ＵＤＡＣ（ Universal Distribution with Access Control ） 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights)

99/05/03 All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999

1

ＵＤＡＣ（ＵＤＡＣ（ Universal Distribution with Access ControlUniversal Distribution with Access Control ））

UDACIPR (Intellectual Property Rights)

Oriented Access Control Commands

for Optical Disk Device

"UDAC" is being registered as a trademark of Fujitsu Limited.


2


Requirements of Access ControlRequirementsRequirements

•Availability to set variable access conditions and enforce it for the IPR owner

•Network security

•Authentication of Users and Devices

•Access control over multiple domains

•Pre-distribution of protected contents (cache or distribution within disk ROM)


3


UDAC ArchitectureFeatureFeature

Universal Distribution

IPR OwnerContent Procure

rAccess Control

Use

EncryptedEncrypted

Content


4


Basic Access Control Model

Control

Hardware Hardware EnvironmentEnvironment

Content

IPR ownerContent Procurer

Use

IPR Owner Area

Protected Area

Open Area

Hardware Protection

Fire-wall UDAC-VPN

FeatureFeature


5


High efficiency of IP distribution

• Fairly payment corresponding to the usage by the service user

• Certain pay corresponding to the provision by the service provider

• Robust Access Control

• Universal DistributionSimultaneous realization

FeatureFeature


6


Features

• Satisfies all the access control requirements

• OS/Device independent

• Available the existing infrastructures

• IPR oriented Access Control of content

• Reflects hardware robustness

• Available the risk distribution to devices

FeatureFeature


7


Support Generic Content

• Content played statically (Doc., Image)

• Stream Content (Sound, Movie)– Encryption of a unit content for accounting

• Interactive Content (Program code, Presentation)– Protection of the part as movie or sound– Protection of the kernel code

FeatureFeature


8


Ex.: Protection from Illegal Use

IPR Owner

A

CD

Replication

Replication

Content

Key / Password

I’d like to let only D play this content

PlayContentAccess

Control

UDAC UDAC ProtectionProtection

FeatureFeature


9


Kernel Technique(1) Device Authentication

(2) Network Model

(3) UDAC-ACL (Access Control List)

(4) UDAC-License

(5) Inter-domain Administration

Satisfies all the requirements

Tech.Tech.


10


(1) Device Authentication

Under access control after any replications

Doc.

Image

Data

CopyCheck EnvironmentCheck Environment

Decode

•Network distribution

•Distribution by ROM-Disk

Replication ???

Tech.Tech.


11


Device ID (PCSUE* ID)Tech.Tech.

* PCSUE: Physical Component of a Specific Usage Environment

Table 1 - Examples of PCSUE and its identifierClass of Physical ComponentSpecifying an User Environment(PCSUE)

Physical component identifier(PCSUE-ID)

1) CPU PSN (Processor Serial Number)2) Optical disk device Storage device product identifier

and/or DSN (Device Serial Number)3) Storage disk medium MSN (Medium Serial Number)4) Smart card PIN (Personal Identification Number)5) Player / Viewer Player or Viewer ID


12


(2) Network Model

Content

IPR owner

ContentProcurer

PCSUE IdDecryption Keys

ContentDecryption

Key

IPR owner area

Protected area

Open area

PCSUE ID

PCSUE

1)

Protected

2)

Copy /Distribute

3)

4)

PCSUE ID

7)

5)License

6) 8)

Tech.Tech.

PCSUECertificates

PCSUE ID

* PCSUE: Physical Component of a Specific Usage Environment

LICENSE SERVER SYSTEM CLIENT SYSTEM

Create & set access

conditions

Mutual authentication between IPR owner and devices


13


(3) UDAC-ACL

cn=Movie1, ou=planning, o=fujitsu, c=jp

Tech.Tech.To set the variable access conditions

udac_acl

play: ( (group = fujitsu OR group = mtfuji) AND 45661244 < MSN < 45661412) OR count < 1 ;

edit: user = yuji OR user = hata OR smartCard = 1afd234fe4def458c3bae78497bbda6f ;

copy: group = fujitsu OR count < 1 ;

Group, members of which are able to Play

Scope of MSN which must be inserted

Available number

PIN which must be inserted when the content is modified


14


Account ConditionsTech.Tech.

