Home Network and Digital Rights Management Technology

Foundation Sponsored Program: China Next Generation Internet Project (No.CNGI-04-12-2A)

    A home network is defined as[1] an internal (and private) network formed by many communication and information devices as well as household appliances that are connected via wired and wireless transmission.

    The main functions of the home network accepted in the industry contain:

• the home-internal communication
• the home entertainment (including Internet audio/video on demand, online games, browse and chat, virtual reality as well as control over DVD, video camera, digital camera, PDA, MP3 and MP4)
• the home learning (including distance learning, on-line exchange and on-line library);
• the home office
• the family life
• the home monitoring (including fire and water alarms)
  

    The home network is a combination of fixed and mobile networks[2] . With the gradual evolution to the digital, network, and information society, the home network is becoming another focal point to attract people’s attention following the digital TV and IPTV. The concept of the home network is being extended and preparations for its core technologies, industry standards, and equipment R&D are well under way. Home network standards such as ITopHome, Intelligent Grouping and Resource Sharing (IGRS), China Communications Standards Association (CCSA), and Energy Conservation and Homecare Network (ECHONET) have entered the stage of chip research and development. Meanwhile, the problem of convergence and interconnection in the home network has become one of the major projects of China Next Generation Internet (CNGI) in 2006. All this shows that China has growing needs for future home networks while keeping a fast and sustainable economic growth.

    Guaranteeing the security of digital contents usage, storage, and transfer in a home network, and protecting legal benefits of content providers, operators, and copyright owners become a crucial"bottleneck" that restrict popularization and further development of the home network. Consequently, this signifies the need for Digital Rights Management (DRM).

    Based on the provisions of China’s Copyright Law, the copyright of digital contents should be protected. As digital contents can be easily reproduced and disseminated, it is possible to freely or illegally distribute, copy, use, and alter the contents in a home network. Therefore, in order to effectively protect the copyright of digital contents in a home network, the DRM technology based on contents security shall be widely studied and applied.

1 Basic Features of DRM
The basic principles followed in the design and establishment of DRM are simplicity, flexibility, and openness. The rights management of digital contents involves the benefits of all parties such as content providers, service providers, equipment vendors and consumers. Consequently, the studies on the DRM technology are made throughout the entire life cycle of digital contents including creation, storage, transfer, and usage (reception, play, and display).

    The DRM is divided into three parts[3]: digital contents, rights, and management. The first part refers to digital information such as MP3, VCD, and E-books. The second part is used to describe the usage rights of digital contents, and the third part is the management of digital contents and rights. Basic features of DRM include combination of technical and non-technical methods (systematism), protection of authorship (bindability), rights management and access control (controllability), validation of copyrights information, and pirate tracing.

    The DRM binds digital contents with the author or owner. For example, it encrypts and encapsulates the author’s copyright information and digital works via a security container, or embeds the serial number that identifies the author’s copyright information into the digital works in the form of digital watermark and sets up a connection with the author via the media. Anyone who gets the digital works also obtains visibly or invisibly the information of the author or owner.
Copyright protection supports pirate tracing. To maximally beat the pirates, digital works in the process of dissemination must provide the user with a unique user ID and bind it with the digital works in the form of digital watermark.

    The copyright protection system chiefly adopts the encryption technology, the digital signature technology, the trusted module technology, the watermark technology, and the combination of them. The encryption technology can prevent direct access to copies and provide the decryption key for authorized users to access the contents. However, the encryption only provides protection for communication channels. Once the channels are decoded, the digital works will be completely exposed without any protection. The digital signature technology can validate the authorization to the information source as well as the content. This digital signature, however, is separated from the digital works and can be easily removed. In addition, if a slight modification is made to the digital works, the signature will be invalid. Certainly, this is not in accordance with the non-amendable nature required by the copyright protection for digital works such as images and videos. The trusted module is usually an anti-falsification hardware used to protect the decryption key or implement other copyright protection policies specified by the distributor. However, it requires each user to support the related hardware. The watermark technology implements the protection mechanism for digital works such as copyright confirmation, copyright tracing, and network detection by embedding certain information into the works.

