Encryption and Decryption. The Approved UHD Content Protection System shall use AES (as specified in NIST FIPS-197) with a key length of 128 bits or greater, DVB-CSA3 or other encryption algorithm approved in writing by Licensor. DVB-CSA (version 1) is NOT approved. New keys must be generated each time content is encrypted (though different instances of the same title on the same service may be encrypted with the same key). A single key shall not be used to encrypt more than one piece of content or more data than is considered cryptographically secure. The random number generator (RNG) used for key generation shall be cryptographically secure and shall be on the list of RNGs approved in FIPS 140-2 Annex C. The content protection system shall only decrypt content into memory temporarily for the purpose of decoding and rendering the content and shall never write decrypted content (including, without limitation, portions of the decrypted content) or streamed encrypted content into permanent storage. Memory locations used to temporarily hold decrypted content shall be secured from access by any code running outside of the Trusted Execution Environment and any trusted application other than the content protection system trusted application(s). (A "Trusted Execution Environment" or "TEE" is a computing environment which is isolated from the application execution environment using a security mechanism such as a verified implementation of ARM TrustZone, hardware enforced virtualization, a separate security processor or processor core or other similar security technology.). Decrypted content shall be securely deleted and overwritten as soon as possible after the content has been decoded and passed to rendering functions. Keys, passwords, and any other information that are critical to the cryptographic strength of the Approved UHD Content Protection System (“critical security parameters”, CSPs) may never be transmitted or permanently or semi-permanently stored in unencrypted form. Memory locations used to temporarily hold CSPs must be secured from access by any code running outside of the Trusted Execution Environment and any trusted application other than the content protection system trusted application(s). Where decrypted content is carried on buses or data paths that are accessible with Widely Available Tools or Specialized Tools it must be encrypted, for example during transmission to the graphics or video subsystem for rendering. The Approved UHD Content Protection System shall encrypt the entirety of the video content. Each video frame must be completely encrypted. Encrypted non-video content (e.g., audio) shall be encrypted with a key that is different from the video keys, if encrypted, unless the audio is protected and decrypted by exactly the same means as the video. Audio which is 5.1 or lesser quality need not be encrypted. The Approved UHD Content Protection System must not share the original content encryption key(s) with any other device. By way of example, content that is to be output must be re-encrypted with a different key or keys from the original encryption key(s). Robust Implementation Devices shall use hardware-enforced secure boot whereby all system software and all software affecting content security is cryptographically verified for integrity at boot time using a boot process whose security resides on keys or key hashes stored in hardware (e.g., OTP memory or e-fuses) and code in ROM. Devices that fail secure boot shall not allow any further operation except that required to restore system integrity. Non-TEE software that is part of the Content Protection Systems shall ideally be protected from reverse engineering.
Appears in 4 contracts
Samples: License Agreement, wikileaks.org, wikileaks.org
Encryption and Decryption. The Approved UHD Content Protection System shall use AES (as specified in NIST FIPS-197) with a key length of 128 bits or greater, DVB-CSA3 or other encryption algorithm approved in writing by Licensor. DVB-CSA (version 1) is NOT approved. New keys must be generated each time content is encrypted (though different instances of the same title on the same service may be encrypted with the same key). A single key shall not be used to encrypt more than one piece of content or more data than is considered cryptographically secure. The random number generator (RNG) used for key generation shall be cryptographically secure and shall be on the list of RNGs approved in FIPS 140-2 Annex C. The content protection system shall only decrypt content into memory temporarily for the purpose of decoding and rendering the content and shall never write decrypted content (including, without limitation, portions of the decrypted content) or streamed encrypted content into permanent storage. Memory locations used to temporarily hold decrypted content shall be secured from access by any code running outside of the Trusted Execution Environment and any trusted application other than the content protection system trusted application(s). (A "Trusted Execution Environment" or "TEE" is a computing environment which is isolated from the application execution environment using a security mechanism such as a verified implementation of ARM TrustZone, hardware enforced virtualization, a separate security processor or processor core or other similar security technology.). Decrypted content shall be securely deleted and overwritten as soon as possible after the content has been decoded and passed to rendering functions. Keys, passwords, and any other information that are critical to the cryptographic strength of the Approved UHD Content Protection System (“critical security parameters”, CSPs) may never be transmitted or permanently or semi-permanently stored in unencrypted form. Memory locations used to temporarily hold CSPs must be secured from access by any code running outside of the Trusted Execution Environment and any trusted application other than the content protection system trusted application(s). Where decrypted content is carried on buses or data paths that are accessible with Widely Available Tools or Specialized Tools it must be encrypted, for example during transmission to the graphics or video subsystem for rendering. The Approved UHD Content Protection System shall encrypt the entirety of the video content. Each video frame must be completely encrypted. Encrypted non-video content (e.g., e.g. audio) shall be encrypted with a key that is different from the video keys, if encrypted, unless the audio is protected and decrypted by exactly the same means as the video. Audio which is 5.1 or lesser quality need not be encrypted. The Approved UHD Content Protection System must not share the original content encryption key(s) with any other device. By way of example, content that is to be output must be re-encrypted with a different key or keys from the original encryption key(s). Robust Implementation Devices shall use hardware-enforced secure boot whereby all system software and all software affecting content security is cryptographically verified for integrity at boot time using a boot process whose security resides on keys or key hashes stored in hardware (e.g., e.g. OTP memory or e-fuses) and code in ROM. Devices that fail secure boot shall not allow any further operation except that required to restore system integrity. Non-TEE software that is part of the Content Protection Systems shall ideally be protected from reverse engineering. Approved UHD Content Protection System Identification Each installation of the Content Protection System shall be individualized and thus uniquely identifiable Revocation And Renewal The Licensee shall ensure that clients and servers of the Content Protection System are promptly and securely updated, and where necessary, revoked, in the event of a Security Breach being found in the Approved UHD Content Protection System and/or its implementations in clients and servers. Licensee shall ensure that patches (including HDCP System Renewability Messages) received from content protection technology providers (e.g. DRM providers) and content providers are promptly applied to clients and/or servers Where Licensee determines that Included Programs have been compromised from a particular device and Licensee is able to uniquely identify said device, Licensee shall promptly revoke said device and not deliver further 4K Format content to said device. Where Licensee determines that a particular device type requires a mandatory security update, in order to fix or invalidate an actual Security Breach (as defined in the Agreement this Schedule applies to), once such update is available, it shall be applied to all devices of the relevant device type as soon as possible and relevant devices shall not receive Included Programs in 4K Format until updated if they have not been updated within 7 calendar days of the security update first being made available to such devices. Where Licensee determines that a particular device type requires a mandatory security update to fix a Security Flaw (as defined in the Agreement this Schedule applies to) that is not classified as a Security Breach, once such update is available, it shall be applied to all devices of the relevant device type as soon as reasonably possible and relevant devices shall not receive Included Programs in 4K Format until updated if they have not been updated within 45 calendar days or less of the security update first being made available to such devices.
