Long reads


Content security in the age of multiscreen

Taped-off-TVHow is the widespread move towards multiscreen viewing affecting how content is secured? Andy McDonald reports. 

The integration of multiscreen and main-screen video services is having a profound impact on the way that operators’ services are secured – a change that is likely to accelerate as service providers build out multiscreen deployments to a bigger scale than they have done to date.

The move to IP-based video and OTT has arguably brought about a quickening transition to software-based systems and the virtualisation of security, as well as backend management and video processing technology.

With dedicated security firms keen to offer catch-all solutions in a bid to try and ease the complexity brought about by modern entertainment consumption habits, companies including Irdeto, Verimatrix, Nagra and Viaccess-Orca now look to bridge traditional conditional access (CA) systems and software solutions, while handling a range of DRMs and delivery standards.

But how is the growing range of consumption models – for instance downloading for offline viewing and sharing of content between devices – leading to new security requirements, and how is the shift towards multiscreen and OTT affecting how operators secure their services?

Move to cloud

The move to cloud delivered content is not only bringing about convergence in the security space, but consolidation among the players in this field and even some shakeout among the main DRM players – including a decline in Widevine usage since Google’s takeover of the firm in 2010.

“What we’ve seen over the last 10 years, and a real acceleration in the last few, is the viability of consumer demand and the provision of multiscreen services for premium content, to any kind of platform,” says Adam Nightingale, senior director of strategic sales, global, at media security firm Irdeto.

The company’s security solutions and services cover home networking, content format protection, conditional access, and integrated management for any chosen DRM – a combination that is designed to create a seamless end-to-end experience.  “If you peel back the covers of any kind of multiscreen service, you’ll see an enormous amount of complexity, and the challenge that we have is not to mask that, but automate as much as possible,” says Nightingale.

Irdeto’s director of multiscreen solutions Ben Gidley believes that the industry in the midst of “quite a transition” from smartcard-based systems, to software-based systems for protecting digital TV content, as exemplified by its own Cloaked CA system.  “This is about moving some of the security out of physical chips that you ship out to clients into software, and that brings a bunch of logistical benefits to the operators in terms of costs,” he says.

Gidley claims that a second important factor when it comes to simplifying security is the unification of the CA and DRM worlds so that there is the same content policy across both. “That’s really about virtualising across a whole range of DRMs. So we have a product which is all about having a central policy manager that knows which users are entitled to which content under which terms, across all the different DRMs out there and all the CA products,” he says. “You’re moving away from that concept of one set of security keys and one device, into this model where everything’s up in the cloud – you have all your entitlements up there, then you can deliver it to any device, which is much more the consumer’s expectation.”

Security rival Nagra, in addition to providing conditional access systems, follows a multi-DRM strategy allowing it to handle device-side DRM systems like Microsoft’s widely-used Playready or Google-owned DRM Widevine.

However Nagra senior director of product marketing Christopher Schouten says that the company’s own persistent rights management (PRM) security system is its preferred way to secure clients’ content, “because it’s fully under our control, it’s something we create, it’s something we implement [and] it’s something we manage the ongoing security of.”

Nagra says that unlike some DRM rivals, PRM is focused exclusively on the pay TV market. It is designed to let service providers control content consumption and distribution via several kinds of services – such as VoD and DVRs – and supports features including parental control, closed captioning and entitlement to high-demand live events during peak periods. [icitspot id=”193512″ template=”box-story”]

“Our view on what makes PRM different and special is it allows us to have the same model that we have with CAS, which is, as the Americans refer to, and forgive my vernacular here, one ass to kick. So we create the technology, we implement the technology for the customer, we ensure on an ongoing basis that the technology is secure and we take every measure required to ensure that it is,” says Schouten. “That’s very different than any of the other DRMs where one party creates it, another party implements it, and then it’s always a big question mark of who’s going to actually manage the security on an ongoing basis. So we believe very strongly that a CAS model in DRM, with regards to ownership and accountability is really key.”

Video delivery convergence

Unsurprisingly, Nagra is not the only security specialist that believes its offering is best-placed to meet operators’ needs. Verimatrix is another firm that has kept pace with new technology trends. Its Video Content Authority System (VCAS) is again designed to address the convergence of video delivery over various types of networks, whether managed or unmanaged, to a multitude of devices and to eliminate the “boundary between silo-based CA and DRM philosophies.

Earlier this year, Verimatrix also added a new hybrid IP network security solution to its line-up called VCAS for Broadcast-Hybrid. Verimatrix marketing vice-president Steve Christian says that this is about “tying together these components in a way that appeals to a specific market constituency – cable operators undergoing a transition to all-IP delivery.”

For Christian, the big theme at Cable Congress this year – aside from discussion of major acquisitions including Liberty Global’s takeover of Dutch operator Ziggo – centred around technology and solutions. He highlights in particular “this notion of moving content delivery from fixed-bandwith segments on a QAM-based multiplex to a multicast delivery over a DOCSIS modem set-up – DOCSIS 3.1 in particular. That covers the transition of linear content from the RF world into the IP world”.

“The parallel path for on-demand and catch-up content is to use adaptive bitrate streaming solutions, in particular HLS-based solutions today. Of course Verimatrix has had both the RF technology and the multicast security technology and the adaptive bitrate technology available on the different solution headings. So VCAS for Broadcast-Hybrid brings together all three of those components in one package,” says Christian.

