digital bridge proposal - wikileaks la... · digital bridge proposal. introduction ... ecosystem...
TRANSCRIPT
March 5, 2014March 5, 2014
AACS LA, LLCAACS LA, LLC
Digital Bridge ProposalDigital Bridge Proposal
IntroductionIntroduction
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
22
This proposal is intended to describe the scope of This proposal is intended to describe the scope of Digital Bridge capabilities that AACS can support. Digital Bridge capabilities that AACS can support. AACS acknowledges that the ultimate approach AACS acknowledges that the ultimate approach with respect to these capabilities will be as agreed with respect to these capabilities will be as agreed upon between AACS and BDA.upon between AACS and BDA.
This presentation regarding Digital Bridge includes:This presentation regarding Digital Bridge includes: Background and assumptionsBackground and assumptions
““UHD BOD 43 FINAL” slidesUHD BOD 43 FINAL” slides Examples and Illustrations of Use CasesExamples and Illustrations of Use Cases
AACS ProposalAACS Proposal Protocol overviewProtocol overview Capabilities of Disc/Player/ServerCapabilities of Disc/Player/Server
AACS Proposal BenefitsAACS Proposal Benefits
Disc File Format: BDMV-FE
◦ Provided bridge output is acceptable
Copy Protection: AACS Next Gen (and BD-ROM mark and BD+ if applicable), pending CPG approval◦ CPG to review next-gen AACS developed in
collaboration with MovieLabs (and BD-ROM mark and BD+ if applicable) to ensure compliance with BDA requirements (to be established by CPG)
CONFIDENTIAL: DISCLOSURE PURSUANT TO BDA-AACS LA NDA 3
Digital Bridge:Export
File Format: SFF◦ SFF to be available for other entities to use without license from BDA;
format needs to be finalized in conjunction with the BDMV-FE format; TF will ensure bridge format conversion is as reasonable and cost-effective as possible; TF to study details of use cases and ecosystem of bridge function
File Rules & Mechanics: To be developed with reference to Studio proposal and considering any proposals from AACS or others
Obligation: Mandatory/Mandatory (with exceptions), subject to Studio ratification in a reasonable time; otherwise Optional/Optional◦ The measure will be ratified if no Studio objects by December 2, 2013.
In any case, the BDA will create a specification to support digital bridge as defined in this proposal
CONFIDENTIAL: DISCLOSURE PURSUANT TO BDA-AACS LA NDA 4
Digital Bridge:Export (continued)
Copy Protection: List of approved DRMs◦ List to be defined, updated and managed under strict
criteria using a process to be proposed by AACS that involves MovieLabs and is subject to approval by CPG.
Legacy Support: Optional◦ Output format must be same container format as FE
export; technical feasibility of converting requires further study; may be mandatory (on both devices and new discs, with exceptions) if determined to be cost-effective and no Studio objects. In any case, the BDA will create a specification to support digital bridge as defined in this proposal.
CONFIDENTIAL: DISCLOSURE PURSUANT TO BDA-AACS LA NDA 5
Digital Bridge: Bound to unique ID of originating player
File Format: BDMV-FE
Copy Protection: AACS Next Gen (and BD+ if applicable), pending CPG approval◦ CPG to review next-gen AACS developed in
collaboration with MovieLabs (and BD+ if applicable) to ensure compliance with BDA requirements to be established by CPG
CONFIDENTIAL: DISCLOSURE PURSUANT TO BDA-AACS LA NDA 6
March 5, 2014March 5, 2014Confidential: Disclosure Pursuant to BDA-AACS LA NDAConfidential: Disclosure Pursuant to BDA-AACS LA NDA 77
AACS Bound Copy
Media-binding
Domain-binding
• Playback from the library on storage w/o optical disc
• Streaming video to mobile / TV from UHD BD Player
Use case
• Playback from mobile / TV / media player / car AV system etc.
