Long reads

A Sky in the Cloud : multiscreen security solutions

The UltraViolet initiative has given a boost to the notion of cloud-based digital lockers as the route to secure multiscreen on-demand availability. But does the concept make sense for pay TV operators? Anna Tobin reports.

Keeping your content in a virtual ‘cloud’ that can be accessed any time, any place on any audiovisual device is no longer the stuff of pipe dreams. It can be done. The technology is there; and it’s now so intuitive that it won’t take long for consumers, whatever their age, to find their way around it either. What everyone is trying to work out is how it can be done securely and therefore profitably. And, in most cases, it’s content rights that are causing the problems.

Unless it’s his or her own content, the consumer only owns or has the right to view the content he or she buys for ‘anytime, anywhere’ viewing with restrictions. They can only access their ‘cloud library’ on a set number of authorised devices and in authorised territories. And too many restrictions will slow down the mass-market roll out of ‘whenever, wherever’ initiatives and make things incredibly messy.

“Many companies have attempted to solve this problem over the years,” says Godert Burghard, vice-president of sales, EMEA at security technology provider Irdeto. “Audible, now owned by Amazon, provides its customers with content they purchased over 15 years ago, so to that extent, this is a successful example of how a digital locker-based business model can be of great benefit to consumers.” Audible provides digital audio book downloads to Android and iPhone, MP3 players and computers and it’s content can also be burnt to CDs. Digital libraries have been largely stored at consumers’ premises. The move is to have stuff stored at the content provider’s end.

Apple led the way with the idea of cloud-based content, dominating the market initially with its iTunes offering and now through iCloud, which allows the consumer to access their content via their own iCloud. iCloud content can be accessed via any Apple device or, less publicised because they’d rather you used an Apple device, via a compatible Windows PC. “Apple has a very successful vertically integrated ecosystem of devices and online stores,” says Steve Christian, vice president of marketing at digital security company Verimatrix.

Apple’s success is largely down to it owning all links in the chain: the hardware; the software; the web services, in the form of iTunes and iCloud; and, the retail outlets. “If you look at Apple’s strategy its vertically integrated,” reiterates Howard Silverman, pay TV software provider NDS’s senior product marketing manager. ‘The focus up to now, from iTunes has been essentially downloads. They are not competing with traditional pay TV subscription services. It’s a key question as to whether they will continue to exist alongside these or whether they will eventually work together.”

The UltraViolet initiative

With the expansion of iCloud rights to include TV shows and movies purchased via iTunes, the premium content industry is watching Apple closely.

In the meantime, a number of other key players have got behind the more open UltraViolet initiative. This interoperable cloud service has led the way in enabling users to store their digital entertainment content in the cloud and access this content across multiple platforms, i.e. through connected TVs, PCs, game consoles, smartphones and tablet PCs. It’s had a slow start, but then as Jim Welch, director of worldwide marketing and communications at Motorola SecureMedia, points out, one key task has been to re-educate the audience. “You are seeing a transition of an audience. They need to get used to the streaming and download model from the cloud, as opposed to the owning and purchasing DVD/Blue-ray disc model,” he says.

UltraViolet is run by The Digital Entertainment Content Ecosystem (DECE), a cross-industry consortium, with the aim of “developing the next-generation digital media experience based on open, licensable specifications and designed to create a viable, global digital marketplace”. Its focus is really about offering a replacement to Blu-ray and DVD, physical media formats whose sales have been falling dramatically.

[icitspot id=”25570″ ]While most of the Hollywood Studios have got behind UltraViolet, Disney has not. It had been focusing instead on its own proprietary digital locker Keychest, which has now developed into Disney Studio All Access, the gateway for consumers to access all Disney movies, plus related extras whilst earning rewards on all devices whenever, wherever.

Consumers like things to be easy. To take a food-shopping analogy, in the main consumers today don’t want to go to the fishmonger for their fish and the butcher for their meat and the greengrocer for their fruit. They like all their food requirements to be available in one place – i.e. in the supermarket.

If, as is likely for the short term at least, content is to be sold from a number of different walled gardens, that content will have to be pretty special if the source that it emanates from is to survive.


