DRM for the AV Professional. What is DRM?... 2. HDCP and AACS Separate DRM Protocols That Work Together... 3. Analog Outputs... 6. Computers...

Similar documents
GlobalViewer Enterprise

HDCP White Paper: How DigitalMedia TM Switchers Handle HDCP

Digital Transmission Content Protection (DTCP) Technical and Licensing Overview

Content Protection in Silverlight. Microsoft Corporation

MovieLabs Specification for Enhanced Content Protection Version 1.0

Sending A/V Signals Over Twisted Pair Cables: An Introduction. What is A/V over twisted pair?... 2

DIRECTV Set Top Box and Content Protection Description

Hitting the Moving Target of 4K. The 4K Video Signal What You Need to Know Now...2. Resolution 4K and UHD...2. Color Bit Depth...3. Frame Rate...

User Manual Wireless HD AV Transmitter & Receiver Kit

HANTZ + PARTNER The Upgrade Company!

Universal Push2TV HD Adapter PTVU1000 Installation Guide

ENERGY STAR Technical Specifications for Cable, Satellite, and Telecom Service Providers. Table of Contents

GlobalViewer Enterprise

Digital Video Broadcasting Conditional Access Architecture

Cryptography and DRM

Fragmented MPEG-4 Technology Overview

MICROSOFT SOFTWARE LICENSE TERMS MICROSOFT SILVERLIGHT 5 These license terms are an agreement between Microsoft Corporation (or based on where you

USER MANUAL. Toll Free:

Wireless Network Standard and Guidelines

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

Sample Project List. Software Reverse Engineering

SuperSpeed USB 3.0: Ubiquitous Interconnect for Next Generation Consumer Applications

DIGIMARC CORPORATION 9405 SW Gemini Drive Beaverton, Oregon

General Content Security & Service Implementation

Netflix. Daniel Watrous. Marketing. Northwest Nazarene University

ScreenBeam Wireless Display Kit. User Manual. Solutions for the Digital Life. Model #: SBWD100A, SBT100U. Ver 1.5

Ixls Media Centres. Engineered - to deliver an outstanding experience. Uniquely cooled - for near silent operation

bel canto The Computer as High Quality Audio Source A Primer

Nokia E90 Communicator Using WLAN

Technical Paper. Dolby Digital Plus Audio Coding

itunes 7.0 Fall 07 fall 2007

Privacy Policy Version 1.0, 1 st of May 2016

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

HDMI / Video Wall over IP Transmitter with PoE

ScreenBeam Wireless Display Kit. User Manual. Solutions for the Digital Life. Model #: SBWD100KIT. Ver 1.0

HDMI Switch USER MANUAL VS481A

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

Opalum FLOW series Opalum STREAM series Wireless setup guide. Wireless setup guide

Displayport Extender via 2 multimode fibers LC Duplex Connector Extends Displayport Link up to 200 meters

Stereoscopic 3D Video in the Home

Video Encoding Best Practices

hp pavilion home pc hp dvd writer

Transferring Video Clips to Digital Video Using Pinnacle 15

reach a younger audience and to attract the next-generation PEG broadcasters.

Corporate and Payment Card Industry (PCI) compliance

DVI DA2 and DVI DA 4 User Guide

2007 Microsoft Office System Document Encryption

Adaptive HTTP streaming and HTML5. 1 Introduction. 1.1 Netflix background. 1.2 The need for standards. W3C Web and TV Workshop, 8-9 February 2011

Exporting to DVD with EDIUS

Savitribai Phule Pune University

USB 3.0 Universal Mini Docking Station Adapter

Applications that Benefit from IPv6

Hello! Let s get started.

Creating Content for ipod + itunes

Hi! Let s get started.

hp pavilion home pc hp dvd writer

Adding Movie and Music Information

the device manufacturer that distributes the software with the device, or the software installer that distributes the software with the device.

PackeTV Mobile. solutions- inc.

