Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
Locked
Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
 
|
Does GStreamer has a plan to support DRM at
the framework level? To provide a framework to handle different kinds of DRM
solutions at the device end? I saw there is a discussion in 2005 but
there is no further update. We want to provide a GStreamer-based
solution to play media contents protected by OMA DRM 1.0. OMA DRM 1.0 is a open
DRM standard. It wraps or encrypted the original media content in a wrapper
file format. I wonder whether GStreamer will provide a standard workflow for us
to write decryption plug-ins for the pipeline. Thanks Amanda ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
|
|
What kind of framework support would it
need? For most formats, need only supply your
own elements to encrypt/encode/encapsulate/mux and decrypt/decode/de-encapsulate/demux.
For the rest of the tasks, you can use the standard elements. As a framework, GStreamer already has
enough flexibility to accommodate most formats and applications. There
are only a few significant limitations that I’ve encountered – such
as the inability to associate any information with a buffer that will survive
arbitrary transformations. Matt From: Lin,
Mengdong [mailto:[hidden email]] Does
GStreamer has a plan to support DRM at the framework level? To provide a
framework to handle different kinds of DRM solutions at the device end? I
saw there is a discussion in 2005 but there is no further update. We
want to provide a GStreamer-based solution to play media contents protected by
OMA DRM 1.0. OMA DRM 1.0 is a open DRM standard. It wraps or encrypted the
original media content in a wrapper file format. I wonder whether GStreamer
will provide a standard workflow for us to write decryption plug-ins for the
pipeline. Thanks Amanda ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
|
|
Many thanks for your
information, Matt! We want to support OMA
DRM 1.0. It protects the content by adding a encryption wrapper outside the original
media file. To play the media, the wrapper must be removed and decryption is
need to extract the original media file. Is it possible to
insert a DRM filter plug-in between the filesrc plug-in and demuxer plug-in?
The DRM filer can remove the wrapper and do decryption if need, or just let
data pass through if no DRM wrapper is present. Is the following pipe
possible for the playbin? Type finding: Filesrc -> DRM wrapper
filter -> typefind -> fakesink Playback: Filesrc -> DRM wrapper
filter -> demuxer -> decoder -> render Best Regards Amanda From: Gruenke,
Matt [mailto:[hidden email]] What kind of framework support would it need? For most formats, need only supply your own elements to
encrypt/encode/encapsulate/mux and decrypt/decode/de-encapsulate/demux.
For the rest of the tasks, you can use the standard elements. As a framework, GStreamer already has enough flexibility to
accommodate most formats and applications. There are only a few
significant limitations that I’ve encountered – such as the
inability to associate any information with a buffer that will survive
arbitrary transformations. Matt From: Lin,
Mengdong [mailto:[hidden email]] Does GStreamer has a plan to support DRM at
the framework level? To provide a framework to handle different kinds of DRM
solutions at the device end? I saw there is a discussion in 2005 but
there is no further update. We want to provide a GStreamer-based solution
to play media contents protected by OMA DRM 1.0. OMA DRM 1.0 is a open DRM
standard. It wraps or encrypted the original media content in a wrapper file
format. I wonder whether GStreamer will provide a standard workflow for us to
write decryption plug-ins for the pipeline. Thanks Amanda ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMADRM)?
