FAQ

General Questions

  1. What is the MTMO’s role in Marlin?
  2. What is the MTMO’s relationship to the MDC? Why are they separate entities?
  3. What benefits does the MTMO provide to adopters of Marlin technology?
  4. How does the MTMO enable interoperability?
  5. How does the MTMO handle security breaches of devices and services?
  6. What are the key design objectives of the Marlin trust model?
  7. What are the benefits of a delegated Certificate Authority (CA)?
  8. How are keys and certificates provided for devices, applications, and services?
  9. How does the MTMO issue development keys and test keys?
  10. What is a Listed Trust Service Provider?

Questions for Adopting Marlin Technology

  1. How can I get a commercial license to implement Marlin technology as a Client Adopter or Service Provider Adopter?
  2. What are the anticipated costs for adopting Marlin to Client devices?
  3. What are the anticipated costs for adopting Marlin as a Service Provider?
  4. What license agreement do I need to adopt Marlin technology (including Marlin BB, IPTV-ES) or MS3 technology?
  5. What are the anticipated costs for adopting Marlin as an MS3 (Marlin Simple Secure Streaming) Service Provider?
  6. How do I sign up as a Client Component Manufacturer or Service Element Provider?
  7. If I am a Client Adopter licensee, and subcontract with a hardware manufacturer to provide components for my Marlin implementation, does my subcontractor need to sign the Client Adopter agreement as a component manufacturer?
  8. What can I expect to get when I sign the Marlin Component Manufacturer Addendum instead of the full Marlin Client Adopter agreement?
  9. What can I expect to get when I sign the Marlin Service Element Provider Addendum instead of the full Marlin Service Provider agreement?
  10. If I have signed a Marlin Client or Service Provider Agreement, how can I contract with Seacert or Panasonic to provide trust services?
  11. If I choose to set up my own Delegated Certificate Authority (DCA) rather than contracting with a Listed Service Provider, are there any additional agreements I need to sign?
  12. If I choose to set up my own Delegated Certificate Authority (DCA) and do my own provisioning, what are the additional requirements I should anticipate?
  13. How can I get my Marlin-based device or service implementation designated as being Marlin compliant?
  14. If I have signed the Component Manufacturer or Service Element Provider addendum, can I still get certified for Marlin compliance?
  15. Where can I learn more about Marlin?

What is the MTMO’s role in Marlin?

The MTMO serves four key roles in Marlin:

  • It grants non-patent IPR for commercial uses of Marlin technology.
  • It provides key management and certificate services for Marlin products and services.
  • It enforces compliance and robustness rules for Marlin products and services.
  • It operates renewability services for the Marlin ecosystem.

Back to Index

What is the MTMO’s relationship to the MDC? Why are they separate entities?

The MTMO and MDC (Marlin Developer Community) are separate entities specifically to keep technology development activities distinct and independent from the day-to-day activities associated with running a key management and trust services organization.

The MDC enables technology development to support the rollout of the Marlin ecosystem. It does this by developing and publishing the Marlin specifications, community code, tools, conformance test and development keys, and white papers for parties interested in evaluating and testing Marlin technology.

Note: All specifications and code available through the MDC are intended for internal and non-commercial purposes only.

The MTMO is the operational entity that grants commercial licenses for Marlin technology, and implements the Marlin trust model (including key management and certificate services) and renewability. The MTMO licensees have access to compliance and robustness rules for achieving certification, and other valuable tools and documents.

Note: Potential adopters of Marlin DRM, including device and service providers, are encouraged to evaluate Marlin technology before licensing the right to commercially deploy it. 

For a more detailed division of labor between the 2 entities, see below


Back to Index

What benefits does the MTMO provide to adopters of Marlin technology?

The MTMO provides a single trust management infrastructure that ensures interoperability between Marlin-compliant products and services. This allows renewable security to be implemented with minimum impact to consumers, client and service providers.


Back to Index

How does the MTMO enable interoperability?

The MTMO enables interoperability through:

  • its ability to trust Marlin identities: the MTMO guarantees the certificates of principals used in all implementations are signed by common roots of trust and are generated according to trustable procedures. Any one entity can authenticate and trust the authenticity of any other entity by following the certificate chain to the common roots
  • cryptographic mechanisms: the MTMO ensures that all keys and certificates adhere to a common specification
  • compliance of implementations with a set of common specifications
  • the use of a singly rooted PKI (Public Key Infrastructure) for device and service authentication
  • a reporting body for keys and devices that are compromised.

