By Bo Ferm, director of product marketing, Verimatrix.

3 dimensional content security any screen, any network, any threat - 3D Cube.

Content protection – a historical perspective: In order to understand the impact that Verimatrix has brought to the IPTV market, an understanding of content protection in a historical context is useful. The advertising supported business model of television was augmented in the ‘70s by pay television. Pay-TV by necessity needs to protect the transmitted content to ensure that only authorized subscribers can watch it. Analogue signal scrambling was used in the early systems to prevent piracy, focusing on preventing theft of service rather than theft of content. While the former type of piracy leads to loss of revenue from subscribers receiving a pay-TV service without paying for it, theft of content is more severe since major losses will result from unlawful content re-distribution. In the analogue pay-TV days, content re-distribution was not much of an issue. With the advent of digital pay-TV, the need to protect both the service and the content became obvious, and this need escalated with the proliferation of the Internet. The first digital conditional access (CA) systems were launched in the mid-‘90s, serving a two-fold purpose: a) to protect the content during transmission by applying advanced scrambling, and b) to authorize only receivers of bona fide subscribers.

Piracy – the scourge of Pay-TV
After the initial success of digital CA systems, cases of pay-TV piracy emerged and widespread piracy resulted towards the end of the 90’s and the legacy vendors brought out more advanced systems. However, common to all CA systems was the reliance on a smart card in the set-top box (STB) to safeguard “pay-TV secrets.” This was a consequence of the inherent one-way nature of broadcasting – there was no STB return channel to an operator’s head-end. Therefore, all CA vendors chose secure-chip technology for the STB security. Despite best efforts, smart cards have remained prone to piracy and a periodic card renewal is often required, which is both costly and cumbersome.

Enter IP-based video
In the early part of the 21st century, IP-based video delivery, or IPTV, became a reality and the first commercial IPTV operators emerged using managed networks with a quality of service guarantee. Despite the two-way nature of IP-based networks, the first IPTV deployments used smart card-based, one-way CA systems. Verimatrix saw an opportunity to dramatically change the landscape by designing a content security solution that is 100 percent software-based, and by applying standards and technologies that were already proven in e-commerce. The first deployments of the Verimatrix Video Content Authority System (VCAS) took place in 2003 and this altered the field for IPTV content security as smart cards were no longer required. Not only was Verimatrix successful of convincing operators of the security advantages of its software-based solution, but also gained approval by all major studios and broadcasters for protection of premium content. Since then, 200+ operator deployments with 7 million receivers have benefited from the Verimatrix technology, including several operators that had deployed card-based systems but then realized the advantages of software-based security.

Enabling the new world of Pay-TV
Today, all pay-TV operators are faced with rising consumer demand for access to pay-TV on an anywhere, anytime basis. They must not only be able to securely deliver content to multiple devices, but also support all types of protection that content owners require across different types of networks. Simply put, it’s a matter of finding a platform that delivers protection to any screen over any network to meet any threat.

Addressing any threat: extending the security perimeter

VideoMark forensic watermarking solution.

While protecting the content during transmission and storage, and ensuring that only authorized subscribers watch it, there is still a security gap after the content has been reinstated in the clear for rendering on a display, referred to as the “analogue hole.” Analogue content can be cheaply re-digitized thanks to low-cost video encoders, and easily distributed over the Internet or on DVDs. No CA system can prevent this since the role of the traditional CA is already over by the time the content is descrambled. Therefore, a different technique is required. The most promising technique is forensic watermarking, which seeks to securely, robustly and imperceptibly embed identifying information within copies of media content, thereby directly addressing the analogue hole challenge. In particular, user-specific forensic watermarking can help establish a virtual “chain of custody” for content that accurately identifies the source of unauthorized copies, hence providing a valuable tool in potential legal actions against the culprit. Moreover, it has preventive properties since the presence of an identifying watermark will no doubt serve to deter piracy if the user is made aware – beforehand – that the content is traceable to the last authorized recipient. To meet this challenge, Verimatrix developed the VideoMark watermarking solution. This software-based and patented technology enables the real-time insertion of a payload within the baseband video output while using only a fraction of the latent CPU power in STBs and PCs. Very little information is changed on a frame-by-frame basis, making the watermark invisible to the viewer but still extremely robust against attacks by re-compression, aspect ratio manipulation and filtering. Verimatrix complements VideoMark with the VideoMark/Reveal payload extraction service to assist rights owners trace unlawfully distributed content back to its source. The payload can be extracted from low grade analogue copies of the original content, and the information obtained can be used to trace back to the time and place where the copy was originally made.

