SlideShare ist ein Scribd-Unternehmen logo

Security Consideration for Set-Top Box SoC

Wesley Li
Wesley Li

Provide options on selecting STB SoC while considering security including CA, DRM and system-level security.

Geräte & Hardware
1 von 8
Downloaden Sie, um offline zu lesen
Security Consideration for Set-Top Box SoC Wesley Li, 12/2016
Summary • Current Trend on Set-top Box SoC Market • Security Is Getting Complicated • Trust Levels on Different HW/SW Architecture • Why Bother with Security Processor? • Consideration from Marketing to Hardware and System Software • Goal: The Complete System Level Security Solution
CurrentTrendon Set-topBoxSoCMarket • Service providers needs isolated environments running DRM and Conditional Access (CA) for security reasons. • Therefore, hardware-based Trusted Execution Environment (TEE) is necessary, especially on open platform like Android • That means, secure OS environment on a security processor is needed for security applications, flexibility and extensibility. Security is Key Differentiator on STB SoC
SecurityIsGettingComplicated Conditional Access (CA) Meets Open Platforms • CA on open platform like Android is dangerous • Smartcard-less CA is dream of service providers • Secure API for security or service providers to hide their secrets is key DRM Is Getting “Harder” (Hardware Support Is Necessary) • Secure storage for keys or binary without host CPU access is a must • Secured Video Path (SVP) without host access on encrypted and decrypted video contents became mandatory for 4K contents • Hardware unique key provisioning per device is extremely critical System-Wide Security • Firmware binary protection, secure boot and monitoring are needed • Process and memory isolation are just basic requirements Hard-wired Security Is Not Enough
Trust LevelsonDifferentHW/SWArchitecture Virtualization TrustZone Security Processor + General open source implementation + Multiple guest OSes flexibility < < + Security specific execution space + System-level security on CPU, memory, interrupt, crypto, etc. + Proprietary API for enhanced security + External memory isolation with hardware enforce + True TEE-based security algorithms + Proprietary crypto and key provisioning + Extensibility for vendor specific implementation - Complexity on VM synchronization with hypervisor - Limited peripheral access - Performance impact on additional guest VM - No security specific hardware optimization - Lots of known attacks - Simple secure software required - DRM and CA may not be secure enough - High overhead on context switching - Complicated system software design - Time to market
WhyBotherwithSecureProcessor? • Security Processor should be: • a dedicated CPU core inside STB SoC • running a secure RTOS and secure applications including DRM, CA, key management, etc. • communicating with host CPU through secure and proprietary interface • Security Processor can provide: • secure boot, secret storage, priority crypto access and restricted memory access for security and SVP hardware • true system-level Trusted Execution Environment (TEE) • hardware-based memory isolation from rich OS such as Android, Linux • Benefits for the system manufacturer: • Rely on hardware root of trust for crypto keys and secure boot • Better security than TrustZone • Smartcard-less CA and CA on Android platform • Hardware DRM support such as Widevine Level 1 and PlayReady 3.0
ConsiderationfromMarketingto Hardwareand SystemSoftware Marketing - Collecting info from security vendors or partners - Collect marketing requirements for security - Define system architecture for security Hardware Requirement - Co-processor for secure OS and applications - Priority access on crypto engine and secure host i/f - Secure boot, secure storage and binary protection System Software Consideration - Easy use of secure processor interface and API - Secure memory region for secure processor and SVP - CA and DRM implementation and key provisioning
Goal:TheCompleteSystemLevelSecuritySolution • Complete System Security: • Security Processor provides hardware level security, also flexibility and extensibility • Hardware memory isolation for DRM/CA, firmware protection and SVP • Key provisioning for unique hardware protection • System Software Knowledge: • Streaming integration including DASH, HLS, Smooth Streaming • Whole-home streaming with DTCP-IP, external PVR • Hardware DRM/CA/Crypto Support: • Widevine Level 1, PlayReady 3.0 and Adobe PrimeTime • NDS, Nagra, Irdeto, Verimatrix, Alticast, etc. • RSA, TLS, OpenSSL, RNG, HDCP 2.2, forensic watermarking System Level Security with Security Processor

Empfohlen

CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
Maemo 6 Platform Security
Maemo 6 Platform SecurityMaemo 6 Platform Security
Maemo 6 Platform SecurityPeter Schneider
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Fortinet
FortinetFortinet
FortinetABEP123
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxingNick Straughan
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 123: Ch 7: Programming for Security Professionals
CNIT 123: Ch 7: Programming for Security ProfessionalsCNIT 123: Ch 7: Programming for Security Professionals
CNIT 123: Ch 7: Programming for Security ProfessionalsSam Bowne
 
Why QuickBooks Premier Hosting
Why QuickBooks Premier HostingWhy QuickBooks Premier Hosting
Why QuickBooks Premier HostingJhonny Edward
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
For CIOs and CISOs: every user is a privileged user, learn how to deal with.
For CIOs and CISOs: every user is a privileged user, learn how to deal with.For CIOs and CISOs: every user is a privileged user, learn how to deal with.
For CIOs and CISOs: every user is a privileged user, learn how to deal with.John Wallix
 
DEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamDEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamFelipe Prado
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALLTheCreativedev Blog
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Defense-in-depth for embedded devices
Defense-in-depth for embedded devicesDefense-in-depth for embedded devices
Defense-in-depth for embedded devicesJiggyasu Sharma
 

Was ist angesagt? (20)

Quantum brochure
Quantum brochureQuantum brochure
Quantum brochure
 
OwnYIT CSAT + SIEM
OwnYIT CSAT + SIEMOwnYIT CSAT + SIEM
OwnYIT CSAT + SIEM
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
UTM Basic Rev 1.2 (Modified)
UTM Basic Rev 1.2 (Modified)UTM Basic Rev 1.2 (Modified)
UTM Basic Rev 1.2 (Modified)
 
