• Multi-screen security was quite the hot topic at the latest installment of our Multi-Network Solutions in the Real World series, where an esteemed panel of industry experts from Sony Pictures, Harmonic and Akamai, discussed the trends that are currently shaping today’s multi-screen, multi-network deployments.  The panel provided detailed examples of real world deployments, including those related to content rights management and delivery standards, such as MPEG-DASH. Spencer Stephens of Sony did a great job of portraying the complexity of the ecosystem required to deploy these advanced services. Check out the video interviews with the panelists.

• Standards MPEG-DASH, UltraViolet & HTML 5 have made great strides in simplifying life for both the content provider or operator as well as the CE vendor.  As those standards gel, and a common set of business rules is developed, the numbers of interconnections that need to be made is reduced, greatly simplifying the delivery of premium content.

• A common topic during press and analyst briefings was leveraging device authentication for HLS as a cornerstone of the Verimatrix enhanced HLS security.  We are very excited about this approach as it meets studio requirements to assure that subscriber account credentials are not being illegitimately shared. Robust device authentication capabilities, coupled with secure subscriber entitlement management, positively reinforces licensing requirements that increasingly demand counting and limiting the number of devices concurrently authenticated against a given subscriber account. Verimatrix is currently rolling out some 30 OTT projects based on HLS around the world. If you’d like to learn more about our approach on this, please check out Steve Christian’s recent blog posts.

• Future-proofing your network has never been more important.  We live in a multi-DRM world, as exemplified by both Marlin and PlayReady being chosen by DECE for the UltraViolet service. Choosing a flexible revenue security solution that can support both, therefore, is critical. We are proud to be the only company with concrete support for both in addition to, of course, our commitment to HLS and – as it evolves – MPEG-DASH. If you add to this the Verimatrix cross-DRM support for Subscriber Super Domains, which involve automatic entitlement to all a subscriber domain’s devices regardless of DRM and network connectivity, operators are as future proof as possible while enabling the friction less viewing experience consumers expect.

• And finally it seems that the demos get better and better every year, and 2012 was no exception!  In particular, Dolby’s 3D television demo stands out in my mind as exceptional.  No glasses, no headaches, viewing from any angle.  The initial demo was on a 55” Philips TV and videos were instantly immersive, with none of the usual 3D disorientation.  Also notable was the fact that the demo also included a 9” tablet and a smartphone screen. Impressive!

All in all, it was a great show — well-attended and full of valuable content.  Drop us a line and let us know if you observed any strong themes emerging from the show as well.  We’re always keen to hear if we’re on target.

Also, we’ll be heading to ANGA Cable, NexTV’s South America Summit, Broadcast Asia and CommunicAsia next month — give us a shout if you would like to arrange a meeting.

Authentication mechanics for commercial video services rest on two principals: determining the integrity of the requesting entity, and authenticity of the client device.  Authentication ensures that client devices are attached to paying customers, and helps guarantee that only bona fide subscribers are able to watch protected content. After a specific content item is selected by the consumer, a simultaneous transaction occurs to obtain the necessary keys, where the unique local certificate validates the identity of the specific client involved. If the keys are legitimately available, the protected stream deliveries can be decrypted for viewing.

The persistence of authentication between viewing sessions takes the Internet TV industry beyond the outmoded computer-centric models of session-based login/password viewing control, and provides a more natural model for managing security on devices that lack native keyboards (TVs, set top boxes, etc).  The approach can also be conveniently leveraged on app-centric tablet and phone devices.

An additional advantage of the device authentication model is that it can meet the frequent studio requirement to assure that subscriber account credentials are not being illegitimately shared. Robust device authentication capabilities will likely fulfill licensing requirements which increasingly demand counting and limiting the number of devices concurrently authenticated against a given subscriber account.

When device authentication is combined with a PIN number, a two-factor authentication technique is created. Two-factor authentication techniques are especially useful when subscribers want to override existing account settings.

Enhancing Content Security and Revenue Security

As the OTT video market continues to mature, and as operators work to blend OTT into their traditional services, enhanced HLS security functionality is required to ensure effective and efficient control over delivery of premium content to OTT devices.  A proactive approach to HLS security not only puts operators in a better negotiating position for gaining rights to multi-screen content, but it also enables operators to optimize that content  for different platforms, consumer devices and customers.  Therefore, optimizing HLS security for OTT video distribution protects not only content, but helps to enhance service revenue.

Are you convinced you need enhanced HLS security on your OTT video network? Visit us at NAB 2012 and let us know your thoughts.

Optimizing HLS security for Both Consumers and Service Providers

The HTTP Live Streaming (HLS) adaptive bitrate protocol is rapidly gaining momentum as the standard streaming format of choice for over-the-top (OTT) video services across the broadest range of device types.  However, while the HLS protocol incorporates a baseline security model for service delivery, it does not itself define a complete solution for streaming high-value protected content. 