1) Max. Number of playing 2) Max. Length of playing 3) Max. Time to be able to play 4) Payment for a unit content5) Limitation of date and time

15


Standard FormatInformation Program

Reference Counter

SuperdistributionSuperdistributionCenterCenter

Redistribution of Income

Charge

Income

Contents Provider

Hardware Vendor Retailer

Charge

Income

Usage Counter

Usage Record

Reference Record

Tech.Tech.

Copyright 1994-7, FUJITSU LIMITED, 013


16


A

License Server

Domain Y

Domain X

ACL of C1

Client

(4) UDAC-License

License includes:•C1 Decryption Key and•Subset of ACL.

Tech.Tech.

udac_licenseread: group = soft4soft AND MSN = 45661388;

C1

Inter-domain licensing


17


Licensing Protocol Model

License Server

Procurer ClientPCSUE1

PCSUE2

PCSUEN

PCSUEiKCi: Shared private key for class of PCSUEiKPi: Private key in PCSUEi. KCi, DSN, KSi.

(1) Request to use IPR-protected content

(4) Send license

ICi: Identifier of PCSUE class

KSi: Session key

ACi: Access condition PCSUEi can enforce

KC: Content decryption key

(5) Decrypt licenses in t

urn

(6) Decrypt KC and the content

ICi

{T}KX: T can be decrypted by KX

Network device

IC1, {KS1, hash} KP1 +

ICi, {KSi, hash} KPi +

ICN, {KSN, hash} KPN

IC1, {PCSUE-ID1, hash} KS1 +

ICi, {PCSUE-IDi, hash} KSi +

ICN, {PCSUE-IDN, hash} KSN

{{... {KC, ACN, hash} KPN, ACN-1, hash} KP(N-1) ,

... AC1, hash} KP1

{{...{KC, ACN, hash} KPN , ACN-1, hash} KP(N-1) ,

...ACi, hash} KPi

Risk Distribution to each device (PCSUE)

Tech.Tech.

(2) Send Session Key

(3) Report certificates


18


Structure of License

{{... {KC, ACN, hash} KPN, ACN-1, hash} KP(N-1) ,

• • •ACi, hash} KPi ,

• • •AC1, hash} KP1

Access Condition Enforceable in PC

SUEi

Private key in PCSUEi

Content Decryption

Key

Tech.Tech.


19


Inter-PCSUE Licensing

PCSUEi+1

PCSUEi

PCSUEi-1

KPi: KCi, DSN or KSi.

: Licenser in the view point of PCSUEi

: Licensee in the view point of PCSUEi

{{...{KC, ACN, hash} KPN , ACN-1, hash} KP(N-1) ,... ACi-1, hash} KP(i-1) , ACi, hash} KPi

{...{KC, ACN, hash} KPN , ACN-1, hash} KP(N-1) ,... ACi-1, hash} KP(i-1)

Tech.Tech.


20


Ex. - Applying to Current PC

PCSUEi+1

PCSUEi

PCSUEi-1

Pass through

Tech.Tech.

Procurer Client(Host)


{...{KC, ACN, hash} KPN , ACN-1, hash} KP(N-1) ,... ACi-1, hash} KP(i-1)Pass through

Licenser

Licensee

LicensingRelation

Licenser

Licensee

LicensingRelation


21


Ex. - Applying to STB / DTV

PCSUEi+1

PCSUEi

PCSUEi-1



{...{KC, ACN, hash} KPN , ACN-1, hash} KP(N-1) ,... ACi-1, hash} KP(i-1)

Tech.Tech.

