( ( ( Kaleidescape(Secure(Content(Delivery(System( (KDRMBC)(



Similar documents
Securing Data on Microsoft SQL Server 2012

MS-55096: Securing Data on Microsoft SQL Server 2012

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

Symantec Enterprise Vault.cloud Giovanni Alberici

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Hengtian Information Security White Paper

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Appendix C. Network Requirements. The Browser Interface. For Windows

Enterprise Security Interests Require SSL with telnet server from outside the LAN

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Windows Hard Disk Encryption

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

VeilMail Penetration Test Executive Summary PRESENTED TO: GREG ROAKE, CEO.TURNER TECHNOLOGIES LTD - VEILMAIL STEVE BYRNE, DIRECTOR.

Small Business IT Risk Assessment

Device Integration: Checkpoint Firewall-1

ecatcher - Security Features with a Talk2M Pro Account

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Copyright 2013 wolfssl Inc. All rights reserved. 2

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

CONTENTS. PCI DSS Compliance Guide

Directory and File Transfer Services. Chapter 7

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Cybersecurity Practices of Ohio Investment Advisers; A Summary of Survey Responses

NETWORK SECURITY GUIDELINES

Integration Guide. CyberArk Microsoft Windows

MovieLabs Specification for Enhanced Content Protection Version 1.0

IT Networking and Security

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Electronic Records Storage Options and Overview

How to configure your Thomson SpeedTouch 780WL for ADSL2+

UTM Quick Installation Guide

ASX SFTP External User Guide

CompTIA Network+ (Exam N10-005)

enicq 5 System Administrator s Guide

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

Intelligent, Functional and Effective Gateways for Small Business Applications

EPI SUITE 6 INSTALLATION INSTRUCTIONS

Information and Communication Technology. Firewall Policy

Network Security Administrator

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Identikey Server Getting Started Guide 3.1

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Cisco VPN Concentrator Implementation Guide

Juniper Networks SSL VPN Implementation Guide

VPN Tracker for Mac OS X

ensuring security the way how we do it

Cloud Services Overview

Newcastle University Information Security Procedures Version 3

VMware!EUC!Product!Applicability!Guide! for!payment!card!industry!data!security! Standard!(PCI!DSS)!version!3.0!

U06 IT Infrastructure Policy

Copyright Telerad Tech RADSpa. HIPAA Compliance

<Insert Picture Here> How to protect sensitive data, challenges & risks

Linking 2 Sites Together Using VPN How To

VPN Tracker for Mac OS X

HP Device Manager 4.6

Supplier Security Assessment Questionnaire

ZENworks 11 Support Pack 4 HTTP Proxy Reference. May 2016

McAfee - Overview. Anthony Albisser

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Regulations on Information Systems Security. I. General Provisions

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

JetAdvice Manager Data Collector v Date:

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

Cloud Computing: Finding the Silver Lining

BYOD: End-to-End Security

Information Blue Valley Schools FEBRUARY 2015

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

HP Device Manager 4.7

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Installing the software

AT&T Connect Video conferencing functional and architectural overview

ISO 27002:2013 Version Change Summary

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Threat!and!Vulnerability!Assessments!

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Oracle Database Security

05.0 Application Development

Wildcard and SAN: Understanding multi-use SSL Certificates

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Transcription:

( ( ( Kaleidescape(Secure(Content(Delivery(System( (KDRMBC)( ( ( ( ( ( ( ( Security(Review(Management(Report( Version1.1(Final) Author:(Tom(Thomas,(Ian(Whitworth( T+441256844161 F+441256844162 www.farncombe.com Copyright 2014Farncombe Belvedere BasingView Basingstoke RG214HG

( ( ( ( CONFIDENTIAL Thisdocumentandtheinformationcontainedhereinisthesubject ofcopyrightandintellectualpropertyrightsunderinternational convention.allrightsreserved.nopartofthisdocumentmaybe produced,storedinaretrievalsystemortransmittedinanyformby anymeans,electronic,mechanical,oroptical,inwholeorinpart, withoutthepriorwrittenpermissionofthecopyrightholder. Thisreportmaynotbecopiedorissuedinwholeorinpartwithout theexpresspermissionofkaleidescapeincandthenonlysubjecttoa confidentialityagreementbetweenkaleidescapeincandthe recipients.extractsfromthereportmayonlybeissuedwiththe expresspermissionoffarncombetechnologyandkaleidescapeinc. Disclaimer Thefactsandopinionscontainedinthisdocumentarebasedon informationgiventofarncombetechnologylimitedbykaleidescape Incinwrittenform,andindiscussionduringthereview.Whilst reasonableefforthasbeenmadetoensuretheaccuracyofthe report,farncombetechnologyshallnotbeliableforanyerrorsor misrepresentationthatmaybepresent,norforbusinessdecision madebyanythirdpartyoutoftheopinionexpressedhereafter. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 2

Table(of(Contents( CONFIDENTIAL ( 1 ExecutiveSummary...6 2 Introduction...7 3 KaleidescapeSystemOverview...8 3.1 Overview...8 3.1.1 Customerdiscimport...9 3.1.2 KaleidescapeStore...9 3.2 ClientDevice(CPE)Components...9 3.2.1 Server...9 3.2.2 MediaPlayer...9 3.2.3 PhysicalDiscStorage...10 4 KaleidescapeStoreContentIngest...11 4.1 Indirect viaopticalmedia...11 4.1.1 OffsiteContentPreparation...11 4.1.2 ContentFilePackaging...11 4.2 Direct viamezzaninefile...11 4.2.1 SecureMediaEnvironment(SeME)...12 4.2.2 Assetarchive/backup...13 4.2.3 Keygenerationandbackup...13 5 CustomerEquipmentSoftwareandRobustness...14 5.1 KeyLadder...14 5.1.1 KDRMMasterKey...14 5.2 SecureBoot...14 5.3 KaleidescapeOS(kOS)Software...14 5.4 ContentPathProtection...14 5.4.1 ContentPath...14 5.4.2 Cinaviasupport...14 5.4.3 Player3 rd partysecuritymechanisms...14 5.5 ContentWatermarking...15 5.6 SoftwareFieldUpgrades...15 5.7 DeviceLocking/Unlocking...15 6 ObservationsandRisks...16 6.1 Observations...16 6.2 Risks...16 7 Recommendations...17 8 ThreatAnalysis...18 9 Conclusions...22 10 AppendixdIntroductionof4K/UHDContent...23 10.1 DRMSystemBestPractices...23 10.1.1 Cryptography...23 10.1.2 Connection...23 10.1.3 HackOne,OnlyHackOne...24 10.1.4 SoftwareDiversity...24 10.1.5 Revocation&Renewal...25 10.1.6 Outputs&LinkProtection...26 DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 3