Back to Index

How does the MTMO handle security breaches of devices and services?

Marlin is designed to support a variety of mechanisms that may be applied in the event of a security breach. These include revocation of devices and services, exclusion from content, and shunning access to services. The MTMO also employs both legal recourse and contractual remedies articulated in the MTMO agreements.


Back to Index

What are the key design objectives of the Marlin trust model?

The Marlin trust model consists of a single root of trust and delegated Certificate Authorities (CAs). The MTMO runs these trust anchors to allow interoperability between Marlin implementations.


Back to Index

What are the benefits of a delegated Certificate Authority (CA)?

The MTMO allows for the delegation of key management to adopters. The benefit of a delegated CA is that adopters can control the cost structure of key management either by establishing a CA in-house, outsourcing it to a service provider, or leveraging existing systems. This also allows adopters to design their own delegated trust hierarchy to meet individual business needs. For example, a large device manufacturer can design its trust hierarchy to have each geographical division be in charge of its own delegated CA; each geographical division can then delegate the CA responsibility to different sub-product divisions if the adopter chooses to. Alternatively, the device manufacturer can choose to have just one CA for all its devices and order all the device keys from a Listed Trust Service Provider.


Back to Index

How are keys and certificates provided for devices, applications, and services?

To acquire keys and certificates, an adopter must sign the appropriate MTMO agreement (for device or service provider) and pay the annual fee. Adopters have the option to generate their own keys by signing the Trust Service Provider Agreement, or to order them through a Listed Trust Service Provider. Client credentials (for devices or PC-software clients) can be provisioned either online via a service provider’s Personalization Server or at a factory before they hit the market. Server credentials must be manually configured by a service provider’s DRM administrators or developers.


Back to Index

How does the MTMO issue development keys and test keys?

To encourage the rapid adoption of Marlin, the MTMO provides the Development Trust Infrastructure. There are two parts to the test infrastructure. First, adopters can download from the website a set of Common Test Keys that includes a test root, test Certification Authority, and sample credentials for services and clients. Later in development, an adopter can order a set of Adopter Test Keys. The Adopter Test Keys are from the same test root, and the values in the certificates are set by the Adopter to match what will be implemented in production.


Back to Index

What is a Listed Trust Service Provider?

A Listed Trust Service Provider is an entity that has executed the Marlin Trust Service Provider Agreement. A Listed Trust Service Provider is authorized to generate “Production Provisioning Packets”, i.e., keys and certificates for Marlin adopters (Clients and Service Providers) that do not wish to generate their own Marlin key material.


Back to Index

How can I get a commercial license to implement Marlin technology as a Client Adopter or Service Provider Adopter?

  1. As a potential adopter, you will need to fill out the Request for Agreement Form in order to download the Client Agreement (CA), the Service Provider Agreement (SPA) or the MS3 Service Provider Agreement (MS3).
  2. You will receive via email to the address you included in the form a packet that includes the agreement and any relevant amendments.
  3. After filling in the contact information and signing the agreement and the amendments to the agreement you can send them to MTMO by:
    • Emailing a scanned copy of pages 1 and 61 of the Client Agreement to: [email protected], or
    • Faxing a copy of those pages to: +1 503-644-6708
  4. Also, please mail two complete signed copies of the agreement as well as the amendments to: 3855 SW 153rd Drive, Beaverton OR 97006 – USA.
  5. We will countersign the agreement and amendments and return a completely executed copy to the assigned contact person at the address provided on page 1 of the agreement.
  6. MTMO will send you an invoice for the annual MTMO fee (the current fee for a Client Adopter is $20,000 and for a Service Provider Adopter is $10,000).
  7. MTMO will also send you information on Listed Trust Service Providers you can contract for key management services (Seacert and Panasonic are the only providers of this service).
  8. Upon receiving payment, we will send an email acknowledgement to the contact person.
  9. We will also send you a user identity and password; with this, you can access the protected pages of the MTMO website where you will find the MTMO Getting Started document, Security Policy documents (MTMDs), instructions for acquiring Client personalization packets, and other useful documents, Common Test Keys, and tools (marlin-trust.com/operations).

