[Paper Overview] [DRM-Workshop Homepage]
Kilho Shin, Fuji Xerox Co., Ltd. & AccessTicket Systems Inc.
Craig A. Schultz, AccessTicket Systems Inc.
We do not have any specific needs that we feel we need addressed by the workshop. Actually our primary intent is in the area of providing contributions supporting solutions. However, we feel that a workshop of this type will allow us to understand the needs of the community better and consider ways that we could possibly contribute even more either separately or collaboratively with other attendees or the W3C itself.
As mentioned in point 1, we are hoping for a raised awareness by all the attendees of the requirements and possible solutions for the content and services access control field. But in addition we are hoping to develop collaborative relationships with parties interested in providing a richer and more secure Internet based content and services distribution experience.
This paper aims to present a new framework for access control which is
characterized by its ultimately simple model of authentication and
authorization of rights based on the direct deployment of PKC (Public-Key
Cryptography). Contrasted with DRM languages, rights authentication and
authorization have little to do with the definition of rights for a given
service or content, in fact, rights authentication and authorization are
rights agnostic, just as they are content and services agnostic. Rights
authentication and authorization only concern themselves with making sure
that whatever rights are described, in whatever rights definition language
they are described in, are carried out. To contrast this concept from DRM
languages, we would like to introduce the term rights enforcement via
To support the requirements of the
openness stated in the above, Digital Qualification deploys the
direct application of Public Key Cryptography to access control. The most
fundamental feature of Digital Qualification is as follows. A public key of
PKC, or a certificate specifying the public key, is assigned to an entity to
be accessed by end users instead of being assigned to individual users. The
rights of an end user to access the entity is verified using only the public
key and an appropriate PKC algorithm chosen from a variety of the PKC
standards. This indicates that the authorized users are to be allowed to
execute calculations resulting in equivalent calculation using the private
key, paired with the public key to be used for the verification.
An author encrypts one's proprietary content using a public key assigned to the content, and distributes the content in encrypted form by arbitrary means (e.g. the Internet). At the usage of the content, a content viewer or player allows an authorized user to decrypt the encrypted contents using blind decryption techniques, for example, and then renders the content. Since Digital Qualification assumes that only authorized users can decrypt data encrypted using the public key, this prevents unauthorized access to the content by adversarial users.
Remark. In an ordinary implementation, it is a symmetric key of a block cipher that is actually used to encrypt the body of the content. Said symmetric key is then encrypted using the assigned public key.
Remark. Blind decryption techniques enables an owner of a decryption key to decrypt encrypted data without exposing the clear data itself.
Consider the case that a Web site provides a plurality of proprietary services only to subscribers of each individual service. For this purpose, the owner of the site assigns a public key to each service and develops the site so that whenever a subscriber requests provision of a service, the authentication protocols with regard to the public key associated to the service are executed (i.e. the site executes the same verification procedures using the assigned public key no matter who the subscriber is). Only when authentication is successful, will the site provide the requested service to the subscriber.
First, an ACL (Access Control List) is no longer required. Actually, verification of claimed rights may be executed based only on public keys and PKC algorithms.
Secondly, the verification is totally off-line and need no central administration such as methods requiring rights tracking servers or a network connection at all.
By these two features, providers of content and services would be released from the burdens of maintaining ACL and rights relating servers in a secure manner (maintaining a rights server usually requires the use and maintenance of a fire-wall). Furthermore, these features would provide a virtually simple view of rights authentication to content and service providers, since verification of claimed rights is executed at the point where the content and services are consumed.
Thirdly, procedures for verification of rights (decryption of content) are directly derived from widely accepted PKC algorithms such as RSA. Thus, speaking of rights authentication, implementers can develop systems such as a content viewer or player only using standardized or other well-known public methods.
Lastly, from a user's point of view, authentication never uses any information which could be used to reveal ones' identification, as long as the policies of a given service provider do not specifically require that. Therefore, totally anonymous access to content and services is guaranteed.
However, we have an important technical issue to be overcome for the realization of Digital Qualification. That is to answer the question of how the secure use of private keys can be permitted only to authorized users. In other words, we need a cryptographic scheme to entrust only the use of private keys of PKC to third parties without allowing the abuse of the private keys.