    Many research institutions and companies have undertaken research into copyright protection of digital media from different aspects. For example: Intertrust’s DigiBox technology can protect information anywhere throughout its entire life cycle based on certain usage rules; IBM’s Cryptolope technology can encapsulate the content of digital media to be protected by using the security encryption technology; and Digimarc Corporation is conducting research on copyright protection of digital watermark-based media information.

2 DRM in the Home Network
The core problem of a home network is with the contents and control among others such as the security of contents and control, which will be the key factor to the popularization and development of the home network. The DRM is just the key solving the problem of contents security in home networks. A perfect content security solution for home networks needs support and collaboration among all participants including equipment vendors, content providers, and network operators. It is necessary for them to reach an acceptable agreement on security[4].

    Specifically, the DRM in a home network involves four problems.

    (1) The Problem of Contents and Rights Usage
    All digital contents requiring the copyright protection in a home network provide certain rights that a user must purchase ahead. The device in the home network must have the Condition Play (CP) ability to determine a relation between contents and rights, resolve the actual right the user has and complete the access to contents based on that rights. In addition, it can authenticate program contents, that is, distinguish whether they are genuine or pirate, legal or illegal.

    (2) The Problem of Contents and Rights Storage
    The devices in the home networks such as digital TV sets, personal video recorders, and PCs have the ability to record and store contents on the hard disk or USB disk. Generally, the recorded and stored contents have the same usage value as the original one and can be easily copied, modified, and disseminated. In addition to the secure end-to-end connection with the source and the destination devices, the storage device, based on its structure and data access interface, shall be able to secure the data and prevent from being damaged or stolen.

    (3) The Problem of Contents and Rights Transfer
    The transfer of contents and rights in home networks is classified into three types:

• from external devices or servers to internal devices via the public network (such as Hybrid Fiber-coaxial (HFC) network, telecom network, Internet, and Bluetooth network) or to the mobile storage device
• between different devices in the home networks (such as between the PC and the TV set, and between the mobile device and the fixed device)
• from internal devices to external devices or servers via the public network by means of the home gateway, or directly through the mobile storage device
  During the transfer it is necessary to validate the license rights of source and destination devices, monitor the transfer process and complete the security processing. All three  types of transfers require the home network devices to provide a perfect rights control. Moreover, the transfer of contents and rights from the external devices requires the home network to have the Condition Access (CA) ability, while the transfer of contents and rights inside the home network requires the home network to provide end-to-end secure transmission.
  

    (4) The Problem of Contents and Rights Consistency
    During the use and transfer of contents and rights in home networks, it is necessary to keep consistency in the same digital contents and rights. The problem of consistency involves the binding and the update of contents and rights.

    The former is based on many-to-many contents and rights, and means one content is only related to one right that contains its ID while one right only specifies the corresponding content whose ID it contains. The latter means when a duplicate copy of the same content distributed in the home networks is used, the related right description should be modified to make all the duplicates in the home networks consistent.

3 End-to-end Secure Transmissions
The end-to-end secure transmission between internal devices of the home networks is divided into real-time secure transmission and non-real-time secure transmissions as well as contents secure transmission and rights secure transmission. For example, transmission among the set-top box, TV, and Video Cassette Recorder (VCR) belongs to real-time secure transmission. Therefore, it is necessary to fully consider the specific timeliness requirement for
high-definition videos and streaming media when encrypting and encapsulating the content transferred among them. However, the relative timeliness requirement while transcribing, storing, and secondarily distribute the content is lower.

    The end-to-end secure transmission has two major problems to solve: to protect the content transferred between two devices and to validate the right of content receiving devices. The content flowing in a home network can select the device. When some devices have no right to process specified contents, the network can reject requests from these devices for receiving protected contents. Additionally, the devices can be controlled and divided into internal and external devices of the home network. Internal devices can share their rights while external devices are not allowed to access internally authorized contents.

    The main end-to-end secure transmission protocols contain the Digital Transmission Content Protection (DTCP) protocol and High-bandwidth Digital Content Protection (HDCP) protocol.