CONFIDENTIAL 11 AppendixdListofReviewedDocuments...27 DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 4

Version Date Author Comment 0.1Draft 13/08/2014 TomThomas IanWhitworth 0.2Draft 15/08/2014 TomThomas Revisions A CONFIDENTIAL Redactedfromtechnicalreport 0.21Draft 15/08/2014 TomThomas AddedThreatTableguidance 1.0Final 17/08/2014 TomThomas Releaseversion 1.1Final 20/08/2014 TomThomas Minormodificationsandtypogpraphicals DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 5

CONFIDENTIAL 1 Executive)Summary( TheKaleidescapeDigitalRightsManagement(KDRM)Systemsecurityreview,comprisingcontentimport/ingest, encryption,headdendprocessesandclientdsideequipmentwascarriedoutatkaleidescapeofficesinwaterloo, Canada,from21 st to25 th ofjuly2014,withthefullcooperationofseniorpersonnelanddevelopmentteam members. ThisreportreviewsthesecurityoftheKDRMSystemfordeliveryofHDA/Vcontent.Particularattentionispaidto thesuitabilityofthesystemforhandlingpremiumhdcontent,withqualityequaltothatonbludraydiscs. TheKaleidescapesystemcomprisestwomainproductfamilies thekaleidescapepremierelinesuiteofdevices, andthecinemaonedevice.bothproductfamiliesusethesamecontentcodingandcontentprotection. KaleidescapePremiereLineconsistsofoneormoreServers,DiscVaultsandMediaPlayersconnectedbyahome LAN,withInternetconnectiontotheKaleidescapeStorefordownloadingcontent.CinemaOneisastanddalone PlayerwithintegratedcontentstorageandhomeLANandInternetconnection,whichmaybeusedinconjunction withadiscvault.discvaultsprovidephysicalstorageforacustomer'sdvdsandbludraydiscs,andallowtransfer ofencryptedphysicaldisccontenttoserverorcinemaonestorage. TheKaleidescapeStoreisthecontentretailwebdbasedsourceof1)A/VcontentfromoriginalDVDandBludray discs,and2)inthenearfuture,highqualitymezzaninefiles.contentispackagedinaproprietarykaleidescape containerformat,togetherwithmetadataandscannedcoverart,whichcustomersmaypurchaseanddownload forofflineconsumption. KaleidescapeofferaparticularlyattractiveUserInterfacetothesystem,allowingaCustomertoeasilyorganise, selectandplaycontentfromharddiskstorage,withoutthedelayandinconvenienceofhandlingdvdsandblud raydiscs. ContentstoredinKaleidescapeformatisencryptedAESd128andprotectedbyaproprietaryDigitalRights Management(DRM)system.ThePlayerdevicesemploysecurebootandsecurehardwarekeyladder;thecontent pathprotectionmeetsthecurrentbestpracticeforembeddeddevicecontentpathmanagement. Kaleidescapearewelladvancedinthedesignofasystemallowingtheingestofcontentindigital(mezzanine) form,directlyintothekaleidescapestore.thissystem,initscurrentstatus,isalsoreviewedinthisreport. Kaleidescape(uses(industry(best(practices(in(their(content(distribution(headend(architecture(and( implementation.(content(encryption(uses(best(practice(algorithms(and(key(lengths.( The(system(meets(the(security(requirements(for(distribution(of(premium,(highest(quality(HD(content.(Our( Observations(and(Recommendations(identify(opportunities(that(may(enhance(the(security(of(the(product(in(the( future.( Kaleidescape(has(a(mezzanine(ingest(facility(with(a(wellBprogressed(design((on(target(for(a(Q2(2015( deployment)(that(meets(security(requirements(for(premium,(highestbquality(hd(content.(there(is(an( opportunity(to(increase(the(security(of(this(facility(for(handling(4k(content.( We(have(also(included(a(brief(commentary(on(the(readiness(of(the(system(for(4K(content(support(in(section(10.( DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 6

CONFIDENTIAL 2 Introduction( FarncombeConsultingGroupisaspecialisedprofessionalservicesfirmoperatinginthedigitalbroadcastingand telecomssectors.farncombeconsultinggroupleveragesitsexpertiseinsecuritytooffersecurityreviewsofpayd TVsystems.Thesesecurityreviewsareusedbymajorstudiosandnetworkstoaidintheirassessmentofsecurity solutionsusedbycontentproviderstodeliverpremiumcontenttotheirsubscribers. KaleidescapeIncisacorporationfoundedin2001,withitsHeadOfficeinSunnyvaleCA,aproductdevelopment officeinwaterloo,canada,andasalesofficeinbracknell,uk.theheadofficeactivitiesincludemediaingestand preparationandgeneraloperations;thecanadianofficehoststhemajorityofthedevelopmentandengineering teams. FarncombehavebeenaskedtoreviewtheKaleidescapesecuritysystemasitexiststoday,withaviewonthe ingestworkflowandrobustnessformezzaninedsourcedcontentandstreaming,whichisinadvanced developmentwithseveralcontentproviders. ThisreviewhasbeencarriedoutwiththefullcooperationofthefollowingseniorKaleidescapepersonnel: CraigMcKinley dseniordirector,softwareengineering MarkMcKenzie dprincipalengineer,directorhardwareengineering KevinHui ddirector,coresystems(bytelephonefromsunnyvale) JamesKleist ddirector,engineeringservices MatthewManjos dmanager,itoperations TroyMoure dseniorsoftwareengineer DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 7