Whether you are behind it or not, UltraViolet is the closest that digital rights managers have to a global standard for distributing anytime, anywhere content. “There have been a number of industry initiatives over the years to provide standardisation of aspects of digital distribution,” says Silverman at NDS. “UltraViolet certainly has the support and endorsement of the main content providers, with the exception of Disney. All the main Hollywood studios and content owners were looking for the next thing after DVD, with sales going flat and declining, digital download to own is largely seen as a replacement for DVD sales.”

Producing a secure super-marketplace from which consumers can access device-agnostic digital lockers, however, is extremely difficult and it’s the security demands that cause a number of complications. “To successfully deliver this model to consumers in a world of incredible device diversity, there are two major technical challenges content providers must overcome,” says Burghard at Irdeto. ‘The fast and efficient management of content throughout a workflow designed to prepare the content for any device – including things like the appropriate encoding, content protection, metadata formats, geographic and parental restrictions, etc.; as well as the dynamic security required to protect the content and the application once it arrives on the device.”

The increasingly sophisticated relationship between content provider and bill payer can’t be overlooked here, says Carl Davies, global marketing director, cable, broadband and satellite at Convergys. “The operator no longer just has a relationship with the bill payer, but it’s also between the bill payer and other end or device users. And you have to take into account the influences of the buying decisions within the family unit, especially with the impact of social media,” he says. “You have the in-home experience and the outside-of-home experience across multiple devices and both carry one specific challenge. That is how do I know, as an operator, who is authorised to see which service on which device? You need to apply the parental controls attributed to the customer’s profile. It could be, for example, that someone’s son is not allowed to view certain content between certain hours and on certain devices.”

If the DRM service is providing premium content they also need to be able to keep a constant check on it to ensure that it is being used according to the agreement that they have with the content originator. To ensure this it has to keep check of who is accessing it, and where and the question is what is the best way of doing this? Do you force the user to log in, every time they view it? This is particularly difficult in a fragmented marketplace, such as Europe, where different countries within that region have different regulations. For example, France may have a different release window dates to neighbouring Spain or Italy. “It will become increasingly frustrating for a consumer who’s paid for a multi-screen service to find that when they go abroad they can’t access that service. It’s not such a problem for a country the size of North America, but this poses a big challenge for operators in parts of Europe, for example,” says Davies at Convergys.

There are a lot of parameters for any set of standards to cover. And, even if it can be done in the intuitive way that consumers are increasingly coming to expect, there is the argument, that from a content owner’s perspective, the move towards a few global standards could actually be dangerous and play into the hackers’ hands.


UltraViolet, will be a particular target for hackers, points out Jean-Marc Racine, managing partner at digital TV consultancy Farncombe. “Its focus is premium content that’s being offered right after theatrical release. Being at the beginning of the content lifetime, it is very valuable and so attractive for hackers,” he says. “Keeping things secure is going to be a challenge. If you look at Apple, it controls the hardware and the software and the operating system. It has full control of its environment; as do the pay TV operators; and, to some extent, Microsoft in the PC environment, they are constantly keeping on top of their security with security updates. But UltraViolet doesn’t control all the devices it’s distributing to, how is it going to keep the platform secure? If there is a security breach, how do you make sure that all the devices remain secure when you don’t control all of them? One rogue device and your content could be gone.”

A certain amount of fragmentation is healthy for the DRM market, says Alec Main, vice-president, software security, at Nagravision. ‘There are benefits to having multiple DRMs, in terms of security and piracy, but the reality is that four or five is probably the right sort of number. The big challenge of too much standardisation is that it opens up vulnerabilities and if a hack is made against the standards, it applies to everyone,” he says.

The number of major global players behind UltraViolet, including BT, Cisco, Comcast, Samsung, Fox Entertainment Group, Sony and Warner Bros, would indicate, however, that there is supreme confidence in the safety of the system. And its size and scope makes it an attractive proposition for others looking to enter this cloud space.