3.1 The DTCP Protocol
Several companies including Intel, Toshiba, Sony, Panasonic and Hitachi have jointly developed the DTCP protocol. When entertainment contents such as audios and videos are transferred between the digital transmission devices in compliance with the IEEE 1394-1995 interface standards, DTCP can prevent the content from being illegally copied or extracted. Only the legal content transferred between two authenticated devices can be protected by the copyright protection system. The two authenticated devices are the source and the salve device respectively. The DTCP contains four parts: Copy Control Information (CCI), device authentication and key exchange, content encryption, and system update.

    The content provider needs a method of specifying the copy information of the content, such as not allowed to copy, allowed to copy once, and else. The content protection system can securemy transfer CCI from the source device to the slave device. The CCI is transferred in two ways: the Encryption Mode Indicator (EMI) provides a way for simple and secure CCI transfer with the two bits in the synchronous header representing CCI; the CCI is directly embedded in the content flow being transferred.

    The slave device checks the received CCI in the EMI. Through the authentication process, the ability of the slave device to receive and store the contents and rights is confirmed. Moreover, through the negotiation during the authentication process, the session key to be used can be obtained. Under the control of the session key the content data are encrypted by using the Advanced Encryption Standard (AES) and then transmitted to the slave device.

    The DTCP provides support for the device to join or exit the home network. In the complete authentication, a continually updating and effective device list is used to determine whether the device is in the home network.

3.2 The HDCP Protocol
The HDCP protocol is used to protect audio or video contents transferred through some high-bandwidth interfaces. These specified high-bandwidth interfaces are called HDCP protection interfaces that contain the Digital Video Interface (DVI) and the High Definition Multimedia Interface (HDMI). In the HDCP system two or more HDCP devices are connected via the HDCP interface. The upstream HDCP transmitter sends the audio or video contents protected by HDCP to each HDCP node and receiver through a tree topology structure. The HDCP involves three parts:

    (1) The HDCP transmitter authenticates the HDCP receiver that requests for sending data contents.

    (2) If the HDCP receiver passes the authentication, the HDCP transmitter will send the   encrypted data contents to the HDCP receiver. The encryption concerned is based on the key shared by the receiver and the transmitter during the authentication.

    (3) The trusted device or institution (such as LLC Company) revokes the already insecure HDCP receivers to receive any content.

    The HDCP receiver can be a node that receives contents from the upstream transmitter and then forwards them to one or more downstream receivers. Figure 1 illustrates a simple HDCP topology structure.

    The HDCP employs a tree topology structure. The transmitter authenticates each node and receiver in the entire topology structure. It takes five seconds to complete the authentication. To avoid too much time for authentication, the HDCP specifies a topology structure that contains at most seven layers of nodes and 128 receivers. This authentication mechanism restricts the device capacity in the whole HDCP system, that is, the authentication time increases with the increase of the number of HDCP devices connected in the system.

    This authentication mechanism also makes the whole HDCP system less flexible. If a new receiver wants to join the already authenticated the HDCP topology structure, or an authenticated receiver wants to exit the topology structure, the transmitter must re-authenticate the whole topology structure.

    Moreover, the HDCP uses stream ciphers to enable high-speed data encryption. Due to the synchronization required by the stream ciphers, the HDCP topology structure needs to be authenticated continually, which increases the overhead of the entire system.

4 Condition Access (CA)
The CA comes from the authorization charge in digital TV broadcast. It is to solve the problem of secure transfer of contents and rights from the external devices or servers to the internal devices of a home network. The home network is involves controlling the data receiving from internal devices such as set-top boxes as well as preventing data being stolen or replayed during the transmission. The CA means to scramble, encrypt and transfer information such as video, audio, and data, and then use an intelligent card to control and manage the authorization of users. Therefore, the legal or authorized users can receive, decrypt, and descramble the information while the unauthorized users cannot get correct media data streams by any means.
The CA system integrates many advanced technologies including: system control and management technologies; digital video compression and coding technologies; scrambling and descrambling algorithms; encryption and decryption algorithms; modulation and demodulation technologies; set-top box technology; intelligent card technology; as well as database technologies such as user management, program management, and charge management. Generally, the CA system is made up of five functional entities: the program management system, the user management system, the front-end CA subsystem, the scrambling and multiplexing system, and the receiver CA subsystem, as shown in Figure 2. The fundamental Framework of the CA System is shown in Figure 3.

