feature article
Subscribe Now

DRM To Go

Discretix Locks Down Handsets

Convergence is a cool concept.  As embedded systems designers, once we’ve got a versatile computing platform constructed inside a mobile device, it’s exciting to think of all the plus-ones we can add by including plug-in software modules, small incremental pieces of hardware, or plug-and-play peripherals through standardized interfaces.  The conceptual leap from mobile phone to PDA to media player is pretty small once you start down the path.

Unfortunately, slapping on the cool new features isn’t always the tricky part.  Before your customers can lounge out listening to their favorite tunes, tune-in the latest video feed, or feed their curiosity with megabytes of proprietary data, you’ll need to convince the content providers that your device isn’t just a highly portable hole in their copyright protection scheme.

Digital Rights Management (DRM) is becoming an increasingly important issue for developers of mobile devices.  The embedded device environment, however, isn’t always completely security-friendly.  We often craft our creations by sticking together hardware-IP, software, middleware, and other components from a variety of sources into Franken-systems that make a unified security scheme challenging to deliver.  Often, the biggest security holes of all are in the glue that binds these disparate parts together.

California-based Discretix has built a business selling a comprehensive suite of security solutions for our real-world, cobbled-together, mobile computing platforms.  Their solutions begin at the hardware core and extend through middleware into software applications, addressing the wide range of potential vulnerabilities in the embedded computing chain and providing a consistent security architecture throughout the system for a wide variety of purposes including DRM, Firmware over-the-air updates (FOTA), IMSI/IMEA protection for SIM data, IPSec for mobile TCP-based applications, and even financial cryptography for mobile e-commerce applications.

Discretix solution begins with what the company calls “CryptoCell,” which is a hardware/software system that is integrated into the handset, providing the security framework.   The hardware components are delivered as IP that accomplish core security tasks like random number generation, asymmetric and symmetric cryptography, and hash integrity verification.  At a hardware level, these components include a bus interface, a secure DMA module, and hardware crypto engines. 

On top of the hardware core is a middleware layer.  The middleware provides programmatic, secure access to the hardware cores and adds services such as software crypto, secure storage, secure boot, and key and certificate management.  The middleware layer adapts for a variety of hardware and processing platforms as well as a wide variety of popular operating systems. 

Above the middleware layer sits a collection of applications and application-development toolkits.  These enable specific security schemes to be implemented such as Discretix Multi-Scheme DRM client, Device management for features like FOTA, SIM Lock protection for IMSI/IMEA identities, IPSec for VPN and TCP-IP security, and Java security.  Discretix sells the various components a-la-carte so you can configure your system with only the security schemes you require.

In embedded design, there is always a build/buy tradeoff to be made on what parts of your system to design in-house from scratch and what to buy from third-party suppliers.  Security is almost always most attractive on the “buy” side of that equation.  The techniques, algorithms and standards involved in security systems are career-complex – best implemented by engineers whose career is focused on security.  The subtleties and techniques of the attack versus countermeasure world of cryptography and system-security are exciting for your James Bond fantasies, but impractical to manage responsibly as a dabbling electronics or software engineer.  When it comes to security, it’s usually best to go to the professionals.

One of the things you get by going with an established, bundled solution is a pre-engineered range of standards support.  Discretix’s offering supports a wide range of public key algorithms including RSA, DSA, ECC and DH, Symmetric encryption algorithms including AES, DES & triple-DES, and RC4, and hash algorithms including SHA-1/2, MD5, and HMAC.

Often, your mobile device will have a flash memory slot (if you’ve designed a system like this without one lately, e-mail me… we need to talk.)  The problem is that flash is even more portable and could fall out of your customer’s unit at any time and into the unit of an unscrupulous party. (If articles had a soundtrack, this is where the low-frequency notes would start to get louder.)  Here, instead of protecting third-party data from your system’s end-user, you’re often protecting your end-users’ data from unscrupulous third parties.  Discretix has a specialized offering for flash memory security that can make securing data on flash cards pretty much a non-event from an embedded engineering standpoint.

On to the DRM problem, Discretix offers what they call a “Multi-Scheme DRM” software solution.  This solution works with the underlying security platform to provide a robust solution for DRM protection.  Here, it is worth mentioning that there are two classes of system houses when it comes to DRM implementation.  On one hand, there are the “letter of the law” designers that want to be able to say they integrated an industry-standard DRM solution.  Actual security is not a priority as long as they can check the box and qualify for the content.  The existence of well-known hacks is not a problem for them.  Happily, Discretix solution is not that type – in addition to checking the box, they actually provide a robust DRM solution that isn’t widely defeated.

Discretix’s DRM solution supports OMA DRM v1.0 and v2.0 and Microsoft WV-DRM 10 and CPRM, and its architecture supports the addition of new schemes as they are required.  Working with the rest of Discretix security framework, implementation is straightforward using a single API that connects to the application layer.  The underlying middleware and hardware layers provide deep security and multi-platform processor and OS compatibility, so application writers don’t have to know the specifics of the underlying device. 

All of these solutions are designed and tested with the idea of several typical “bad guys” in mind.  In DRM, the primary threat is the typical user – the Napster-bred music lover that wants free access to all music regardless of copyright laws.  The art of DRM is to keep this user as a happy customer while firmly protecting the rights of the content owners and protecting a viable and rightful revenue stream.  At the same time, a well-designed DRM scheme can turn into a marketing opportunity with advanced features like previewing, renting, purchasing, and subscription models.

If your design is expanding into the realm where you’re dealing with content that needs protecting, look at a specialized supplier like Discretix.  The effort and ramp-up  required for implementing a home-grown security scheme far exceed the cost of purchasing a commercial solution, and chances are, you won’t come up with anything that is nearly as secure.

Leave a Reply

featured blogs
Jul 3, 2020
[From the last episode: We looked at CNNs for vision as well as other neural networks for other applications.] We'€™re going to take a quick detour into math today. For those of you that have done advanced math, this may be a review, or it might even seem to be talking down...
Jul 2, 2020
Using the bitwise operators in general -- and employing them to perform masking, bit testing, and bit setting/clearing operations in particular -- can be extremely efficacious....
Jul 2, 2020
In June, we continued to upgrade several key pieces of content across the website, including more interactive product explorers on several pages and a homepage refresh. We also made a significant update to our product pages which allows logged-in users to see customer-specifi...

Featured Video

Product Update: DesignWare® Foundation IP

Sponsored by Synopsys

Join Prasad Saggurti for an update on Synopsys’ DesignWare Foundation IP, including the world’s fastest TCAMs, widest-voltage GPIOs, I2C & I3C IOs, and LVDS IOs. Synopsys Foundation IP is silicon-proven in 7nm in more than 500,000 customer wafers, and 5nm is in development.

Click here for more information about DesignWare Foundation IP: Embedded Memories, Logic Libraries & GPIO

Featured Paper

Cryptography: How It Helps in Our Digital World

Sponsored by Maxim Integrated

Gain a basic understanding of how cryptography works and how cryptography can help you protect your designs from security threats.

Click here to download the whitepaper

Featured Chalk Talk

Cadence Celsius Thermal Solver

Sponsored by Cadence Design Systems

Electrical-thermal co-simulation can dramatically improve the system design process, allowing thermal design adaptation to be done much earlier. The Cadence Celsius Thermal Solver is a complete electrical-thermal co-simulation solution for the full hierarchy of electronic systems from ICs to physical enclosures. In this episode of Chalk Talk, Amelia Dalton chats with CT Kao of Cadence Design Systems about how the Celsius Thermal Solver can help detect and mitigate thermal issues early in the design process.

More information about Celsius Thermal Solver