Keeping your content safe and secure.
(Yet still accessible.)
CRAM™ allows for the best of the digital world while protecting your content from the worst. In fact, CRAM offers the same level of security as the Department of Defense and National Security Agency.
The CRAM security platform is comprised of three major ideas: centralized security management, physical client security and forensic identification. The guiding principles throughout are the same:
- Content is delivered physically using proven data-at-rest protection.
- Data is accessible only to the registered user.
- Any breach or suspected breach physically or digitally renders the device inoperable.
Central Security Management
The more access points you give a thief, the harder it is to fend them off. That’s why CRAM-enabled products are supported by a centralized platform that manages cryptography and storage. The platform resides in an offline facility where key management and high-value content are protected from physical and Internet-based attacks. Analog shipping methods are used to protect transactions that require Internet connectivity.
FDE hard drives are then used to deliver data between the central library and users. FDE is a proven security solution for data-at-rest and data-in-transit because it implements pre-boot authentication, secure drive channels and encrypts every byte on the drive—including the master boot record.
Beyond that, each drive is keyed to the device with which it is delivered, effectively pairing the drive to the device. Drives not paired will not be accessible.
The CRAM security platform implements a system-wide rolling encryption for rich media. All content is encrypted with unique keys for a specific time period that meet or exceed current motion picture industry standards, using combinations of 128 bit, 256 bit, and 384 bit encryption algorithms.
Physical Security
CRAM devices are tamper respondent and tamper evident. Meaning, any attempt to bypass its security results in immediate power loss and cryptographic disk erasure within milliseconds.
Microswitches and a security perimeter physically protect components that may contain decrypted data, such as the microprocessor or RAM, from physical tampering, penetration and temperature-based attacks. Multilayered custom circuit board design isolates and protects the backside of data pathways enclosed within the security perimeter.
Forensic Identification
CRAM uses actionable digital fingerprints for tracking and prosecution of content pirates. Non-perceptive watermarking is undetectable via normal means and does not affect playback quality. Media is personally identifiable by device, user, title and time stamp. Gotcha!