Fw: One-way data delivery incl. comments related to the Infrastructure Statement

["CONSULTRAC" <rcarlton@consultrac.com>]

----- Original Message ----- 
From: "Kon Wilms" <kon.wilms@ndsamericas.com>
To: <rcarlton@consultrac.com>
Sent: Tuesday, November 18, 2003 5:36 PM
Subject: One-way data delivery incl. comments related to the Infrastructure
Statement


> Rick -
>
> Here's the one-pager. Please forward it on to the group if it looks ok to
> you.
>
> To follow up on the action item I had, I've attached a brain-dump document
> regarding one-way data transmission. It is not intended to be
> all-encompassing, and it does a lot of sweeping since the topic area is so
> huge.
>
> Comments below as requested by Rick refer to the EMIF-SC statement
document,
> and context can be had from looking at the attached document. Remember
these
> are non-general examples only.
>
> Cheers
> Kon
>
> -- snip
>
> >Effective delivery/distribution processes are more about transport
> >pattern and transport-mode capacity, than simply one-way vs. two-way
> >communication. In this context, the EMIF-SC asserts that there are
> >essentially five types of delivery/distribution control that a sender
> >may impose on a payload receiver;
> >1.      No control: the payload is sent to all who subscribe.
>
> Achieved by simply broadcasting the data with no constraints. There may be
a
> difference between all who subscribe, and all. To restrict to subscribers,
> data could be encrypted.
>
> >2.      Audience designation: the payload is sent to particular types
> >of organizations or individuals who subscribe.
>
> Commonly referred to as targeting. The users or the actual services may be
> grouped into packages or bouquets. Users may filter data on the receiver
> side, or service providers may restrict data by way of issuing
entitlements
> on the transmission side of the network. Data may be encrypted using said
> entitlements or simply flagged for receiver-side automatic filtering.
>
> >3.      Authenticated audience designation: the payload is sent to
> >particular organizations or persons who are able to certify their
> >receipt through authentication.
>
> Users may authenticate on one-way systems by the basic rules of 'what I
> know, what I have'. e.g. personal pin-code key combined with phsyical
secure
> device such as smartcard. User access is controlled by delivery of
> entitlement data from the network headend to the smartcard device. In this
> way the network controls authentication directly, and only known devices
can
> decrypt payloads when authenticated by the owner of the key. Further
> filtering is done based on service groups per user or group of users. This
> is but one mechanism to accomplish authenticated audience designation on
> one-way networks. Depending on the level of security required, reception
> constraints may range from simple software pin-code, all the way up the
> chain to AES-192 encrypted streams and PKI entitlement packets combined
with
> processor smartcards or authentication chips. Typically PKI is used to
> transmit the service keys, which then when properly decrypted allow for
> secondary decryption of service data. Service data is delivered in
symmetric
> key format for high bitrates, and may use almost any cipher chaining mode.
>
> >4.      Individual receiver specification: the payload is sent to
> >addresses compiled and individually specified by the sender.  It is
> >assumed that the sender will manually authenticate each address and
> >its owner.
>
> The same type of mechanism as (2) and (3) applies. A user is a target, and
> they are entitled for a service before it starts transmission (or during
> transmission).
>
> >5.      Acknowledged individual receiver specification: the payload
> >is sent to individual addresses that are required to acknowledge its
> >receipt. (This could be carried forward to a non-repudiated
> >acknowledgement, requiring specific authentication of the source of
> >the acknowledgement.)
>
> Receipt acknowledgement can be accomplished by periodic dialback or
> connection via a non-'always-on' network. This data may be securely stored
> on the decryption device or the receiver device, or left in the clear.
>
> >Receipt management moves the issue of control from the receiver to
> >the sender's viewpoint.  In order to avoid overload, payload
> >subscriptions need to be effective.  This requires effective
> >localization and effective categorization so that individual
> >receivers do not become deluged with unimportant payloads, yet
> >continue to receive information that is truly important.
>
> Most transmission systems are capable of handling prioritized data
delivery
> and parallel transmission of multiple streams. In low-bitrate scenarios
> where only one stream within the transport is viable (simply due to
overhead
> added by multiplying streams), a queue-based priority ordered system would
> be utilized. For high bitrate scenarios, either situation may apply.
>
>
> This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
>

EMIF-SC One-way Data Delivery Networks.doc