Fuji Xerox Co., Ltd. and AccessTicket Systems Inc. have developed technologies to provide a solution to this issue. The technologies are collectively called AccessTicket Technology.
AccessTicket Technology realizes the secure entrustment of the use of private keys by assuming each user retains one's own unique black-box function, which we call Token. On input of an arbitrary challenge, it automatically outputs a response that satisfies a certain mathematical relation to the input challenge. At the same time, Token is assumed to be a black box in the sense that no one, without accessing secrets confined within Token, can ever predict its response to a given input challenge. Note that different users shall retain different instances of Token involving different definitions of the Token function.
Data called AccessTicket is another building block of AccessTicket Technology. An instance of AccessTicket is actually a cryptographic key generated dependent on a specific public key pair (a pair of a public key and a private key of PKC) and a specific instance of Token. An AccessTicket and a Token are combined and used as follows.
The above immediately indicates that the transfer of an AccessTicket is meaningless for the purpose of impersonation as a Token is implemented as a copy-resistant entity, and therefore AccessTickets can be distributed even via insecure channels such as e-mail.
In addition, AccessTicket Technology supports the following requirements from a security point of view.
Non-forgeability: if an adversary can collect as many AccessTicket's as one likes, no clues useful for forging a new valid AccessTicket are revealed whether those given AccessTickets are for the same Token or random Tokens.
Open verification: a valid recipient of an AccessTicket, or trusted third parties, can verify the legitimacy of the AccessTicket through publicized procedures.
Non-repudiation: Simply verifying that a given AccessTicket is legitimate, its issuer cannot repudiate the fact of the issuance of the AccessTicket.
Taking advantages of AccessTicket Technology, Fuji Xerox and AccessTicket Systems have developed protocols for rights authentication, namely Ticket Authentication Protocols  (TAP). TAP deploys an efficiency-oriented design so that it can be implemented on any device and on any carrier protocols including TCP/IP, Bluetooth and so on.
Fuji Xerox Co., Ltd. and AccessTicket Systems Inc. will introduce the concept of Digital Qualification and its implementing technology, AccessTicket Technology, throughout this workshop as the applications are not limited only to goods and services normally considered during discussions of content or services access control but have much wider applications including but not limited to securing channels of communications. At the same time, we are pursuing any opportunities to collaborate with organizations or corporate entities which are actively making contributions to the Internet Society through W3C.
 M. Kyojima & K. Shin: Ticket Authentication Protocols Version 1, will be found at http://www.accessticket.com/eng-down.html.
Although TAP has been deployed to support the secure distribution, usage and storage of content valued up to US$30,000 per ticket and we would like to contribute to the current work regarding the management of digital content rights, we feel an even more interesting application of this technology is in the area of digital service rights.
Due to the totally data and rights agnostic behavior of Digital Qualification, one can see that basically it is a method to allow, or disallow access to digital data. In this context, some very interesting possibilities present themselves.
The most exciting of these possibilities is considering the fact that a nonce, or session key, could be the digital data that one is being granted access to. For example, a network or Internet service provider could use Needham-Schroeder challenge-response authentication for all network access. Instead of the session key being passed directly to the client application, it could be encapsulated using TAP and received by the client. Then, the usage rights included in the received capsule could be verified before the encrypted nonce is replayed and allowed to be used to carry on data exchange with the requested service provider.
Since this system is rights agnostic, the rights could require payment, in the case of billing for bandwidth usage, or it could require some form of identification such as a face scan or finger print. On the other hand, it could require nothing at all except having the required ticket received via e-mail or in person or any other method imaginable.
The business models this makes possible can be very interesting to say the
least! A system whereby users can be securely
anonymously, to be billed for bandwidth usage. A system whereby content
purchased via the web can be downloaded securely from an address that can only
be accessed by the holders of the correct ticket. A system whereby a global
corporate, or private Extra-net could be deployed with security that would
even exceed the security of an intra-net! The most exciting is the possibility
that for one entity what is encrypted data, for another entity it is simply
What the last mentioned possibility presents to us is the possibility of layers and layers of access rights placed on the content by independent entities all being authenticated and enforced by a single system.