Secure Content Management in Authorised Domains

Authorised Domains (AD) are introduced by DVB as a means to enable controlled electronic distribution of digital content. The main aim of an AD is to respect both the content provider’s and consumer’s interest, in the sense that the consumer is free to access and distribute content within the entire AD, while at the same time the rights of the content owners and service providers are covered by imposing strict import and export rules to prevent unlimited digital copying the content across domains. In this paper we present the requirements, an information model, and architecture for a specific AD realisation. INTRODUCTION Recent developments in content distribution technologies (i.e. Internet and removable media) make it much easier to exchange content than ever before. The rapid adoption by consumers shows that such technologies really address their needs. A side effect is that they also enable easy illegal copying and distribution of content. The content industry sees this latter development as a threat to their business and acts on it by lobbying for content protection technologies and legislation. For the future we can expect that (wireless) networking between (portable) devices in the home and between homes will grow in importance, given the convenience it will bring to consumers for accessing services and content. Consumers eventually will require from connectivity technology that it enables access to their content on every device that they own, at any time that they want, and at any place that they like. That means for instance that they require access to their home audio collections from their car or from a portable audio player. The current situation with respect to content protection systems is fragmented. Firstly, for each new interface technology and (physical) storage medium, a new protection system has to be developed and introduced into the market, e.g. (1, 2, 3). Secondly, the current copy protection technologies are mainly targeted to limiting content exchange between devices in the home. It is clear that such an approach is not suitable given the trend to connect all (portable) devices using wired or wireless connectivity technologies. It is also clear that the consumer wishes in this field cannot be denied and that digital connectivity technologies will arise anyhow, although these developments will increase the worries of the content industry. In this paper we will present a technology in which we try to find an integrated content protection solution that serves both the interests of the content owners and the content consumers. The main concern of the content industry is to limit the uncontrolled distribution of illegally copied content, while the main concern of the consumer is to have uncomplicated access to the content of his choice. These requirements come together in the concept of the authorised domain (AD), a controlled network environment inside which content can be relatively freely used, but which limits the crossing of content across its border. Every device that belongs to an authorised domain can have access to the content in that domain. Within the domain, issues like replication of content and rights will be solved in such a way as to optimise the functioning of the network and the devices. The exchange of (copyrighted) content between ADs will be bound to strict rules. The AD concept is currently being discussed in standards bodies like DVB (4), TV-Anytime (5) and is being investigated by the industry (6). In the following sections we will provide a list of requirements that then will be used to obtain a more formal definition for authorised domains. Based on this definition we will develop a functional specification and then come to architectural choices for an AD implementation. We end with conclusions. DEFINITIONS AND REQUIREMENTS In its CFP (7) the DVB-CPT group has defined an AD as follows: A set of DVB-CPCM compliant functional units, that controls the flow of content and the content format. The AD represents an environment of trust for the authorised use of copyrighted content. The authorised domain may consist of several, potentially disconnected, segments of a users home network. This includes the temporary connection of mobile devices. A virtual "connection" of network segments by portable media needs to be taken into account. Important in this definition is the fact that within an AD content access is rather unrestricted, while content exchange between ADs is under strict control. In the definition, and also in this paper, authorised domains are centred around the user’s house, although centring around other environments is possible as well. In the case that an authorised domain encompasses the user’s home environment we call it a Household Domain. Requirements As mentioned before, the authorised domain concept tries to cover both the requirements from the consumers (and CE industry) and the content providers. We will therefore develop requirements from both points of view. Content Access From a consumer’s point of view, unrestricted and uncomplicated access (including options for editing, storage, trick-play, etc.) to (legally) acquired content within the authorised domain should be possible. Furthermore, consumers require some form of content exchange between authorised domains, although they should understand that unlimited exchange is prohibited. Device management Consumers further require that they can manage the domain without hassle. This includes registration and deregistration of devices (stationary and portable devices, the car-stereo etc.). Moreover registration and deregistration should be possible without the requirement to be necessarily connected to another device or to have an on-line connection to some service provider, i.e. no back channel required. 1 DVB technical module sub-group on copy protection technologies 2 Copy Protection and Copy Management The content owners desire an AD solution, which makes it impossible that the whole world converges to one AD; an AD should be centred on a household. Any user and device management system should at least enforce this domain limitation. Content owners further desire compliancy of devices, i.e. devices obeying the rights, and mechanisms to revoke/renew hacked devices. Rights Management Consumers expect that they can add rights (and content) to the domain, but that they also can pass them along to others again. Rights include e.g. play rights, onegeneration copy rights, etc. The main concern of content providers is Internet redistribution. Therefore they require strong limitations on rights and content exchange between authorised domains. It further is required that DRM and Pay-TV systems can distribute content to ADs and can connect to ADs. To achieve this we assume that the architecture of an AD DRM resembles existing DRM architectures, meaning that access to content is controlled by rights (8). FUNCTIONAL SPECFICATION In order to focus on the core elements (devices, media, rights (+content), and users) and not to make any implementation assumptions we refine the DVB-CPT definition to: An Authorised Domain is an environment of (networked) devices, media, rights and users; in which users and devices handle content according to the rights. We mention networking as an option in this definition, to include devices that may not always be on, or even do not have a network interface at all (e.g. portables). We therefore abstract from the specific interconnection method of elements within the AD. Furthermore this definition does not define the environment of the Authorised Domain, e.g. is not limited to a household with a home network. The remainder of this paper, however, will focus on an AD in and around the user’s house, the Household Domain. Outline of the specification In Figure 1 we present the AD information model in UML (9) notation. The model shows information objects and a selected number of operations, which are explained in Table 1. We only list the operations that govern membership of the AD. Note that we consider media as everything on which digital information can be stored. Devices can have built-in storage (media), e.g. a hard disk drive, or can employ removable media, such as optical discs. Note that the network itself is not considered to be a medium. From the model in Figure 1 we can distinguish the following type of operations: • User management operations: join and leave • Device management operations: register and deregister • Rights/content management operations: import and export of content and rights This model can easily be extended on the relation between rights and operations and on operations on objects. Such an extension is, however, beyond the scope of this paper and will be further elaborated on in future work.