While the protocol as written includes a standardized encryption mechanism for each media chunk that employs industrial strength AES-128 CBC encryption and a framework for fetching the associated keys, this is not sufficient for the protection of premium content in a pay-TV setting as  the basic protocol set up for key management is very lightweight and not subject to any kind of robustness regime that might protect valuable media.

So what are the solutions available to enable commercial grade service delivery?

Protecting key delivery using a basic HTTPS/SSL connection as advocated in the simplistic first generation implementations of delivery systems is a poor match for the expectations of both service providers and content consumers. Despite the encryption of the key while in transit, anybody who can isolate a URL related to the key server will have access to the keys since there is no client authentication, only server authentication.

From an architectural standpoint, a simple SSL connection with server-only certificate authentication is a bad match for securing premium content video services as it was designed to secure transactions where the client had to be sure it was communicating with a trusted server before transmitting secret information (ie., passwords and financial data), as opposed to the server being assured that it is being contacted by a trusted client. Imposing ID and password protection on this mechanism denies the consumer the instantaneous gratification of simply turning on and tuning in.

The architects of HLS, as defined in the IETF submissions, opened the protocol for security extensions, meaning that HLS can be extended with innovative  security techniques to qualify for premium content licensing and to protect pay-TV services to iOS and Android devices, Windows and Mac OS computing platforms, connected TVs/STBs, and so on.

The most essential security techniques commonly used in other pay-TV systems are client device authentication and subscriber entitlement management.  Specifically, there appears to be a trend toward leveraging device authentication techniques, along with pre-existing authentication information, to help enhance consumer security and ensure a frictionless viewing experience for the consumer.

In my next post, I’ll explore emerging security techniques that can be used to augment and enhance HLS.  As always, we would love to know your thoughts. Please leave a comment or join our Multi-network Video Solutions discussion group on LinkedIn

The first black and white TVs in the 1920s had a screen size of about 4 inches. As the technology improved, screens grew to 10 inches, and later on to 20 inches. Then color TVs were introduced in the 1950s with a whopping screen size of 7 inches.  As technology continued to mature, screen size increased again to 20 – 30 inches.

As I was strolling through the exhibit, I was struck by the similarities between the evolution of TVs and mobile devices.  For example, do you remember when the first mobile devices started receiving TV streams?  Those mobile phones had a screen of three inches or so.  However, as the over-the-top (OTT) industry – or broadband TV industry as Jon Cody proposed at the OTTCON in Santa Clara last week – industry evolved, it had to invent tablets with seven to twelve inch screens and eventually connected TVs with 30, 40, 50, etc. inches.

It seems clear to me that history is repeating itself, or perhaps evolving in a spiral. Indeed, the same seems to be happening with content protection. We started with analog conditional access systems more than two decades ago, and evolved to digital conditional systems. As content value and quality increased, additional requirements for output control and copy protection were imposed by content owners.

We are seeing the same evolution in OTT (or broadband TV), which was initially underestimated and thus had no or very little content protection. But as the content quality (i.e., bitrate and resolution) and content value increased (full length movies, earlier release windows, etc.), the security requirements increased as well. Full-fledged CAS or DRM systems are required now, and as tablets and other portable devices start including digital outputs, HDCP will be also required.

This actually brings the security and robustness for OTT devices to the same level as for traditional set-top boxes. Even the hardware-assisted security that is already commonplace in many set top boxes (STBs) with secure system on chips (SoCs) is slowly being expected in mobile devices, sometimes in the form of a TrustZone implementation. In fact, this was the conclusion of our recent Content Security Requirements for Multi-Screen Video Services whitepaper, as well as of my recent talk at OTTCON .

Thinking about it a bit more, this approach makes sense – if the same content in the same quality appears on your good old STB in the living room, why should it be protected less on a portable device? And as a result, content protection technology is evolving as well. We are no longer limited to smart cards as an increasing number of software-based, cardless solutions emerge. Other techniques such as code obfuscation, code integrity checking, and white-box cryptography seamlessly augment hardware-based solutions. It appears that the industry is evolving and content protection is evolving alongside it.

What do you think?  What do you think is the next step in the evolution of content protection?  And if you’ve seen the history of TV exhibit at SFO, I’d love to hear your thoughts on that as well.

For Indian cable operators it is imperative to choose a security architecture that supports both the immediate analog-to-digital transition while also laying a sound foundation for the future – a future that may include delivery to PCs and Macs, games consoles, smart phones, tablets and other mobile devices.

