feature article
Subscribe Now

DRM To Go

Discretix Locks Down Handsets

Convergence is a cool concept.  As embedded systems designers, once we’ve got a versatile computing platform constructed inside a mobile device, it’s exciting to think of all the plus-ones we can add by including plug-in software modules, small incremental pieces of hardware, or plug-and-play peripherals through standardized interfaces.  The conceptual leap from mobile phone to PDA to media player is pretty small once you start down the path.

Unfortunately, slapping on the cool new features isn’t always the tricky part.  Before your customers can lounge out listening to their favorite tunes, tune-in the latest video feed, or feed their curiosity with megabytes of proprietary data, you’ll need to convince the content providers that your device isn’t just a highly portable hole in their copyright protection scheme.

Digital Rights Management (DRM) is becoming an increasingly important issue for developers of mobile devices.  The embedded device environment, however, isn’t always completely security-friendly.  We often craft our creations by sticking together hardware-IP, software, middleware, and other components from a variety of sources into Franken-systems that make a unified security scheme challenging to deliver.  Often, the biggest security holes of all are in the glue that binds these disparate parts together.

California-based Discretix has built a business selling a comprehensive suite of security solutions for our real-world, cobbled-together, mobile computing platforms.  Their solutions begin at the hardware core and extend through middleware into software applications, addressing the wide range of potential vulnerabilities in the embedded computing chain and providing a consistent security architecture throughout the system for a wide variety of purposes including DRM, Firmware over-the-air updates (FOTA), IMSI/IMEA protection for SIM data, IPSec for mobile TCP-based applications, and even financial cryptography for mobile e-commerce applications.

Discretix solution begins with what the company calls “CryptoCell,” which is a hardware/software system that is integrated into the handset, providing the security framework.   The hardware components are delivered as IP that accomplish core security tasks like random number generation, asymmetric and symmetric cryptography, and hash integrity verification.  At a hardware level, these components include a bus interface, a secure DMA module, and hardware crypto engines. 

On top of the hardware core is a middleware layer.  The middleware provides programmatic, secure access to the hardware cores and adds services such as software crypto, secure storage, secure boot, and key and certificate management.  The middleware layer adapts for a variety of hardware and processing platforms as well as a wide variety of popular operating systems. 

Above the middleware layer sits a collection of applications and application-development toolkits.  These enable specific security schemes to be implemented such as Discretix Multi-Scheme DRM client, Device management for features like FOTA, SIM Lock protection for IMSI/IMEA identities, IPSec for VPN and TCP-IP security, and Java security.  Discretix sells the various components a-la-carte so you can configure your system with only the security schemes you require.

In embedded design, there is always a build/buy tradeoff to be made on what parts of your system to design in-house from scratch and what to buy from third-party suppliers.  Security is almost always most attractive on the “buy” side of that equation.  The techniques, algorithms and standards involved in security systems are career-complex – best implemented by engineers whose career is focused on security.  The subtleties and techniques of the attack versus countermeasure world of cryptography and system-security are exciting for your James Bond fantasies, but impractical to manage responsibly as a dabbling electronics or software engineer.  When it comes to security, it’s usually best to go to the professionals.

One of the things you get by going with an established, bundled solution is a pre-engineered range of standards support.  Discretix’s offering supports a wide range of public key algorithms including RSA, DSA, ECC and DH, Symmetric encryption algorithms including AES, DES & triple-DES, and RC4, and hash algorithms including SHA-1/2, MD5, and HMAC.

Often, your mobile device will have a flash memory slot (if you’ve designed a system like this without one lately, e-mail me… we need to talk.)  The problem is that flash is even more portable and could fall out of your customer’s unit at any time and into the unit of an unscrupulous party. (If articles had a soundtrack, this is where the low-frequency notes would start to get louder.)  Here, instead of protecting third-party data from your system’s end-user, you’re often protecting your end-users’ data from unscrupulous third parties.  Discretix has a specialized offering for flash memory security that can make securing data on flash cards pretty much a non-event from an embedded engineering standpoint.