Like its rivals, Verimatrix offers multi-DRM support – including for streaming services that deploy enhanced HLS security, MPEG-DASH, Microsoft Smooth Streaming and PlayReady and Marlin DRMs. However, Christian says that Verimatrix’s DRM system offers everything PlayReady on its own can provide, including download and offline capability but “in a more flexible format, accounting for the use of, for instance, domains in houses for multiple devices under one subscriber account and accommodating the churn of OTT devices.”

The DRM debate

Microsoft claims that its PlayReady DRM, which boasts big-name clients such as Netflix, is the “most deployed content protection technology in the world.” In the DRM space, it certainly appears to have risen in prominence against rivals in the space such as Widevine, which was acquired by Google in December 2010.

“I think if you look at the marketplace today, the most widely-used DRMs are probably PlayReady and Widevine in legacy situations, because we’re seeing less and less Widevine being implemented after the Google acquisition,” says Nagra’s Schouten.

Christian at Verimatrix agrees: “There used to be something that was the Widevine adaptive streaming format. That has basically been dropped now, and that annoyed a lot of people, who won’t go near that technology any more. There’s no support for live delivery using Widevine – the only upside that technology has is it’s being given away free inside an Android environment, but that doesn’t help you on iOS, doesn’t help you on PCs, doesn’t help you in any other environment.”

Chris Santini is Microsoft’s director of strategy and business planning for its online services group, which is responsible for security components that include Playready. He claims that Google’s decision not to support specific live features through Widevide essentially locks it out of the live TV market, “which is becoming more prevalent over-the-top”.

“The way that service providers view their customers has expanded dramatically beyond the traditional set-top box world. Approximately 30% of TVs sold last Christmas were internet-enabled, so that’s a significant trend, and delivering media over IP is not the future, it’s now. How they’re doing it, how they secure it, stream it and how they monetise it has changed dramatically over the last 18 months and will continue to do so,” says Santini. [icitspot id=”193552″ template=”box-story”]

From Microsoft’s point of view, PlayReady offers service providers peace of mind, as they can get studio approval for content relatively quickly. Santini claims that outside of a PlayReady environment, operators may need to do individual device-by-device certification to get content – something he says that is “almost unmanageable” from an application standpoint if you are seeking certification for some 40 device types.

While Microsoft has already benefited from some shakeout in the DRM market, Santini believes there is still going to be “significant consolidation” among the DRM providers. “With the advent of 4K or Ultra HD there will be enhanced security requirements associated with a hardware-based or a hardware-plus-software-based DRM. The only people that will be able to provide that are people that are tied natively to the operating system and connected through the chip. So pure software-based DRM in the long term for premium content will likely not exist.”

Market consolidation 

Santini believes that consolidation and acquisition is likely to happen with firms that enable client-side technologies for specific implementations. “A classic example is Discretix being acquired by Viaccess-Orca as an adjunct service to its traditional CAS business, so they maintain customer control,” he says. “What we’re seeing there is if an OTT-DRM provider gets in there and it’s out of control of say the CAS vendor, they basically have a competitor in their major account. By offering that service, which service providers demand, they’re maintaining customer ownership.”

Viaccess-Orca agreed to buy the SecurePlayer business from Discretix Technologies, a provider of embedded security and content protection solutions, in March of this year. SecurePlayer is a multiplatform media player, available for Android and iOS tablets and smartphones, that incorporates DRM for premium video-on-demand and live content. Viaccess-Orca said at the time of the deal that it will offer SecurePlayer as a standalone product and as part of the company’s Connected Sentinel range of content protection solutions for IP-enabled content services.

David Leporini, executive vice president of marketing, products and security at Viaccess-Orca, says that with more value migrating to OTT services and the rise of TV everywhere services, broadcasters and operators are already looking to unify the way that they handle their services.

“They don’t really care if this is conditional access on one device and a DRM on other devices – they want to manage the services the same way. They want to apply the same rules. They want to manage the subscribers the same way, they want to change [security] keys the same way and they want to apply parental control the same way. This is especially true for live,” says Leporini.

In terms of where the industry is going, Leporini believes that there will be greater convergence in security technology on the hardware side between set-top boxes and mobile devices – thanks to the silicon used in these devices.

Citing ARM as an example of a major player in both the mobile and set-top box industries, Leporini says that “the way to secure DRM and conditional access, or the most sensitive parts of them and key management, is starting to be common ground between most of these devices. I think this will potentially accelerate the migration or uniformity of the solution and accelerate the availability of this security framework or buildings in various devices.”

However, he believes that migration to purely cloud-hosted security solutions, and the resultant breakdown of the traditionally silo-based approach to delivering different types of content will take longer to disappear.

“Unless you’re talking about greenfield projects, you must remember that you have legacy deployments, legacy systems,” says Leporini. “You have service platforms that are used to dealing with IPTV or you have infrastructure dealing with broadcast, and you have silos dealing with OTT. If you want to operate from one unified headend, moving this to the cloud, this will potentially take time. It’s not really a technology issue and infrastructure issue, it’s already a migration sign and an investment issue.”

Most Recent