Aspiring cable operators ultimately should strive to implement a CA/DRM system that can serve as a unified revenue security platform for services destined to reach multiple screens across multiple networks. They will want a solution that can draw on the best of encryption, conditional access, digital rights management and video watermarking techniques to dynamically apply whatever types of security are appropriate to each service, no matter which delivery network is used, and no matter what type of subscriber device is used to access it.

In fact, handling rights and subscriber management for different DRM systems from a unified security head-end is the ultimate objective.

Fortunately, Indian cable operators can now escape traditional CA system single-network restrictions without compromising security or adding complications to the consumer’s experience. In fact, a card-less system can provide new levels of security essential to new multi-screen service models that would be virtually impossible to achieve with legacy systems.

A unified, digital TV security system is a vital ingredient for operators looking to expand their service profiles, to meet contractual and service protection obligations. A single security authority, offering multi-layered protection, allows new business models to emerge and flourish.

This is certainly a very exciting time in for the cable industry in India.  The digitization efforts present operators and technology vendors with challenges and opportunities like never before in the history of television in India, and it will be interesting to watch the transition roll-out.

You may want to download our white paper on the network migration topic, “New Content Security Strategies Transform Pay-TV Service Migration.” The paper covers what operators should consider when upgrading their networks.

Licensing of quality (“premium”) content is the cornerstone of a successful pay-TV enterprise. For movie studios and other content providers the threat of large-scale piracy, which could undermine the lifetime revenue potential of their products, is a major concern. Moreover, the commercial stakes for HD content are significantly higher than those of SD – and 3D has been added to the mix in some parts of the world.

And of course content providers are focused on enforcing digital rights through a combination of technological and legal processes. Rights owners and pay-TV operators alike expect digital TV security vendors to address the evolving challenges through a set of technologies and tools that encompass complete revenue security, during content creation, storage, delivery, and consumption – and beyond the network too.

In this respect, Indian cable TV operators planning for the digital transition will benefit from choosing a security vendor that is well known among, and trusted by, the content providers. Perhaps the most important consideration is the vendor’s record of pay-TV operator deployments around the world.  It is particularly important to consider the vendors’ track record is helping operators migrate from a smart card- based security system to a cardless system.

The cardless security of modern set-tops can either consist of a very low-cost box with a highly obfuscated, software-based security module, or a sophisticated system-on-a-chip (SOC) with embedded security features that enables the most robust and impenetrable pay-TV security possible today. The security module is software-based but resides in a highly secure environment that cannot be penetrated by the tools traditionally used by smart card pirates.

The secure SOC solution also solves the “control word sharing” piracy problem. In some legacy systems, the Control Word (content scrambling key) is passed in the clear between the smart card and the set-top video/audio descrambler. Pirates have found ways to intercept the key and share it with other (non-paying) subscribers over the Internet. Thus one hacked box can be used as a “server” for many others to steal pay-TV services. In the secure SOC environment, the key is never exposed in the clear outside the secure area, and hence the control word sharing threat is overcome.

Renewability of security subsystems is a distinct advantage in a landscape of fast changing threats and business opportunities, making software-based security an attractive option. Content security is an arms race against pirates and fraudsters, so the security must be renewable. Software-based security, in combination with state-of-the-art secure SOC technology, offers flexible renewability options allowing cable operators to stay a step ahead.

Software-based and cardless security combines lower CAPEX and OPEX costs into a more favorable Total Cost of Ownership profile. Threats can be countered by over-the-air updates.

Have you transitioned from a smart card-based security system to a cardless system?  What do you see as the primary advantages or benefits?  Do you think Indian operators would be well served to deploy a cardless system?

For additional information on software-based security solutions, please download our white paper, The Advantages of Software-Based Content Security in a Multi-Device, Multi-Service Pay-TV World.

As Indian cable TV operators go through the analog-to-digital transition, they must proactively plan for and address a unique set of technology issues. Ultimately, the objective is to choose a security policy and technology path that minimizes costs without sacrificing the ability to meet service (revenue) requirements in the long run. The choice of security technology is both critical and fundamental to the future competitiveness and financial performance of Indian cable TV operators.

While Indian cable operators consider and plan for the transition from analog to digital, it behooves them to consider in parallel the value brought by digital TV security providers.

Indian cable TV operators, whether small or large, would be well-suited to realize that a flexible and effective digital TV security architecture can be an essential enabler of innovative business models and improve their competitiveness. The choice of the overall security solution is therefore a critical strategic decision. This consideration also shifts the perspective of the security technology from traditional content protection to the broader concept of revenue security.

We think that revenue security is really at the core of this transition, and therefore will be developing a series of posts exploring the challenges facing the undertaking (and our thoughts on possible solutions).  We’ll address digital TV security considerations, explore security issues from a content owners’ perspective, and provide some practical guidance on revenue security.