Should the market veer more towards fragmentation, perhaps it won’t harm the end-user’s experience. Nor should it impact heavily on the development of multi-screen content distribution, providing all the different interfaces can be easily aggregated so that the end-user is almost unaware that he’s ‘shopping in various stores’, as opposed to just one.

“In Irdeto’s view,” says Burghard, “the fragmentation of DRM is not a significant problem for multiscreen content distribution. Many companies are using multiple DRM standards – and other security schemes – to distribute their content to multiple devices. They are using solutions such as Irdeto Broadband Control to effectively manage multiple DRM servers from a single management console after a simple one-time set-up. This removes the complexity of operating multiple security schemes and frees up content providers to create the best and broadest content experience they can for their customers.”

There is no doubt, however, that device fragmentation in the market is driving operators crazy, says Welch at Motorola SecureMedia. “We are definitely seeing the operator’s pain in terms of the technical complexities involved in getting content delivered securely to all these devices and the increasing storage costs for encoding and transcoding all that media. We address these issues with our studio-approved Encryptonite One HLS Plus solution,” says Welch. “We’re supporting a laundry list of various multi-devices that will continue to grow based on consumer popularity and operators’ wishes. We want to make everything as secure as a traditional set-top box by providing advance security techniques. If you stream content to an Android device, for example, using our Encryptonite One HLS Plus, we encrypt frame-by-frame, chunk-by-chunk with a unique encryption key. The one master key to unlock, is also encrypted to the device whatever it is. So if someone did try to jump in and tried to hack, we would instantly notify the operator and, worse case, they would only steal one frame, as each frame is locked differently.”

Pay TV

Traditional pay TV operators still dominate the market for premium content, protected by proven conditional access technology. And the competition between them is about to hot up as they work out how they can best combine their existing delivery platforms with internet delivery services. As many pay TV providers also offer broadband internet, we can expect to see their anytime, anywhere TV packages increasingly sold with the add-on of personal storage lockers, to which the end-user can upload their own files for storing or sharing.

Pay TV providers are all looking at different ways of putting content in the cloud, says Davies at Convergys: “There is potential [in making content more accessible for the consumer] to tie this in to their bundling of their multi-play household services. There is a real hook between multi-screen and multi-access propositions going on.”

Pay TV operators are extremely well positioned to link up with the UltraViolet initiative to either become a digital movie retailer themselves, or to use their presence in customers’ homes to offer access to subscribers’ digital locker libraries via the set-top box or other multi-screen applications they’ve already deployed, points out Burghard at Irdeto.

“Both options add value and stickiness to the customer relationship, as well as the potential to generate new forms of revenue. And, as the Android platform grows in popularity, it is clear that there is a tremendous opportunity for Google to create an ecosystem similar to Apple’s as well, which may or may not include a tie-in to UltraViolet,” he says.

UltraViolet, however, is the baby of the Hollywood Studios and the latter have grounds to be wary of pay TV’s motives. One theory put forward in a White Paper sponsored by Veritmatrix, Content Security Requirements for Multi-Screen Video Services, authored by Bill Rosenblatt, is this: “Content owners are concerned that TV Everywhere-type systems will lure consumers into ‘walled gardens; where the pay TV operators will have more control over programming economics. For this reason, they tend to favour open-internet services…. Therefore, content owners may tend to give more liberal terms to open internet players than they give pay TV operators.” Later on, however, the paper concedes that “content owners don’t want any one of the OTT services getting too much market power either”.

As they operate vertical systems pay TV operators have greater control over where their output goes, which will be appealing to content owners. “The security requirements for pay TV are at set-top-box level and you can certify those boxes and lock them down, through Nagra-On-Chip-Security, for example, and watermarks,” says Main at Nagravision. “What we have been doing in the pay TV industry is really what is needed on other content receiving devices. As more live content and HD goes over the top, there is going to be more demand for security such as our chip level security.”

All these issues had to be confronted when the pay TV industry took off 30 years ago. There were security breaches and cases of misuse, but they’ve been ironed out. As we move to the next stage of anytime anywhere viewing there are bound to be teething problems. The challenge will be to keep on top of them.