Use case
• Media player supporting specific service/ecosystem
Use case
• Internal/External HDDbound to BD Player/Recorder
Target Devices
• Flash memory• HDD
Target Media
• Example: Movie distribution ecosystem (like UV)
Target Domain
• Playback from the library on storage
• Streaming video to mobile / TV from Home Server
• Playback from mobile
Use case
• Standalone Home Server• Mobile• BD Player / recorder
Target DevicesBDMV
A-ENC
SFF
C-ENC
AACS Bound Copy: BDMV-FE or SFF
Export: SFF
SFF
C-ENC
SFF
C-ENC
SFF
C-ENC
UHD BD-ROM
BDMV
A-ENC
UHD BD Player
1. AACS Bound Copy2. Non-AACS Device Binding3. Media Binding4. Domain Binding
1. AACS Bound Copy2. Non-AACS Device Binding3. Media Binding4. Domain Binding
Non-AACS Device Binding
Digital Bridge
Export: SFF
Export: SFF
A-ENC
AACS Stream Encryption defined for
BD
C-ENC
Common Encryption
AA
CS
Bound C
opy Method
DR
M E
cosystem
[Illustration] AACS Bound Copy Use Cases[Illustration] AACS Bound Copy Use Cases
March 5, 2014March 5, 2014Confidential: Disclosure Pursuant to BDA-AACS LA NDAConfidential: Disclosure Pursuant to BDA-AACS LA NDA
88
1: In case of BDMV-FE
2: In case of SFF
UHD BD-ROM
BDMV
A-ENC
UHD BD Player (Type 1)
BDMV
A-ENC
AACS Bound Copy Playback
Export
PROS of Type 1 Player:[AACS Bound Copy] Bit-for-bit copy from BD to storage / No re-encryption [Playback] All the BD features available
UHD BD-ROM
BDMV
A-ENC
UHD BD Player(Type 2)
AACS Bound Copy Playback
File Copy
PROS of Type 2 Player:[AACS Bound Copy] Copied SFF is used for both playback and export / Save storage capacity[Export] Bit-for-bit copy from storage to external device/media
A-ENC AACS Stream Encryption
defined for BD
C-ENC Common Encryption
SFF
C-ENC
DRM Server
SFF
C-ENC
[Illustration] Domain Binding Use Case[Illustration] Domain Binding Use Case
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
99
Export
UHD BD-ROM
BDMV
A-ENC
UHD BD Player
CopySFF
SFF
Home Server with DRM-A
Media Player/HDD with
DRM-C
DRM-A Server
DRM-C Server
In case of Domain Binding, exported file will be shared with multiple devices. Such multiple devices would implement different DRM, but file format is SFF and file encryption scheme is Common Encryption (C-ENC).
In case of Domain Binding, exported file will be shared with multiple devices. Such multiple devices would implement different DRM, but file format is SFF and file encryption scheme is Common Encryption (C-ENC).
SFF
C-ENC
License File for DRM-A
License File for DRM-C
SFF
C-ENC
SFF
C-ENC
DRM-B Server
License File for DRM-B
Mobile with DRM-B
CopySFF
Domain
A-ENC AACS Stream Encryption defined for
BD
C-ENC Common Encryption
Management Server (e.g. Rights Locker)
AACS ProposalAACS Proposal
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
1010
AACS’s role for Export:AACS’s role for Export: If decryption and re-encryption are required for Export,If decryption and re-encryption are required for Export,
AACS Compliance and Robustness Rule are applied to Export functionAACS Compliance and Robustness Rule are applied to Export function AACS provides authentication for the creation of the SFF export fileAACS provides authentication for the creation of the SFF export file AACS provides SFF re-encryption keyAACS provides SFF re-encryption key AACS provides consumer information about the license acquisition AACS provides consumer information about the license acquisition AACS relays manifest information necessary to create the SFF fileAACS relays manifest information necessary to create the SFF file AACS Server performs Permission Protocol transaction with UHD BD PlayerAACS Server performs Permission Protocol transaction with UHD BD Player
AACS’s role for AACS Bound Copy:AACS’s role for AACS Bound Copy: AACS Compliance and Robustness Rules are applied to Copy function and AACS Compliance and Robustness Rules are applied to Copy function and
Playback function of AACS Bound CopyPlayback function of AACS Bound Copy For BDMV-FE files, playback license will be distributed from AACS Server; for For BDMV-FE files, playback license will be distributed from AACS Server; for
SFF files, AACS has a capability to provide playback license, tooSFF files, AACS has a capability to provide playback license, too For BDMV-FE files, re-encryption is not applicableFor BDMV-FE files, re-encryption is not applicable AACS Server performs AACS Offer/Permission Protocol transaction with UHD AACS Server performs AACS Offer/Permission Protocol transaction with UHD
