RMP Specification SP005-1

TV-Anytime Rights Management and Protection Information for Broadcast Applications

TV Anytime IDE, July 26th, 2004, EBU Geneva

Nicholas R. Givotovsky - MMG - nrg@m-m-g.net

RMP Approach & Scope

TVAF RMP started with a vision of an end to end security system with the goal of standardizing all of it.

This proved somewhat challenging Some degree of controversy regarding the overall requirements

and specific required technologies for such a system may have played a role in slowing its completion

Via a lengthy debate followed by a scoping process, TAVF RMP has been able to define the set of high priority usage cases or key scenarios RMP was to support

This in turn has allowed us to progress on a modular basis, while still respecting the requirements of the overall architecture.

Rights Management & Protection Information

RMPI= Rights Management & Protection Information or, “the minimum set of usage rules and conditions required to enable protection of broadcast digital television content within a TVA RMP compliant

domain.” RMPI is the essential signaling element of the system which has

become the first element of the overall RMP toolbox to be standardized. We debated (argued) a lot more about what usage models such RMPI

should support. On one end of the spectrum, a very rich set of functions could in theory be supported by “RICH” RMPI.

However, it was agreed that RMP’s immediate priority should be on the creation of standardized signaling for the unidirectional broadcast environment.

RMPI-MB & RMPI-M

When associated with a broadcast signal, RMPI for Broadcast Applications is called RMPI-Micro Broadcast (RMPI-MB).

When associated with content present in a TVA RMP compliant domain (post broadcast/ acquisition) it is called RMPI-Micro (RMPI-M).

RMPI in the Broadcast Environment

In the diagram above transfer of content from one RMP domain to another is not regulatedby the RMPI-M/MB but the use of the content is.

Introducing SP005-1

SP005-1 Specifies the semantics, syntax and encoding for the usage rights, controls and permissions to be conveyed in RMPI-MB and RMPI-M.

Principle: Positive Assertion of Rights TV-Anytime RMPI-MB rights are positively asserted and

never implied. These rights are granted to the RMP System component

or entity (EG: a domain) and not to a person. When a right is exercised, asserted conditions are

validated. If those asserted conditions are not met, then the right

cannot be exercised If conditions are not asserted, then they do not constrain

the rights.

Operational Approach

RMPI-MB and RMPI-M focus on the usage of content as opposed to the movement of content.

Therefore there is no notion of “copy” within the secure RMP-compliant domain as only those Principals that have been granted rights to use the content are given access to the content under the conditions expressed in RMPI-MB and RMPI-M.

Compliance

TV-Anytime RMP does not itself mandate specific implementations or compliance and robustness rules.

There are certain parameters in the specification that are left for assignment by the compliance bodies; for example geographic control, RMP domain identifier, single point of control identifier and security level.

It is anticipated that compliance bodies that adopt the specification will define implementation requirements and associated compliance regimes to meet the needs of their respective environments.

Principals: RMP Domains

A Domain is a set of TVA RMP-compliant devices that are securely bound to each other for the purpose of exchanging protected content. It is an instance of a Principal. The rules for creating and managing domains are outside the scope of this specification

Principal

Definition

Receiving Domain

The receiving domain is the first TVA RMP-compliant domain that receives the content and associated RMPI–MB via broadcast. Once the content is in the domain, the receiving domain is explicitly identified.

Any Domain Any TVA RMP-compliant domain that can respond to the usage conditions stated within RMPI-MB and RMPI-M.

Rights

PLAY

ANALOG EXPORT

DIGITAL EXPORT HD

DIGITAL EXPORT SD

EXTEND RIGHTS

CONDITIONS

Geographical Control Single Point of Control Physical Proximity Buffer Duration Time Window Start Date & Time Window End Date Standard Definition Digital Export Control High Definition Digital Export Control Analog Export Signaling Analog Standard Definition (SD) control Security Level Simultaneous Rendering Count Source of Additional Rights

ANCILLIARY RIGHTS INFORMATION

Scrambling Control No scrambling/Maintain broadcast scramblingApply RMP cipher

Cipher Algorithm

Origin of RMPI

Syntax and encoding for RMPI-MB and RMPI-M

The syntax and encoding for the RMPI-MB and RMPI-M payload is composed of at most four grants including:-

A grant for the Receiving Domain that signals the rights and conditions that apply to content once it has entered a given Receiving Domain. This grant excludes the Extend Rights right.

A grant for Any Domain that signals the rights and conditions that apply to content once it has entered Any Domain. This grant excludes the Extend Rights right.

A grant for the Receiving Domain that signals the Extend Rights right and associated conditions.

A grant for Any Domain that signals the Extend Rights right and associated conditions.

Table: RMPI_MB and RMPI_M

Syntax No. of bits Identifier RMPI_MB_and_RMPI_M_payload (){ Ancillary RMPI RMPI_type_flag 1 bslbf Version_of_RMPI 15 bslbf Origin_of_RMPI 128 bslbf Scrambling_control 1 bslbf Cipher 4 bslbf Extend Rights (Grant is common to Receiving Domain and Any Domain)

