|
||
 |
 |
|
||
|
||
|
||
|
||
|
|
White Papers
A Role for Smartcards in Digital Media Distribution and Digital Rights Management Charles Tobermann, La Claie Productions Barry Hochfield, Ecebs (Electronic Commerce Enabled by Smartcards) This document contains the abstract of a paper submitted to the program committee of the AEI International Conference on Media Futures (Florence, May, 2001) in the category of Content Management and Protection. Smartcards can play an enabling role in digital rights management. By authenticating all parties to transactions and facilitating the encryption of data for transfer over open networks, Smartcards assist both in protecting the intellectual property rights of content creators and publishers and the privacy of content consumers’ personal information. This paper describes innovative uses of Smartcards, interacting with both today’s insecure playback devices (primarily Internet-connected personal computers) and future generations of secure rendering devices, as part of a large-scale system for digital media distribution that respects and protects the rights of both content owners and consumers. The authors believe that such protection is not only essential to the survival of the media industry in the digital, networked age, but can also contribute to growth of that industry by enabling far more flexible business and usage models than previously possible when content and platform were inseparable. This paper focuses on the role of Smartcards as core elements in such a system to provide portable, personalised, and secure storage and cryptographic capabilities. The problem of protecting intellectual property and copyright in the digital, networked age is everywhere in the news. The grassroots MP3 music file-swapping phenomenon on the World Wide Web using programs and services such as Napster and Gnutella is only the most visible manifestation. Music has been the "canary in the coal mine", but the widespread introduction of broadband Internet services through ADSL and cable-modem connections is quickly bringing the problem into the realm of cinema and television. At the same time, fear of fraud and concern about the privacy of personal information remain impediments to realising the full potential of e-commerce on the Internet. The vision of "anytime, anywhere" access to information, including media, can only be fulfilled when transactions are authenticated, confidential, and their integrity is ensured. In addition, as connectivity, particularly in the wireless realm, becomes more and more ubiquitous and as data transmission capabilities increase dramatically through the rollout of services like GPRS (General Packet Radio Service) and later UMTS (Universal Mobile Telecommunications System), platforms will proliferate. Consumers will demand not only easy and convenient access to content through a range of distribution mechanisms and to a range of client devices, but also the ability to move content easily across platforms and to carry their rights, permissions, and preferences transparently while preserving security. A complete solution that protects the rights and interests of both content providers and consumers is complex. Such a solution potentially requires the integration of content protection (encryption), content identification (digital watermarking), authentication, digital rights management, and transaction clearinghouse infrastructure with existing and future communications infrastructure and playback devices. Smartcard technology can play a crucial role in providing both security, through tamper-resistant storage and cryptographic co-processing functionality, and convenience and mobility through its form factor. Systems for authenticating parties to transactions for rights acquisition and access control are likely to be based on challenge-response protocols using digital signatures and the digital certificates that legitimise those signatures using public-key cryptography and Public Key Infrastructure (PKI). Smartcards make ideal identity tokens in PKI systems because of their ability to secure the private key and execute all necessary cryptographic operations within a secure environment. In addition, they have a role to play in the generation of symmetric session keys typically used in real-time encryption and decryption of sequential media content. Smartcards can act as client-based trust agents both in the context of locally accessed content stored on a secure device and in authenticating the owner to a remote content server and accessed over a network. The same technology that enables protection of content also enables consumer privacy and the control of personal information. Digital rights management then becomes a two-way street. It is expected that privacy protection will become a significant business driver as electronic commerce enters the mainstream. Smartcards are already widely used in banking, GSM mobile telephony, and television set-top boxes. Lack of interoperability remains a barrier both within the media industry and across industries. OPIMA (Open Platform Initiative for Media Access) is one standardisation effort to promote interoperability. It is also likely that Smartcards will play a role in secure music implementations based on SDMI (Secure Digital Music Initiative) specifications.
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Related Links |
|||||
|
|||||
|
|||||
|
|||||
|
|||||