T-BOX MY MEDIA WINDOWS 7 QUICK START GUIDE

IPTV STB QUICK GUIDE. Detailed user manual download from

Digital Rights Management. Introduction

Alcatel-Lucent Multiscreen Video Platform RELEASE 2.2

HDMI to 3G-SDI Converter Quick Installation Guide

DATA PROJECTOR XJ-A147/XJ-A247/XJ-A257 XJ-M146/XJ-M156 XJ-M246/XJ-M256. XJ-A Series. XJ-M Series. Network Function Guide

Video over USB. Why Video over USB? By Ashwini Govindaraman, Cypress Semiconductor Corp.

Multi-Stream CableCARD Software Release Notes

Florida 4-H Consumer Choices Study Topics. Student Guide. Video Game Systems. Introduction and Background

B l u - r a y D i s c Guide

IN1606. Complete Video and Audio Switching and Processing for Professional Environments SIX INPUT HDCP-COMPLIANT SCALING PRESENTATION SWITCHER

_Tailor made solutions Our strength is our commitment.

Next Generation Gigabit WiFi ac

DLNA for HD Video Streaming in Home Networking Environments

MICROSOFT SOFTWARE LICENSE TERMS MICROSOFT WINDOWS SERVER 2003 R2 STANDARD EDITION, ENTERPRISE EDITION, STANDARD x64 EDITION, ENTERPRISE x64 EDITION

Best Practices for SIP Security

ROCK BAND 3 WIRELESS KEYBOARD:

Pro:Idiom System Description

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...

the device manufacturer that distributes the software with the device, or the software installer that distributes the software with the device.

Security and the Mitel Teleworker Solution

CONTENT SECURITY KRAMER S APPROACH TO SECURING DATA WITHIN WIRELESS TRANSMISSION KRAMER WHITE PAPER

MyFinePix Studio - Quick Guide

MICROSOFT SOFTWARE LICENSE TERMS MICROSOFT WINDOWS SERVER 2008 FOR EMBEDDED SYSTEMS, STANDARD

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Kinivo 301BN HDMI Switch

Capture video in 1080p HD

A Guide to Copyright. for Canadian Hospitals 2013: An Instructional Resource

43 Full HD Direct-lit LED Commercial Display

Q. Can an Exceptional3D monitor play back 2D content? A. Yes, Exceptional3D monitors can play back both 2D and specially formatted 3D content.

J6200 LED TV SPEC SHEET PRODUCT HIGHLIGHTS. Smart TV. Wi-Fi Built In. Motion Rate 120 SIZE CLASS 60" 65" 55" UN65J6200 UN55J6200 UN60J " 48" 40"

1 DVR 670 Series firmware version (date )

Complying with PCI Data Security

Adobe Access April Version 4.0. Overview

Transcription:

DRM for the AV Professional Table of Contents What is DRM?... 2 and AACS Separate DRM Protocols That Work Together... 3 Analog Outputs... 6 Computers... 6 Conclusion... 7 Abstract Digital Rights Management - DRM is used by owners and holders of intellectual property to enforce restrictions on the use of their copyrighted content. AV professionals and their customers need to be aware of DRM, the relevant restrictions on the playback of protected material in public and commercial spaces, and the potential impact on AV system design and operation. This paper will discuss the two prevalent DRM protocols in use, AACS - Advanced Access Content System, used to protect digital music and video content, and - High-bandwidth Digital Content Protection, for securing digital interfaces including HDMI, DVI, and DisplayPort. white paper 1

