meet this requirement, it is normal that any device planning to receive DRMed content is required to validate that it meets the C&R requirements, and this is usually done using a device certificate of some kind. The issuance of such certificates is the stamp of approval for both the manufacturer and the device.

If two devices can verify that they both have trusted certificates, they can then reasonably expect that content passed between them will remain secure.

Compliance Rules

In many cases there will be gaps, ambiguities or options left open in a DRM technical specification. The C&R regime must clarify exactly how a compliant device is to behave in these cases. For example, a compliance rule may define which other types of interfaces are acceptable on a device, something that the technical specification itself will never do.

Robustness Rules

The most controversial aspect of C&R is the agreement on how to ensure that a device is sufficiently robust at resisting attacks. These rules may require that certain elements are implemented only in hardware, or run on secure CPUs, or that the code must not be available as open source. Manufacturers then have to satisfy the C&R body that they meet this requirement before they are granted access to the certificates needed to establish their products as trusted.

"Hook IP"

One particular trick that is often used is to include some patented technology, often as part of the trust establishment mechanism. This means that anyone wanting to implement the DRM in a way that will work with others is forced to license these patents. A condition of obtaining such a license is to follow the rules of the C&R regime itself. Thus a C&R body has a 20-year window to pursue legal measures against a "rogue" implementation on the grounds of patent violation, rather than having to rely on a DMCA-style regulation provided by the relevant government. The need to license hook IP patents also impacts anyone thinking of building a product covered by the GPL.

Patent set of exclusive rights granted by a sovereign state to an inventor or their assignee so that he has a temporary monopoly

A patent is a form of intellectual property. A patent gives its owner the right to exclude others from making, using, selling, and importing an invention for a limited period of time, usually twenty years. The patent rights are granted in exchange for an enabling public disclosure of the invention. In most countries patent rights fall under civil law and the patent holder needs to sue someone infringing the patent in order to enforce his or her rights. In some industries patents are an essential form of competitive advantage; in others they are irrelevant.

One well-known example of a system employing such Hook IP is the DVB Common Scrambling Algorithm DVB-CSA, which though standardised by ETSI, includes patented elements that are only licensed to approved Conditional access systems vendors who agree to maintain the secrecy and integrity of the algorithm in their chip designs.

ETSI nonprofit european standards organization

The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization in the telecommunications industry in Europe, headquartered in Sophia-Antipolis, France, with worldwide projection. ETSI produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, broadcast and internet technologies.

Conditional access or conditional access system is the protection of content by requiring certain criteria to be met before granting access to the content. The term is commonly used in relation to digital television systems.

Examples

OMA DRM is a digital rights management (DRM) system invented by the Open Mobile Alliance, whose members represent mobile phone manufacturers, mobile system manufacturers, mobile phone network operators, and information technology companies. DRM provides a way for content creators to set enforced limits on the use and duplication of their content by customers. The system is implemented on many recent phones. To date, two versions of OMA DRM have been released: OMA DRM 1.0 and OMA DRM 2.0.

Related Research Articles

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data sent over an internet protocol network. It is used in virtual private networks (VPNs).

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key inaccessible to the rest of the system.

An open standard is a standard that is publicly available and has various rights to use associated with it, and may also have various properties of how it was designed. There is no single definition and interpretations vary with usage.

A broadcast flag is a set of status bits sent in the data stream of a digital television program that indicates whether or not the data stream can be recorded, or if there are any restrictions on recorded content. Possible restrictions include the inability to save an unencrypted digital program to a hard disk or other non-volatile storage, inability to make secondary copies of recorded content, forceful reduction of quality when recording, and inability to skip over commercials.

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio & video content as it travels across connections. Types of connections include DisplayPort (DP), Digital Visual Interface (DVI), and High-Definition Multimedia Interface (HDMI), as well as less popular or now deprecated protocols like Gigabit Video Interface (GVIF) and Unified Display Interface (UDI).

The Open Mobile Alliance (OMA) is a standards body which develops open standards for the mobile phone industry. It is not a formal government-sponsored standards organization like the ITU, but a forum for industry stakeholders to agree on common specifications for products and services.

Digital Transmission Content Protection (DTCP) is a digital rights management (DRM) technology that restrict digital home technologies including DVD players and televisions by encrypting interconnections between devices. This permits the distribution of content through other devices such as personal computers or portable media players, if they also implement the DTCP standards. DTCP has also been referred to as "5C" content protection, a reference to the five companies that created DTCP; Hitachi, Intel, Matsushita, Sony, and Toshiba.

