A Content Protection Scheme Using MPEG-21 Concepts and Tools

A Content Protection Scheme A Content Protection Scheme Using MPEG-21 Concepts and Using MPEG-21 Concepts and

ToolsToolsChia-Hsien Lu Chia-Hsien Lu

Feng-Cheng ChangFeng-Cheng ChangHsueh-Ming HangHsueh-Ming Hang

Dept. Electronics EngineeringDept. Electronics EngineeringNational Chiao Tung UniversityNational Chiao Tung University

Hsinchu, Taiwan, R.O.C.Hsinchu, Taiwan, R.O.C.

C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU2

OutlineOutline

GoalsGoals OverviewOverview Design and ImplementationDesign and Implementation Application ExampleApplication Example ConclusionsConclusions DemonstrationDemonstration


GoalsGoals

A DRM SystemA DRM System Integrate concepts ofIntegrate concepts of

MPEG-21 IPMPMPEG-21 IPMP MPEG-21 RELMPEG-21 REL

Implement usingImplement using MPEG-4 IPMPXMPEG-4 IPMPX MPEG-21 Test BedMPEG-21 Test Bed


Fundamental ConceptsFundamental Concepts

MPEG-21MPEG-21 Digital Item (DI)Digital Item (DI) Part 2Part 2

Digital Item Declaration (DID)Digital Item Declaration (DID) Digital Item Declaration Language (DIDL)Digital Item Declaration Language (DIDL)

Part 4Part 4 Intellectual Property Management and Protection (IPMP)Intellectual Property Management and Protection (IPMP) IPMP DIDLIPMP DIDL

Part 5Part 5 Rights Expression Language (REL)Rights Expression Language (REL)


MPEG-21 Part-4 IPMPMPEG-21 Part-4 IPMP

Goals of MPEG-21 IPMP:Goals of MPEG-21 IPMP: Effective protection and management on DIEffective protection and management on DI

ss Protect a specific part of the DI by encapsulProtect a specific part of the DI by encapsul

ating it in IPMP DIDLating it in IPMP DIDL Element interchangeability:Element interchangeability:

DIDL IPMP DIDL

<Container> <Item> … </Item></Container>

<Container> <ipmpdidl:Item> … </ipmpdidl:Item></Container>


MPEG-21 Part-5 RELMPEG-21 Part-5 REL

An XML-based rights expression An XML-based rights expression languagelanguage

Declare an authorized distribution for Declare an authorized distribution for the use of any resource owned by the use of any resource owned by specific usersspecific users

Characteristics:Characteristics: Comprehensive Data ModelComprehensive Data Model Precise Authorization ModelPrecise Authorization Model Extensible Extension and flexible ProfilingExtensible Extension and flexible Profiling


REL LicenseREL License

General semantics of a license:General semantics of a license: An identified principal has specific rights An identified principal has specific rights

for exercising those resources under the for exercising those resources under the terms and conditions. terms and conditions.

license grant

Johnplaywifi_audio.aacduring June 2006

issuerMusic Station

license

grant issuer

principal right resource condition

0 .. 1 0 .. 1 0 .. 1

0 .. ∞ 0 .. ∞


MPEG-4 IPMPXMPEG-4 IPMPX

Tool Manager

Terminal

IPMP Tool

IPMP Filter (Control Point)


RTSPmux with terminal& user XDI

Decoder

MediaChannels

(RTP, UDP)

ControlChannel

(RTSP,TCP)

RTSPmux with

SDP

Packet Buffer

Output Buffer

NetworkEmulator

OfflineMedia

Encoder

TCP

NetworkProfile

Server

MediaDatabase

StreamBufferNetwork Interface

UDPUDP

Client

TCP

ClientController

control

RTP/ RTCP

RTP/ RTCP

RTSPdemux

with terminal&user XDI

Packet Loss

MonitorQoS

Decision

QoSDecision

Streamer

terminal& user XDI

NISTnet

NISTnet

Network Interface

media

Packet Buffer

DIA

media

1

1

CDI, XDI,IOD

networkXDI

XDImedia

ServerController

IPMPFilter(PostDIA)

