3. Trends & Challenges
• ContentDistributioneco-systemis becoming
ubiquitouswith the availability of mobile devices:
– Mobile devices such as smartphones, tablets and
hybrids are increasinglybecoming preferredentry
point in the content distributionframework.
– Multimedia Traffic emerging as main driver for mobile
traffic.
• Challenges:
– Secure distributionof the content to a largenumber
of heterogeneous devices.
– Meet the commercialmotivationof all the
stakeholders in the Content distributioneco-system.
10/31/13 3
4. Trend: Emergence of Mobile Devices As
Point of Entry and Primary Screen
Miracast:Wi-Fi wireless
Display
Link
protection
DRM
• Mobile devices becoming
primary screen:
• Driven by availability of devices
such as Chromecast and other
solutions based on Miracast
and MHL standards.
• Better User Experience for
content sharing and discovery
in Home.
10/31/13 4
9. Commercial Motivation of Various
Stakeholders in Content Distribution Eco-System
Content Rights Holders
• Increase Media Contentmonetisationthrough:
• Licensing dependent on usage policy and betterreach of
audience.
Content Aggregators and Service providers
• Monetisationthroughbetteruser experience:
• Recurring Subscriptionor Pay per View of contentpackages.
OEMs
• Productsales throughdifferentiationin user experience or
contentservices:
• Fastertime to market, lower BOM costs.
10/31/13 9
10. Issues
• Common Issues before stakeholders:
– How to support various business models requiring
different content protection solutions?
– How to support heterogeneous devices and
platforms?
– Certification & Security Assurance.
• Goal: Any Device, Anywhere
10/31/13 10
12. Multiple DRM Management:
OEM Perspective
• Current Implementation Scenario for an OEM :
– Multiple versions of the same device to meet
specific content protection needs of different
service providers and eco-systems:
• Complex to manage custom made solution for every
service provider and market.
– Support multiple DRM solutions in the device at
the manufacturing time :
• Costly option to support multiple DRM solutions in a
single device.
10/31/13 12
13. OEM Motivations
• Motivations for an OEM:
– Support content protection mechanisms to meet
business needs of various service providers/eco-
systems at low cost.
– Minimize inventory management and cost of
implementing content protection solution.
– Standardized certificate regime to ease content
license acquisition.
• Goal:
– Anywhere at low cost.
10/31/13 13
14. Significant Preference for a Solution Based
on a Single Content Security Platform
Source:2013StreamingMediaSurveyof 758 Media Industry Executives
on Over-The-Top(OTT)Videoand SecurityTrends.
10/31/13 14
15. Multiple DRM Management:
Architectural Approaches
• Popular Approaches:
– Eco-systemCentric Approach
• An eco-system (or a service provider) supports multi-DRM
solutions that work across a large number of devices
implementing one or more DRM mechanisms approved in the eco-
system:
– UV adopts this approach, where a device needs to support one of the
several DRM systems adopted by an eco-system.
– Any Device—as long as all popular DRM solutions are supported in an
eco-system.
– Device Centric Approach
• Alternative approach is device centric, where a device implements
a generic secure trusted platform.
• Device can then download a DRM agent supported by the service
provider or eco-system.
– Anywhere -work with any eco-system or service provider.
10/31/13 15
16. Downloadable DRM-Advantages
• Downloadable DRM:
– Advantages:
• Attractive for an end user, who could buy a device from
a retailer and use it in an eco-systemor service
provider of his/her choice.
• Ability to support multiple markets in cost effective
manner for an OEM.
• Ability to distribute contentto multiple devices &
platforms for Service Providers.
• Better reach of audience for Rights Holders.
10/31/13 16
17. Downloadable DRM Challenges
• Main challengeis the formulationof
ComprehensiveSecurity Framework
specifications:
– Download DRM mechanism needs specificationof the
secure trusted platformin the device satisfyingthe
C&R requirementsof the various DRM vendors and
Content Providers.
– Needs a Standardizedcertificationregime:
• Every instanceof the trusted platform need to be certified as
conformantand compliant.
• Rules need to be specified regardingthe downloaded code
that specifieswhereit can run.
10/31/13 17
19. GlobalPlatform Enabled
Multiple DRM Management
• GP Premium ContentTF intend
to addressfollowingIssues:
– Comprehensive Set of
Security Features to support
both downloadable and pre-
integrated DRM solutions.
– Standardized APIs for trusted
Video Path Access by
multimedia applications.
– Certification and Compliance
Regime.
DRM TA
Media Player Application
TEE Client API
Communications
stack
TEE
Platform/ Hardware
Media Buffer View
Messages
Rich Execution Environment
(REE)
Trusted Execution Environment
(TEE)
Media Buffer
Media Playback
Link Control
10/31/13 19
20. Positioning of TEE
• TEE as a part of the Trusted Media Playback
Platform provides
– Isolated Environment within SoC for secure
execution of tasks.
– Set of security features for robust DRM
installation.
– Interface with other secure peripherals and
Elements to realize trusted video rendering path
10/31/13 20
21. 10/31/13 21
Streaming
App Browser
Watermark,
Decrypt &
Decode
Encrypt Decrypt
Global Platform APIs for the query and validation of
End-to-End Trusted Video Rendering Path
Remote SecurityValidation of the End-To-End Video Rendering Path.
22. TEE Role in Trusted Media
Playback Platform
• TEE rolein providingsecure end-to-endtrusted video path:
– Complements Trusted Media Playback platform by enabling robust
DRM implementation and protecting assets such as:
• DRM App secrets and keys;
• License Storage and management;
• Usage Policy and
• Account Info.
– Interfaces with other components of Multimedia Framework in secure
and normal world
• for media playback, scheduling and rendering.
• for secure download of DRM module and integration with rest of the
multimedia framework.
– Provides static and dynamic attestation information for the various
elements of video rendering path in the device.
– Integrates with higher level of application layers such as HTML5 and
W3C extensions for user interface.
10/31/13 22
23. Advantages of TEE based
Downloadable DRM and Final
Remarks
10/31/13 23
24. Content Piracy Prevention through TEE
• Content Piracy Prevention
– Risk management can provide effective deterrent and
prevent piracy from destroyingthe value of the content
• Self-Protecting Digital Content-Tech. Report by Cryptographic
Research Institute:
– http://www.cryptography.com/public/pdf/SelfProtectingContent.pdf.
• TEE for Piracy Prevention
– Acts as a security plugin to the platform OS (Android,
Windows or Tizen)
• TEE provides secure environment for sensitive tasks without
exposing cryptographic credentials.
– Provides a programmable security environment where
updates can be provided in case of security breach.
10/31/13 24
25. 10/31/13 25
Windows Platform
Android Platform
TrustedExecution Environment
[Systemon Chip
Module (SoC)]
Provides security plugin or services to
platformOS
26. Summary
• TEE-based Downloadable DRM in Global Platform
– Provides a standardized security plugin to platform OS that
enables the secure execution of tasks in the end-to-end
trusted video rendering path:
• Addresses Heterogeneity, Fragmentation and Security Assurance
Issues.
– Achieves the common goal of various stakeholders
• Any Device, Anywhere.
• Challenge:
– Formulation of Comprehensive Security Framework.
– Standardized Certification & Compliance Regime.
10/31/13 26