Appears in 2 contracts
Encryption and Decryption. The Approved UHD Content Protection System shall use AES (as specified in NIST FIPS-197) with a key length of 128 bits or greater, DVB-CSA3 CSA-3, or other encryption algorithm approved of equivalent or greater cryptographic strength to be agreed in writing with Licensor or other algorithm supported by Licensoran approved Content Protection System. DVB-CSA (version 1) Version 1 is NOT approved. New keys must be generated each time content is encrypted (though different instances of the same title on the same service may be encrypted with the same key)approved for UHD Included Programs. A single key shall not be used to encrypt more than one piece of content Included Programs or more data than is considered cryptographically securesecure and no more than a single licensed title. The random number generator (RNG) used for key generation shall be cryptographically secure and shall be on the list of RNGs approved in FIPS 140-2 Annex C. The content protection system Content Protection System shall only decrypt content Included Programs into memory temporarily for the purpose of decoding and rendering the content Included Programs and shall never write decrypted content Included Programs (including, without limitation, portions of the decrypted contentIncluded Programs) or streamed encrypted content Included Programs into permanent storage. Memory locations used to temporarily hold decrypted content Included Programs shall be secured from access by any code running outside of the Trusted Execution Environment and any trusted application other than the content protection system trusted application(s)Environment. (A "Trusted Execution Environment" or "TEE" is a computing environment which is isolated from the application execution environment using a security mechanism such as a verified implementation of ARM TrustZone, hardware enforced virtualization, a separate security processor or processor core or other similar security technology.). Decrypted content shall be securely deleted and overwritten as soon as possible after the content has been decoded and passed to rendering functions. ) Keys, passwords, and any other information that are critical to the cryptographic strength of the Approved UHD Content Protection System (“critical security parameters”, hereafter referred to as CSPs) may never be transmitted or permanently or semi-permanently stored (i.e. placed in memory other than RAM) in unencrypted (for CSPs requiring confidentiality) and/or unauthenticated (for CSPs requiring integrity protection) form. Memory locations used to temporarily hold CSPs must be secured from access modification by any driver or any other process other than authorized code running outside of inside the Trusted Execution Environment Environment. Decryption of (i) Included Programs protected by the Content Protection System and any (ii) CSPs shall take place in a hardware enforced trusted application other than the content protection system trusted application(s). Where execution environment and where decrypted content is carried on buses or data paths that are accessible with Widely Available Tools or Specialized Tools Specialised Tools, it must be encrypted, for example during transmission to the graphics or video subsystem for rendering. The Approved UHD Content Protection System shall encrypt the entirety video portion of Included Programs, including, without limitation, all video sequences audio tracks, and video angles. For the video content. Each video frame must be completely encrypted. Encrypted non-video content (e.g.avoidance of doubt, audio) shall be encrypted with a key that is different from the video keys, if encrypted, unless the audio is protected and decrypted by exactly the same means as the video. Audio which is 5.1 or lesser quality need not be encrypted. The Approved UHD client side of the Content Protection System must not share the original content Included Programs encryption key(s) with any other device. By way of example, content that is to be device except as allowed by an Approved Protection System using an approved output must be re-encrypted with a different key protection mechanism or keys from the original encryption key(s)otherwise by approval in writing by Licensor. Robust Implementation Devices Implementations of Content Protection Systems shall use hardware-enforced secure boot whereby all system security mechanisms. All security critical software and all software affecting content security is cryptographically verified for integrity at boot time using a boot process whose security resides on keys or key hashes stored in hardware (e.g., OTP memory or e-fuses) and code in ROM. Devices that fail secure boot shall not allow any further operation except that required to restore system integrity. Non-TEE software that is part of used by the Content Protection Systems shall ideally System must be protected from reverse engineeringauthenticated and Content Protection System cryptographic keying material must be stored in manner that restricts access to code running inside the Trusted Execution Environment.
Appears in 1 contract
Samples: Demand License Agreement