What is DRM? DRM - Digital Rights Management is used by owners and holders of intellectual property to enforce restrictions on the use of their copyrighted content. In the AV industry, DRM is used to secure digital music and video content to prevent unauthorized playback or copying. For digital video content protection, the most prevalent DRM systems are - High-bandwidth Digital Content Protection, and AACS - Advanced Access Content System. is an encryption protocol applied to digital interfaces including HDMI, DVI, and DisplayPort. AACS is a standard for encrypting high definition optical discs that also works in conjunction with. DRM exists to protect the rights of content creators and owners to receive compensation for their initial ideas and subsequently bring them to market. Movies and music are the most recognized source content within the AV industry that is impacted by DRM enforcement. An individual who purchased a copy-protected Blu-ray Disc, for example, is entitled to utilize that disc only within a personal-use environment, which extends to the home or other private viewing locale. For that movie to be played in a public space, additional licensing requirements must first be met. If that licensing has not been obtained, significant fines can be levied against the offender. These fines may very well extend to the owner of the installed system. AV systems in public spaces are the center of our industry, with installations taking place on a daily basis. It is for this reason that DRM considerations must be made and addressed at the earliest point of system design. The time when needs are being assessed for an AV integration project is also the time to determine the functional requirements of a given system. This is when the sales engineer should ask the right questions and inform the prospective customer on the legalities involved with personaluse devices and/or material being used in public and commercial spaces. The old, familiar adage of Just because one can, doesn t mean one should is fully appropriate in this case. -compliant systems are increasingly being requested by customers and integrators alike. This type of system could be used to show protected content in public spaces. Therefore, users should be made aware of the potential issues that may arise from inadvertent public display of private-use, content-protected materials. During system commissioning and training, the integrator should consider educating system operators, and even include discussion of DRM and content protection within system documentation. Of course, this is not as much of an issue for residential installations, where the entire system is generally intended for personal use. 2

and AACS Separate DRM Protocols That Work Together is designed to prevent unauthorized access of protected video content and to enforce restrictions on authorized playback. -enabled video sources, such as Bluray Disc players, PCs, and other digital media devices, always undergo a three-step process to protect the video from unauthorized access: 1. Authentication: The video source determines that all devices connected to its outputs are authorized and able to receive encrypted video. This is accomplished by means of an initial authorization handshake protocol, where cryptographic public keys, KSV - Key Selection Vector, and encrypted messages are exchanged between the source and the downstream devices connected to its outputs. The 1.3 specification calls for a maximum of 127 simultaneous devices connected downstream from the source, and up to seven allowable levels of repeater devices between the source and the display - also known as the sink. The source uses the initial handshake protocol to determine that these system size restrictions are not violated. version 1.3 is the currently implemented specification. As will soon be discussed, the latest version, 2.0, further restricts the allowable maximum number of simultaneous devices and repeater levels. 2. Content Encryption: After the source authenticates that all downstream devices are compliant and in good standing, and that no system size restrictions are violated, the source sends encrypted video downstream. The source periodically revises the encryption key for the video as an additional security measure. 3. Renewability: Since relies on digital encryption using secret keys, the system can be circumvented if the secret keys residing in -licensed products fall into the wrong hands. Therefore, a means has to be established to revoke any compromised keys. The administration authority, Digital Content Protection, LLP can add a list of public keys of compromised products to video content such as Blu-ray Disc. Video sources will read this data, store it in non-volatile memory, and compare the public keys of any downstream devices against this revocation list. If any key matches, no video will be transmitted. Figures 1 and 2 on the next page provide a step-by-step illustration of the communications that occur between source and sink devices within an -based system. The multi-step process of authentication can take several seconds to complete. This is a primary reason for the perceived sluggishness of some digital video systems, especially during startup and when video signals are switched or re-routed, requiring re-authentication. The best switching performance can be realized in compatible video equipment built to minimize re-authentication through careful internal design and proper deployment of processing components. 3