|
|
Without knowing any details about OMA, that
sounds like it would work. If you want something like a decodebin to
automatically insert the decryption filter, you’ll want to do is use some
caps to indicate whether there is OMA. The caps should get set by your
source (if it knows about them) or you could set them manually. A third
option is to write a filter that can automatically detect the DRM and set the
caps to indicate when it’s present. Depending on your goals/requirements, the
insertion of the decryption filter might not have to be automatic. In
that case, you don’t necessarily need to worry about caps for it and can
just build it into your pipeline when you know it’s needed. If you haven’t already, I’d
advise spending some time looking at the Plugin Writers’ Guide. Parts
of it are a bit out of date, but it will give you a better understanding of whether
& how the framework supports what you want to do. If you already have
a basic understanding, then you could jump to the discussion of caps. http://gstreamer.freedesktop.org/data/doc/gstreamer/head/pwg/html/index.html Matt From: Lin,
Mengdong [mailto:[hidden email]] Many thanks for your information, Matt! We want to support OMA DRM 1.0. It
protects the content by adding a encryption wrapper outside the original media
file. To play the media, the wrapper must be removed and decryption is need to
extract the original media file. Is it possible to insert a DRM filter
plug-in between the filesrc plug-in and demuxer plug-in? The DRM filer
can remove the wrapper and do decryption if need, or just let data pass through
if no DRM wrapper is present. Is the following pipe possible for the
playbin? Type finding: Filesrc -> DRM wrapper filter
-> typefind -> fakesink Playback: Filesrc -> DRM wrapper filter
-> demuxer -> decoder -> render Best Regards Amanda From: Gruenke, Matt
[mailto:[hidden email]] What kind of framework support would it
need? For most formats, need only supply your
own elements to encrypt/encode/encapsulate/mux and
decrypt/decode/de-encapsulate/demux. For the rest of the tasks, you can
use the standard elements. As a framework, GStreamer already has
enough flexibility to accommodate most formats and applications. There
are only a few significant limitations that I’ve encountered – such
as the inability to associate any information with a buffer that will survive
arbitrary transformations. Matt From: Lin,
Mengdong [mailto:[hidden email]] Does
GStreamer has a plan to support DRM at the framework level? To provide a
framework to handle different kinds of DRM solutions at the device end? I
saw there is a discussion in 2005 but there is no further update. We
want to provide a GStreamer-based solution to play media contents protected by
OMA DRM 1.0. OMA DRM 1.0 is a open DRM standard. It wraps or encrypted the
original media content in a wrapper file format. I wonder whether GStreamer
will provide a standard workflow for us to write decryption plug-ins for the
pipeline. Thanks Amanda ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
|
|
In reply to this post by Lin, Mengdong
On Mon, Oct 18, 2010 at 8:37 PM, Lin, Mengdong <[hidden email]> wrote:
> Many thanks for your information, Matt! > > > > We want to support OMA DRM 1.0. It protects the content by adding a > encryption wrapper outside the original media file. To play the media, the > wrapper must be removed and decryption is need to extract the original media > file. > > > > Is it possible to insert a DRM filter plug-in between the filesrc plug-in > and demuxer plug-in? The DRM filer can remove the wrapper and do decryption > if need, or just let data pass through if no DRM wrapper is present. > > > > Is the following pipe possible for the playbin? > > Type finding: > > Filesrc -> DRM wrapper filter -> typefind -> fakesink > > > > Playback: > > Filesrc -> DRM wrapper filter -> demuxer -> decoder -> render You could certainly do that without any problem - the "DRM wrapper filter" would just be another normal plugin, handling a specific format. There's nothing special about the fact that it's DRM, in what you've described. Of course, then the output of the DRM wrapper filter is the unencrypted original file, so a user could trivially set up a pipeline like filesrc ! drmremover ! filesink, and just get rid of the DRM permanently. This is great for the user, but probably not what you actually wanted. Providing a _secure_ path for decrypt/decode/output is a much more complex task. You'll need to do a lot of thinking about that. Mike ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMADRM)?
|
|
-----Original Message-----
From: Michael Smith [mailto:[hidden email]] Sent: Tuesday, October 19, 2010 00:13 To: Discussion of the development of GStreamer Subject: Re: [gst-devel] Does GStreamer has a plan to support DRM (e.g. OMADRM)? <snip/> > Of course, then the output of the DRM wrapper filter is the > unencrypted original file, so a user could trivially set up > a pipeline like filesrc ! drmremover ! filesink, and just get > rid of the DRM permanently. This is great for the user, but > probably not what you actually wanted. > > Providing a _secure_ path for decrypt/decode/output is a much > more complex task. You'll need to do a lot of thinking about that. Depending on the security requirements and how accessible the platform will be, that might be an issue. For instance, if the platform-level security requirement is low or the security issues have already been solved at the platform level (e.g. an embedded process with an encrypted memory interface), then you don't need to worry about security at the gstreamer level. The way this problem is usually solved is by having the decryption & decode occur in secured hardware (like a GPU), which is either built into the display device or uses another secured channel (e.g. HDCP) to send the decoded output to the display device. What this would look like, from a GStreamer perspective, is having a different sink for the device that's doing the decryption & decoding. Depending on how that sink works (i.e. whether or not it needs to tell the hardware that the stream is encrypted), you might need special caps to indicate encryption. Matt ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMADRM)?
|
|
Could you give me more information about a " encrypted memory interface"?
