The prospect of delivering MP3 files, videogames, movie clips, streaming-TV broadcasts and other digital media to mobile handsets has ignited an unprecedented explosion of design and engineering activities. At the moment, however, consumers are stuck with your basic one-trick pony-the camera phone.
What's the holdup? According to Jay Srage, cellular-system marketing manager at Texas Instruments Inc., it boils down to security, the absence of which prevents the development of content, thus stifling consumer interest in newer handsets and discouraging traffic on next-generation cellular networks.
The lack of a secure mechanism to protect valuable digital content within a handset could evolve into "a killing issue" for operators, warned Michel Windal, marketing director of operator partnerships at Philips Semiconductors. More users are beginning to download a variety of applications and digital media content into their handsets, many based on open operating systems from the likes of Symbian or Microsoft. With an open OS inside, a mobile phone will inevitably become more vulnerable to attacks. Moreover, bad applications innocently downloaded by consumers could cause the handsets to crash.
"This is a very hot topic making many operators very anxious today," said Windal.
Neither the mobile industry nor content owners have devised a mutually agreeable solution to protect cell phones from electronically transmitted diseases. Questions that remain to be addressed include: Where should the encrypted content be stored, and how should it be protected? Which component should be responsible for storing a private key that unlocks and decrypts content? How will the decrypted digital content be securely transmitted to a media player inside a mobile phone for MP3 or H.264 decoding? How might the usage rules for digital media be enforced on handsets in a manner both effective and friendly to users?
There are technical solutions to these problems. The hard part is sorting through the trade-offs of cost, security, usability and value for operators, content owners and consumers.
Vendors of traditional subscriber identity module cards, such as Axalto and GemPlus, want to implement digital-rights management on a SIM card. Others, including Intel Corp. and Texas Instruments, are pushing for DRM within a baseband or an applications processor, embedded with a hardwired security engine.
Other chip vendors, such as Philips Semiconductors, STMicroelectronics and Infineon Technologies, offer similar processor-based DRM solutions combining software and hardware. These vendors also offer alternative and possibly competing DRM solutions specifically designed for SIM cards or removable flash cards. Flash represents a third way by storing and executing DRM agents in secure MultiMediaCards (MMCs).
"Even if the industry comes to an agreement, there won't be one, but a few, solutions. The market will be fragmented," said Dominik Bilo, sales and marketing vice president for the Communications Business Group at Infineon.
The most prevalent configuration for DRM in commercial handsets is in a baseband processor or a coprocessor. Proponents often cite cost and performance as major reasons to go with this solution.
"The combination of software and silicon in the handset ensures the security of the implementation of the DRM agent," said Bart Van Rijnsoever, director of DRM technology at Philips Software. The DRM agent consists of a private key, rights objects (licenses prescribing usage rules), content decryption keys and decrypted content. Typical processor-based security features include a unique internal secret cryptographic key that the DRM agent uses to store assets in memory in encrypted format only, along with authentication of the software image of the handset during boot or execution.
Calling software-based security on a processor "easily hackable," TI's Srage said the company takes a system-level security approach in which a key-management system is burned in hardware, with usage rules handled in software.
Similarly, STMicroelectronics provides a security framework for its Nomadik processor by integrating anti-tampering protection with a secure boot loader and unique processor die identity, said Patrice Meilland, director of marketing for Nomadik platforms in ST's Personal Multimedia Group.
Philips Semiconductors, armed with baseband processors with hardwired security features, regards speed as its biggest asset. A hardwired encryption engine ensures fast security functions, leading to lower power consumption, the company maintains. But compared with other SIM or flash card-based security approaches, Philips Software's Van Rijnsoever said, the processor-based approach is secure because there is no external interface between the DRM agent and content decoding.
For their part, SIM card vendors envision "super SIM" or "megamemory SIM" cards that would take over much of the DRM agent tasks. "SIM is uniquely positioned to provide value to the content owners," said Jack Jania, director of field marketing for Axalto Mobilecom. The SIM card is already in every GSM handset. It will continue to be present in UMTS 3G phones, he said, and will become an option for 3G CDMA phones. "It's the best portable device where the rights keys to the content can be stored," said Jania. He predicted that SIM cards will be instrumental in allowing portability of network subscription, DRM security keys, mobile payment keys and personalized features such as wallpaper.
"The most evident pro-SIM-based DRM agent implementation argument is the renewability of user equipment," said Jean-Francois Rubon, director of product technical strategy at Gemplus. If DRM agents and rights objects were stored in a the handset, he said, operators would have to "reissue and redo all the rights objects when a new DRM came along."
SIM card vendors also emphasize their years of experience in offering card security. Smart-card chips are designed to protect mobile phones from static and dynamic attacks, with a layer of metallization, internal memory isolation for code execution and tamper-resistant features designed to monitor the power supply going into the smart card, the silicon's exposure to light and other factors. "I don't see other media matching this level of security," said Jania.
But others say the SIM card's Achilles' heel is the interface. Lacking in today's SIM card is a secure communication channel that could link the DRM agent in the card and a media player in the handset.
Under today's architecture, "once a delivered digital file is decrypted in a SIM card, it would be handed over to a media player in a handset in the clear," acknowledged Herve Brugal, product manager for DRM at Gemplus, exposing the link where DRM internal information can be copied. "We need to standardize a secure interface." The European Telecommunications Standards Institute is working on that.
Further, today's SIM card lacks a high-speed bus interface. Access speed is several hundred kilobits per second, versus megabits, for MMC or USB interfaces. Axalto is pushing the adoption of a modified USB interface for the higher-speed bus, while Gemplus prefers an MMC interface.
The latest contender for implementing the DRM agent is removable flash memory cards, such as secureMMC. Promoters claim that the rapid proliferation of camera phones has triggered a movement to install a second memory slot, like the one for MMC, in handsets. While SIM cards may be more network operator-friendly, removable flash cards are inherently more user-friendly, this camp contends. Digital media downloaded and stored in a protected removable flash card could potentially be played back on any device that featured a corresponding flash interface.
"For end users, this is a nice scenario," said Philips Software's Van Rijnsoever, though it's "not in line with the current Open Mobile Alliance DRM specification, since content is bound to one specific device or to a designated group of devices."
Tamper resistance, removability and personalization are the "success factors of the SIM card in mobile communications," and "...have now been integrated into the MMC technology," said Andreas Morawietz, marketing manager for telecommunications at smart-card vendor Giesecke & Devrient (Munich, Germany). SecureMMC, for example, "offers the opportunity to store the content-both multimedia and executables-and the secure data, such as keys or licenses, within one device."
Yves Leonard, chairman of the MMC Association, predicted that newer SIM cards and secureMMC will coexist. A bigger question is whether large SIM cards will succeed in handling many functions. "We will see," Leonard said.