3 Kaleidescape*System*Overview( 3.1 Overview( CONFIDENTIAL Kaleidescape'smainconsumerproductsare: KaleidescapePremiereLine,whichconsistsofServers,MdclassM300andM500PlayersandDiscVaults connectedtoahomelan.servers,usedinconjunctionwithanmdclassplayersanddiscvaults,are productswhichstorethekosoperatingsystem,storagesystemaswellasthemovieguide.thesystem providespracticallyunlimitedstorage,byaddingdiskcartridgestoexistingservers,orbyaddingmore Servers.M300Playersplaycontentexclusivelyfromserverstorage;M500Playershaveanintegrated opticaldrive,andcanplaycontenteitherfromserverstorage,ordirectlyfromtheopticaldrive. KaleidescapeCinemaOne,whichconsistsofaKaleidescapeMdclassPlayerwithenoughintegrated storagefortheequivalentof100bludray,or600dvddqualitymovies. DV700DiscVault,whichmaybeusedwitheithersystem,andwhichwillacceptupto320DVDsorBludray discsandimportandtransferthecontentstopremierelineserverorcinemaoneplayerstorage.bludray discsmustremaininthevaulttoenabletheserverdiskcopytobeplayed(confirmationofdisc ownership). AsimplifiedrepresentationoftheKaleidescapeecosystemisshowninFigure3d1. Kaleidescape premises/ studio designated premises Customer system Optical Mezzanine Disc vault (optional) disc ingest ingest Player 1 Home LAN Store Public internet Server device Player N Figure(3B1(Kaleidescape(ecosystem( DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 8

3.1.1 Customer(disc(import( CONFIDENTIAL WhenadiscisplacedintoaDiscVault,itscontentiscopiedtoPremiereLineServerstorage,orinthecaseof CinemaOne,itscontentiscopieddirectlytotheintegratedstorage.Suchcopiesarenotviewablefromany networkedcomputers,arenotrecordabletoanymediaandcannotbeexportedtotheinternetdatdlarge.copies withintheservercanonlybedeleted.thisdisccopywillretaintheoriginalcss(dvd)oraacs(bludray)content protection.iftheimporteddiscrepresentsatitleinthestoreandthereisnetworkconnectivity,thecustomeris offeredtheopportunitytopurchaseanddownloadthattitleasa'discdtoddigital'copy,directlytoserveror CinemaOnestorage. 3.1.2 Kaleidescape(Store( CustomerSystemsareaugmentedbytheKaleidescapeStore,thathasbeenoperationalforapproximatelytwo years,andwhichhostsawebinterfaceforcontentbrowsing,purchaseanddownloadrequests.eitherfull virgin purchasesor disctodigital upsellproductsareavailable.thestoreserviceiscurrentlyofferedintheus,canada andtheuk. 3.1.2.1 Encryption,(packaging(and(licenses( ContentisencryptedusingKaleidescapeDRM(KDRMdC),packagedusingaproprietarystructureandheld encryptedinthestore,alongwithmetadata,includingdvd/bludraycoverart,addedbykaleidescape.thereare separatekdrmmasterkeysforthesdandhdcontentcatalogues(see4.1.1).aplaybackcertificate(pbc)is createdatthetimeofcontentencryption,whichconsistsoftheencryptedcontentkey. PBCsareissuedtoCustomersaspartofasignedPlaybackLicence(PBL).PBLsareconstructedandmanagedby theplaybackauthorisation(pa)serviceonddemand,signedandspecifictoacustomerdevice(serverorcinema One). 3.1.2.2 Hosting( TheStoreandPAServicearehostedbyheaddendserverslocatedinasecureDataCenterinSantaClara,CAalong withallothercustomerdfacingfunctions. 3.2 Client(Device((CPE)(Components( AttheCustomer'spremises,theexternalnetworkconnectionmayeitherbetoaKaleidescape1Uor3UServer,or thekaleidescapecinemaoneproduct. 3.2.1 Server( TheServerorCinemaOnedeviceregularlypollstheKaleidescapeheaddendfortheallowabledownloadlistof titlesandplaybackauthorisations,andfetchesplaybacklicencesasappropriate.itdownloadscontentfromthe Store,andmaintainsalocaltableofPBLs. 3.2.2 Media(Player(( Kaleidescapeofferstwo'Mdclass'MediaPlayersaspartofthePremiereLinesystem.TheCinemaOneproductis functionallyanmdclassplayerwithintegratedserverfunctionality. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 9

CONFIDENTIAL NOTE:(There(are(various(legacy(Kaleidescape(SDBonly(capable(players(that(are(capable(of(accessing(SD(Store( content(only.(these(devices(are(no(longer(offered(to(customers. 3.2.3 Physical(Disc(Storage( KaleidescapeofferaDiscVaultproduct.ItallowscustomerimportofcontentfromDVDandBludraydiscsto ServerorCinemaOnestorageandongoingphysicalstorageforthesediscs. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 10