And it seems that I have to write a big DRM sink plug-in that do all the following task: - detect & removing OMA DRM wrapper, - - decryption - original media format parsing (mp3, AAC ...) - decoding - rendering The decryption/parsing/decode shall occur in a secure hardware. It means I can no longer use the open source file parser plug-ins and there is only two plug-ins (filesrc & DRM sink) in the pipe line :-( Is this the only way to build a secure path in GStreamer? Many Thanks! Amanda -----Original Message----- From: Gruenke, Matt [mailto:[hidden email]] Sent: Tuesday, October 19, 2010 12:25 PM To: Discussion of the development of GStreamer Subject: Re: [gst-devel] Does GStreamer has a plan to support DRM (e.g. OMADRM)? -----Original Message----- From: Michael Smith [mailto:[hidden email]] Sent: Tuesday, October 19, 2010 00:13 To: Discussion of the development of GStreamer Subject: Re: [gst-devel] Does GStreamer has a plan to support DRM (e.g. OMADRM)? <snip/> > Of course, then the output of the DRM wrapper filter is the > unencrypted original file, so a user could trivially set up > a pipeline like filesrc ! drmremover ! filesink, and just get > rid of the DRM permanently. This is great for the user, but > probably not what you actually wanted. > > Providing a _secure_ path for decrypt/decode/output is a much > more complex task. You'll need to do a lot of thinking about that. Depending on the security requirements and how accessible the platform will be, that might be an issue. For instance, if the platform-level security requirement is low or the security issues have already been solved at the platform level (e.g. an embedded process with an encrypted memory interface), then you don't need to worry about security at the gstreamer level. The way this problem is usually solved is by having the decryption & decode occur in secured hardware (like a GPU), which is either built into the display device or uses another secured channel (e.g. HDCP) to send the decoded output to the display device. What this would look like, from a GStreamer perspective, is having a different sink for the device that's doing the decryption & decoding. Depending on how that sink works (i.e. whether or not it needs to tell the hardware that the stream is encrypted), you might need special caps to indicate encryption. Matt ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
|
|
In reply to this post by michael smith-6-3
Am 19.10.2010 07:12, schrieb Michael Smith:
> On Mon, Oct 18, 2010 at 8:37 PM, Lin, Mengdong <[hidden email]> wrote: >> Many thanks for your information, Matt! >> >> >> >> We want to support OMA DRM 1.0. It protects the content by adding a >> encryption wrapper outside the original media file. To play the media, the >> wrapper must be removed and decryption is need to extract the original media >> file. >> >> >> >> Is it possible to insert a DRM filter plug-in between the filesrc plug-in >> and demuxer plug-in? The DRM filer can remove the wrapper and do decryption >> if need, or just let data pass through if no DRM wrapper is present. >> >> >> >> Is the following pipe possible for the playbin? >> >> Type finding: >> >> Filesrc -> DRM wrapper filter -> typefind -> fakesink >> >> >> >> Playback: >> >> Filesrc -> DRM wrapper filter -> demuxer -> decoder -> render > > > You could certainly do that without any problem - the "DRM wrapper > filter" would just be another normal plugin, handling a specific > format. There's nothing special about the fact that it's DRM, in what > you've described. > > Of course, then the output of the DRM wrapper filter is the > unencrypted original file, so a user could trivially set up a pipeline > like filesrc ! drmremover ! filesink, and just get rid of the DRM > permanently. This is great for the user, but probably not what you > actually wanted. > > Providing a _secure_ path for decrypt/decode/output is a much more > complex task. You'll need to do a lot of thinking about that. > > Mike > Mike gave you some good pointers. You will need a way to protect the process that further processes the unDRM'ed file. E.g. you would need platform security that would only allow loading a subset of trusted gstreamer plugins in a process that plays drm content. Stefan ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g.OMADRM)?