On to the DRM problem, Discretix offers what they call a “Multi-Scheme DRM” software solution.  This solution works with the underlying security platform to provide a robust solution for DRM protection.  Here, it is worth mentioning that there are two classes of system houses when it comes to DRM implementation.  On one hand, there are the “letter of the law” designers that want to be able to say they integrated an industry-standard DRM solution.  Actual security is not a priority as long as they can check the box and qualify for the content.  The existence of well-known hacks is not a problem for them.  Happily, Discretix solution is not that type – in addition to checking the box, they actually provide a robust DRM solution that isn’t widely defeated.

Discretix’s DRM solution supports OMA DRM v1.0 and v2.0 and Microsoft WV-DRM 10 and CPRM, and its architecture supports the addition of new schemes as they are required.  Working with the rest of Discretix security framework, implementation is straightforward using a single API that connects to the application layer.  The underlying middleware and hardware layers provide deep security and multi-platform processor and OS compatibility, so application writers don’t have to know the specifics of the underlying device. 

All of these solutions are designed and tested with the idea of several typical “bad guys” in mind.  In DRM, the primary threat is the typical user – the Napster-bred music lover that wants free access to all music regardless of copyright laws.  The art of DRM is to keep this user as a happy customer while firmly protecting the rights of the content owners and protecting a viable and rightful revenue stream.  At the same time, a well-designed DRM scheme can turn into a marketing opportunity with advanced features like previewing, renting, purchasing, and subscription models.

If your design is expanding into the realm where you’re dealing with content that needs protecting, look at a specialized supplier like Discretix.  The effort and ramp-up  required for implementing a home-grown security scheme far exceed the cost of purchasing a commercial solution, and chances are, you won’t come up with anything that is nearly as secure.

Leave a Reply

featured blogs
Oct 26, 2020
Last week was the Linley Group's Fall Processor Conference. The conference opened, as usual, with Linley Gwenap's overview of the processor market (both silicon and IP). His opening keynote... [[ Click on the title to access the full blog on the Cadence Community s...
Oct 23, 2020
Processing a component onto a PCB used to be fairly straightforward. Through-hole products, or a single or double row surface mount with a larger centerline rarely offer unique challenges obtaining a proper solder joint. However, as electronics continue to get smaller and con...
Oct 23, 2020
[From the last episode: We noted that some inventions, like in-memory compute, aren'€™t intuitive, being driven instead by the math.] We have one more addition to add to our in-memory compute system. Remember that, when we use a regular memory, what goes in is an address '...
Oct 23, 2020
Any suggestions for a 4x4 keypad in which the keys aren'€™t wobbly and you don'€™t have to strike a key dead center for it to make contact?...

featured video

Demo: Inuitive NU4000 SoC with ARC EV Processor Running SLAM and CNN

Sponsored by Synopsys

See Inuitive’s NU4000 3D imaging and vision processor in action. The SoC supports high-quality 3D depth processor engine, SLAM accelerators, computer vision, and deep learning by integrating Synopsys ARC EV processor. In this demo, the NU4000 demonstrates simultaneous 3D sensing, SLAM and CNN functionality by mapping out its environment and localizing the sensor while identifying the objects within it. For more information, visit inuitive-tech.com.

Click here for more information about DesignWare ARC EV Processors for Embedded Vision

featured paper

An engineer’s guide to autonomous and collaborative industrial robots

Sponsored by Texas Instruments

As robots are becoming more commonplace in factories, it is important that they become more intelligent, autonomous, safer and efficient. All of this is enabled with precise motor control, advanced sensing technologies and processing at the edge, all with robust real-time communication. In our e-book, an engineer’s guide to industrial robots, we take an in-depth look at the key technologies used in various robotic applications.

Click here to download the e-book

Featured Chalk Talk

Microchip SAM11L KPH

Sponsored by Mouser Electronics and Microchip

Adding connectivity to your embedded design opens up a whole new realm of security challenges. Inviting your device to the IoT requires careful attention to building a secure foundation. In this episode of Chalk Talk, Amelia Dalton chats with Anand Rangarajan from Microchip about the SAML11-KPH MCU and how it can help you develop your application without worrying about security.

Click here for more information about Microchip Technology SAM L10/L11 ARM® Cortex®-M23 MCUs