Communication process that Phase occurs Phase 1 between 1 source and sink devices within an -based system. Phase Phase 2 2 Initial Key Initial Exchange Key Exchange You have You 100ms have 100ms Here s my Here s publicmy public to get thru to this get thru this key Bksv: key Bksv: Here s my public key 001100... Here s my public key 001100... Aksv: 101101... I m NOT a repeater Aksv: 101101... I m NOT a repeater Remember Remember this number this number An: 010011... An: 010011... Calculate Calculate Shared Shared Secret Secret Keys Keys Data Data Transmitting Transmitting Your public Your key public key checks out. checks Now out. I can Now I can compute compute the secret the secret key Km from key Km our from our public keys*: public keys*: 1110100... 1110100... Now I can Now I can compute compute the secret the secret key Km from key Km our from our public keys*: public keys*: 1110100... 1110100... * Km and Km * Km are and computed Km are computed using each using device s each private device s key private along key with along the public with the keys public of both keys of both devices. This devices. is a special This is calculation a special calculation that results that in matching results in matching Km=Km IF Km=Km all the keys IF all are the valid. keys are valid. Encrypt Encrypt a Message a Message Using Secret Using Secret Key Key Now I can Now use I MY can use MY secret key secret Km to key Km to encrypt An encrypt to form An ato form a message message RO: RO: 0000110... 0000110... Now I can Now use I can My use My secret key secret Km key to Km to encrypt An encrypt to form An ato form a message message RO : RO : 0000110... 0000110... Receiver Receiver Demonstrates Demonstrates Secret Secret Key Knowledge Key Knowledge Here is an Here encrypted is an encrypted message message RO : RO : 0000110... 0000110... Initial Key Initial Exchange Key Exchange REPEATER!? REPEATER!? You have You 5 seconds have 5 seconds Here s my to tell me who s Here s publicmy public to tell me who s key Bksv: downstream key Bksv: downstreamhere s my public 001100... Here s my public 001100... key Aksv: I m a REPEATER key Aksv: I m a REPEATER 101101... 101101... Data Data Transmitting Transmitting Before) Phase 1 Before) Authentication Phase 1 Authentication Procedure Procedure Repeater Repeater Performs Performs Initial Authentication Initial Authentication with Connected with Connected Devices Devices - Downstream - Downstream Device Device Keys are Keys Collected are Collected Phase 1 Phase 1 Authentication Authentication Procedure Procedure (Described (Described Repeater Repeater Reports Reports Key List Key and List Topology and Topology Here are Here the keys are the of keys of downstream downstream devices: devices: 0010011... 0010011......... 0001100... Data 0001100... Data Transmitting Transmitting Here is how Here they is how are they are connected: connected: Repeater Repeater Transmitter Transmitter Validates Validates Connections Connections (Described (Described Before) Before) Data Data Transmitting Transmitting Initial Authentication Initial Authentication Your encrypted Your encrypted message message matches matches mine, and mine, you gave and you it gave it to me in less to me than in less than 100ms 100ms You were You ready were to ready give me to give me downstream downstream info in less info in less than 5 seconds. than 5 seconds. The downstream The downstream device device keys haven t keys been haven t revoked. been revoked. There are There less are than less 128 than 128 total downstream total downstream devices. devices. There are There less are than less 7 levels than 7 levels of repeaters of repeaters connected connected downstream. downstream. Transmit Transmit Video Video OK, here OK, is your here encrypted is your encrypted video: video: 1111111100 1111111100 0011001101 0011001101 1011100010 1011100010 100000001 100000001 0001111000 0001111000 000100000 000100000 1111000100 1111000100 0011000100 0011000100 0111110110 0111110110 1011000010... 1011000010... Data Data Transmitting Transmitting Figure 1. Phase 1 Figure 2. Phase 2 Repeater Repeater Authentication Authentication Complete Complete OK, here OK, is your here is your encrypted encrypted video: video: OK, here 0110001100 OK, is your here is your 0110001100 encrypted video: 0011011110 encrypted video: 0011011110 1111111100 1110000010 1111111100 1110000010 0011001101 0001101110... 0011001101 0001101110... 1011100010 1011100010 1000000001... 1000000001... Separately Encrypted Separately Encrypted Data Transmitting Data Transmitting OK, here OK, is your here is your encrypted encrypted video: video: Data 1111111100 Data 1111111100 Transmitting 1011100010 Transmitting 1011100010 0001111000 0001111000 1111000100... 1111000100... 4

