Presentation is loading. Please wait.

Presentation is loading. Please wait.

F1 Cross-Company Call Follow Up Process Flow against Security Breach on F1 Phase 1 6.iii.2013 Sony Confidential.

Published byRodger Tyler Modified over 9 years ago

Similar presentations

Presentation on theme: "F1 Cross-Company Call Follow Up Process Flow against Security Breach on F1 Phase 1 6.iii.2013 Sony Confidential."— Presentation transcript:

1 F1 Cross-Company Call Follow Up Process Flow against Security Breach on F1 Phase 1 6.iii.2013 Sony Confidential

2 Table of Contents Summary Conditions for F1 Phase 1 SPE suggestions in F1-Pj Sony Gp. Technical calls cf. Marlin Process Flow (1) Process Flow (2) Process Flow (3) 6.iii.2013 Sony Confidential

3 Summary (1) Beach Monitoring and Revocation Rule for Phase 1 Service Tokyo agrees to suspend Phase 1 service if F1 Box is hacked on the following conditions: When the fact that the F1 Box is hacked is proved by SPE. When the suspension of the service is confirmed by Phil and Imamura-san. The processes of confirmation of Remediation shall be define in the following cases. Key is leaked and identified Correct and Detailed Box Cracking Information is posted. F1 Content (Video WMed) is leaked, but there is no proof if F1 Box is Cracked and F1 Content is stolen from F1 Box 6.iii.2013 Sony Confidential

4 Summary (2) Process Flow for FW update 6.iii.2013 Sony Confidential 30 days Investigation of hacking 60 days Preparation for FW update 30 days Re-investigation of hacking FW becomes Ready to release SPE investigation to determine Box being hacked SPE Report to SEL/Tokyo Post FW for Users, using Automagic SPE SEL/Tokyo

5 Conditions for F1 Phase 1 For Phase 1, neither Forensic WM nor Renewability implementable SPE introduces Video WM (Fixed, F1 Service ID) In case F1 Service is suspended, it shall be applied to Content of which Decryption Key is newly provided to F1 Box (F1 Box Customers can see F1 Content released before such Service Suspension) 6.iii.2013 Sony Confidential

6 SPE suggestions in F1-Pj Sony Gp. Technical calls Refer Marlin defining Exclusion/Revocation/Shunning SPE to prove that the cracking is happened onto F1 Box before claiming F1 cracking 6.iii.2013 Sony Confidential

7 cf Marlin Particular Device Executed when “Leaked (target) Key” is identified ExclusionRevoke Device Key RevocationRefuse Service at Authentication with Server Particular Device or Product Shunning 5Initiation and Criteria for Shunning If a Licensed Product is insecure due to causes correctible by a software change, Service Provider, for so long as it is an Eligible Service Provider and can below, may initiate the procedures, pursuant to Paragraph 7 ( Marlin Client Agreement, Version 2.0, published on 9 March 2011) 6.iii.2013 Sony Confidential

8 cf. Marlin -- continued 7.3. The Affected Client shall notify Eligible Service Provider in writing, with a copy to MTMO, (i) no more than ninety (90) calendar days after the date of notice from Service Provider that Affected Client has prepared requested software update, together with a sworn affidavit which proves preparation of requested software update such that any of the criteria for Shunning in Paragraph 5 is no longer met, or, (ii) no more than thirty (30) calendar days after the date of notice from Service Provider that Affected Client desires to contest the grounds for such Shunning. If Affected Client notifies Service Provider of its preparation of software update together with affidavit sufficiently supporting of the same, only when such software update is ready, Service Provider shall trigger Shunning. For the avoidance of doubt, such update that requires any changes in hardware or cannot be implemented solely by end-user customer, shall be excluded from Shunning. ( Marlin Client Agreement, Version 2.0, published on 9 March 2011) 6.iii.2013 Sony Confidential

9 Process Flow (1) 1.Key is leaked and identified Exclude or Revoke the leaked and identified Key. Follow the procedure defined by Marlin. As soon as MTMO releases the data necessary to execute Exclusion or Revocation, SNEI will immediately apply such data. 6.iii.2013 Sony Confidential

10 Process Flow (2)-1 2.Box Cracking Information is posted. Posted Information is described precisely enough to reproduce “Cracking” and it does crack Box perfectly a)SPE to notify to SEL/Tokyo and SNEI of Box Cracking Information b) SEL/Tokyo to study Cracking Information in 30 days*. *30daysStudy Period defined in 7.3 and F1 Content released once a month c) If Cracking Information is correct and precise, SEL/Tokyo to prepare Firmware against Cracking Information. within 90 days as defined in Marlin Client Agreement. d) If not correct or precise enough, no action to be taken. SPE may check it if such SEL/Tokyo conclusion is correct in 30 days. In case SPE proves that Box Cracking Information is correct and precise enough, SEL/Tokyo shall immediately enter the FW update investigation. 6.iii.2013 Sony Confidential