4 Kaleidescape*StoreContent&Ingest( CONFIDENTIAL TheKaleidescapeStoreispresentlypopulatedwithcontentsourcedfromDVDandBludraymedia,butisplanned toincludecontentsourcedfromdigitalmezzaninefilesinq22015. 4.1 Indirect( (via(optical(media( Contentmaybeingestedfromphysicalmediaatsitesdesignatedbythestudioorcontentprovider,orat KaleidescapeHeadquartersinSunnyvale.Thediscsareusuallystandardcopiespurchasedfromretail,howeverin somecircumstancescontentproviderswillmakecopiesavailabletokaleidescapeupto2weeksbeforestreet date. 4.1.1 Offsite(Content(Preparation( KaleidescapepackagesandprotectsHDcontentoffsite,infacilitiesagreedwitheachcontentprovider. (All(Content(Keys(are(presently(protected(with(only(a(single(static(global(Master(Key.(This(is(acceptable(to(date( for(kaleidescape s(handling(of(blubray(quality(hd(content.(key(diversity(should(be(introduced(for(4k(content( (see(10(for(further(detail).( (Kaleidescape(should(specify(a(base(level(of(security(for(their(ingest(equipment(when(it(is(operated(at(a(3 rd ( party(site,(as(part(of(their(contract(with(that(party.( 4.1.1.1 Content(Integrity( Encryptedcontentvideo,audio,andmetadatafilesarestoredinacontainerstructurecalledaMediaObject,with protectedfilesegments.this(is(an(effective(mechanism(for(cryptographically(ensuring(that(content(being(played( back(is(bitbforbbit(identical(to(that(which(was(ingested(at(the(headbend.(see(section(5.4.2(for(more(details.( 4.1.2 Content(File(Packaging( Afteringestatthestudioddesignatedsite,theDVD/Bludraydiscsandharddiskscontainingprotectedcontent(and theoperatingsoftwarefromtheingestserver)arephysicallyshippedbacktothekaleidescapeheadquartersin Sunnyvaleviaregisteredcourier,wheretheDVD/Bludraydiscsaresecurelystored(archived).Theharddisksare insertedintoakaleidescapeserverlinkedtolocalnetworkattachedstorage(nas)andoverdedicatedfibreto thedatacenterheaddend.abundlerservicepackagesthekcffilesfordownload.theheaddendservernetwork usesadedicatedfibredopticlink. This(optical(media(ingest(process(is(acceptable(for(the(handling(of(premium,(BluBray(quality(HD(content.( 4.2 Direct( (via(mezzanine(file( MezzanineingestiscurrentlywellprogressedindevelopmentwithseveralContentProviders(CPs),withatarget deploymentforq22015.weunderstandthatthemainitemstobecompletedaredetailsregardingtranscode profilesandautomationofworkflowjobs. AsimplifiedrepresentationofthemezzanineingestarchitectureisshowninFigure4d1. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 11

CONFIDENTIAL CP a CP n Public internet Kaleidescape/Internap Firewall Backup server Content ingest area SeME (transcode, encrypt, package) restricted command interface Ingest management /control Figure(4B1(Summary(of(mezzanine(ingest(architecture( 4.2.1 Secure(Media(Environment((SeME)( KaleidescapehasdesignedtheSecureMediaEnvironment(SeME),whichpresentsarestricted,lowlevel, sanitisedcommandinterfacetothelowersecurityheaddendservers,allowing macro controlofcertain operations,e.g.downloadfilexfromcontentprovidera,transcodeandencryptfilex,etc. LinkstoContentProviderhostsarerestrictedatthefirewallleveltothespecificproviderIPaddressesonspecific ports. TheSeMEwillexecutetranscodeofingestcontentfromContentProviderspecificcodecintoappropriateMP4 variablebitdrateformats,packagedinacontainerformatiscalledkcfdb. TheassetContentKeyisencryptedwithaKDRMdCMasterKeyandincorporatedintoaPBC,whichissignedwith thesemeprivatekey.thepbcanditssignatureareprovidedtothekdrmdpahostserviceoveraseparate mutuallydauthenticatedchannel.thisactionisdonesuchthatifadditionalcontentbecomesavailablefromthecp aspartofanasset(e.g.laterdissuedbonusfeatures),thesemecanverifythesignaturefortheasset spbc, therebyverifyingthatpbcwasoriginallygeneratedbytheseme. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 12

CONFIDENTIAL The(essential(design(of(the(SeME,(as(it(is(being(implemented,(is(appropriate(for(secure(ingest(and(processing(of( premium,(highest(quality(hd(content.(during(this(development(stage,(preparations(to(improve(security(of(4k( content(could(be(made.( 4.2.2 Asset(archive/backup( Rawmezzaninefilesarealsoexportedassingleassetarchivefilestoalocalserver,AESencryptedwithaunique keygeneratedinsidetheseme. Theassetencryptionkeybackupisexpectedtousethekeyringasdescribedinsection4.2.3. 4.2.3 Key(generation(and(backup( KeysaregeneratedintheSeMEbysoftware.AllkeyspersistedwithintheSeMEarestoredonasinglepassphrased protectedkeyring. (In(the(SeME(as(currently(proposed,(the(confidentiality(of(the(Master(Key(is(secured(using(software(techniques( (albeit(hardened),(which(may(be(improved.( (We(recommend(that(Kaleidescape(use(a(FIPSBcertified(random(number(generator.( (We(recommend(that(a(separate(key(ring(be(considered(for(each(Content(Provider. ( ( DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 13