Encryption Method Applicable Interfaces Maximum Downstream Receivers for Each Transmitter Maximum Repeater Levels for Each Transmitter Backward Compatibility Wireless Support Encryption Method Player Revocation Disc Copy Prevention Output Signal Scrambling Managed Disc Copying Analog Sunset DVDs (CSS) Specialized 40-bit stream cipher All players in a model range are revoked Hidden disc lead-in area prevents bit-for-bit disc copy Macrovision applied at analog outputs No provisions No provisions 1.x 2.0 Specialized 56-bit symmetric system used for both authentication and video encryption DVI, HDMI, DisplayPort < 128 < 32 < 7 < 4 Yes, no electronic components required Not specified Table 1. Major changes in 2.0 Authentication: Data security industry standard RSA 1024 and 3072-bit asymmetric system Video encryption: Data security industry standard AES 128-bit symmetric system Any two-way digital interface Yes, using specialized electronic -1.xto-2.0 and -2.0- to-1.x converters Explicitly specified with new locality check requirement Blu-ray Discs (AACS) Data security industry standard AES 128-bit symmetric system Individual players can be revoked Encrypted volume ID prevents bit-for-bit disc copy applied at digital outputs Macrovision applied at analog outputs Authorized copies are possible by connecting to AACSLA server and obtaining permission (details to be finalized) Players manufactured after 2010 may not have high definition analog outputs Players manufactured after 2013 may not have any analog outputs The standard was greatly revised in October 2008 with the release of 2.0. Subsequently, in May 2009, HDMI 1.4 was released, but did not call for compatibility with 2.0. At this point, the timing for products to adopt the 2.0 standard is uncertain. Until the introduction of 2.0, the basic protocol of had not changed substantially. The only major differences between versions 1.0 through 1.3 is in the types of physical AV connections. version 1.0 applied to the DVI interface. Version 1.1 incorporated HDMI, and support for DisplayPort was added for version 1.3. With the release of version 2.0, became interface-independent, and can be applied to any two-way digital transmission between sources and displays, wired or wireless, compressed or uncompressed. See Table 1. 2.0 calls for many other important changes. For wireless connections, 2.0 adds a locality check to the authentication protocol, to ensure that only devices nearby will be able to receive protected content. Furthermore, 2.0 replaces the specialized 56-bit 1.x encryption scheme with two standard algorithms from the data security industry: for authentication, an RSA system with 1024 and 3072- bit keys; and for content encryption, a 128-bit AES - Advanced Encryption System. In addition, the maximum number of connected devices is reduced to 32, and the maximum level of repeaters is reduced to four. As a result of all these changes, 2.0 is not directly backward compatible with 1.x. The new specification provides for converters between 1.x and 2.0 devices to support mixed AV systems with devices that comply with both versions. An existing AV system incorporating 1.3 will require converters if newly acquired 2.0 devices are to be incorporated into the system. AACS is the DRM standard adopted for Blu-ray Disc. AACS is designed to protect Bluray Disc content similar to the way that the CSS - Content Scramble System protects commercial DVDs, but with additional features. Both AACS and CSS encrypt the video data on-disc, so that only authorized players can read the content. See Table 2. Both AACS and CSS prevent unauthorized copying of commercial Blu-ray Disc and DVD, and both systems have mechanisms for revoking compromised players. AACS offers greater protection than CSS in the following areas: AACS employs AES 128-bit encryption, while CSS implements 40-bit encryption AACS allows for the revocation of individual Blu-ray Disc players, whereas CSS can only revoke entire models of DVD players AACS encrypts the digital outputs of Blu-ray Disc players with Table 2. Differences between CSS and AACS encryption 5

