110 likes | 226 Views
Establishing Security Requirements For DRM Enabled Systems. Jeremy Wyant W3C DRM Workshop 23 January 2001. W3C DRM WORKSHOP. NTRU Background. NTRU provides next generation public key technology with all the same basic security capabilities as RSA or ECC
E N D
Establishing Security Requirements For DRM Enabled Systems Jeremy WyantW3C DRM Workshop 23 January 2001
W3C DRM WORKSHOP NTRU Background • NTRU provides next generation public key technology with all the same basic security capabilities as RSA or ECC • Public key authentication, digital signature and encryption capabilities are critical technologies for complete DRM solutions • NTRU provides the fastest and smallest public key technology • Enables the only practical technology for the widest range of wired and wireless content capable devices and client solutions • Meets server side performance requirements for normal and peak security transaction loading • Facilitates establishing trusted devices and enhancing the user experience without sacrificing performance NTRU delivers the fastest and most efficient security solutions which are especially well suited to complement DRM technologies and provide end-to-end content protection.
W3C DRM WORKSHOP Business Requirements • Content Owner: Strong protection of content and strong authentication of end user • End User: Ease of use, portability, transparency • Leverage Internet economies and paradigms (e.g. Napster) • Support all media types: text, video, audio • Support all platform types, PC, PDA, Mobile, CE • Support wired and wireless, tethered and untethered players • Support streaming and download models • Standards: interoperability for broader adoption, competition and economies of scale
W3C DRM WORKSHOP System Security Practices • Security at the system level • Security needs to be designed into the system; only as good as its weakest link • Public scrutiny of algorithms • Renewability of security • Protection of key material in storage and use • Management and distribution of key material
W3C DRM WORKSHOP Available Technologies • Digital Rights Languages • Digitals Rights Management Systems and components • Public Key based technology • Symmetric key cryptographic components • Watermarking • Fingerprinting
W3C DRM WORKSHOP Public Key Technology Three fundamental Public Key based services apply in this space: • Authentication • Users • Devices • Servers • Trusted components • Digital Signature • Data authenticity • Data integrity • Binding of content, metadata and rights • Non-repudiation, e.g. of payment authorization • Proof of purchase, e.g. for the user • Key exchange (symmetric key typically used for bulk content encryption) • Content encryption
W3C DRM WORKSHOP Public Key Related Requirements Analysis • What components in the system need to be authenticated? And for what purposes? • What is the value of the content being protected and the damage that might result from disclosure? • What type of transactions and/or data are being signed? • Who relies on the signature? • Who are the potential trusted third parties? • Who will assume liability if content or other sensitive information is disclosed?
W3C DRM WORKSHOP End User Example End User System Distribution Server Authenticate Server/Client ID “Token” Payment Establish Secure Session Media Client Content Request Rights Management Content/Rights Description, Payment Options Rights Filters Signed Purchase Authorization Content Player Content Packaging Signed Content Protection Public Key Packaged Content w/key(s) and signed receipt Key Management Transaction Log Purchase Log Green, bold text indicates transactions involving the use of Public Key
End User System Distribution Server Authenticate Server/Client Payment ID “Token” Establish Secure Session Content Request Media Locker Content/Rights Description, Payment Options Rights Management Rights Filters Signed Purchase Authorization Content Packaging Signed Content Protection Public Key Trusted Media Device Packaged Content w/key(s) and signed receipt Transaction Log Purchase Log W3C DRM WORKSHOP End User Example with Trusted Device Green, bold text indicates transactions involving the use of Public Key
W3C DRM WORKSHOP Key Lessons Learned • Learn from other PKI projects - SET, Identrus, US NACHA Pilot • End User Experience • Performance – affected by local and server components • Portability of content between devices and users • Trust • Scalability • Communications • Operational • Server Performance – e.g. cryptographic operations
For more information, please contact: Jeremy Wyant jwyant@ntru.com www.ntru.com