F1 Encoding and Content Security

Spencer StephensCTO, Sony Pictures

Encoding

Phase 0• Image: 60Mbps CBR AVC HP

L5.1 3840x2160@23.98 (active picture only)

• Color space - rec709 full range 0-255 8bit

• Audio: 384kbps VBR HE-AACv2 (AAC+ v2) 5.1ch @ 96KHz

Phase 1 - EyeIO• Image: 26Mbps VBR Max

40Mbps AVC HP L5.1 3840x2160@23.98 (active picture only)

• Color space – YUV full range 0-1023 10bit 4:2:2

• Audio: to be determined

Phase 0 SecurityMeets security goalsSummary

Each copy is individually watermarked using Verimatrix. Pirated copies can be traced back to the consumer

Content is encrypted with unique Content Encryption Key (CEK) per title per target server

CEK is encrypted with public key of target server

Watermark payload, CEK ID and target server ID are associated and logged by SEL• NOTE: “Chain of custody” may be used in legal proceedings.

No user log-on on server

BitLocker full disk encryption

All ports locked except for tablet access

Tablet bound to server

Phase 1 SecuritySummary Status

Phase 1 will use HDCP 2.2 V. good

Marlin Broadband. There is no per-title diversity, hacking one player exposes all content. There is also no per-device diversity, hacking one player exposes all players.

Falls short

Marlin implementation will be more robust than is required by the Marlin compliance and robustness rules but we have not been able to discuss it so far with Phase 1 engineers because of NDA with Panasonic – discussion will be week of November 12

?

There will not be any third party assessment of the security solution Falls short

F1 box cannot embed individual forensic watermarks AND SNEI unable to embed individual forensic watermarks

Falls short

Phase 1 SecuritySummary Status

SPE is solely responsible for monitoring for security breaches. • NOTE: Industry practice is content protection licensing authority monitors

for security beaches aided by implementers and content participants

Falls short

“Revocation” Criteria shall be equal to the criteria Marlin BB defines. (Eligible) Content Provider and (Eligible) Service Provider will have a right to commence “Revocation” process when such criteria is satisfied. • NOTE: Goal of Enhanced Content Protection is rapid response to security

breaches. This process will be relatively slow.

Falls short

No decision has been made on how or whether to respond to a security breach.

?

F1 box may not be upgradable to better security. F1 box engineers are studying FW update capability to add additional features

?

SNEI will not support any features beyond standard Marlin Broadband