|
|
In reply to this post by Lin, Mengdong
I was referring to the general concept of having a secure path to
memory, so that the CPU + memory could be treated as a black box. Again, depending on your requirements, this might be overkill. I don't have specific knowledge about any systems which implement this technique. I was simply using it as an example of how the security problems might be solved only at the hardware level. This makes every very easy, at the software level. If you can't solve the security at the platform level, then you could go the route of having a black box in your pipeline, in order to prevent access to the unencrypted data. Unfortunately, this means that you can't use GStreamer's standard elements to do parsing and decoding. This isn't really just a GStreamer issue, but rather an issue with any LGPL code you might want to use for processing of your media streams. The problem is that the license requires you to link LGPL code as a shared library, which anyone can replace with a modified version. Therefore, if you're concerned about platform security, then you really need a hardware or proprietary software solution (which you can statically link) for all your handling of the decrypted media. So, the answer is that you cannot secure links in a GStreamer pipeline. Anyone can replace certain GStreamer libraries with modified versions and gain access to the data. The only option is a black box element that is either a sink or one that re-encrypts any data going out of it. Matt -----Original Message----- From: Lin, Mengdong [mailto:[hidden email]] Sent: Wednesday, October 20, 2010 02:37 To: Discussion of the development of GStreamer Cc: Gruenke, Matt Subject: RE: [gst-devel] Does GStreamer has a plan to support DRM (e.g.OMADRM)? Could you give me more information about a " encrypted memory interface"? And it seems that I have to write a big DRM sink plug-in that do all the following task: - detect & removing OMA DRM wrapper, - - decryption - original media format parsing (mp3, AAC ...) - decoding - rendering The decryption/parsing/decode shall occur in a secure hardware. It means I can no longer use the open source file parser plug-ins and there is only two plug-ins (filesrc & DRM sink) in the pipe line :-( Is this the only way to build a secure path in GStreamer? Many Thanks! Amanda -----Original Message----- From: Gruenke, Matt [mailto:[hidden email]] Sent: Tuesday, October 19, 2010 12:25 PM To: Discussion of the development of GStreamer Subject: Re: [gst-devel] Does GStreamer has a plan to support DRM (e.g. OMADRM)? -----Original Message----- From: Michael Smith [mailto:[hidden email]] Sent: Tuesday, October 19, 2010 00:13 To: Discussion of the development of GStreamer Subject: Re: [gst-devel] Does GStreamer has a plan to support DRM (e.g. OMADRM)? <snip/> > Of course, then the output of the DRM wrapper filter is the > unencrypted original file, so a user could trivially set up > a pipeline like filesrc ! drmremover ! filesink, and just get > rid of the DRM permanently. This is great for the user, but > probably not what you actually wanted. > > Providing a _secure_ path for decrypt/decode/output is a much > more complex task. You'll need to do a lot of thinking about that. Depending on the security requirements and how accessible the platform will be, that might be an issue. For instance, if the platform-level security requirement is low or the security issues have already been solved at the platform level (e.g. an embedded process with an encrypted memory interface), then you don't need to worry about security at the gstreamer level. The way this problem is usually solved is by having the decryption & decode occur in secured hardware (like a GPU), which is either built into the display device or uses another secured channel (e.g. HDCP) to send the decoded output to the display device. What this would look like, from a GStreamer perspective, is having a different sink for the device that's doing the decryption & decoding. Depending on how that sink works (i.e. whether or not it needs to tell the hardware that the stream is encrypted), you might need special caps to indicate encryption. Matt ------------------------------------------------------------------------ ------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
Re: Does GStreamer has a plan to support DRM (e.g. OMA DRM)?
|
|
In reply to this post by Stefan Sauer
Thank all of you for the information!
> Mike gave you some good pointers. You will need a way to protect the process > that further processes the unDRM'ed file. E.g. you would need platform security > that would only allow loading a subset of trusted gstreamer plugins in a process > that plays drm content. It will be fine if the trusted plugins can authenticate each other when linking to its peer. Now we are only requested to play protected audio. And since the OMA DRM 1.0 wraps the original media format into a encryption format, trusted audio parsers are needed as the downstream peer of the decryption plugin, followed by trusted audio decoders and renders. It seems inevitable to modify the parsers. Thanks Amanda ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ gstreamer-devel mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/gstreamer-devel |
| Free forum by Nabble | Edit this page |