CONFIDENTIAL 5 Customer(EquipmentSoftware)and)Robustness( TheKaleidescapestandalonePlayers,MV700DiscVaultandCinemaOneproductalluseanHDdcapableSoC. This(SoC s(features(are(representative(of(a(typical(level(of(security(for(an(hdbcapable(platform.( 5.1 Key(Ladder( TheSoCcontainsadedicatedSecurityCPU(SCPU)thatisresponsibleforexecutingthefirststageofsecureboot aswellasthehardwaredisolatedkeyladderfunctions.thefirmwarerunningonthescpuissecuredwitha proprietarymechanism onlyasetoflowlevelapisisprovidedtothehostcpuforperformingcryptographic operations. 5.1.1 KDRM(Master(Key( TheKDRMMasterKeyisheldinuniquelydencryptedforminFlash. 5.2 Secure(Boot( TheSoCsupportsathreedstagesecureboot. 5.3 Kaleidescape(OS((kOS)(Software( KaleidescapedevicesusetheKaleidescapeOperatingSystem(kOS),whichisderivedfromaLinux2.6.38 distributionforthesoc,modifiedbykaleidescape.thisiseffectivelyaproprietaryos,andhasbeenheavily strippeddowntopreventsubversion,includingremovalofunnecessarydaemonsandservices. 5.4 Content(Path(Protection( ContentpathprotectionintheKaleidescapeMdclassPlayerismanagedbytheSoCfirmware.CurrentPlayers, exceptthecinemaone,includeanalogueoutputs,protectedbymacrovision.theseoutputsaredisabledforhd contentplayback.hdmioutputsareprotectedbyhdcpv1.2. 5.4.1 Content(Path( Content(path(protection(meets(the(current(best(practice(for(embedded(device(content(path(management.( 5.4.2 Cinavia(support PlayersimplementCinaviaaudiowatermarkdetectionintheaudiopostdprocessingpipeline,aspartof Kaleidescape saacs/bludraylicenseobligations. 5.4.3 Player(3 rd (party(security(mechanisms( HDCPandAACSrevocationactionsareparsedandmanagedbyKaleidescapesoftware. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 14

5.5 Content(Watermarking( CONFIDENTIAL ThereisnoformofwatermarkingappliedtocontentintheKaleidescapesystem,eitheratheaddendorclient. 5.6 Software(Field(Upgrades( AllCustomerequipmentsoftwareupgradesaretriggeredthroughaSystemserverupgrade.Thereisnoconcept ofincrementaldevicepatching;afullarchivecontainingencryptedsubdarchivesforotherdevicesisalways downloaded(regardlessofwhatdevicesexistonthecustomernetwork).upgradesarerolledthroughthe populationinaphasedrollout. TheVersioningserveronlyallowsrollforward;norollbackispossible. 5.7 Device(Locking/Unlocking( KaleidescapehasafeatureintheirkOSdbaseddevicesthatallowsdevelopmentsoftwaretobeloaded.Unitsare manufacturedandshippedina'locked'state,wherenounsignedsoftwarecanbeloadedontothedevice.the opendsourceredbootembeddedbootstrapenvironmentcanbeusedwithanunlockeddevicetoallowdownload andexecutionofsignedembeddedapplicationsviaserialornetwork(ethernet)ports.redbootisembeddedin everykosdevice (We(regard(the(device(unlock(software(that(is(included(in(all(MBclass(players(as(an(unnecessary(risk.(There(is(no( need(for(devices(in(the(field(to(allow(unlocking.(( DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 15

6 Observations,and,Risks( CONFIDENTIAL 6.1 Observations( WemakethefollowingobservationsregardingtheKaleidescapesystem: 1. Thesystemarchitectureissound.4KdevelopmentwillgivetheopportunitytomovetoanalternateSoC. 2. Theheaddendserversandnetworkinfrastructureareofexcellentdesignandphysicalsecurity,and representbestpractice. 3. Theuseofstandardencryption(AESd128,256,andRSAd2048)representsbestpractice. 4. TheKaleidescapesoftwaredevelopmentprocessandmanagementiswellorganisedandcontrolled. 5. Softwareupgradesaremadeascompletecodeimagesratherthanaspatches. 6. Thereisanexcellentnetworkmonitoringandlogginginfrastructureinplace. 7. Theusername/passwordcredentialusedforSSLiscommontoallCustomerServers.Whilstthishasnotso fargivenrisetoanyproblems,itdoesnotrepresentbestpractice. 6.2 Risks( WhilstwefindthattheKaleidescapeDRMSystemmeetstherequirementsforpremiumHDcontentingestand distributionfromdvd/bludraydiscs,wehavereviewedthesystemforanyremainingriskstosystemsecurity.we havegivenrecommendationsinsection7tofurtherimprovesecurityinthesystem,asitisdevelopedto encompassmezzaninefileingestandtohandle4kcontent. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 16

CONFIDENTIAL 7 Recommendations( WhiletheexistingsystemmeetsthesecurityrequirementsforpremiumHDcontentalready,wehavethe followingrecommendationsthatwethinkwillfurtherenhancethesecurityofthekaleidescapesystem: 1. AHardwareSecurityModule(HSM)shouldbeemployedintheSeMEordertoprovidebestdindclass confidentialityofheaddendmasterkeysandtheiruseintheencryptionofcontentkeys. 2. ApenetrationtestshouldbecommissionedontheSeMEinfrastructure. 3. DisabletheunlockfeatureinallproductionunitsthatareshippedtoCustomers. 4. Introducediversificationbyoverdencrypting(orreplacing)anykeysthatarecurrentlywrappedwithstatic globalkeys,usingadevicedspecific,accountdspecificorasessiondspecificuniquekey. 5. StrengthenthecryptographicbindingbetweenaLicenceandaServer. 6. Introduceregularsecurityaudits/inspectionsofthemanufacturingfacility. 7. IntroduceIntrusionDetectionSystems(IDS)insecuritydsensitivenetworkdomains. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 17