    The CA system based on the transmission of digital MPEG2 program streams uses the MPEG2 standard format to define the field meaning used for condition access. Recently many successful CA equipment vendors have emerged at home and abroad including foreign companies such as Irdeto, NDS, and Nagra as well as Chinese companies such as Compunicate, Ditel, Novel-Tongfang, Sanzhou, and DTVIA. The MPEG2 standard provides high efficiency in data coding and it has been widely recognized and applied. Number of countries and organizations has been formulated a series of CA system standards based on MPEG2 for application scenarios such as Digital TV. Currently, the international mainstream CA system standards include the European Digital Video Broadcasting (DVB) standard, the North American Advanced Television Systems Committee (ATSC) standard and the Japanese Integrated Services Digital Broadcasting (ISDB) standard.

    All these three standards define simple specifications for the CA part and propose three different methods of scrambling. The European DVB organization proposes a Common Scrambling Algorithm (CSA) that is authorized by four members of the DVB organization. The ATSC organization uses a Triple Data Encryption Standard (3DES) algorithm, while the ISDB uses a scrambling algorithm proposed by Panasonic Company.

    The traditional one-way DVB-CA system consists of two parts:        

    scrambling/descrambling and encryption/decryption. The scrambling/descrambling part uses the Control Word (CW) to scramble the MPEG2 program streams based on the CSA standard. The encryption/decryption part uses the symmetric and asymmetric key cryptography to encrypt and transfer the CW and then uses the decryption module at the authorized client to get the decrypted CW. As the DVB-CA system is designed for one-way broadcasting and TV network, its encryption/decryption part often adopts multiple encryption policies that make the system complicated because each encryption policy is for exclusive use of each equipment vendor. The complexity of the whole CA system lies in the finishing distribution, the update and coexistence of various ciphers over the one-way network. The keys used in the DVB-CA system include the Service Key (SK) and Personal Distribution Key (PDK). The CW is encapsulated in the Entitlement Control Message (ECM), while the SK in the Entitlement Management Message (EMM), both for transmission. To facilitate the management of subscribers and services, the CA system provides the Subscriber Management System (SMS) with such functions as recording and executions of various charged services.

    In a two-way network, the CA system can use two-way identity authentication technologies and the corresponding interaction protocols to ensure validity and reliability of the two communication parties—the front end and the client. The mainstream identity authentication technologies contain two types: Public Key Infrastructure (PKI) based authentication and Identity Based Encryption (IBE) based authentication. The PKI-based authentication must be supported by the authentication center, which can bind the generated identity certificate to the user information. Moreover, the authentication center must participate in the process of identity authentication and act as the trusted third party to provide identity confirmation. The IBE-based authentication adopts the identity known to the party being authenticated, such as the Uniform Resource Locator (URL), as an initial value to get the public key through the dual linear mapping function and to authenticate the data signature encrypted through the private key of the party being authenticated. As the process of the IBE-based authentication needs neither the support of the third-party authentication center nor the transfer of the identity certificate, the system is simplified and also improves its security. The two identity authentication technologies can be selected to meet different application scenarios.
The conventional CA system is applicable to satellite broadcast as well as traditional one-way cable networks. For the applications such as the new two-way intelligent network, IPTV and interactive TV, the CA system must alter its structure and evolve into a secure two-way CA system to meet the actual requirements.

5 Condition Play (CP)
The CA only offers scrambling and encryption protection for TV programs on the charged channels. The authorized user who meets the condition access can get the specified decryption key through its own PDK to decrypt and descramble the program contents. This belongs to the charge control. Besides, it is also necessary to control the user’s rights to play and use digital contents in a home network through the CP and to authenticate the digital contents.

5.1 Rights Control
Rights control is a fundamental requirement for copyright protection that contains two aspects:

    (1) Authenticate the relation between the contents and the rights. Legal users who have the rights can use the digital contents normally, while the users with no rights are partially or fully prohibited from accessing the digital contents, for example, only allowed to browse the digest.