Note: If you plan to sell devices and services based on Marlin technology, you will need to sign both the Client and Service Provider Agreement.


Back to Index

What are the anticipated costs for adopting Marlin to Client devices?

The current fee schedule can be found in Exhibit D of the Marlin Client agreement.

It includes the following:

  1. Annual Administration Fees.The following Annual Administration Fees apply:
    • Client: US$ 20,000.00 per year
    • Client with Component Manufacturer Addendum: US$ 15,000.00 per year
  1. Marlin Certification Fees.As provided in Section 4.2 of the Client Agreement Marlin Certification Fees shall be paid by Client.
    • US$ 1,500.00 per Acknowledgement for Compliance Testing under Section 3.2(b)
    • Note: Marlin Certification Fees do not apply prior to the Certification Requirement Date. No such Certification Requirement Date has been set at this moment
  1. Delegate Certificate Authority Fees (optional certificate).This is mentioned in Section 4.3 of the Client Agreement.
    • US$ 3,000.00 per single set of DCA Certificates for applicable specification per request
    • Note: If you use a Listed Trust Service Provider, you may not need your own DCA certificate.
  1. Security Operation Fees.As mentioned under Section 4.4 of the Client Agreement, Security Operation Fees shall be paid by Client as the case may be.
    • US$ 0.01 per Provisioning Packet generated for Client
    • Note: If you use a Listed Trust Service Provider for generating your keys, this fee may be paid to the MTMO by the Trust Service Provider on your behalf.

(Note: in the current version of the Client agreement there are other charges for Smart Cards.  These are no longer used.)


Back to Index

What are the anticipated costs for adopting Marlin as a Service Provider?

The current fee schedule can be found in Exhibit D of the Marlin Service Provider Agreement.

It includes the following:

  1. Annual Administration Fees.The following Annual Administration Fees apply
    • Service Provider: US$ 10,000.00 per year
    • Service Provider with Service Element Provider Addendum: US$ 5,000.00 per year
  2. Marlin Certification Fees.As provided in Section 4.2 of the Service Provider Agreement, Marlin Certification Fees shall be paid by Service Provider.
    • US$ 1,500.00 per Acknowledgement for Compliance Testing under Section 3.2(b)
    • Note: Marlin Certification Fees do not apply prior to the Certification Requirement Date. No such Certification Requirement Date has been set at this moment
  3. Delegate Certificate Authority Fees (optional certificate).This is mentioned in Section 4.3 of the Service Provider Agreement.
    • US$ 3,000.00 per single set of DCA certificates for applicable specification per request
    • Note: If you use a Listed Trust Service Provider, you may not need your own DCA certificate.
  4. Security Operation Fees.As mentioned under Section 4.4 of the Service Provider Agreement, the following Security Operation Fees shall be paid by Service Provider
    • US$ 300 for up to 10 Product Provisioning Packets generated for Service Provider
    • Note: If you use a Listed Trust Service Provider for generating your keys, this fee may be paid to the MTMO by the Trust Service Provider on your behalf.

(Note: in the current version of the Service Provider agreement there are other charges for Smart Cards.  These are no longer used.)



Back to Index

What license agreement do I need to adopt Marlin technology (including Marlin BB, IPTV-ES) or MS3 technology?

If you want to adopt Marlin and/or MS3 technology to client devices, you must execute Marlin Client Agreement (CA).

If you want to adopt Marlin technology as a service provider, you must execute Marlin Service Provider Agreement (SPA)

If you want to adopt MS3 technology as a service provider, you must execute Marlin Simple Secure Streaming Service Provider Agreement (MS3 SPA)

 

MARLIN SPECIFICATION
(MARLIN-BB, IPTV-ES)

MS3
SPECIFICATION

CLIENT

SERVICE

CLIENT

SERVICE

CA ADOPTER

X

 

X

 

SPA ADOPTER

 

X

   

MS3 SPA ADOPTER

     

X


Back to Index

What are the anticipated costs for adopting Marlin as an MS3 (Marlin Simple Secure Streaming) Service Provider?

There are no MTMO fees associated with Signing the MS3 Service Provider Agreement.


Back to Index

How do I sign up as a Client Component Manufacturer or Service Element Provider?

