Add to collection(s) Add to saved
  1. No category

4. Function of Device Identification

advertisement 
The Digital Media Project
Source
Kisong Yoon, ETRI
Date
2005/01/10
James Ahn, Inka Entworks
Hogab Kang, DRM Inside
Title
Device Identification
No.
0296/AHG04
Device Identification
This paper describes Device Identification part of Portable Audio and Video
(PAV) Devices for IDP Working Draft 1.0.
1. Overview .............................................................................................................................................. 2
2. Assumption ........................................................................................................................................... 2
2.1 Authenticity of device identifier ..................................................................................................... 2
3. Intents ................................................................................................................................................... 2
3.1 Device Authentication .................................................................................................................... 2
3.2 Authorization .................................................................................................................................. 2
3.3 Domain Administration .................................................................................................................. 3
3.4 Audit ............................................................................................................................................... 3
3.5 License Backup and Restore........................................................................................................... 3
4. Function of Device Identification ......................................................................................................... 3
4.1 Device Info Based Identification .................................................................................................... 3
4.1.1 ID Generation Scheme ............................................................................................................. 3
4.1.2 Identifier format ....................................................................................................................... 3
4.1.3 Protocol ................................................................................................................................... 4
4.1.3.1 ID Generation Protocol ..................................................................................................... 4
4.1.3.2 ID Exchange Protocol ....................................................................................................... 5
4.2 Certificate Based Identification ...................................................................................................... 6
4.2.1 ID Generation Scheme ............................................................................................................. 6
4.2.2 Identifier Format ...................................................................................................................... 6
4.2.3 Protocol ................................................................................................................................... 7
4.2.3.1 ID Generation Protocol ..................................................................................................... 7
4.2.3.2 ID Exchange Protocol ....................................................................................................... 7
1
1. Overview
Device identification is a system to identify PAV devices, in which device identifier’s
format, generation scheme, generation protocol and exchange protocol are included.
Device identifier is mainly used for device authentication. And it is also important
information for DRM controller to allow or disallow the specific devices to render governed
contents.
There can be two kinds of device identification. One is the ‘device info-based
identification’ whose identifier is uniquely generated based on the device information by
the server called ‘Device Identification Server’. And another one is the ‘certificate-based
identification’ in which X.509 certificate is utilized for device identifier.
2. Assumption
This paper explains only identifier format, generation scheme, generation protocol and
exchange protocol of device identification. So it does not address following topics.
2.1 Authenticity of device identifier
Device identification does not care whether a device is real owner of the device identifier
or not. It is assumed that this verification work is to be done by the device authentication.
3. Intents
Device identification is used for following intents
3.1 Device Authentication
Rights issuer needs to verify target device to allow rendering of governed contents. So
most of all, it is necessary for DRM right issuer to get device identifier from identification
process for following device authentication process.
3.2 Authorization
Device identifier is important information for DRM controller to allow or disallow the
specific devices to render governed contents.
2
3.3 Domain Administration
Device identifier is used to identify member devices of specific domain in which various
devices can be registered and managed.
3.4 Audit
Device identifier is used to identify participant devices on use or move of governed
contents if the audit record needs to be written.
3.5 License Backup and Restore
Use of governed content is controlled by the license that specifies allowed device(s).
Device identifier is used to identify dedicated device on backup or restoration of the
license.
4. Function of Device Identification
Device identification is classified by two approaches according to the structure of device
identifier. The first one is the ‘device info-based identification’. And the second one is the
‘certificate-based identification’.
4.1 Device Info-Based Identification
4.1.1 ID Generation Scheme
Device info-based identification is an identification system in which ‘Device Identification
Server’, generates device identifier using some vendor specific information such as
vendor ID, model ID or product serial number. Device Identification Server issues and
manages device identifiers for all DMP applied devices. The number of Device
Identification Server can be multiple by countries or regions
4.1.2 Identifier format
Device identifier of the device info-based identification is composed of header part and
identifier part that comprises 14 bytes. Figure 1 shows the structure of the device
identifier.
