MovieLab
Technology Open Challenge
 

Stay informed on MovieLabs Technology Open Challenge.
Send a blank email to challenge@movielabs.com
to join the mailing list.


Remote Content Access Challenge

Goal
The goal of this challenge is to provide a new, unobtrusive technique by which consumers can accurately identify themselves so that they can access stored content from a remote location. Accurate identification means that it should not be easy for a consumer to share her identity.

Problem
Current authentication solutions are usually built around a simple password mechanism. Alternatively, licensed content is often associated with a specific device. There are no technologies in wide deployment that allow authenticated access in remote locations based on the reliably detected identity of the consumer rather than that of the device. There is a need for new solutions that allow consumers to identify themselves in an unobtrusive manner from any device, that provide greater reliability than password authentication, and that cannot be loaned out or spoofed easily.

Technical Criteria
Solutions may have additional useful features, but we are looking for techniques which come closest to meeting at least the following criteria:

  • It should allow a consumer to make their established identity known from a variety of devices.
  • It should be able to distinguish between the authorized consumer and other users who may or may not have permission from the true consumer to use that identity.
  • It should have a very small likelihood of misidentifying the consumer, either by not recognizing them (false negative) or identifying them as someone else (false positive).
  • It should be resistant to spoofing (i.e., tricking the system into allowing someone else to access the identified consumer's content).
  • It should be compatible with a system for opting-in or opting-out.
  • It should allow a consumer to be identified anonymously, i.e., the consumer should be able to establish their identity for access purposes without disclosing personally identifiable information.
  • It should be very consumer friendly, i.e. no more onerous than a username and password.
  • It does not have to be 100% accurate in detecting misuse, but should reliably identify repeated misuse.
  • It could be a monitoring or auditing technology rather than a specific authentication mechanism.