Content Protection for Recordable Media and Pre-Recorded Media (CPRM/CPPM) is a mechanism for controlling the copying, moving and deletion of digital media on a host device, such as a personal computer, or other player. It is a form of digital rights management (DRM) developed by The 4C Entity, LLC.

Common Interface

In Digital Video Broadcasting, the Common Interface is a technology which allows decryption of pay TV channels. Pay TV stations want to choose which encryption method to use. The Common Interface allows TV manufacturers to support many different pay TV stations, by allowing to plug in exchangeable conditional-access modules (CAM) for various encryption schemes.

The Broadcast Protection Discussion Group (BPDG) is a working group of content providers, television broadcasters, consumer electronics manufacturers, information technology companies, interested individuals and consumer activists. The group was formed specifically for the purpose of evaluating the suitability of the broadcast flag for preventing unauthorized redistribution and to determine whether there was substantial support for the broadcast flag. The group completed its mission with the release of the BPDG Report.

DVB Content Protection & Copy Management often abbreviated to DVB-CPCM or CPCM is a digital rights management standard being developed by the DVB Project. Its main application is interoperable rights management of European digital television, though other countries may also adopt the standard.

Downloadable Conditional Access System

Downloadable Conditional Access System or DCAS was a proposal advanced by CableLabs for secure software download of a specific Conditional Access client which controls digital rights management (DRM) into an OCAP-compliant host consumer media device. The National Cable & Telecommunications Association (NCTA) proposed that DCAS be used as a substitute for physical CableCARDs, a standard also created by CableLabs for which products began appearing in August 2004 as part of industry compliance to the FCC mandate, which in turn is pursuant to the Telecommunications Act of 1996. DCAS is growing in popularity as a less expensive alternative for CableCARD, with major North American operator deployments from Cablevision and Charter. DCAS deployments can be expected to grow in the coming years, thanks to favorable regulatory view from the STELA Reauthorization Act of 2014 and FCC appointing a Downloadable Security Technical Advisory Committee, and wider support for key ladder (K-LAD) functionality from system-on-chip (SoC) vendors and set-top box manufacturers.

ISO 13485Medical devices -- Quality management systems -- Requirements for regulatory purposes is an International Organization for Standardization (ISO) standard published for the first time in 1996; it represents the requirements for a comprehensive quality management system for the design and manufacture of medical devices. This standard supersedes earlier documents such as EN 46001 and EN 46002, the previously published ISO 13485, and ISO 13488. ISO 13485:2016 Certificates meets the requirement of IEC 60601-2-25 : 1993 + A1: 1999 safety of Electrocardiograms.


Teletext was introduced in the analogue television in the 80's, leading to a limited interaction with television sets to obtain information about things like the schedule and weather. But nowadays this concept goes even far away and a new and improved way of interaction with the user has been developed. The early private broadcasters, as Canal+, were the pioneers in adopting this new form and today are preceded by their digital formats.

A hardware restriction is content protection enforced by electronic components. The hardware restriction scheme may complement a digital rights management system implemented in software. Some examples of hardware restriction information appliances are video game consoles, smartphones, tablet computers, Macintosh computers and personal computers that implement secure boot.

Cinavia

Cinavia, originally called Verance Copy Management System for Audiovisual Content (VCMS/AV), is an analog watermarking and steganography system under development by Verance since 1999, and released in 2010. In conjunction with the existing Advanced Access Content System (AACS) digital rights management (DRM) inclusion of Cinavia watermarking detection support became mandatory for all consumer Blu-ray Disc players from 2012.

IEC 62455 is an International Electrotechnical Commission terminal specification standard, prepared by the IEC 100 Technical Committee (TC), for a service purchase and protection system for digital broadcasts. Its full title is Internet protocol (IP) and transport stream (TS) based service access. This 18Crypt technology aimed to compete the Open Security Framework (OSF) has never been successful in the market where less than 10 000 deployed devices were using it. On the opposite, the OSF aimed as an open approach enabling wider competition has been widely deployed in a large number of devices and re-used in many standards like in the USA or in China...

Sat-IP

SAT>IP specifies a IP-based Client-Server communication protocol for a TV gateway in which SAT>IP servers, connected to one or more DVB broadcast sources, send the program selected and requested by an SAT>IP client over an IP based local area network in either unicast for the one requesting client or multicast in one datastream for several SAT>IP clients.

A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a rich mobile operating system open and more functionality than a 'secure element' (SE).

References