Security across different screens

The requirements of multi-screen video delivery present a series of challenges, but how much of a problem do multiple DRMs and streaming standards present to service providers? Andrew McDonald reports.

The move towards accessing content from a range of screens and devices in recent years has thrown up new security issues and rights management requirements. As OTT  and TV Everywhere-style services from traditional broadcast players jostle for space, ubiquitous web-delivered content is subject to a number of issues and challenges. Fragmentation, both in terms of DRM and adaptive bitrate schemes, pose technical problems and have the potential to add costs to the roll out of services – as does the need by service and content providers to deliver a consistent experience across a disparate range of devices. Yet with standards like MPEG-DASH designed to act as an international standard for HTTP-based streaming, how complex will the future of IP content delivery be and how are delivery and security specialists meeting these challenges?

DRM shakeout

Though DRM fragmentation is arguably a major headache in the online security space, it is not a new phenomenon. The market in recent years has, if anything, improved, argues Werner Strydom,  vice-president of solutions at media security firm Irdeto.

“If you go back a couple of years, the landscape would have been slightly different – you would have had IPTV solutions that tended to use DRM for content security and then the more traditional conditional access solutions for cable, satellite and terrestrial. I think the DRM fragmentation was a lot worse at that point,” he says.

Strydom claims that operators will eventually only likely need to support two or three DRMs – rather than six or seven – and tips technologies including Microsoft’s Playready, Google’s Widevine and Adobe Access DRM over the likes of OMA and Marlin DRM.

Dan Peters, director of product management for multi-DRM online video platform provider Saffron Digital – which powers solutions for the likes of KDDI in Japan – argues that there will be even less fragmentation in the future. “I think that over the next year or so, you’ll start to see the market coalesce around one or two major DRMs,” he says, claiming that it is already able to focus on just a couple when a few years ago it would have been “looking at three or four or five DRMs”.

For operators, different DRMs and bit-rate schemes may add more cost and barriers to delivery, but from a security systems vendor’s point of view it can offer opportunities. David Leslie, the regional head of Motorola’s SecureMedia division in EMEA, says that OTT DRM requirements are giving it opportunities to compete with the major conditional access operators who have dominated in the broadcast space.

Even though SecureMedia has been subject to a number of major takeovers – first by Motorola, which was then bought by Google, before the search giant agreed to sell the division that houses the unit to Arris – Leslie says that the firm has historically been a “relatively small player” on account of its past focus on managed two-way IPTV networks. However, he believes SecureMedia’s expertise is now paying dividends in the OTT space, whereas the major CA players “don’t necessarily have the right people, the right attitudes, the right agility to manage in the two-way environment.”

Another factor to consider when it comes to DRM fragmentation is the idea that any further simplification of standards beyond a few key DRMs could be detrimental to the core purpose of securing content. David Leporini, executive vice-president of marketing, product and security at Viaccess-Orca says: “I’m not sure we can bet everything on one single DRM and I’m not sure this would be a good thing.” [icitspot id=”75582″ template=”box-story”]

He argues that if live TV Everywhere-style delivery of content to different devices always relied on a de facto, standardised DRM, “the question is, who is checking this, who is enforcing this, who is responsible for this?”

He reasons that with traditional conditional access systems, pay TV operators pay for someone to take charge of security enforcement – a concept that carries over into the multi-device world. It is better for someone to be clearly in control in case the implementation is compromised, he says.

Marketwide fragmentation

Steve Christian, vice-president of marketing at Verimatrix, a specialist in securing multi-network, multi-screen digital TV services, also says that in contrast with DVD standards, which have been “pretty slow moving for 20 years or so”, operators “have to accept a little bit of dynamic in the marketplace and cater for it by having an infrastructure that accommodates shifts in technology and bridges between different formats and different rights management schemes”.

Howard Silverman, product manager at Cisco’s service provider video technology group, agrees that while fragmentation is an industry-wide problem, it is something that “spans far broader than DRM”, encompassing different stream formats, connections and connection speeds, operating systems and content rights. As such it is almost inevitable that DRM is also fractured, he says.

