-  What Standards form the foundation of CMLA Mobile Broadcast?
OMA DRM 2.0
OMA BCast DRM Profile
18Crypt is a standardized solution specified by ETSI TS 102 474. The full name of the specification is Digital Video Broadcasting (DVB): IP Datacast over DVB-H: Service Purchase and Protection specification where annex B defines the 18Crypt profile
-  How is robustness achieved in the system?
Service Providers and Client Adopters are obligated by the CMLA License agreement they sign to develop services and/or products that conform to the CMLA Robustness and Compliance rules set forth in the respective CMLA License agreements. The CMLA Compliance/ Robustness rules are based on compliance and robustness rules used by hundreds of licensees in other content protection initiatives of a similar nature, such as compliance/ robustness requirements for CPRM/CPPM, HDCP, DTCP and others.
These rules were developed also with the help of a group of Founding Contributors that included implementers, service providers, broadcasters and content providers. The CMLA license agreements have provisions for remedies to address breaches of compliance/ robustness which include revocation of keys or certificates.
-  Where are CMLA implementations verified and certified?
CMLA licensees are responsible for ensuring their implementations meet CMLA compliance and robustness rules. CMLA licensees create a check list to verify the process used to meet CMLA compliance and robustness requirements. CMLA licensees may use the CMLA development system to verify their implementations.
-  How are the different levels of compromise severity handled?
The steps of correction and enforcement are described here.
Correction: When CMLA receives a complaint regarding a CMLA licensee’s product or service it promptly takes the following steps: (i) notifies licensee of problem and provides all information received by CMLA and sets expectation of continued dialogue until complaint resolved; (ii) reviews CMLA licensee corrective action plan; (iii) provides oversight until correction action plan completed. It is anticipated that a CMLA licensee corrective action plan may include updates (software or otherwise) or other remedial solutions; If the complaint identifies a specific device private key or rights issuer private key, CMLA may encourage the licensee to agree to revoke the certificate corresponding to the identified key. CMLA license agreements also contain a dispute resolution process.
Enforcement: CMLA license agreements provide for different types of enforcement, in the event a complaint is not resolved. In the event, CMLA and/or its Eligible Content Participants determine enforcement is required, CMLA may initiate the process to enforce the CMLA license agreements. Enforcement includes both revocation and injunctive relief, in addition to other contractual remedies. In addition, CMLA license agreements give Content Participants third party beneficiary rights providing Content Participants with the ability to seek injunctive relief in certain circumstances. The CMLA licenses provides for substantial liquidated damages for certain material breaches of the CMLA license agreements. Finally, CMLA content owners may have additional (extra or outside the CMLA license) remedies available to it (e.g., for copyright infringement caused by the defective products or services).
-  What is the role of CMLA in the case of leaking device implementations?
CMLA is very focused on maintenance of the integrity of its trust model and therefore may take the following actions to address leaking implementations, as needed:
- CMLA has the ability to change the CMLA Specifications and compliance and robustness rules under certain circumstances, including changes to meet new threats. CMLA licensees are required to comply with such changes within specific time periods.
- In instances where device or service implementations have not met the CMLA specification or compliance/robustness requirements, and the CMLA licensees have not corrected their problems, within the cure period, if applicable, CMLA may exercise its contractual rights to enforce the CMLA license agreements and Eligible Content Participants may exercise their third party beneficiary rights in certain circumstances. Examples of remedies include injunctive relief (from further manufacture), revocation of device/rights issuer certificates, liquidated damages and/or termination of the CMLA agreement.
- CMLA may enforce its intellectual property rights in the event of non-licensed products/services or circumvention devices.
-  Who is responsible to fix leaking device implementations?
Each CMLA licensee has the ability to respond to allegations of non-compliant implementations which they have brought to market. CMLA's role in this correction process is to help expedite these corrections or to take other remedial action as permitted under the CMLA License Agreements.
-  Explain the CMLA device revocation procedure.