  1. As a potential adopter, you will need to fill out the Request for Agreement Form in order to acquire the Client Agreement (CA) or Service Provider Agreement (SPA).
  2. You will receive a zipfile that includes the agreement that you requested and any associated amendments as an attachment via email.
  3. Once receiving the agreements, fill in the contact information, signing the agreement, fill out Exhibit C, and sign any amendments that require signature. Send a scan of pages 1 and 61 of the agreement by one of the two methods:
    • Email a scanned copy of the filled out and signed pages (pages 1 and 61) to: [email protected], or
    • Faxing a copy of the signed pages to: +1 503-644-6708
  1. Note: Also, please mail 2 complete and signed copies of the agreement and amendments to: 3855 SW 153rd Ave, Beaverton, OR 97006 – USA
  2. MTMO will countersign both copies of the agreement and amendments and return one copy to the contact person at the location provided on page 1.
  3. MTMO will send you an invoice for the annual MTMO fee (the current fee for a Component Manufacturer Adopter is US$ 15,000, and Service Element Provider is US$ 5,000).
  4. Upon receiving payment, we will send you an email acknowledgement to your assigned contact person.
  5. You will then receive access to the Common test keys, the Conformance test specification, and other information.

Note: As a Component Manufacturer or Service Element Provider adopter, you will not get production keys.


Back to Index

If I am a Client Adopter licensee, and subcontract with a hardware manufacturer to provide components for my Marlin implementation, does my subcontractor need to sign the Client Adopter agreement as a component manufacturer?

No. Your subcontractor does not need to sign the component manufacturer addendum as long as:

  • The hardware manufacturer is not providing you with a licensed component, as described in Sect. 1.62 of the Client Agreement:

“Licensed Component(s)” means a component(s), such as an integrated circuit, circuit board, or software module that (i) is manufactured or distributed under valid Marlin Client Agreement; (ii) is designed solely to be assembled into a Licensed Product or Robust Licensed Component, and (iii) embodies some or all portion of the Marlin Specification, but which by itself is neither Compliant nor Robust.

  • The hardware manufacturer is subcontracted by you, with a contractual agreement that adheres to Section 2.1 (f) of the Client Adopter Agreement, whereby the:

“Client may conclude a written, binding agreement with any such subcontractor that effectively imposes on that entity such obligations to ensure that neither Client nor its subcontractor commits any breach of this Agreement, and may provide therein that the MTMO is a third party beneficiary of all subcontractors’ obligations imposed pursuant to this Section, but that the MTMO has no obligation whatsoever to subcontractor. Client shall take such actions as are reasonably necessary to secure compliance of its subcontractor with Clients obligations imposed under this Agreement, and shall be fully responsible under this Agreement for any breach or failure thereof by its subcontractor as if such breach or failure were the direct act of Client. Client acknowledges that the MTMO’s third party beneficiary rights, if any, with respect to such breaches or failures of its subcontractor do not in any way limit or diminish Client’s obligations under this Agreement or this Section, including without limitation the immediately preceding sentence.”


Back to Index

What can I expect to get when I sign the Marlin Component Manufacturer Addendum instead of the full Marlin Client Adopter agreement?

  Client Licensee Component Manufacturer
Development Trust Infrastructure access
Conformance Test Specifications
Access to member-only tools & information
Marlin Specifications
Production Trust Infrastructure  
Development Trust Infrastructure  
Access to Production Keys  
Sell Licensed Product  
Sell Licensed Components to Clients
Annual Fee $20K $15K

Back to Index

What can I expect to get when I sign the Marlin Service Element Provider Addendum instead of the full Marlin Service Provider agreement?

Service Provider LicenseeService Element Provider
Development Trust Infrastructure
Conformance Test Specifications
Access to member-only tools & information
Marlin Specifications
Production Trust Infrastructure
Development Trust Infrastructure
Access to Production Keys
Sell Licensed Service
Sell Licensed Service Elements to Service Providers
Annual Fee$10K$5K

Back to Index

If I have signed a Marlin Client or Service Provider Agreement, how can I contract with Seacert or Panasonic to provide trust services?