CONFIDENTIAL 8 Threat'Analysis" NOTE:"In"the"compilation"of"the"Threat"Table"ratings,"only"HD=capable"platforms"have"been"included." THREAT" VENDOR" FARNCOMBE" DESCRIPTION" COMMENT" 1" Access"to"or"modification"of" secret"keys/licenses"stored"in" the"security"device" 5 4 1 Littleornoprotection 2 Protectionnottomodernstandards,e.g.chip securityfuseslocatable 3 Protectionconsistentwithindustrygood practice,e.g.useofstatepofpthepartchips,good layout 4 Needssignificantresourcestodefeat protection,e.g.physicalreversepengineering 5 WellPprotected,largeamountsofdatatofind, customlogicandhardware 2" Illegal"use"of"the"service" (sharing"account,"url"sharing" )" 4 4 1 Trivialsoftwareattackallowsillegaluse 5 Bestpractice;licensecryptographicallybound todeviceandaccount 3" Vulnerability"to"attacks"on" system"interfaces"including" internal"interfaces"in"the" device"(for"example"passing" decryption"keys"from" software"to"hardware" decryptors)" 5 5 1 Keysopenlyexposedtosoftware 2 Keysexposedinanomalousmodeofoperation e.g.diagnosticmode 3 Keysinsoftwarereliantonsecureboot environment 4 Keysinsoftware,protectedbytrusted executionenvironment 5 Keysprotectedbyhardware,neveraccessible byanysoftware DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayincludeproprietaryinformation. Unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 18

CONFIDENTIAL 4" Vulnerability"of"servers" (protections"of"keys," operating"system)" 5" Attacks"on"system"protocols," bad"message"types" 6" Attacks"on"system"protocols," replay"attacks"" 5 4 1 Secretshiddeninsoftware;poorheadPend isolationfromnetworkconnection 2 Limitedprotection;e.g.systemfirewall,access authentication 3 Secretsprotectedbysoftwareencryption; relianceongoodosconfigurationand maintenance 4 Secretsprotectedbyacombinationof hardwareandsoftware 5 SecretshiddenindualPkeyhardwareandnever exposedininitialisationoruse 5 4 1 Nomessagevalidation 2 Protocolmodificationspossibleandsomehave apredictableimpactonthesystembehaviour 3 Protocolmodificationspossibleandcouldhave anunpredictableeffectonthesystem 4 Malformedmessagesrejected 5 Malformedmessagesrejectedandlogged 5 5 1 Replayattackspossiblethatcanbeshownto modifythesystembehaviour 2 Replayattacksnotrejected,butcannotbe showntomodifysystemsfunctionalbehaviour 3 Replayattacksimpactperformance,butnot functionalbehaviour 4 Replayattackshavenoapparenteffecton systembehaviour 5 Replayattacksmaybeformallyshowntobe rejected,andnottoaltersystemfunctionality DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayincludeproprietaryinformation. Unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 19

CONFIDENTIAL 7" Attacks"on"cryptography," brute"force" 5 5 1 Weakcryptographywithconsequencesforthe system 2 Recognisablypoorimplementationof acceptablecryptography 3 Useofstandardcryptographybutwithlimited implementationtesting 4 Independentvalidationofcryptographydesign andimplementationinisolation 5 Independentlytestedorstandardised cryptography,wellimplementedandtestedinthe application Gooduseofcontemporaryalgorithmsand keylengths 8" Attacks"on"the"application"of" cryptography,"e.g."man"in"the" middle"attacks" 9" Attacks"arising"out"of"poor" software"integration"quality" including"weaknesses"in"the" implementation"process" (insertion"of"trojans"etc)"that" might"not"be"detected"in"the" development"and"integration" process" 5 5 1 Significantattacksareshowntobepossible 5 Resistanttoalltheoreticalattacksconsidered duringthecourseofthereview 5 4 1 Developersinchargeofallstagesof implementation.nodefinedprocesses 2 Definedprocesses,poorlyPobserved 3 Gooddesignreviewsbutlimitedformal integrationandtestprocesses 4 Goodprocesses,butlimitedexternalreview 5 WellPdefinedprocessesincludingpeerreview andformalqualityandtestprocesses 10" Attacks"arising"out"of"poor" overall"system"design"and" quality" 5 4 1 Nopeerreview,overPcomplexdesign 2 SomeadPhocreviewofsystemsdesignand implementation 3 Internalsystemdesignreviewonly,withadPhoc processes 4 ExternallyPrevieweddesign,notallprocesses Unlockcapabilityisunnecessary DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayincludeproprietaryinformation. Unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 20

reflectbestpractice 5 Simpledesign,reviewedatallstagesin developmentandimplementation CONFIDENTIAL 11" Illegal"storage"of"content" (when"the"solution"forbids" recording)" 12" Key"management," weaknesses"in"the"key" hierarchy"and"or"the" provisioning"processes" 5 N/A 1 Trivialsoftwareattackallowsrecording 5 Recordingprohibitedbyvirtueoftrusted softwareorhardwaremechanism 5 4 1 Staticandsharedkeysthroughout 5 Bestpractice;useofHSMs,noglobalstatic keys,regularrotation Useofglobal/statickeysisnotbest practice DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayincludeproprietaryinformation. Unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 21