Clone Detection
Content theft and re-distribution is not the only piracy problem in pay-TV systems. Cloning of devices is another, which involves the attempted use of illegitimate client devices that are carefully constructed copies of the genuine article. The illegitimate activity masquerades as additional transactions for otherwise legitimate subscriber accounts – a form of theft of identity. Cloning can range in scale and sophistication from simple amateur mimicry of an STB identity and communication protocols to mass production of indistinguishable devices by a rogue manufacturer. Verimatrix VCAS incorporates capabilities to identify suspicious client activity that may represent cloned devices or other theft of service activities. This is analogueous to detection of fraudulent credit card transactions by flagging usage behavior that falls outside a prior established typical range. By reporting the suspicious devices, the operator can take appropriate action.

Securing the Second Screen
While IPTV, broadband and PCs would seem to be a perfect combination, the open PC environment is subject to extraordinary content security challenges. The question was whether the PC could be equally well secured, with the ultimate goal of licensing premium content for the PC. Approaches such as adding a smart card or “security dongle” have proven ineffective since decrypting content when entering the PC leaves it vulnerable to hacking. Verimatrix has solved this by integrating the decryption and decoding into a single module that is further hardened with obfuscation techniques. ViewRight PC Player has been independently audited to have zero security exposures. It is a self-contained, highly secure player that does not rely on vulnerable parts of the Windows OS.

Hybrid Networks – Seamless Service
With new ways of viewing content, consumers may be required to obtain more than one STB to enjoy their desired service. This trend is challenging traditional pay-TV operators to retain subscribers while raising ARPU. One key challenge is how to manage the content security over more than one network. Verimatrix has pioneered software-based content security for hybrid networks, by adding DVB capabilities to VCAS. By utilizing DVB Simulcrypt in the head-end, a service operator can use VCAS for both the broadcast as well as IP-based content in a single STB. This means that smart cards are not required, significantly reducing both security risks and costs. Legacy DVB operators introducing IP-based services have found it useful to add Verimatrix VCAS, which allows a gradual migration to hybrid services without disruption to services or revenue.

Solving the Multiple DRM Dilemma
The hybrid approach can also be applied to mobile video services. However, the proliferation of digital rights management (DRM) systems, notably Windows Media, Play Ready, Marlin and OMA, is becoming an impediment to the success of mobile video, whether broadcasting in e.g. DVB-H networks or IPTV services over 3G/4G networks. Since it would be impractical to include clients of all DRMs in handsets, Verimatrix addresses this challenge in the head-end instead. Verimatrix MultiRights is essentially a content rights management mechanism that adapts to, and delivers rights and content in the format expect by, existing DRMs in handsets. This unified rights management and entitlement process thus dispenses content in whatever DRM format the requesting user device needs, while providing a transparent end-user experience.

Implications for Pay-TV Operators
The integration of IP networks can provide compelling TV services, and open up a new world of services that offer “prime time on my time” for subscribers. This trend towards IP and service convergence has become a market-driven requirement where operators can expand the revenue opportunities and improve competitiveness. Optimizing the media monetization for multi-network, multi-screen delivery is a key challenge. Fortunately with VCAS technology from Verimatrix, this challenge can be overcome by using a single, software-based content authority for rights and revenue security, allowing operators to keep pace with – and profit from – the changing dynamics of the pay-TV marketplace.