  1. Once you have signed a Marlin Client or Service Provider Agreement, you will be informed of Listed Trust Service Providers you can contract for key management services (Seacert and Panasonic are the sole providers of this service).
  2. Contacting Trust Service Providers

Back to Index

If I choose to set up my own Delegated Certificate Authority (DCA) rather than contracting with a Listed Service Provider, are there any additional agreements I need to sign?

Yes, you would have to sign the Trust Service Provider Agreement. This agreement can be obtained by filling out the Request for Agreement Form. The Annual Administration Fee associated with this agreement is US$ 20,000


Back to Index

If I choose to set up my own Delegated Certificate Authority (DCA) and do my own provisioning, what are the additional requirements I should anticipate?

The Trust Service Provider Agreement provides the detail of all obligations of a DCA. You can download and review a copy of the Trust Service Provider Agreement using the Request for Agreement/Documentation download form.


Back to Index

How can I get my Marlin-based device or service implementation designated as being Marlin compliant?

For a device or service to be considered Marlin compliant, as a client or service provider adopter you must comply with:

  • The specifications (e.g., Marlin Broadband, Marlin IPTV-ES, MS3)
    • The applicable Conformance specifications provide test definitions to help establish if an implementation is conformant with those specifications
  • Robustness rules (regular and/or ECP rules)
  • Compliance rules (regular and/or ECP rules)
  • Trust Management Policies (also known as, Marlin Trust Management Documents (MTMDs) for Broadband or MS3 – available on the Operations or MS3 Operations sites)



Conformance Specifications

  • Conformance means that your device or service meets the applicable MUST, MUST NOT, REQUIRED, SHALL and SHALL NOT statements in the Marlin specification you have implemented.
  • Adopters can download the Conformance Test Specifications from the MDC at: Marlin Developer Community. This site hosts Conformance Test Specifications for Marlin Broadband and IPTV-ES.
  • Adopters can download the Conformance Test Procedures from the MTMO at marlin-trust.com/operations. Procedures for IPTV-ES and Marlin Broadband are provided.
  • You must submit the Short Form Robustness Questionnaire to the MTMO, and keep a copy of the Long Form Robustness Questionnaire on file at your company. A Word version of these Affidavits and Questionnaires (both General and ECP) can be downloaded by Adopters from: marlin-trust.com/operations
  • The MTMO will return to you an Acknowledgment of Conformance Affidavit (Note that there is a different Affidavit for Marlin Enhanced Content protection (ECP) Products that are expecting to access UHD, 4K or early release window content).



Compliance Rules

  • Compliance rules are included in Exhibit A (and Exhibit AA for Marlin ECP C&R Rules) of the Client Adopter Agreement or Exhibit A of the Service Provider Agreement and govern the permitted outputs and imports in your device or service implementation, for example, how audio and/or audiovisual content can be rendered, imported and/or exported.
  • The Affidavits mentioned above also cover Compliance (General and ECP) Rules.
  • Also available on the Operations website (marlin-trust.com/operations) is the Marlin Enhanced Content Protection Framework Overview, which outlines the general self- certification procedures for Marlin Client adopters seeking to provide Marlin Licensed Products that will provide access to Enhanced Content (e.g., 4k, UHD, or early release window content).



Robustness Rules

  • Robustness rules are included in Exhibit B of the Client Agreement (and Exhibit BB for ECP Robustness Rules) or Exhibit B of the Service Provider Agreement and govern level of protection required in your device or service implementation, for example, how well keys must be protected.
  • You must submit the Short Form Robustness Questionnaire to the MTMO, and keep a copy of the Long Form Robustness Questionnaire on file at your company. A Word version of these Affidavits and Questionnaires can be downloaded from marlin-trust.com/operations
  • You will receive from MTMO an Acknowledgment of receipt of your Robustness Checklists (regular and/or ECP).

 

The Common Test Keys are available for download by Adopters from: www.marlin-trust.com/operations. The Common Test Keys are useful for testing the above requirements.


Back to Index

If I have signed the Component Manufacturer or Service Element Provider addendum, can I still get certified for Marlin compliance?

If you are a Marlin Component Manufacturer or Service Element Provider adopter, then the Licensed Component or the Licensed Service Element does not need to test for conformance and compliance according to the Marlin Client adopter and Service provider agreements.


Back to Index

Where can I learn more about Marlin?

To learn about the Marlin Technology, please refer to the Marlin Community website.


Back to Index