3
[Figure1] Identifier format of device info based identification
ID Type (1 byte): device identifier type (0x00 ~ 0xFF). 0x1 (indicates device info-based
identification)
Issuer ID (2 bytes): Device Identification Server ID (0x0000 ~ 0xFFFF). It is generated and
managed by DMP LA(License Authority), and all Device Identification Servers get this ID
from DMP LA.
Version (1 byte): identifier format version (0x00 ~ 0xFF). It is managed by DMP LA.
Vendor ID (4 bytes): device vendor ID (0x00000000 ~ 0xFFFFFFFF). It is uniquely
generated and managed by Device Identification Server.
Model ID (2 bytes): product model ID (0x0000 ~ 0xFFFF). It is uniquely generated and
managed by product vendor.
Product Serial # (4 bytes): product serial number (0x00000000 ~ 0xFFFFFFFF). It is
generated by device vendor and is registered to Device Identification Server. If device
does not have the product serial number, Device Identification Server generates it.
4.1.3 Protocol
4.1.3.1 ID Generation Protocol
Figure 2 shows how to generate device identifier on device info-based identification
system.
Identifier request: Requestor of device identifier sends vendor ID, model ID and product
serial number of new device to Device Identification Server. If there is no specific product
serial number on the device, the requestor may not send product serial number. It means
that Device Identification Server is required to generate product serial number for the
requested device.
4
Identifier Issuing: Verifying the uniqueness of product serial number, Device Identification
Server generates new 14 bytes device identifier based on the device information from
requestor. Newly created product serial number may be inserted if requested data does
not contain it.
[Figure 2] ID generation protocol of device info-based identification
4.1.3.2 ID Exchange Protocol
Figure 3 shows how to exchange a device identifier between two devices.
[Figure 3] ID Exchange protocol of device info-based identification
5
Initialization: caller device confirms that callee device is ready to communicate each other
through simple ping process
Identifier request: caller device requests device identifier of callee device
Response: callee device sends its device identifier to caller device.
Exception handling: If there is no response from peer device within certain time, exception
handler is involved.
4.2 Certificate-Based Identification
4.2.1 ID Generation Scheme
Certificate-based identification is another identification system in which the Device
Identification Server generates X.509 certificate and this certificate is stored on the device.
X.509 certificate is a container or transmission media of device identifier. And
DN(Distinguished Name) value in the certificate is used for practical device identifier.
Under the certificate-based identification system, Device Identification Server is a kind of
DCA(Device Certificate Authority) which has to get key pair for digital signature from Root
CA. So DMP LA needs to take a role of Root CA.
4.2.2 Identifier Format
Device identifier on certificate-based identification system has variable length like figure 4.
[Figure 4] Identifier format of certificate-based identification
ID Type (1 byte): device identifier type (0x00 ~ 0xFF). 0x02(indicates certificate-based
identifier)
6
Length (2 bytes): certificate length (0x0000 ~ 0xFFFF).
Reserved (1 byte): Not used.
X.509 Certificate (n bytes): X.509 data. DN in the certificate is used for unique device
identifier.
4.2.3 Protocol
4.2.3.1 ID Generation Protocol
Under the certificate-base identification system, since DN field of X.509 certificate is
used for device identifier, generation process of the device identifier can be replaced with
the certificate generation process.
4.2.3.2 ID Exchange Protocol
The exchange process of device identifier under certificate-based identification system is
almost same as device info-base identification system except one that it can check the
validity of device identifier in X.509 certificate during RESPONSE phase by verifying the
digital signature.
7
Related documents
Twitter - American Translators Association
Twitter - American Translators Association
BRIDG Animal.speciesCode A coded value specifying one of the
BRIDG Animal.speciesCode A coded value specifying one of the
Authority Record ( Corporate Body) USA
Authority Record ( Corporate Body) USA
Test Plan Attachments Example of entries in a
Test Plan Attachments Example of entries in a
Target List Identifier & Directory
Target List Identifier & Directory
John Grumitt
John Grumitt
What is my “employee unique ID”? It is the UGA
What is my “employee unique ID”? It is the UGA
Download
advertisement