Preliminary Specs Finally Released on AACS Content Protection

The books -- one describing AACS’s “overall goals” and one each dedicated to its prerecorded video and recordable video applications -- are conspicuously marked “Confidential Draft.” But the AACS license administrator (AACS LA) took the unusual step of posting them on the Internet. “Consistent with its commitment to keep all interested participants apprised of progress,” AACS LA said, publicly disclosing the documents will “enable third parties to review and evaluate the technology.” Citing its “aggressive work schedule,” AACS LA said it expects public release of the AACS license agreements and final version 1.0 specifications to “be made in a time frame consistent with the announced product plans for next generation digital entertainment devices that will use AACS LA technology.” Although the specs on prerecorded and recordable video are written to be “format- independent,” according to the draft, only HD DVD has committed to adopting AACS, with plans to begin commercializing products 4th quarter. The specs make no specific mention of Blu-ray or HD DVD by name.

AACS LA -- which includes Disney, IBM, Intel, Matsushita, Microsoft, Sony, Toshiba and Warner Bros. -- said it has worked “very closely” with the Blu-ray and HD DVD camps “to help them understand the AACS LA technology, and to address format-specific implementation issues.” AACS LA said it has “likewise engaged a diverse group of contributor members to provide in-depth feedback on the specifications and associated implementation requirements.” It said the contributor group is “format- neutral, geographically diverse, and spans all of the potentially affected industries,” including major studios, CE and IT companies, cable operators, record labels, chip makers and disc replicators. All that cooperation appears to have cost the AACS LA effort precious time: The group originally projected having specs completed last year.

The book describing the AACS spec for prerecorded video said the system was designed to: (1) Provide “robust” protection in offline and online Internet applications. (2) Provide “extensible usage,” such as in a jukebox or pay-for-play application. (3) Be format- independent “to the degree possible.” (4) Allow compliant players to “authenticate that content came from an authorized, licensed replicator.”

Under the AACS scenario for protecting prerecorded video, the specs says, a content owner provides programming and an associated set of usage rules to a licensed replicator. AACS LA provides the licensed replicator device revocation data in a “media key block” (MKB), which lets all compliant players, each using its unique set of device keys, calculate the “media key.” If a set of device keys is compromised in a way that threatens system integrity, AACS LA can provide an updated MKB that will make a product with the compromised set calculate a different key than the remaining compliant products do. This how compromised device keys are “revoked” by a new MKB, the document says.

AACS LA also provides the replicator with content revocation data in a “content revocation list” (CRL) and a “content certificate, both cryptographically signed by AACS LA. The certificate identifies the content and includes a cryptographic “hash” of the document, which AACS LA receives from the replicator before signing the certificate. The CRL identifies content that has been signed and contains a valid but revoked certificate that therefore shouldn’t be accessed by a compliant player. AACS LA also provides the replicator with device variation data in the form of a “sequence key block” (SKB), and secret keys called “media key variants,” based on both the device variation data and media key. The replicator encrypts the content to be protected, using one or more secret keys of its own choosing, called “title keys.” One such key, designated the “title” key, is used to create a “message authentication code” (MAC) on the usage rules; the MAC ensures that any malicious alteration of the usage rules will be detected.

The encrypted content, usage rules, MAC of usage rules, MKB, SKB, CRL and content certificate are all prerecorded onto the storage medium. AACS LA provides secret device keys and sequence keys to licensed manufacturers for inclusion in compliant playback devices. When a storage medium with protected content is placed in a compliant player, the player uses its device keys to process the MKB and calculate the corresponding media key. Assuming the device key set hasn’t been revoked, the calculated key will be one of those used by the replicator. The player uses a procedure inverse to that used by the replicator to derive a title key, reads the usage rules from the optical media and verifies they haven’t been modified using the MAC.

The compliant player keeps the CRL in nonvolatile storage, unless it already has a more up-to-date list. Using the current CRL, the player checks to see if the content is revoked; if it is, access is aborted. During playback, the compliant player calculates a series of content “hashes” using the same method the replicator does. If the player’s calculated hash values differ at any point from the replicator-stored values, access is denied.

The system also enables certain enhanced uses of prerecorded video content of the content owner’s choosing, through the use of a robust on-line connection. For example, a home video server might connect with a service provider to obtain authorization to make a protected local copy of a given prerecorded title for “jukebox” purposes. Such authorization might be provided free to the owner of the optical media, with any additional authorized copies incurring a charge.