The CMLA revocation process is defined in the Agreements (Section 9). The revocation process is initiated when/if the revocation criteria have been met and CMLA is made aware of the problem. At a high level, the revocation criteria require that a private key (device or rights issuer) has been disclosed in a manner not permitted under the CMLA License Agreement. A licensee is notified that one or more of its CMLA implementations has been compromised such that a private key has been disclosed and either (i) the licensee agrees to revoke the private key; or (ii) the licensee can dispute the allegations in which case the matter is referred to expedited arbitration.
-  Can CMLA devices receive SW updates rather than revocation?
CMLA licensees may use a software update to correct a breach of the compliance/robustness rules in products already deployed. Such an update must be done according to the CMLA license agreements. CMLA would anticipate a licensee would use whatever best methods it can to expeditiously remedy a breach of the requirements of the CMLA technical specification, license agreements, including compliance and robustness rules. This being said, there still could be instances where revocation of keys/certificates is required.
-  How synergistic are the OMA DRM v2 content protection and the DVB service protection solutions?
The ETSI TS 102 474 Annex B solution (18Crypt) is designed to be fully integrated and synergistic with the OMA DRM v2 standard. It provides a fully compatible merge of service protection and content protection.
OMA has extended the DRM specification to include the OMA DRM Profile which is consistent with the ETSI TS 102 474 Annex B solution with some added functionality. CMLA has extended its trust model support to include the OMA DRM Profile.
-  Why does CMLA only support OMA BCast DRM profile and not provide support for OMA BCast Smartcard profile?
CMLA is not able to determine its ability to support the Smartcard Profile until the specification is finalized. CMLA will consider support for this extension at that time.
-  What are types of service that CMLA and 18Crypt solution enables?
18Crypt service protection was first developed for mobile broadcast and therefore is intended to enable the full spectrum of mobile services envisioned. Content distributed within 18Crypt protected services can be any digital content such as music, images, video or even applications. 18Crypt service offering may be independently defined by service providers or broadcasters. The technology itself enables free-to-air and pre or post-paid subscription based and pay-per-view services.
-  What are the business models that the CMLA and 18Crypt solution enables?
Neither 18Crypt as a technology nor CMLA as a trust model commits the user to any specific business models. Both are flexible and allow participants in the ecosystem to craft business models as the market needs dictate. CMLA defines only the trust aspects of the ecosystem and leaves all other implementation considerations to the participants in the ecosystem.
-  How do broadcasters and service providers (rights issuers) work together to offer a mobile broadcast service using CMLA?
CMLA provides for extensive flexibility in the business models or value chain roles that companies agree to fill in this ecosystem. CMLA does not enter into the decision process between companies as to how they create their go-to-market relationships. CMLA strives to provide high flexibility to enable these choices.
-  Does payment of CMLA fees cover the OMA and 18Crypt IP fees.
The CMLA fees cover only that which is licensed and provided by CMLA. Any other licenses, costs, or fees must be determined directly from other entities offering the technologies.
Licensing of intellectual property related to the underlying OMA v. 2.0 specification or the DVB-H SPP specification are outside of the scope of CMLA. Such questions should be addressed to OMA directly. CMLA licensing is accomplished by signing one or more of the CMLA Agreements as may pertain to your business interest. CMLA license and non-assertion provisions cover all necessary claims in patents held by the Founders and other CMLA licensees for use pursuant to the CMLA license agreements.
-  What are the incremental CMLA fees when adding support for DVB to enable mobile broadcast protections?
CMLA does not charge an incremental fee when an existing adopter chooses to become a mobile broadcast implementer by signing the Service Provider Mobile Broadcast Addendum. There is also no additional ongoing or usage fee for the Mobile Broadcaster Addendum.
-  How are CMLA service provider fees handled when a single customer may get service (e.g. music) from one service provider and also get another service (e.g. video or TV) from another service provider?
It is possible that an individual customer in the CMLA ecosystem may receive services from more than one service provider (rights issuer). Service Providers pay fees to CMLA following each calendar quarter based on their Active Subscribers in that quarter. If two or more service providers are counting the same end customer as an Active Subscriber in their respective quarterly accounting, CMLA will accept a written certification by one or both service providers stating they have reached agreement to only pay CMLA once in the quarter for this end customer and all customers for which this is applicable.