IPMPFilter(PreDecoder)

IPMPFilter(PostDecoder)

User Characteristics

control

RTSP demux

with SDP

MPEG-21 Test BedMPEG-21 Test Bed

Control Channel

Data Channel

ControlPoint

Control Point

Design and Design and ImplementationImplementation


IPMP_Info_EngineIPMP_Info_Engine An IPMPX ToolAn IPMPX Tool

Perform functionalities of MPEG-21 IPMP anPerform functionalities of MPEG-21 IPMP and RELd REL

Parse_IPMPDIDL()Parse_IPMPDIDL() Parse an IPMP DIDL element Parse an IPMP DIDL element

REL_authorize()REL_authorize() Extend REL reference software (ContentGuard)Extend REL reference software (ContentGuard) Perform rights authorization and generate an auPerform rights authorization and generate an au

thorization proofthorization proof


Example ScenarioExample Scenario

Each IPMP Tool can send requests to the Each IPMP Tool can send requests to the IPMP_Info_Engine Tool for the right to pIPMP_Info_Engine Tool for the right to process data through IPMP Messagerocess data through IPMP Message

DES Tool

IPMP_Info_EngineTool

1. Send an message for request the right to decrypt.

2. Perform REL verification

3. Send an message with the result of verification


Content Protection Content Protection MechanismMechanism

Layer 1Layer 1: Content is protected with symmetric : Content is protected with symmetric encryption algorithm.encryption algorithm.

Layer 2Layer 2: Content encryption keys are protected : Content encryption keys are protected with asymmetric encryption algorithm.with asymmetric encryption algorithm.

(Encryption)DESTool

(Decryption)DESTool

Key Server

Layer 1

Layer 2

RequestSetup

Ask for keys

Verify

Encrypted Content

Server Client


Key ServerKey Server

Function of a Key serverFunction of a Key server Manage keysManage keys Client authentication and authorizationClient authentication and authorization Encrypt keys with client’s public keysEncrypt keys with client’s public keys

Implementation of a Key serverImplementation of a Key server A local web serverA local web server


Example: Super-distributionExample: Super-distribution Manage the user’s right in a distributed mobile Manage the user’s right in a distributed mobile

environment.environment. Example of OMA DRM v2.0Example of OMA DRM v2.0


License Verification License Verification

Online verificationOnline verification Remote server verifies the client.Remote server verifies the client.

Offline verificationOffline verification Online verification is more secure than Online verification is more secure than

offline verification.offline verification. Use an online certificate to represent if a Use an online certificate to represent if a

successful online verification already successful online verification already exists.exists.


License structureLicense structure

License

<John> <play> <foreman.m4v> <allConditions> <exerciseMechanism> <validicityInterval> </allConditions>

Grant 1 (online)

<John><play><foreman.m4v><allConditions> <exerciseMechanism> <validicityInterval> <exerciseLimit> <sx:count>3</sx:count> </exerciseLimit></allConditions>

Grant 2 (offline)


Authorization FlowAuthorization Flow

False

False

Online?

True

Interval valid?

True

Count valid?

False

True True

Grant 1(Online)

Grant 2(Offline)

Offline? False

True False

Interval valid?False

True


ConclusionsConclusions

We construct a DRM system implemented We construct a DRM system implemented using MPEG-21 IPMP and RELusing MPEG-21 IPMP and REL Two specifications are included:Two specifications are included:

Content protectionContent protection Rights ManagementRights Management

A two-layer content protection scheme is A two-layer content protection scheme is proposed for delivering both content and proposed for delivering both content and key securelykey securely

Develop one application exampleDevelop one application example


DemonstrationDemonstration

Offline play without a certificate Offline play without a certificate FailuFailurere

Online play Online play SuccessSuccess Offline playback three times Offline playback three times SuccessSuccess Fail to continue offline playback (counts Fail to continue offline playback (counts

are limited to three times) are limited to three times) FailureFailure

A Content Protection Scheme Using MPEG-21 Concepts and Tools

Documents

Transcript of A Content Protection Scheme Using MPEG-21 Concepts and Tools