CONFIDENTIAL 9 Conclusions" TheKaleidescapesystemisspecificallydesignedasahighIendmediasystemtomeettheneedsofwealthy discerningcustomers.itsatisfiestherequirementswell,andhasalltheadvantagesofatwoiwaysystem(mutual authenticationbetweenheadiendserversandcustomerequipment,securesessionestablishment,etc.).the presentdesignmeetstherequirementtoorganizeandaugmentacustomer'sphysicalmedia(cd,dvd,bluiray) collection,withaddedivaluedownloadsfromthekaleidescapestore,derivedfromphysicalmediasecuredby Kaleidescape. Followingindustrypractice,Kaleidescapeplantomigrateawayfromadependenceonphysicalmedia,towards digitalmezzaninefileacceptanceandstorage,andhavedesignedasecuresystemforacceptingcontentfrom studios,andprocessingitforthekaleidescapestore.thissystemhasbeendeveloped,butisnotyetdeployed. Ourobservationsofthedevelopmentindicatethatitisofgooddesignandelectronicandphysicalsecurity. KaleidescapehaveasecureandwellIprovenheadIendsystembasedinasecureDataCenterfacilityinCalifornia; theheadiendnetworkarchitecturefollowsbestpractice,andusesupitoidatefirewallsandloadibalancing capability.thereisanexcellentloggingandmonitoringfunctionforallheadiendequipmentandservices. ThePlayerdevicesemploysecurebootandsecurehardwarekeyladder;thecontentpathprotectionmeetsthe currentbestpracticeforembeddeddevicecontentpathmanagement. The"Kaleidescape"Customer"systems"(Kaleidescape"Premiere"Line"and"Cinema"One)"use"a"secure"System<on< Chip"(SoC)"to"process"downloaded"and"stored"content,"and"Playback"Licences."The"security"of"the"Customer" system"is"appropriate"for"high<value"hd"content." Kaleidescape"has"a"mezzanine"ingest"facility"that"has"a"well<progressed"design"but"is"not"yet"deployed."The" ingest"design"is"appropriate"for"high<value"content"handling."we"have"provided"suggestions"to"further"enhance" its"security"and"to" future<proof "the"setup." Regarding"other"system<level"requirements"for"4K"content,"we"have"included"a"discussion"in"section"10." DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 22

CONFIDENTIAL 10 Appendix"<Introductionof4K/UHD%Content" Movielabs(www.movielabs.com)haveissuedanEnhancedContentProtection(ECP)Specification[4],which outlinesguidelinesandbestpracticesatboththedrmandsystemlevel,forplatformsintendedtosupport4kor UHDcontent(whichwewillrefertoas4Kcontenthereafter). Eachofthefollowingsectionsistakenfromthe DRMBestPractices sectionofthemovielabsdocument.ineach sectionwehavestatedourunderstandingoftherequirementsandtheimpacttheyhaveonthedesignofa4ki compliantdrmsolution. AsneitherMovieLabsnorthestudioshavereachedadefinitivepositionontherequirements,wecannotsay definitivelywhichoftherequirementswillbeenforcedincarriageagreements.movielabsthemselvesstatethat each%studio%will%determine%individually%which%practices%are%prerequisites%to%the%distribution%of%its%content%in%any% particular%situation.unlessstatedtothecontrary,webelievethattherequirementsprovideagoodfoundation foraspecification. IneachofthefollowingsectionsthetextinitalicsistakenverbatimfromtheMovieLabsEnhancedContent Protectionspecification. 10.1 DRM"System"Best"Practices" 10.1.1 Cryptography"" % a) The%system%shall%use%state%of%the%art%cryptographic%functions,%e.g.,%a%cipher%of%AES%128%or%better. % TheKaleidescapesystemusesAESthroughoutforcontentencryptionandkeyprotection.RSAI2048isusedfor codesigning,soweforeseenoissuehere.however,thesealgorithmsalonewillnotmeetthediversity requirementsspecifiedlaterinthissection(seesection10.1.4). % % b) The%system%shall%be%resistant%to%side%channel%attacks. % Thisisanessentialrequirementforanyreasonablecontentprotectionsystem.Sidechannelanalysisdependson repeateduseofthesamekeysoraccesstothesamedata.rootkeyprotectionisparticularlycritical;however transientkeysthatareusedinfrequentlywouldnotbegoodcandidatesforsidechannelanalysis. OurunderstandingisthattheleadingSoCvendorshavepreIexistingsideIchannelprotection,certainlyaround areassuchassecureboot,thatpreidatestheircurrent4kcapabilities,andassumingthatdedicatedhardware accelerationisusedforcriticalkeydecryptions,thenwebelievethatthisrequirementcanbemet,although furtherdiscussionwiththesocvendorsisrecommended. 10.1.2 Connection"" a) The%system%shall%allow%the%content%provider%to%hold%back%the%delivery%of%license%keys%to%the%device%until% the%street%date. % DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 23

% CONFIDENTIAL TheKaleidescapesystembydesignwithholdsPlaybackLicensedeliveryuntilpermissionisgrantedintheHeadI end.althoughthesolutiondoesnotstrictlysupportitcurrently,thecapabilityfor preidownload ofcontentto Customerscouldbemadepossiblewithminormodifications. % b) Systems%supporting%copy%or%move%shall%require%the%license%to%be%reEprovisioned%through%an%online% process%that%is%performed%using%keys%not%present%on%client%devices%after%a%copy%or%move. % % ThisitemisnotapplicableItheKaleidescapesystemdoesnotsupportcopyormoveinthestrictsense;titlesare purchasedatonetimeforacustomer sentiredeployment,withsomeconstraints(upto5systems),whichmay beacrossseveralserversatdifferentlocations. 10.1.3 Hack"One,"Only"Hack"One" % a) The%system%shall%bind%the%ability%to%decrypt%a%license%key%to%a%particular%device%(host%and/or%storage).%% License%keys%shall%be%encrypted%such%that%they%cannot%be%decrypted%without%the%keys%of%the%individual% device%for%which%the%license%was%issued. % Thisisanessentialrequirementofanycontentprotectionsystem. ThisisanissuefortheKaleidescapesystemasitstands.Aswehavediscussedinsection5.1.1,theMasterkey thatsecuresthecontentkeysheldwithinlicensesiscommonacrossthepopulation. Therequirementimpliesasecure,hardwarebasedrootoftrust.ThismustbeprogrammedatthetimeofSoC manufactureandusedappropriatelyinakeyladderfunction. % b) The%compromise%of%the%keys%for%a%set%of%devices%shall%not%make%it%easier%to%derive%the%keys%for% another%device. % Thisrequirementimpliesdiversitybetweensetsofdevicesbothintermsofthewaythatkeysarestoredand possiblytheapplicationofthecryptography.readliterally,thiscouldbequiteanonerousrequirement,implying avariationinthedrmclientisideimplementationacrosssetsofdevices(althoughitisnotclearwhatwould constitutea set inthecontextofthekaleidescapesystem).wethinkthatthisrequirementmaybeabletobe satisfiedbutwouldrequireasounddemonstrationofhowtheplatformwasrobustagainstattack,i.e. Kaleidescapemustbeabletodemonstratehowtheyusesecurebootandupdate,atrustedexecution environment,securevideopath,andmostcritically,keydiversity. 10.1.4 Software"Diversity" Systems%relying%on%software%that%is%potentially%subject%to%attack%shall%be%implemented%in%diverse%ways%so% that%an%attack%is%unlikely%to%be%portable.%this%diversity%shall%vary%by%version%of%the%system,%by%platform%and% by%individual%installation. % Forhighlysensitivekeydecryptions,theKaleidescapesystemdoesnotusesoftwareandsowethinkthatthis itemwouldnotbeapplicable.rightshoweverarecurrentlymanagedinsoftware rightswouldhavetobe DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 24

