200 likes | 306 Views
A Content Protection Scheme Using MPEG-21 Concepts and Tools. Chia-Hsien Lu Feng-Cheng Chang Hsueh-Ming Hang Dept. Electronics Engineering National Chiao Tung University Hsinchu, Taiwan, R.O.C. Outline. Goals Overview Design and Implementation Application Example Conclusions
E N D
A Content Protection Scheme Using MPEG-21 Concepts and Tools Chia-Hsien Lu Feng-Cheng Chang Hsueh-Ming Hang Dept. Electronics Engineering National Chiao Tung University Hsinchu, Taiwan, R.O.C.
Outline • Goals • Overview • Design and Implementation • Application Example • Conclusions • Demonstration
Goals • A DRM System • Integrate concepts of • MPEG-21 IPMP • MPEG-21 REL • Implement using • MPEG-4 IPMPX • MPEG-21 Test Bed
Fundamental Concepts • MPEG-21 • Digital Item (DI) • Part 2 • Digital Item Declaration (DID) • Digital Item Declaration Language (DIDL) • Part 4 • Intellectual Property Management and Protection (IPMP) • IPMP DIDL • Part 5 • Rights Expression Language (REL)
<Container> <Item> … </Item> </Container> <Container> <ipmpdidl:Item> … </ipmpdidl:Item> </Container> DIDL IPMP DIDL MPEG-21 Part-4 IPMP • Goals of MPEG-21 IPMP: • Effective protection and management on DIs • Protect a specific part of the DI by encapsulating it in IPMP DIDL • Element interchangeability:
MPEG-21 Part-5 REL • An XML-based rights expression language • Declare an authorized distribution for the use of any resource owned by specific users • Characteristics: • Comprehensive Data Model • Precise Authorization Model • Extensible Extension and flexible Profiling
REL License • General semantics of a license: • An identified principal has specific rights for exercising those resources under the terms and conditions. license grant John play wifi_audio.aac during June 2006 issuer Music Station
IPMP Filter (Control Point) Terminal Tool Manager IPMP Tool MPEG-4 IPMPX
MPEG-21 Test Bed Control Point Data Channel Control Channel Control Point
IPMP_Info_Engine • An IPMPX Tool • Perform functionalities of MPEG-21 IPMP and REL • Parse_IPMPDIDL() • Parse an IPMP DIDL element • REL_authorize() • Extend REL reference software (ContentGuard) • Perform rights authorization and generate an authorization proof
Example Scenario • Each IPMP Tool can send requests to the IPMP_Info_Engine Tool for the right to process data through IPMP Message 1. Send an message for request the right to decrypt. DES Tool 3. Send an message with the result of verification IPMP_Info_Engine Tool 2. Perform REL verification
Content Protection Mechanism • Layer 1: Content is protected with symmetric encryption algorithm. • Layer 2: Content encryption keys are protected with asymmetric encryption algorithm. (Encryption) DES Tool (Decryption) DES Tool Encrypted Content Layer 1 Client Server Request Setup Ask for keys Key Server Verify Layer 2
Key Server • Function of a Key server • Manage keys • Client authentication and authorization • Encrypt keys with client’s public keys • Implementation of a Key server • A local web server
Example: Super-distribution • Manage the user’s right in a distributed mobile environment. • Example of OMA DRM v2.0
License Verification • Online verification • Remote server verifies the client. • Offline verification • Online verification is more secure than offline verification. • Use an online certificate to represent if a successful online verification already exists.
License Grant 1 (online) Grant 2 (offline) <John> <play> <foreman.m4v> <allConditions> <exerciseMechanism> <validicityInterval> </allConditions> <John> <play> <foreman.m4v> <allConditions> <exerciseMechanism> <validicityInterval> <exerciseLimit> <sx:count>3</sx:count> </exerciseLimit> </allConditions> License structure
Authorization Flow Grant 1 (Online) Grant 2 (Offline) Offline? Online? False False True Interval valid? True False Interval valid? True False Count valid? False True True True False
Conclusions • We construct a DRM system implemented using MPEG-21 IPMP and REL • Two specifications are included: • Content protection • Rights Management • A two-layer content protection scheme is proposed for delivering both content and key securely • Develop one application example
Demonstration • Offline play without a certificate Failure • Online play Success • Offline playback three times Success • Fail to continue offline playback (counts are limited to three times) Failure