BD PlayerBD Player AACS Specification:AACS Specification:
AACS would specify the Offer/Permission protocol and the use of the ISO AACS would specify the Offer/Permission protocol and the use of the ISO standard Common Encryption scheme for Digital Bridgestandard Common Encryption scheme for Digital Bridge
SOAP/WSDL based protocol is used to keep current resourceSOAP/WSDL based protocol is used to keep current resource
AACS Proposal – Export Protocol forAACS Proposal – Export Protocol for Re-encryptionRe-encryption
March 5, 2014March 5, 2014Confidential: Disclosure Pursuant to BDA-AACS LA NDAConfidential: Disclosure Pursuant to BDA-AACS LA NDA
1111
UHD BD Player
UHD BD-ROM
Coupon Code
Destination Storage/Device
AACS Server
Outside DRM Server
PMSN
Offer Request
Coupon/PMSN (Optional),
Content ID/Device ID
Device Priv Key/Cert
Offer Response
Offer (price info etc.)
Main Title Indicator
Permission Request
Selected Offer ID
Permission Response
Contents
Financial Transaction / DRM license download (Out of AACS scope)
Report of DRM license issuance (optional)
Content ID
Export
This would be composed of •Shop Front Server (by e.g. Retailer)•DRM License Distribution Server•Payment Server etc.
AACS Server provides SFF Re-enc Key per title, generated by AACS Server or Content Provider.
AACS Proposal – AACS Bound Copy ProtocolAACS Proposal – AACS Bound Copy Protocol
March 5, 2014March 5, 2014Confidential: Disclosure Pursuant to BDA-AACS LA NDAConfidential: Disclosure Pursuant to BDA-AACS LA NDA 1212
UHD BD Player
UHD BD-ROM
Coupon Code
Local Storage
Payment Server
PMSN
Offer Request
Coupon/PMSN (Optional),
Content ID/Device ID
Device Priv Key/Cert
Offer Response
Offer (price info, Payment server URL etc.)
Main Title Indicator
Permission Request
Selected Offer ID
Permission Response = Playback licensePermission,
SFF Re-enc Key (in case of SFF)
e.g. Price info, Session ID etc.
Contents
Content ID
Bound Copy
AACS Server
Protocol of Financial Transaction is outside the scope of AACS and
defined by each payment platform.
AACS Proposal – UHD BD-ROMAACS Proposal – UHD BD-ROM
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
1313
Main Title Indicator (e.g. manifest file) is Main Title Indicator (e.g. manifest file) is required by the format specification to be required by the format specification to be resident on the discresident on the disc
PMSN (Pre-recorded Media Serial PMSN (Pre-recorded Media Serial Number)/Coupon Code Number)/Coupon Code Optional for UHD BD-ROMOptional for UHD BD-ROM
AACS Proposal – UHD BD PlayerAACS Proposal – UHD BD Player
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
1414
Device authentication with AACS Server requiredDevice authentication with AACS Server required In case of AACS Bound Copy, UHD BD content is copied to its In case of AACS Bound Copy, UHD BD content is copied to its
storage in the UHD BDMV-FE format (i.e. bit-for-bit copy and storage in the UHD BDMV-FE format (i.e. bit-for-bit copy and no re-encryption)no re-encryption) SFF format could also be supported in case of AACS Bound SFF format could also be supported in case of AACS Bound
CopyCopy Player provides its own User InterfacePlayer provides its own User Interface
BD-J is not used for Digital Bridge U/I purposeBD-J is not used for Digital Bridge U/I purpose AACS specification does not define any BD-J APIs for Digital Bridge AACS specification does not define any BD-J APIs for Digital Bridge
purposepurpose AACS will follow BDA’s guidance in supporting U/IAACS will follow BDA’s guidance in supporting U/I
Functions:Functions: To perform Permission transaction with AACS ServerTo perform Permission transaction with AACS Server To process Offer for AACS Bound CopyTo process Offer for AACS Bound Copy To decrypt, transmux and re-encrypt for SFFTo decrypt, transmux and re-encrypt for SFF
AACS Proposal – AACS ServerAACS Proposal – AACS Server
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
1515
Leverage an existing server for both Export and AACS Bound CopyLeverage an existing server for both Export and AACS Bound Copy Capabilities:Capabilities:
To provide Offer/PermissionTo provide Offer/Permission Price info etc. can be sent to a customer in advance before copy processPrice info etc. can be sent to a customer in advance before copy process
To issue SFF Re-encryption Key and share with Outside DRM Server (if To issue SFF Re-encryption Key and share with Outside DRM Server (if necessary)necessary)
To validate UHD BD PlayerTo validate UHD BD Player Allows refusal to distribute title key for re-encryption to a revoked UHD BD Allows refusal to distribute title key for re-encryption to a revoked UHD BD
PlayerPlayer Ensures the integrity of Device ID uploaded from UHD BD PlayerEnsures the integrity of Device ID uploaded from UHD BD Player
To control Export (i.e. copy count) using PMSN or Coupon CodeTo control Export (i.e. copy count) using PMSN or Coupon Code
Note:Note: Financial transaction is out of scopeFinancial transaction is out of scope Existing server supports access to PayPal with an interface for other payment Existing server supports access to PayPal with an interface for other payment
processersprocessers
AACS Proposal – Outside DRM ServerAACS Proposal – Outside DRM Server
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
1616
Transaction between AACS Server and Transaction between AACS Server and Outside DRM Server will be studied by AACSOutside DRM Server will be studied by AACS
Functions outside of AACS (examples):Functions outside of AACS (examples): To provide a DRM license including title key To provide a DRM license including title key
(same as the title key for re-encryption) to (same as the title key for re-encryption) to Outside DRM PlayerOutside DRM Player
To control the count of DRM license downloads To control the count of DRM license downloads (e.g., for copies from a particular disc), if (e.g., for copies from a particular disc), if necessarynecessary
Financial transaction (if necessary)Financial transaction (if necessary)
AACS Proposal BenefitsAACS Proposal Benefits
March 5, 2014March 5, 2014 Confidential: Disclosure Pursuant to BDA-Confidential: Disclosure Pursuant to BDA-AACS LA NDAAACS LA NDA
1717
Leveraging existing server assetLeveraging existing server asset Server is operational and fully tested, and security assessment has been successfully Server is operational and fully tested, and security assessment has been successfully
donedone Development costs to date have been absorbed by AACSDevelopment costs to date have been absorbed by AACS Significant learning – user interface, registration and management of offers, security, Significant learning – user interface, registration and management of offers, security,
consumer support, financial transactions, importance of on-disc meta dataconsumer support, financial transactions, importance of on-disc meta data Improved time to market for Digital BridgeImproved time to market for Digital Bridge
This approach enables all participants, including small to medium content companies, in the This approach enables all participants, including small to medium content companies, in the UHD format to participate in Digital BridgeUHD format to participate in Digital Bridge
Cost efficient – provides low cost for Cost efficient – provides low cost for copy/Exportcopy/Export authorization transaction authorization transaction Consistent user interface for given player for copy/export authorization across different Consistent user interface for given player for copy/export authorization across different
content owners or retailerscontent owners or retailers Consumer interface for obtaining playback license customized by retailer/DRM license Consumer interface for obtaining playback license customized by retailer/DRM license
serviceservice Enables single input point for offer registrationEnables single input point for offer registration Enables support of list of approved DRMsEnables support of list of approved DRMs
Enables device manufactures to create devices with an approved DRMEnables device manufactures to create devices with an approved DRM Consistent with BDA requirement (as provided to AACS)Consistent with BDA requirement (as provided to AACS) Easier for smaller content providersEasier for smaller content providers
Compatible with studio bilateral agreement with retailers or other service providers for Compatible with studio bilateral agreement with retailers or other service providers for ExportExport