Category Archives: Technology

Android Movie Rental and rooted devices

Posted on by
Reply

In May 2011, Google launched its new service of Video rental market for Android phones.  Soon, people discovered that the service was not available for rooted devicesRooting an Android device means giving yourself root permissions on the device.  In other words having FULL control of your phone.  This is not often the case with phones provided by operators.  Rooting is  equivalent to jailbreaking a device.  As Android is an open source system, very attractive to homebrew lovers, it is often the first thing they do to be able to create new apps.

The video app checks if the device is rooted and then refuses to play the content.  Why does Google do such a limitation?   The Video Rental Market uses a DRM to enforce the rental conditions.  One of the strong assumptions of software based DRM is that it runs in a rather trusted environment.  It is obvious that a rooted device does not fit with the definition of a trusted environment.  For instance, the app has no way to be sure that its system calls are not hijacked, or even if the system calls will act as expected.  Thus, it was obvious that Google had to take this measure.

Nevertheless, this limitation does upset the users who believe that open source means full control of their device.  Unfortunately, Open source and DRM are antagonist concepts.

As we could expect, the cat and mouse race has started.  It seems that a patched version of the app is available.  This version may not check the rooted device and accept to play the movie.  The movie is still protected by the DRM and you need a proper license to access your rented movie.

 

 

An iPhone that may refuse to record illegal content?

Posted on by
Reply

Apple filed in 2009 an interesting patent called “Systems and methods for receiving infrared data with a camera designed to detect images based on visible light.”  In a nutshell, the camera captures a picture or a video, attempts to detect the presence of an infrared signal.  If present the camera decodes the payloads and acts correspondingly.  This is what claim 1 protects.

Claim 1. A method for using a camera, comprising: using the camera to detect an image based on at least visible light; determining whether the image includes an infrared signal with encoded data; in response to determining that the image includes an infrared signal with encoded data, routing at least a portion of the image to circuitry operative to decode the encoded data in the infrared signal; and in response to determining that the image does not include an infrared signal with encoded data, routing the image to a display operative to display the image.

The obvious application is to block the capture, or decrease the quality, in presence of such signal.  For instance, a movie theater (or a classified facility) could beam such infra-red signal.  The compliant camera/phone would then block the capture.    The claims 4-7 clearly highlight this feature.

4. The method of claim 1, further comprising: decoding the encoded data in the infrared signal; and modifying a device operation based at least on the decoded data.

5. The method of claim 4, wherein modifying a device operation comprises applying a watermark to a detected image.

6. The method of claim 4, wherein modifying a device operation comprises disabling a device function.

7. The method of claim 6, wherein the device function is a record function.

 

Another usage, which is not related to content protection, is that the payload is analysed by an application that may display specific information on the screen.  The typical example would be a museum which would provide an application.  Each room or specific item would beam a code, the application would use this code to ask a server contextual information to display.  Obviously, if you would combine captured video + contextual display, you have an augmented reality device :Happy:

8. The method of claim 1, further comprising: decoding the encoded data in the infrared signal; displaying information on the display based at least on the decoded data.

Potential applications are numerous as described in subsequent claims.

Is this the solution against camcorders in theaters?  I don’t think so.  According to me, there are at least two issues:

  • It requires the camera to be equipped with the system.  Unless all manufacturers of cameras would adopt it, which is highly unlikely, there will be models without this system.  Pirates will use these ones.
  • Infra-red can be filtered by correctly tuned IR filters.  Soon the pirates would find the frequency of IR, and use the corresponding filter.  This is why IR jamming in theater did not work.  Some companies tried to blast IR beams towards the audience to blind cameras.  It was not a success.

The patent is available at http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=”20110128384″.PGNR.&OS=DN/20110128384&RS=DN/20110128384

 

 

Identity and its verification

Posted on by
Reply

Nicholas BOHM and Stephen MASON explore the problems of identity and to verify it (or them). as the authors are lawyers, this paper has an interesting point of view. They are fully aware(and even surprisingly accurate) of technology and security limitations.