Extend_rights_flag 1 bslbf Security_level 2 uimsbf Source_of_additional_rights 128 bslbf Grant to Receiving Domain Domain_ID 128 bslbf Play_Right_flag 1 bslbf Analog_export_right_flag 1 bslbf Digital_export_SD_right_flag 1 bslbf Digital_export_HD_right_flag 1 bslbf Buffer_duration 2 bslbf Security_level 2 uimsbf Time_window_start_date 16 uimsbf Time_window_end_date 16 uimsbf Geographic_control 128 bslbf Analog_export_signalling 2 bslbf Analog_SD_control 1 bslbf Standard_Definition_digital_export_control 2 bslbf High_Definition_digital_export_control 2 bslbf Reserved_for_future_use 1 bslbf Single_point_of_control_flag 1 bslbf Physical_proximity_flag 1 bslbf Simultaneous_rendering_count 4 uimsbf Reserved_for_future_use 2 bslbf Single_point_of_control_ID 128 bslbf Grant to Any Domain Play_Right_flag 1 bslbf Analog_export_right_flag 1 bslbf Digital_export_SD_right_flag 1 bslbf Digital_export_HD_right_flag 1 bslbf Buffer_duration 2 bslbf Security_level 2 uimsbf Time_window_start_date 16 uimsbf Time_window_end_date 16 uimsbf Geographic_control 128 bslbf Analog_export_signalling 2 bslbf Analog_SD_control 1 bslbf Standard_Definition_digital_export_control 2 bslbf High_Definition_digital_export_control 2 bslbf Reserved_for_future_use 1 bslbf }

RMPI-MB and RMPI-M Lifecycle

RMPI-MB is transmitted in conjunction with the broadcast signal. At the time of reception in the end user’s TVA RMP Domain it is converted to RMPI-M.

Rights that are granted to the Receiving Domain and Single Point of Control (if present) in RMPI-MB are carried over in RMPI-M.

Generic mentioning of the Receiving Domain and Single Point of Control (if present) in RMPI-MB is translated into explicit mentioning through the explicit statement of Identifiers in RMPI-M.

In order to maintain the persistence of the rights assigned by the broadcaster or content provider, a TVA RMP compliant receiver shall not change any other value in RMPI.

Rights granted to Any Domain are always carried over unchanged from RMPI-MB to RMPI-M. The figure below illustrates the transition from RMPI-MB to RMPI-M in a case where Single Point of Control is asserted.

RMPI-MBAncillary RMPIRMPI_type_flag = 0Version_of_RMPIOrigin_of_RMPIScrambling_controlCipherExtend RightsExtend_rights_flagSecurity_levelSource_of_additional_rightsGrant to Receiving DomainDomain_ID = not applicablePlay_Right_flagAnalog_export_right_flagDigital_export_SD_right_flagDigital_export_HD_right_flagBuffer_durationSecurity_levelTime_window_start_dateTime_window_end_dateGeographic_controlAnalog_export_signallingAnalog_SD_controlSD_digital_export_controlHD_digital_export_controlSingle_point_of_control_flagPhysical_proximity_flagSimultaneous_rendering_countSingle_point_of_control_ID = not applicableGrant to Any DomainPlay_Right_flagAnalog_export_right_flagDigital_export_SD_right_flagDigital_export_HD_right_flagBuffer_durationSecurity_levelTime_window_start_dateTime_window_end_dateGeographic_controlAnalog_export_signallingAnalog_SD_controlSD_digital_export_controlHD_digital_export_control

RMPI-MAncillary RMPIRMPI_type_flag = 1Version_of_RMPIOrigin_of_RMPIScrambling_controlCipherExtend RightsExtend_rights_flagSecurity_levelSource_of_additional_rightsGrant to Receiving DomainDomain_ID= Receiving Domain IDPlay_Right_flagAnalog_export_right_flagDigital_export_SD_right_flagDigital_export_HD_right_flagBuffer_durationSecurity_levelTime_window_start_dateTime_window_end_dateGeographic_controlAnalog_export_signallingAnalog_SD_controlSD_digital_export_controlHD_digital_export_controlSingle_point_of_control_flagPhysical_proximity_flagSimultaneous_rendering_countSingle_point_of_control_ID = Device / Entity IDGrant to Any DomainPlay_Right_flagAnalog_export_right_flagDigital_export_SD_right_flagDigital_export_HD_right_flagBuffer_durationSecurity_levelTime_window_start_dateTime_window_end_dateGeographic_controlAnalog_export_signallingAnalog_SD_controlSD_digital_export_controlHD_digital_export_control

Conclusion

We believe that RMP RMPI provides a useful mechanism for the explicit uniform signaling of content usage conditions.

It does not mandate those conditions, but enables them to be expressed.

It does not exhaustively enable every conceivable consumption model, nor does it impose unrealistic performance requirements on delivery devices or unrealistic restrictions on the use of content.

TVAF RMP - I T L W C D

Digital Analogue

A to D conversion& extraction of analogueprotection usage state signals if present

Evaluation of content protection usagestates & mapping to RMPI if necessary

Preparation (embedding) for launch into Domain environment

Digital–to-analogueconversion; application ofanalogue protection (ifsignalled); blocking ofanalogue output (ifsignalled)

Extraction & Evaluation of RMPUsage States

Mapping onto output (RMPI) usagestates

Digital AnalogueOUTPUTS(S)

INPUT(S)

Could beRMPI or“other”DRMprotected

Secure Domain

Secure Domain

Extraction of RMPI or “other” DRM Usage state signals(generic messaging – not protection-system specific)

Preparation (embedding) to leaveDomain environment

Could beRMPI or“other”DRMprotected

(informative - implementation example)

Digital Analogue

A to D conversion& extraction of analogueprotection usage state signals if present

Evaluation of content protection usagestates & mapping to RMPI if necessary

Preparation (embedding) for launch into Domain environment

Digital–to-analogueconversion; application ofanalogue protection (ifsignalled); blocking ofanalogue output (ifsignalled)

Extraction & Evaluation of RMPUsage States

Mapping onto output (RMPI) usagestates

Digital AnalogueOUTPUTS(S)

INPUT(S)

Could beRMPI or“other”DRMprotected

Secure Domain

Secure Domain

Extraction of RMPI or “other” DRM Usage state signals(generic messaging – not protection-system specific)

Preparation (embedding) to leaveDomain environment

Could beRMPI or“other”DRMprotected

(informative - implementation example)