(Logical Unit)

License Server


22


Commands to Disk Device

a) SEND KEY (Session Key)

b) REPORT KEY (Certificates)

c) SEND KEY (Optical Disk Device License)

d) REPORT KEY (The Next Device License)

ICL, {RN, KS, hash} KP

{RN, DSN [, MSN], hash} KS

{<The Next Device License>, AC, hash} KP

{<The Next Device License>, hash} KS


Optical disk device(Logical Unit) : PCSUEi

ICL

ICL: Identifier of device class

KCL: Shared private key for device class of the device.

DSN: Device Serial Number.

MSN: Medium Serial Number.

AC: Access condition the device can enforce. Such as MSN

KP: Private key for the device. KCL, DSN or KS

{T} KX: T can be decrypted by KX

[ ]: Optional supportRN: Random Number

Tech.Tech.


23


State Diagram of Disk Device

Initial State

SEND KEY(Session Key)

Session KeyShared

MutuallyAuthenticated

REPORT KEY(Certificates)

No Grants Available

LicenseAuthorized

SEND KEY(Optical Disk License)

Error, Authentication Failed / Algorithm Not Supported

Begin Sequence

REPORT KEY(Request AGID)

Region Code Errors(s)from REPORT KEYCommand

REPORT KEY(The Next Device License)

Tech.Tech.


24


Applications• Variable and Robust IPR-protection

• Each Device Authentication

• Enforcement of Variable Account Conditions

• Availability of each LSI Authentication

• ROM-Disk Distribution

• Broadcast Distribution

• Network (Internet) Distribution

• Mobile Content Distribution

Appl.Appl.


25


Protected Disk Device & PlayerIn the case of medium oriented accounting

MediumDSN

Storage Device

MSN

: protected

{{AC,KC}KPD, MSN}DSN

1) Send UDAC-license

Player Device

LICENSESERVERSYSTEM

{X}K : X can be decrypted by K

{AC,KC}KPD

3) Send Player-license

AL

KC

KPD DSN

MSN

KPD {Content}KC

AC,KC Content 4) Check AC & decrypt content

AC : Access Conditions

2) Check MSN

Appl.Appl.


26


Profiles for Disk Device

MediumDSN

MSN{{AC,KC}KPD, [MSN] } KP

UDAC-license

LICENSESERVERSYSTEM

ACL

KC

: X is optional

[X]

Profile MSN KP Non-networkmodel

Media Dependent MSN KCL supportedDevice Dependent nothing DSN supportedMedia-device Dependent MSN DSN supportedNetwork Dependent nothing KS not supported

KS : Session key temporally created in a session.KCL : Key shared by a device class.

Appl.Appl.


27


Medium base Guard

• Simple Content Guard without Network

• Only to set “Play rights with MSN condition for EVERYONE”

• Distribution together with:• Medium (in which the followings are recorded)

• Encrypted Content

• License (with MSN)

Appl.Appl.


28


Pre-paid in Smart Card

KSC

{{{KC , ACPD}KPD, ACSC} KSC, MSN}DSN

Player Device

LICENSESERVER

{KC, ACPD}KPDACL

KC

Storage Device

Smart card

Card Device{{KC, ACPD}KPD, ACSC} KSC

KPD

AccountInformation

: Account Condition

ACX

Appl.Appl.


29


For Any Distribution / Player

Digital Appliances: DigitalTV, Set Top Box, PC, ...

Secure ＨＤ／ＯＤ )

SateliteSatelite

Radio/TV TowerRadio/TV Tower

PBXPBX

CATVCATV

Digital Information Super HighwayDigital Information Super Highway

Cheap delivery throughMagazine Channel

Cheap delivery throughMagazine Channel

Using Media ChannelUsing Media Channel

Personal HyperKnowledgeBase Processing

PC

PersonalComputing

DigitalTV

Appl.Appl.

Documents

ＵＤＡＣ（ Universal Distribution with Access Control ） 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED 1999 1 UDAC IPR (Intellectual Property Rights)