11 Process Flow (2)-2 2.Box Cracking Information is posted. Posted Information is described precisely enough to reproduce “Cracking” and it does crack Box perfectly e) If new FW does not become available in 90 days, SPE may claim Service Suspension to SEL/Tokyo. With the consent of SEL/Tokyo, Service may be suspended. f)Such suspension, if executed, will be resolved when updated FW becomes available. 6.iii.2013 Sony Confidential

12 Process Flow (3) 3.F1 Content (Video WMed) is leaked, but there is no proof if F1 Box is Cracked and F1 Content is stolen from F1 Box a) SPE to prove F1 Box is cracked and F1 Content is stolen from F1 Box, in order to initiate any action. In case SPE believes F1 Box cracking is proven, SPE claims so to SEL/Tokyo. b) SEL/Tokyo may examine it when SPE claims F1 Box Cracking within 30 days upon the receipt of the claim from SPE. c) In case SEL/Tokyo agree with SPE’s claim, SPE may request to suspend F1 Service. With the consent of SEL/Tokyo, such Suspension may be executed. d) In case SEL/Tokyo claims SEL’s proof is not sufficient, SPE shall provide further information to prove Box Cracking within 30 days. If failed, F1 Box shall be regarded as innocent. 6.iii.2013 Sony Confidential

13 Authoring Encrypt Content Delivery Receive+Decrypt Content Decode Content Transfer Content F1 Box Service Provider Incl. CDN Who encodes Video WM HDCP2.x receiver Protocol between F1 Box and TV is not for Security, Non-Sony HDCP2.x can be connected Threat 2: Leaked from Non Sony HDCP 2.x Client Threat 3: 4k TV Display capture Threat 1: Content may be stolen in the process (Analogy of Disc Piracy) 6.iii.2013 Sony Confidential

Download ppt "F1 Cross-Company Call Follow Up Process Flow against Security Breach on F1 Phase 1 6.iii.2013 Sony Confidential."

Similar presentations

System Measurement Program SAP Basis Release 6.40

System Measurement Program SAP Basis Release 6.40
Interim measures in Russian courts in support of international arbitration: principles, procedure and the range of remedies available BRLA seminar 25 January.

Interim measures in Russian courts in support of international arbitration: principles, procedure and the range of remedies available BRLA seminar 25 January.
© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Internet Applications Update Internet Rechartering August 26, 2009.

Internet Applications Update Internet Rechartering August 26, 2009.
* Requisition Processing Common Problems * Budget Checking Errors * Run Controls * Process Scheduler Request & Process Monitor * Questions.

* Requisition Processing Common Problems * Budget Checking Errors * Run Controls * Process Scheduler Request & Process Monitor * Questions.
Employment and Support Allowance Information Pack

Employment and Support Allowance Information Pack
Software Project Transition Planning

Software Project Transition Planning
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Best Practices – Overview

Best Practices – Overview
System Measurement Program SAP Basis Release 4.0B Quick Guide to perform a System Measurement.

System Measurement Program SAP Basis Release 4.0B Quick Guide to perform a System Measurement.
Testing - an Overview September 10, 2008 1. What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.

Testing - an Overview September 10, What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.
4K CONTENT PLAN Sony Pictures Technologies. Consumer Offering Broadcast (Over the air, cable, satellite, IPTV) Premium Content (Movies, episodic TV) Premium.

4K CONTENT PLAN Sony Pictures Technologies. Consumer Offering Broadcast (Over the air, cable, satellite, IPTV) Premium Content (Movies, episodic TV) Premium.
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
SERVICE LEVEL AGREEMENTS Bob Goldberg 312/648-2300

SERVICE LEVEL AGREEMENTS Bob Goldberg 312/
3 Dec 2003Market Operations Standing Committee1 Market Rule and Change Management Consultation Process John MacKenzie / Darren Finkbeiner / Ella Kokotsis,

3 Dec 2003Market Operations Standing Committee1 Market Rule and Change Management Consultation Process John MacKenzie / Darren Finkbeiner / Ella Kokotsis,
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
© Pearson Education Limited, 20041 Chapter 5 Database Administration and Security Transparencies.

© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Similar presentations

Ads by Google