    (2) Resolve the rights or certificates owned by users and authenticate their validity. Different rights have different accessibility to digital contents. The copyright protection system should identify different rights and accordingly control users’ access to digital contents.

    Copy control, play control, processing control, and validity period restriction all belong to the category of rights control. Copy control is used to restrict users to reproduce the digital contents on the same or different devices. For instance, the Open Mobile Alliance Digital Rights Management (OMADRM) standard generally allows copy of digital contents between mobile terminals or between the mobile terminal and the external device. As the digital contents are encrypted for protection, other users must get the rights before using them. Play control is used to restrict time, object and times to play digital contents. For example, the DVD copyright protection specification of the Copy Protection Technical Working Group (CPTWG) requires the use of watermark technology to determine the times to play a movie. Processing control is used to restrict users’ operations for digital contents such as rotating, clipping, zooming and adding. Most of the copyright protection systems allow no or a slight alteration to digital contents.

    The rights that users obtain are usually described in a uniform format, that is, a rights description language such as Extensible Rights Markup Language (XrML) or Open Digital Rights Language (ODRL). The rights being described can be used as a part of the rights certificate such as Privilege Management Infrastructure (PMI), or directly form objects of special rights such as Secure Digital Music Initiative (SDMI) to be transferred respectively or together with the protected digital contents to the authorized users.

    Rights control is implemented in various ways, such as through the identity authentication participated by the third party, PMI certificate, contents encryption, and security container. The key is that most of the corresponding relations between the rights description and digital contents are established through global identifiers. However, once the relation is destroyed, the rights control will be invalid.

    Additionally, the digital watermark technology is also used for rights control. The watermark of the rights description is embedded in digital contents, which may, however, result in an explosive increase in watermark capacity of contents. A solution to this problem is to use an external database. The embedded watermark only serves as an index or a key of the rights description in the database. On the other hand, there will be a drawback in fast searching of the database, and the additional database may bring new hidden trouble to the security.

5.2 Content Authentication
As digital contents are easily reproduced and disseminated, pirated or illegal digital contents might exist in the home networks. In addition to encryption, the encapsulation, rights control, and content authentication can also be adopted to protect against pirated or illegal digital contents.

    Content authentication mainly adopts the digital watermark technology combined with digital contents features transparency, robustness, verifiability, and security.
The CP allows the digital contents requiring copyright protection to be embedded with digital watermarks that identify the copyright information. In addition, requires that all digital contents transferred to the home network devices must be embedded with legitimate identification watermarks and signed by the approval organization. This will indicate that the program has been protected by copyright and been legally marked. The player device in a home network can identify whether or not the received digital contents contain the copyright and legal identification watermark only by adding the related digital watermark-detecting module. The pirated digital contents have no copyright watermark, while illegal digital contents contain no signed legitimate identification watermark.

6 Rights Description
The digital content provider encapsulates media contents into DRM format by means of the content encapsulation mechanism and registers them at the authorization center. Users can apply for the right to use the DRM media content, but the key problem is how to describe the right. The solution to the rights management is to place a home network copyright management agent in each home network. The copyright management agent is responsible for managing the composition of the home network and controlling the home network devices to receive and use contents. Above all, it is important for the agent to resolve the described rights.
Rights describe the rules of using digital contents. They generally contain two parts: permissions and constraints.

    Permissions describe operations that can be performed on the digital

[Abstract] The home network is a major concern for the growth of digital and information society. Yet, how to guarantee the security of its digital content and protect the legal benefits for each section of the value chain becomes a crucial "bottleneck" in the home network development. The Digital Rights Management (DRM) technology provides total solution for usage, storage, transfer, and tracing the digital contents and rights. Its basic features are systematic and controllability. Considering the growth of the new media and services and the requirements of the Intellectual Property Rights (IPR) protection in a home network, it’s necessary to solve consistency problems in usage, storage, and transfer of contents and rights. In addition, it is inevitable to conduct researches of key techniques such as end-to-end secure transmission, conditional access and play, and right description.