AACS provides for the eventual elimination of analog video outputs on Blu-ray Disc players The final AACS specification will include a provision for making authorized copies of Blu-ray Discs, whereby a recording device can connect to Internet servers at the AACS LA - AACS Licensing Administrator to obtain electronic permission to make a legitimate copy of protected content. Analog Outputs The licensing agreement does not allow for analog video outputs on repeater or display devices, but does not restrict analog outputs for sources. Nonetheless, this does not preclude separate agreements that would prevent analog outputs on source devices. Such agreements could be negotiated on an ad hoc basis between content providers and hardware makers. The May 2008 United States FCC decision to grant limited capability to disable analog outputs for premium pay-per-view is one example. The AACS licensing agreement, however, is very specific about analog outputs and provides for several measures to control them. Blu-ray Disc titles that support AACS have usage rules data embedded in them that allow the content producer to limit the analog output resolution by invoking the ICT - Image Constraint Token, or even to disable the analog outputs entirely by invoking the DOT - Digital Only Token. The AACS license agreement also provides for an analog sunset for newly manufactured Blu-ray Disc players, such that models manufactured after 2010 can only include standard definition analog outputs, and after 2013, no Blu-ray Disc players may be manufactured with any analog outputs. Computers There are numerous DRM schemes for computers. The computer industry is a major source of innovation for content creation as well as for unauthorized reproduction of that content. Computer DRM methods have been devised to protect software, digital music, digital video, digital books, games, etc. The present discussion will be limited to video content played on a computer and the associated DRM schemes therein. These DRM schemes are mainly for preventing unauthorized access of protected commercial video such as Blu-ray Disc, or downloaded movies or TV shows. But non-commercial video content may also be protected with DRM if the creator of the video files has access to the DRM technology, or if the computer equipment encrypts its output by default. The HDMI, DVI, and DisplayPort outputs of computers, in general, should have no DRM restrictions when the video content is not protected. However, the final decision to apply DRM to encrypt video content rests with the content creator or the equipment manufacturer. 6

The same AACS and restrictions apply for PC Blu-ray Disc playback as for standalone players. Thus, a PC must be equipped with a video card that is capable of encryption. An AV device with digital video inputs must support, if a user expects to connect such a PC to it and play commercial Blu-ray Discs. The market for authorized downloads of commercial video content is crowded with companies and products, with frequent turnover of market entries and exits. Current market players include Amazon, Apple itunes, Blockbuster, Netflix, and Vudu, to name just a few. These companies offer a plethora of options for the end user. Movies or TV shows can be rented or purchased, some in high definition, but many at lower definition. The video may be either streamed or stored locally to a computer, a networked set-top receiver, Blu-ray Disc player, a video game console equipped with a hard drive, or even a display with Internet access capability. The one constant among all these different options is the existence of DRM for protected content, which is used to restrict the allowable viewing duration of rented video content and the ability to transfer the video to different computers. In the case of protected HD video downloads, support is required on any device that is playing the video. Therefore, a display with digital video inputs must support if a user expects to connect a computer to it and play downloaded commercial HD content. Conclusion Any AV system that is intended to support playback of protected video content, such as Blu-ray Disc and consumer-purchased HD video downloads, must be compliant with the associated DRM. Since DRM implementations such as and AACS are meant to restrict what the end user can do with protected content, it makes sense for the AV professional to inform the end user of these restrictions at the outset. Such restrictions include limiting the number of simultaneous displays for content-protected video playback, disallowing recording or copying, and disabling analog outputs. For example, an AV system may have the capability to distribute HDMI video to 16 displays and provide analog video recording. These functions will always be available when a PC with HDMI output is connected for PowerPoint presentations and other non-protected material. But once a protected Blu-ray Disc is inserted into the PC for playback, and AACS restrictions may disable output to several displays and to the recorder. Since many large-scale AV systems can display unencrypted video on a large number of displays, freely distribute analog signals, and provide video recording capabilities, end users of such systems must be made aware that some system functions may not be available when playing DRM-protected content. 7

Extron Electronics, headquartered in Anaheim, CA, is a leading manufacturer of professional AV system integration products. Extron products are used to integrate video and audio into presentation systems in a wide variety of locations, including classrooms and auditoriums in schools and colleges, corporate boardrooms, houses of worship, command-andcontrol centers, sports stadiums, airports, broadcast studios, restaurants, malls, and museums. www.extron.com 2013 All rights reserved. Worldwide Sales Offices Anaheim Raleigh Silicon Valley Dallas New York Washington, DC Toronto Mexico City Paris London Frankfurt Amersfoort Moscow Dubai Johannesburg New Delhi Bangalore Singapore Seoul Shanghai Beijing Tokyo UNITED STATES EUROPE ASIA MIDDLE EAST +800.633.9876 Inside USA/Canada +1.714.491.1500 +800.3987.6673 Inside Europe +31.33.453.4040 +800.7339.8766 Inside Asia +65.6383.4400 +971.4.299.1800 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information