“In the multiscreen space, our security paradigm is what we call ‘moving target,’ which means simply that for each of the platforms, we provide platform-unique and at times content-unique security elements that change over time. Essentially any piracy that is attempting to understand how the system works is constantly having to reset and start again,” says Silverman. “When people think about DRM, they often think ‘it’s just the gatekeeper, it’s the lock on the content to make sure it’s not stolen.’ But actually I would say that part of our time is obviously making sure that the systems are robust and not broken.”

Simon Trudelle, senior product marketing director at Nagra says that while DRM fragmentation is a “major issue”, it is differences in target devices, rather than in DRMs and adaptive bit-rate formats, that pose the real problems. “Different screen resolutions, APIs and security capabilities create a lot of challenges for service providers, particularly in Android-based and connected TV environments. With Android the different screen resolutions is an obvious challenge, but the difference in security on different Android devices has a bigger impact. For instance, some Android devices will not provide any protection on digital outputs – e.g. HDCP on HDMI – and this restricts which content can be provided on the devices,” he says.

Indeed, at Conax – a supplier of both conditional access technology for digital-TV and security systems for IP-streaming – executive  vice-president of products and partners Tom Jahr cites fragmentation of the device landscape as the biggest single problem for content providers.

“For connected TV you have different TV vendors, and even within the same vendor there may be different technologies. One service may not be compatible on the next generation TV. For Android you have everything ranging from version 2.1 to the latest, 4.2, and they may not be compatible. You have the iOS devices, you have PC, you have Mac, you have games consoles,” Jahr says.

Combined, he stresses that both adaptive bit-rate schemes and DRMs add costs and restrict providers from rolling out services, as it requires them to encode in all different profiles. However, he says that new technologies like MPEG-DASH and HEVC video compression standards are “significantly improving both how easy and expensive it would be to roll out OTT services in the future”. [icitspot id=”75632″ template=”box-story”]

Market simplification

The common encryption within the MPEG-DASH adaptive bit-rate standard enables different DRMs to be used with a single set of content files.

At Viaccess-Orca, Leporini says that it is a “very important standard” that would help cut through complexity, likening it to a DRM version of Simulcrypt – which in the broadcast industry allows for the simultaneous broadcast of a transmission signal via various encryption and decryption systems.

“The fact that you basically have one delivery protocol, one content packaging, and then you can apply various DRMs – for instance if various devices want to target and embed various DRMs that support MPEG-DASH – this is a huge advantage and is something that we intend to support,” says Leporini.

Saffron Digital’s Peters says that MPEG-DASH is a “really strong standard” that is very promising in terms of its ability to use a reduced number of profiles across multiple devices.

However, Peters says that while MPEG-DASH will simplify and reduce costs in the mid- to long-term, “as with any new technology it will take time to mature in market and get to market, so in the short term it’s probably going to add complexity”.

Christian at Verimatrix agrees that in the short-term MPEG-DASH will serve to add “yet another streamed format into the mix”, of existing streaming technologies, giving you “HLS, smooth streaming and DASH, potentially, that need to be supported concurrently”. Yet he believes that over time DASH will lead to convergence in the market and will “simplify the life of the operator”.

DRM and CA convergence

With the rise in online services and demand for cross-device access continuing at pace, the security industry is changing to adapt to these changes – something which in the future also promises to change the face of traditional broadcast security measures.

Irdeto’s Strydom says that while operators have not yet started to move away from conditional access systems in a big way, in the coming years he predicts that conditional access implementations will start to look more like DRM implementations and vice versa. “DRM and conditional access have been evolving towards each other and they now look so similar that it doesn’t make sense to separate them any more,” he says.

Peters at Saffron Digital agrees: “I think generally what we expect to see over the next couple of years is a blurring between linear TV services, VOD services and how you access television across all devices. What we expect to see is those technologies consolidating and actually delivering against what the end user wants, which is ‘how do I access the content that I want to watch based on the access the services that I own, whenever I want to access that content.’”

While new standards including MPEG-DASH promise to help to address the problems caused by fragmentation such as multiple DRMs, bodies including the Smart TV Alliance and the the Digital Video Broadcasting Project (DVB) are also working hard to unify technical standards. While there will not be a one-stop answer to the challenges of delivering multi-screen security, perhaps it is better for both security service providers and the operators that it stays this way.