CONFIDENTIAL cryptographicallyboundtothedeviceandthisprocessingmanagedinhardwareorarobusttrustedexecution environmentinordertomeetthisrequirement. 10.1.4.1 Copy"&"Title"Diversity"" The%content%protection%system%shall%provide%capabilities%so%that%in%the%event%of%a%breach%on%one%title%or% version%of%a%title,%additional%work%is%needed%to%breach%the%content%protection%on%the%next%title%or%another% version.%(nb:%simply%using%different%content%keys%is%not%sufficient%to%satisfy%this%practice.) % Wethinktheideaofincreasingthediversitybeyondsimplychangingkeysisagoodone,howeverthisisanissue forthekaleidescapesystemasitstands.onewayofaddressingthisrequirementcouldbetointroduceaconcept oftemporaldiversityintothesystem forexampleifanewkdrmmasterkeywereabletobesecurely provisionedinthefieldonascheduledbasis,andthiskeysecuredcontentkeysuntilthenextmasterkeyperiod (atableofmasterkeyswouldhavetobemaintainedintheclient,suchthatexistingdownloadscouldstillbe playedback).seesection4.1.1forourexistingconcernsregardingkeydiversity. 10.1.5 Revocation"&"Renewal" a) The%system%shall%have%the%ability%to%revoke%and%renew%versions%of%its%client%Component. % b) The%system%shall%have%the%ability%to%revoke%and%renew%code%signatures%if%these%are%used%as%part%of% the%system s%root%of%trust. % c) The%system%shall%have%the%ability%to%revoke%individual%devices%or%classes%of%devices. % d) In%the%above%cases%of%revocation,%the%system%shall%support%an%alternative%to%that%(sic)%allows%access% to%alternate%content%or%only%to%existing%purchases. % TheKaleidescapesystemcanbeinagoodpositionregardingrevocation,butONLYifallpartsoftheCustomer s ecosystemaretrusted.ifweassumethataminimalnetworkconnectionisrequiredforanyrevocationmethod, thenkaleidescapehavefullcontrolfromtheheadiendoverexactlywhichlicensesareavailableforwhich Customer ssystems;nullificationoflicensesintheheadiendeffectivelyresultsinarevokedsystem.kaleidescape couldalsochoosetoenforcemorerestrictiveboundsonnetworkpresence forexampleachallenge/response withtheheadiendbeforecommencing4kplayback,inordertoconfirmtrustintheclientdevice. Regardingpoint(d)KaleidescapemayalsochoosetolimitsomeCustomerstocertaintypes/profilesofcontent, althoughitisnotclearwhatthecircumstanceswouldbethatwouldpromptthisdecision. e) The%system%shall%proactively%renew%the%protection%and%diversity%of%its%software%components. % f) % The%security%provider%shall%actively%monitor%for%breaches. % Items(e)and(f)areissuesofgovernance,processandcapability,andwebelievethatKaleidescapeiswell positionedhere theyhaveanextremelycomprehensivewebstorepurchaseandcustomerdevicelog monitoringactivityinplace,aswellastheirownnetworkinfrastructuremonitoring.softwareupdatesare downloadedinwhole,andpurchasescanbewithheldonthebasisofsoftwareversion. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 25

CONFIDENTIAL Wewouldhoweversuggestthat,givenKaleidescapehasa static DRMthatinthecaseofveryhighvaluecontent, again,achallenge/responsewiththeheadiendshouldcommencebeforeplayback. 10.1.6 Outputs"&"Link"Protection" a) The%system%shall%allow%HDCP%2.2%or%better%to%be%required%by%content. % b) The%system%shall%allow%other%outputs%to%be%selectable%by%content. % HDCP2.2willbeobligatoryon4KIcapableSoCs,andKaleidescapehaveremovedanalogueoutputsontheirlatest product,thecinemaone.thereforewedonotseeanyissuewithmeetingtheserequirements. DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 26

11 Appendix(<List%of%Reviewed%Documents" CONFIDENTIAL Kaleidescapemadeavailablethefollowingdocumentsforreview: 1. KeystotheMegalonCastle(printoutofConfluenceIrepositorydocument,viewedonIsite) 2. KCFIBProcess(printoutofConfluenceIrepositorydocument,viewedonIsite) 3. SecurityReport(ofWebStore),SektionEnsGmbH,2012 Otherdocumentsreferenced: 4. InformationtechnologyIIMPEGsystemstechnologiesIIPart7:CommonencryptioninISObasemedia fileformatfiles,iso/iec23001i7:2012 5. EnhancedContentProtection(ECP)Specificationv1.0,Movielabs,2012 % % DISCLAIMER:Thisdocumentisconfidentialandmaybeprivilegedorotherwiseprotectedfromdisclosureandmayinclude proprietaryinformation.unauthorisedreproductionordisclosureofthisinformationinwholeorinpartisprohibited. 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information