Implementation

6.1.1 Cryptographic Algorithm

Any DRM system uses the cryptographic algorithms. Because we follow the OMA DRM system ideas in designing our DRM switchable system, we adopt some cryptographic algorithms used by the OMA DRM. The adopted algorithms in implementation are listed below.

(1) Hash algorithm : SHA-1

(2) MAC algorithm : HMAC-SHA-1 (3) Asymmetric algorithm : RSA-PKCS1 (4) Symmetric algorithm : AES, DES (5) Signature algorithm : RSA-PKCS1

Hash algorithm uses a mathematical transformation to irreversibly encrypt the binary information. MAC algorithm uses a similar function but it accepts an input as a secret key. Asymmetric algorithm uses one key for encryption and the other for decryption. On the other hand, symmetric algorithm uses a single key for both encryption and decryption. Finally, the signature algorithm uses the hash function and the asymmetric algorithm to verify a signature.

In our design, we port the symmetric algorithms (AES and DES) from the MPEG-21 Testbed [15] into our program. The other algorithms come from the XySSL [16]. The XySSL provides the free software including the hash function and public-key cryptographic. However, because we develop a DRM system on an embedded system, we must care about the problem of the limited resource environment. Therefore, we modify some functions to fill the bill. In order to reduce the complexness, we modify the length of the key. The length of our key is 36 bytes. In addition, we must care about the memory allocation. When the cryptographic algorithms are adopted by our system, it needs to allocate some memory. Thus, we must prepare for that requirement before we develop our design.

Here, we describe how to integrate these algorithms into our system.

z Hash algorithm

In our design, we need to confirm the relationship between the rights object and the content and verify the integrity of the content. We use the hash function to achieve this purpose. At first, the hash value of the content has been stored in the rights object. Thus, if we want to verify the relationship, we only need to use the hash function to get the hash value of the content and check it with the record of the rights object.

z MAC algorithm

In our design, we use the MAC hash algorithm to verify the integrity of <ro> and the key confirmation. Because the MAC algorithm is a kind of the hash algorithm, it can also verify the integrity. But this algorithm needs an input key. Thus, we use this algorithm to achieve those two purposes. The <mac> of the rights object stores the MAC hash value of the <ro>. Then, we can use the MAC hash algorithm to get the hash value of the <ro> and check it with the record of the <mac>. Only when the input key is valid and the <ro> is not modified, the check is passed. Therefore, this MAC algorithm can verify the integrity of <ro> and the key confirmation at the same time.

z RSA algorithm

The RSA algorithm is used by two schemes. One is the signature scheme. The other is the encryption scheme.

The signature scheme uses the hash function and the RSA algorithm to verify a signature. The RSA algorithm uses a pair of public and private keys. We first describe how to generate a signature. We get the hash value of the information to be transmitted by the transmitter. Then, we encrypt the hash value with the transmitter private key. This is the signature of the information. When a receiver wants to verify the signature, it must use the transmitter public key to decrypt the signature and check it with the information hash value. Therefore, this scheme is a mechanism of digital signature.

The encryption scheme uses also the RSA algorithm for the protecting the information. Here, we shall describe how to protect the information which will be transmitted by the transmitter. We encrypt the information with the receiver public key.

When the receiver wants to get the original information, it decrypts the encrypted information with its private key. Therefore, this scheme ensures that only the valid receiver can recover the information.

6.1.2 GUI Interface

Now, we introduce our GUI interface to users in our design. Because there is no operation system in the SPCE3200 board, we must use its libraries to implement our GUI interface. We first study its libraries. They support the joystick library and some application examples. We use those examples to design our GUI. And, we use the joystick library to control the input. Then, we combine them to design our GUI interface.

But, because our design focuses on the DRM system, we only implement a simply GUI interface for demonstration purpose.

We draw some symbols which represent the alphabets and the numbers. We control the TV encoder buffer and fill up it with our symbols. So we can implement the function of printing the string. Besides, because we use the library to control the joystick, we can

implement the function for the user to select choices. The following functions are examples.

♦ V_GUI_Show_Message(char* str);

This function can show a string on the screen.

♦ V_GUI_Check_Message(char* str);

This function can show the string and wait for users to check it. When the user wants to check this message, he/she must push the button. Then, the program can continue to execute.

6.1.3 Real-time Player

Now, we describe our implementation of the real-time player. We implement a player which can decrypt and decode the encrypted content at the same time. At the beginning, we study the example code provided by the Sunplus. In chapter 2, we know the software structure of the MPEG Codec. Here, base on the MPEG software structure and we modify it to achieve our goal. Now, the software structure is shown in Figure 6-1.

1. Read file to buffer D

2. Prepare to decode from buffer C 3. Start to decode buffer C

1. Read file to buffer C

2. Prepare to decode from buffer D 3. Start to decode buffer D

1. Control the interval Decrypt

Decrypt

Figure 6-1 Procedure of buffer control during decoding

There is a pair of parallel procedures for decoding the content in the software structure. In this procedure, we read the media objects and put into one buffer and then prepare to decode media objects from the other buffer. After all the registers related to decoding are set, we start to decode one frame. At this point, the interrupt (timer) controls the interval between frames. Only at the end of the interval, we can read media objects into the other buffer. In other words, the two parallel procedures take turns to be used for decoding the media objects. In our design, we insert the tool for decrypting the encrypted content before reading the file into the buffer. Therefore, we implement the real-time player which can decrypt and decode the media objects at the same time.

6.1.4 Download Mechanism

In our design, we adopt the download mechanism to implement the DRM switchable system. Now, we describe the implementation. Because the SPCE3200 is an embedded system without operation system, we must allocate the memory by hand.

First, we implement the bootstrap and store it in the nor-flash. So, when the SPCE3200 is set to free run mode, this bootstrap will be loaded to SDRAM and start to execute.

On the other hand, we implement the download mechanism in the bootstrap.

Before the bootstrap loads the module, we must allocate memory for the bootstrap and the module. The memory allocation is shown by Figure 6-2.

Figure 6-2 Memory allocation of loading Module

The bootstrap program contains a few sections, which include the text section, the data section and others. We must specify their address in the memory. Besides, the module must be pre-build and their allocation must be consistent with the bootstrap. We specify that the text section of the module follows the text section of the bootstrap and the data section of the module follows the data section of the bootstrap. Then the bootstrap, based on the specification, loads the module into the memory. Therefore, when the bootstrap wants to execute the module, it transfers the control to the module.

In other words, the program counter branches to the text section of the module, so the module can execute and access the contents.