Stay informed on MovieLabs Technology Open Challenge.
Send a blank
email to firstname.lastname@example.org to
join the mailing list.
Remote Content Access Challenge
The goal of this challenge is to provide a new, unobtrusive technique
by which consumers can accurately identify themselves so that
they can access stored content from a remote location. Accurate
identification means that it should not be easy for a consumer
to share her identity.
Current authentication solutions are usually built around a simple
password mechanism. Alternatively, licensed content is often associated
with a specific device. There are no technologies in wide deployment
that allow authenticated access in remote locations based on the
reliably detected identity of the consumer rather than that of
the device. There is a need for new solutions that allow consumers
to identify themselves in an unobtrusive manner from any device,
that provide greater reliability than password authentication,
and that cannot be loaned out or spoofed easily.
Solutions may have additional useful features, but we are looking
for techniques which come closest to meeting at least the following
It should allow a consumer to make their established identity
known from a variety of devices.
It should be able to distinguish
between the authorized consumer and other users who may or may
not have permission from the true consumer to use that identity.
should have a very small likelihood of misidentifying the consumer,
either by not recognizing them (false negative) or identifying
them as someone else (false positive).
It should be resistant
to spoofing (i.e., tricking the system into allowing someone
else to access the identified consumer's content).
It should be
compatible with a system for opting-in or opting-out.
allow a consumer to be identified anonymously, i.e., the consumer
should be able to establish their identity for access purposes
without disclosing personally identifiable information.
It should be very consumer
friendly, i.e. no more onerous than a username and password.
does not have to be 100% accurate in detecting misuse, but should
reliably identify repeated misuse.
It could be a monitoring or
auditing technology rather than a specific authentication mechanism.