CNIT 123: Ch 7: Programming for Security Professionals
CNIT 123: Ch 7: Programming for Security ProfessionalsCNIT 123: Ch 7: Programming for Security Professionals
CNIT 123: Ch 7: Programming for Security Professionals
 
kali linix
kali linixkali linix
kali linix
 
Fortinet
FortinetFortinet
Fortinet
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
Why QuickBooks Premier Hosting
Why QuickBooks Premier HostingWhy QuickBooks Premier Hosting
Why QuickBooks Premier Hosting
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, English
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
For CIOs and CISOs: every user is a privileged user, learn how to deal with.
For CIOs and CISOs: every user is a privileged user, learn how to deal with.For CIOs and CISOs: every user is a privileged user, learn how to deal with.
For CIOs and CISOs: every user is a privileged user, learn how to deal with.
 
DEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamDEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellam
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
 
Fortinet av
Fortinet avFortinet av
Fortinet av
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALL
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
 
lmplementing Firewall Technologies
lmplementing Firewall Technologieslmplementing Firewall Technologies
lmplementing Firewall Technologies
 
Defense-in-depth for embedded devices
Defense-in-depth for embedded devicesDefense-in-depth for embedded devices
Defense-in-depth for embedded devices
 

Ähnlich wie Security Consideration for Set-Top Box SoC

Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Qualcomm Developer Network
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldLINE Corporation
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortCristofaro Mune
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Riscure
 
Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.pptnaghamallella
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?Alan Tatourian
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxssusere142fe
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 

Ähnlich wie Security Consideration for Set-Top Box SoC (20)

Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 
Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.ppt
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 

Security Consideration for Set-Top Box SoC

  • 1. Security Consideration for Set-Top Box SoC Wesley Li, 12/2016
  • 2. Summary • Current Trend on Set-top Box SoC Market • Security Is Getting Complicated • Trust Levels on Different HW/SW Architecture • Why Bother with Security Processor? • Consideration from Marketing to Hardware and System Software • Goal: The Complete System Level Security Solution
  • 3. CurrentTrendon Set-topBoxSoCMarket • Service providers needs isolated environments running DRM and Conditional Access (CA) for security reasons. • Therefore, hardware-based Trusted Execution Environment (TEE) is necessary, especially on open platform like Android • That means, secure OS environment on a security processor is needed for security applications, flexibility and extensibility. Security is Key Differentiator on STB SoC
  • 4. SecurityIsGettingComplicated Conditional Access (CA) Meets Open Platforms • CA on open platform like Android is dangerous • Smartcard-less CA is dream of service providers • Secure API for security or service providers to hide their secrets is key DRM Is Getting “Harder” (Hardware Support Is Necessary) • Secure storage for keys or binary without host CPU access is a must • Secured Video Path (SVP) without host access on encrypted and decrypted video contents became mandatory for 4K contents • Hardware unique key provisioning per device is extremely critical System-Wide Security • Firmware binary protection, secure boot and monitoring are needed • Process and memory isolation are just basic requirements Hard-wired Security Is Not Enough
  • 5. Trust LevelsonDifferentHW/SWArchitecture Virtualization TrustZone Security Processor + General open source implementation + Multiple guest OSes flexibility < < + Security specific execution space + System-level security on CPU, memory, interrupt, crypto, etc. + Proprietary API for enhanced security + External memory isolation with hardware enforce + True TEE-based security algorithms + Proprietary crypto and key provisioning + Extensibility for vendor specific implementation - Complexity on VM synchronization with hypervisor - Limited peripheral access - Performance impact on additional guest VM - No security specific hardware optimization - Lots of known attacks - Simple secure software required - DRM and CA may not be secure enough - High overhead on context switching - Complicated system software design - Time to market
  • 6. WhyBotherwithSecureProcessor? • Security Processor should be: • a dedicated CPU core inside STB SoC • running a secure RTOS and secure applications including DRM, CA, key management, etc. • communicating with host CPU through secure and proprietary interface • Security Processor can provide: • secure boot, secret storage, priority crypto access and restricted memory access for security and SVP hardware • true system-level Trusted Execution Environment (TEE) • hardware-based memory isolation from rich OS such as Android, Linux • Benefits for the system manufacturer: • Rely on hardware root of trust for crypto keys and secure boot • Better security than TrustZone • Smartcard-less CA and CA on Android platform • Hardware DRM support such as Widevine Level 1 and PlayReady 3.0
  • 7. ConsiderationfromMarketingto Hardwareand SystemSoftware Marketing - Collecting info from security vendors or partners - Collect marketing requirements for security - Define system architecture for security Hardware Requirement - Co-processor for secure OS and applications - Priority access on crypto engine and secure host i/f - Secure boot, secure storage and binary protection System Software Consideration - Easy use of secure processor interface and API - Secure memory region for secure processor and SVP - CA and DRM implementation and key provisioning
  • 8. Goal:TheCompleteSystemLevelSecuritySolution • Complete System Security: • Security Processor provides hardware level security, also flexibility and extensibility • Hardware memory isolation for DRM/CA, firmware protection and SVP • Key provisioning for unique hardware protection • System Software Knowledge: • Streaming integration including DASH, HLS, Smooth Streaming • Whole-home streaming with DTCP-IP, external PVR • Hardware DRM/CA/Crypto Support: • Widevine Level 1, PlayReady 3.0 and Adobe PrimeTime • NDS, Nagra, Irdeto, Verimatrix, Alticast, etc. • RSA, TLS, OpenSSL, RNG, HDCP 2.2, forensic watermarking System Level Security with Security Processor