We’ll be at the SCaT Workshops Mumbai, 15-16 March 2012 at the Hotel Taj Vivanta President in Mumbai, India.  There, we will be hosting the next installment of our Multi-Network Solutions in the Real World forum series during the workshops on 15 March 2012 at 16:15.

During the session, we’ll explore new advanced options for addressable digital video security systems that provide flexibility during new network deployments or upgrades of existing digital networks.  In particular, we will explore how such solutions can provide cost effective scalable configurations for smaller deployments that can be upgraded to full multi-network head-ends in a seamless manner. We hope you can join us!

If you are attending the Workshop, please chime in below and let us know which particular topics you would like to see covered.

Verimatrix has enjoyed a series of operator success stories in the Gulf region, with the crown jewels being the Etisalat eVision IPTV and eLife OTT services. Our collaboration with some of the leading infrastructure and technology vendors has built leading multi-network services that address not only the UAE, but also deliver multi-lingual pay-service content to a global audience.

I’ll be sharing some of the details behind these successful deployments, specifically focusing on how operators can unify subscribers’ multi-screen experience across networks and devices.  In addition, we’ll explore the obstacles that could impede a successful deployment –such as different security systems for different networks — and how to overcome them by developing a unified multi-network security operation.

I’m also delighted to have of our partners Envivio and NXP Software joining us, along with Adriana Whitely from the specialist digital TV consultancy Farncombe.  This will certainly be a lively event full of practical information.

If you’re attending CABSAT, please join us. More information on the event, including the full agenda, can be found here.

For an in-person look at the award-winning Etisalat deployment, you can drop by our booth #S1-K13, where we will be demonstrating our Verimatrix Video Content Authority Solution (VCAS™) 3, the revenue security solution behind Etisalat’s eVision and eLife services.

See you in Dubai!

Just this month, I am proud to say we hit another major milestone that reflects as much on the entire digital video industry, as it does on Verimatrix. We celebrated reaching 500+ pay-TV operator customers and securing more than 20 million screens. (For additional milestones, read about our global number one ranking in Content Protection/DRM in MRG’s IPTV Market Leader report – for 5 1/2 consecutive  years!)

A large part of our tremendous growth has been due to the pay-TV planets colliding. Back in 2006, virtually all of our customers were delivering green field IPTV services over managed networks. Fast forward six years, our heritage in IP-based security techniques has placed Verimatrix in the center of this collision.

Cable and satellite providers are taking advantage of IP networks for two-way communication – over both managed and unmanaged (OTT) networks.  IPTV operators are also turning to Internet-based OTT video to enable a compelling multi-screen experience. And we are finding that increasingly even “pure play” OTT video providers need to meet the same content security requirements for premium video as the traditional operators do (see our latest white paper, Content Security Requirements for Multi-Screen Video Services.) Of course, there remain tens of thousands of analog operators that are still transitioning to digital (India’s Phase I digitization this year presents a wealth of opportunities.)

Our cable and satellite (DVB) customer base increased 100% in 2011, and we’ve had a 500% growth in secure OTT video services. Based on feedback from customers, particularly our DVB customers, they feel more confident that our VCAS solutions will help them extend into multi-network, multi-screen video services more efficiently.

Additional proof of our position in the market can be found in our 3-Dimensional Security approach, which we introduced more than three years ago: Flexible layers of protection techniques that address evolving business needs and revenue threats. In other words, any screen over any network to meet any threat. This clearly still rings true today.

Since celebrating this milestone was so much fun, everyone is focused on reaching the next one!

How can we provide our customers with the most innovative solutions for securing and enhancing revenue for multi-network digital TV services on the market today?

This month, Verimatrix has been recognized for our innovation by two separate entities, both distinguished in their own right.

During CES 2012, our MultiRights solution won the Content Protection category at the prestigious 2012 TV Innovation Awards.  Very exciting news, especially considering the source of the award.  Now in its third year and administered by IMS Research, the 2012 TV Innovation Awards are one of the premier endorsements of innovation in television. The awards recognize the most forward-thinking companies that are creating products and services to change the way people watch television.  We are thrilled that Verimatrix was honored as one of these companies.

We feel that this commitment to innovation has also contributed to our sustained market leadership in software-based security. In December, MRG released its bi-annual IPTV Market Leaders Report that named Verimatrix in the top position. This marks the 11th consecutive time that we have maintained our market share in IPTV, representing 5 ½ years of Verimatrix global leadership.

Not a bad way to ring in the New Year!  We are thrilled to kick off 2012 on such a high note and look forward to continuing our relentless innovation in multi-network and multi-screen content protection and revenue security. Our philosophy is that if we offer our customers innovative solutions for securing and enhancing revenue on their multi-network digital TV services, we help them to market leadership positions in their own business. Their success becomes our success.