Two themes are dominating the discussions at video service operators worldwide: the evolution of security requirements for multi-network, multi-screen delivery systems and, the impact of MPEG-DASH as a standardized streaming delivery protocol. Solving thorny and complex content rights issues and implementing industry-wide standardized streaming protocols are essential for delivering high quality over-the-top and multi-network, multi-screen services. The discussions surrounding these issues are a positive sign that video service operators are poised to deploy more sophisticated and high quality services. Although consumers will not likely be aware of the changes in the back-end infrastructure this session will examine a range of solutions that will enable video service operators to offer consumers a winning combination of a less confusing and fragmented array of device capabilities, and a broader range of content choices.

1. Petr Peterka
CT O
p et r@ve rimat rix.co m

2. 1. History of Pay-TV and Content Protection
2. Business Model and Release Window Evolution
3. Distribution Network Evolution &
4. New Device Emergence
5. OTT Disruption
6. Content Protection Challenges
7. Service Operator Desired Scenarios
8. Unified Solution
9. Standardization

3. • Analog Conditional Access Systems
• Digital Conditional Access Systems
• Embedded vs. Smart Card solutions
• Two-way IP Conditional Access
• Digital Rights Management
• Output protection and home networking
Increased contact value and quality => increased
security requirements

4. • Linear TV -> PPV -> DVR
• On-demand Services -> Network DVR -> Cloud
Content
• Electronic Sell-Through -> Rental -> Subscription VOD
• Day-and-date release -> Early Release/Premium VOD
Business models and user expectations are changing
rapidly

5. • One-way cable, satellite and terrestrial networks
• Two-way IPTV networks
• 3G/4G/LTE distribution
• Unmanaged OTT networks
The goal is to reach as many subscribers over any
network on any device

6. • Set-top box -> DVR -> Residential GW
– Custom built, single-purpose devices, integrated security
• PC/Mac -> Smart phone -> Tablet -> Game consoles
– Retail distribution, multi-purpose devices, limited security
• Connected TV and Connected Blu-ray players
– Retail, single-purpose moving to multi-purpose devices
Control over a device is shifting from the network
operator to the consumer

7. • Initial OTT services were underestimated
– Low-value content, low quality and resolution
– > limited security
• Consumer acceptance drives demand for high-value
content and higher quality (HD)
– > higher security requirements
Content value comparable to Pay-TV content demands
comparable content protection

8. What is Content Protection?
– Content encryption
– Authentication
– Secure key management
– Rights management
– Output control
– Link protection
– Forensic watermarking

9. 1. Premium VOD
– Strong encryption, robustness rules, protected outputs
(HDCP, no analog), forensic watermark
2. Home Entertainment/Electronic Sell-Through (EST)
– Strong encryption, AACS-like, analog sunset
3. PPV/Subscription VOD
– Strong transmission encryption, DRM for downloads, copy-
once outputs
4. Free-to-air
– DRM for downloads

10. Challenges in multi-network/multi-device environment:
– Streaming vs. persistent download/recording
– On-line vs. Off-line consumption
– Smartcard -> cardless security
– Software obfuscation, white-box crypto, integrity
checking, …
– Secure SoCs, TrustZone
– Device robustness rules

11. Deter Piracy – Enhance Revenue Security
• Address the challenges of digital video distribution
– Especially for “early release window” HD and Premium VOD
• Assist in fighting illegitimate content distribution
– Act as a strong piracy deterrent
– Change consumer perception of “free” content
• Complementary to the use of CAS/DRM systems
– Extending the security perimeter via a layered approach
Copyright © 2007-2011 Verimatrix, Inc. 11

12. • From a single-network solution:
– IPTV or DVB
– STB -> DVR -> Whole-Home DVR
• To a multi-network solution:
– DVB live services augmented by IPTV on-demand
• Augment managed network distribution with
unmanaged network/OTT distribution
– Reach mobile and tablet devices
– Reach beyond physical network boundaries

13. SMS / Middleware
Single Security Authority Linear
Content
Broadcast
Client Support
Bcast CSM Key &
(DVB one-way) control
data ViewRight
DVB One-way DVB STB
Multiplexers,
Scramblers,
OMI / Entitlement Interface
Modulators
Verimatrix
Entitlements
DB

14. SMS / Middleware
Single Security Authority Linear
Content
ViewRight
Client Support
Bcast CSM Key &
(DVB one-way) control
data ViewRight
DVB One-way DVB STB
Multiplexers,
CSM Scramblers,
(IPTV/Hybrid)
SEI / Entitlement Interface
Modulators
ViewRight
Hybtrid STB
IPTV &
Verimatrix
IP return path Hybrid
for ViewRight IPTV,
Hybrid clients ViewRight
PC / Mac
Encoders,
Encrypters,
Servers
Entitlements
DB
On-demand
Content

15. SMS / Middleware
Single Security Authority Linear
Content
ViewRight
Client Support
Bcast CSM Key &
(DVB one-way) control
data ViewRight
DVB One-way DVB STB
Multiplexers,
CSM Scramblers,
(IPTV/Hybrid)
SEI / Entitlement Interface
Modulators
ViewRight
Hybtrid STB
ACSM IPTV &
Verimatrix
Adaptive Streaming IP return path Hybrid
for ViewRight IPTV,
Hybrid, or OTT clients ViewRight
PC / Mac
Encoders, iPhone &
Encrypters, Mobile
Servers Internet &
OTT
Entitlements
DB
On-demand
Content

16. Video content distribution system must support:
1. Multiple networks: 1-way, 2-way,
managed/unmanaged
2. Multiple devices: STB, RGW, Hybrid STB, PC/Mac,
mobile/tablet, connected TV, game console
3. Multiple CAS and DRM solutions
4. Common Operator Interface
5. User domain management and common entitlements

17. • DECE/UltraViolet
– Common File Format
– Common Encryption
• MPEG-DASH
– Unified Adaptive Streaming Protocols
– Common Media Presentation Description
• HTML5
– Adding support for protected content
• DLNA
– Premium Video Profile
Help is on the way

18. Dynamic Adaptive Streaming over HTTP (DASH)
• Unified Media Presentation Descriptor (MPD)
• Supports several profiles:
– 3 ISO base media file format (MP4)
– 2 MPEG-2 TS profiles
W3C HTML5
• Encrypted Media Extension
• Need to indicate protection system and how to
request content keys (or a license)

19. <video width="320" height="240" controls="controls">
<source src="movie.mp4" type="video/mp4" />
<source src="movie.m3u8" type="video/hls" />
<source src="movie.mpd" type="video/dash" />
Fallback - Your browser does not support the video tag.
</video>
UI as HTML5 Web Page
Extended HTLM5 Browser Core
Key and
Adaptive Protocol
Stream
& Video Stack Security

20. Content Protection White Paper: Content Security
Requirements for Multi-Screen Video Services
• Bill Rosenblatt & Verimatrix
• http://copyrightandtechnology.com/2012/01/09/ne
w-white-paper-content-security-requirements-for-
multi-screen-video-services/
• http://www.verimatrix.com/multiscreensecurity/