1 AAA for document delivery ～ Work in progress ～ Shuichi TASHIRO Electrotechnical Laboratory, Japan

2 Policy based usage control requestcheckservice (1)(2)(3) Document policy User capability

3 Example of policy on document delivery AuthorAkira Kurosawa Type of contentMPEG video Digitally copy by userProhibited Print by userPermitted Number of viewUnlimited Duration1/1/2000 – 1/1/2001 User qualificationStudent certification of xxx university is required FeeFree

4 Document to be distributed Digital signed to prevent tampering Encrypted to prevent unauthorized access Policy program Content ID Encrypted Content policy block

5 off-line model Policy capability Policy enforcement engine document All policy enforcement process is done at user’s PC check

6 Authorization model (Off-line model) Capability Checker (User Home Organization) User’s PC Policy Enforcement Engine(PEE) (AAA Server) Browser (Service Equipment) content Copyright Policy User capability database Broker (for author) Document Provider a b Broker (for user) b’b’

7 content Copyright Policy Authorization model (semi Off-line model) Capability Checker (User Home Organization) User’s PC Policy Enforcement Engine(PEE) (AAA Server) Browser (Service Equipment) content Copyright Policy User ⑦ capability database Broker (for author) b Broker (for user) b’b’ broker AAA Server Key conversion Document Provider

8 On-line model capability Policy Service server AAA sequence document user Policy enforcement process is (partially) done at server on Internet Policy enforcement engine

9 Authorization model (On-line model) User’s PC Policy Enforcement Engine(PEE) (AAA Server) Browser (Service Equipment) content Copyright Policy User a Content server Capability Checker (User Home Organization) capability database Broker (author) b Broker (user) b’b’ Document Provider

10 Implementation Capability Checker Policy Enforcement Engine(PEE) Browser (Netscape / Real player) capability database User’s PC Plugin JAVA interpreter + Library Plug-in module for Netscape navigator and Real player PCMCIA Card Sub Card

11 Future work Common Policy Description Language (currently using JAVA) Common architecture for Policy Enforcement Engine - common to various applications Security & Privacy - tamper resistance, - key management/update, - anonymity vs. security