First, they explain what an identity (or an identifier) is, and what the challenges are in our modern shrinking world. My preferred statement is

And there is an increasing tendency to confuse a person’s knowledge of an identifier with evidence that the person with the knowledge is the person to whom the identifier relates

Then, they explore the difficulty to prove the relationship between an identifier and a person. They show the limits of identification documents (intrinsic such as birth certificate, or extrinsic such as utility bill). Finally, they tackle the identity cards, more precisely electronic identity cards. They show the short-come because not every one will have a trusted reader, and especially not with general purpose devices.

Due to their background, the paper has a strong focus on liability. For instance, no Government will ever take liability for the passports it issues. This analysis of the identity problem is enlightening.

Due to this special point of view, it is recommended to read this paper. Even if you’re not interested in identity matters, the paper will be educational for the liability point of view.

Reference
N. Bohm and S. Mason, “Identity and its verification,” Computer Law & Security Review, vol. 26, Jan. 2010, pp. 43-51 available at http://www.stephenmason.eu/wp- … 011/01/bohm-mason-identity.pdf.

Alea Jacta Est

Posted on by
Reply

The die has been cast. I did not go across Rubicon. Nevertheless, this Sunday, I finalized one achievement: my first book. After more than two years of work, I have sent the final version of the manuscript to Springer.

The title is Securing Digital Video: Techniques for DRM and Content Protection. I give a detailed overview of the current landscape of content protection. If you’re interested to know how PlayReady, Fair Play, AACS, DTCP, or DVB-CPCM works, this book may be of interest. I consistently describe many systems. The book highlights the similarity of all these systems.

I will describe its content more in details later.

The book should be available this summer.

Google’s anti-piracy new step

Posted on by
1

Without any official announcement, Google has made a new movement towards fighting content piracy. The auto complete function, i.e. the feature that proposes guessed choices while you type your query, does not anymore propose some proposals that may be related to piracy. For instance, when typing “Black Swan T”, it does not anymore propose Black Swan Torrent. Nevertheless, the filtering is not consistent. “Black Swan S” proposes “Black Swan Streaming” as seventh choice. When I type “pi”, I’m still proposed as second choice “Pirate bay”! TorrentFreak has analysed more in details the strategy of filtering. This new filtering does only impact the auto-completion, and not the query, i.e. “Black Swan torrent” gives links to torrents.

Obviously, this is one additional goodwill towards content owners. This is part of a larger strategy (see Google acquires Widevine)

Will it have any impact for users? No! It is just theater security as good will for studios.

INA versus YouTube

Posted on by
Reply

A French court has condemned YouTube to pay INA 150,000€ to INA because YouTube did not put in place any filtering system that would deter posting INA copyrighted content. INA is the French National Institute of Audiovisual. Its mission is to archive all broadcast content from French TV and radio stations.

Interestingly, INA hopes that YouTube will install an efficient fingerprint system to detect INA’s content. INA has developed its own fingerprinting technology: Signature. YouTube uses its own fingerprint technology: ContentID.

Thanks OC for the pointer

Google acquired Widevine

Posted on by
1

Last Friday, Google acquired Widevine for an unknown sum . Widevine is one of the many DRM technology vendors. Widevine was the first company to coin the concept of Virtual Smart Card, which was just a tamper resistant based software.

Clearly, Google is moving in the direction to deliver copyrighted content. Several security-related clues show that:

  • Google announced an initiative for faster action on copyright infringement on YouTube.
  • Yesterday, Google has relaxed the limitations of 15mn for the clips uploaded on YouTube. This limitation was to satisfy the content owners. It was expected that having the movie in slices would be a deterrent. Google announced that their proprietary fingerprinting tool Content ID was becoming better and better. Thus, they were confident to spot illegal content on upload link.
  • Widevine provides Google with a DRM technology, approved by studios, for the delivery of movie. Furthermore, Widevine is one of the DRM technologies approved by UltraViolet (aka DECE). The other approved DRMs are Adobe Flash Access, Marlin, Microsoft PlayReady, and OMA.
    It was wiser to purchase an approved technology rather than build their own because it already got the studios’ blessing.

All these hints show that Google attempts to be nice to content owners. The next NetFlix?