Feeds

Cryptography Research wants piracy speed bump on HD DVDs

The rush is on

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

When asked, Laren said: "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."

The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.

"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."

"The problem now is that everything in this market has accelerated. There are time constraints in that all the studios want to move to better protection as soon as the new disk formats come out and that is set for the end of next year. This means that AACS has to get its skates on if the players for this market are not to be launched ahead of its choice of security system.

By that time, if the CR system, or any other system, is to be used, the virtual machine players need to be integrated onto the two format in time for testing and studio acceptance to take place prior to the end of 2005.

CR has in fact dropped any attempt to have its actual encryption technologies used in this process. The disk formats will accept RSA or AES 128 bit encryption or both, but CR says this doesn't matter.

"The cryptographic portion of this is pretty easy to solve and any cryptographer that knows what he is doing can do a good job of that. So we have withdrawn from that part of the spec and we're just putting forward the binding process to our virtual machine," said Laren.

The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.

It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.

As for the business model of CR, it plans to charge no royalty to the consumer electronics manufacturers, and adheres to the principle of charging the businesses whose security problems it solves, in this case the studios. So it plans to charge, perhaps as little as a couple of cents, for each HD disk that is pressed using the technology.

What if only one of the two disk formats agrees to install the player in their HD DVD players? "Well if one format gets its security broken, then that is a basis for suppliers to switch to the other format isn't it," says Laren in a clearly rehearsed sales pitch.

But in the end, Self Protecting Digital Content remain only a speed bump. For real pirates, buying a new player every time they get a set of keys revoked is just an inconvenience, but for someone that is casually taking content and placing it on the internet, the loss of function on their personal devices will certainly reduce the activity to only the seriously committed.

"We realize that all we are doing is enabling the game that goes on between the pirate and the content owners. We see revocation of keys through this system as taking last mover advantage away from the pirates, and giving it back to the content owners," concludes Laren.

Copyright © 2004, Faultline

Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here.

Related stories

MPAA to serve lawsuits on BitTorrent servers
Ethical fair trade - you knew it made sense until MS embraced it
The Supremes prep for P2P battle royal

Top three mobile application threats

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.