Post on 14-Sep-2020
transcript
ACCESS CO., LTD. Sumitomo Fudosan Sarugaku-cho Bldg. 2-8-8 Sarugaku-cho, Chiyoda-ku, Tokyo 101-0064, Japan www.access-company.com
Verimatrix, Inc. 6059 Cornerstone Court West San Diego, CA 92121, USA Telephone: +1-858-677-7800 www.verimatrix.com
Connected Home Solution for Pay-TVACCESS NetFront™ Living Connect with Verimatrix Content and Revenue Security for Enhanced Home Video Networking
VERIMATRIX, INC. AND ACCESS™ WHITE PAPER
2 | February 2014
VERIMATRIX, INC. AND ACCESS™ WHITE PAPER
The Connected Home
Home Network Challenges
With the rapid proliferation of connected devices, the
home network has emerged as the meeting point of
the Consumers Electronics and Pay-TV worlds: devices
can discover the home network, become aware of each
other, and share content subject to content usage rules.
Standardization initiatives are essential to ensure inter-
operability and compatibility in this new era.
The Digital Living Network Alliance (DLNA) is a stand-
ards consortium that has created guidelines for media
sharing and distribution among Consumer Electronics
(CE) devices. DLNA was originally designed for Local
Area network connectivity and Personal content (mov-
ies, pictures, music).
Since then, DLNA has expanded the guidelines and
addied CVP-2 Premium Video sharing and link layer pro-
tection. With DLNA Premium Video, service providers can
offer consumers the ability to stream their favorite televi-
sion programs and movies to DLNA Certified® products
such as digital televisions, tablets, smart phones, Blu-ray
disc players and video game consoles. To learn more, go
to www.dlna.org.
Studios are promoting the use of link protection for pre-
mium content distribution, such as DTCP-IP (Digital
Transmission Content Protection for Internet Protocol,
also for DLNA Premium Video). At the same time there
is a sharp increase in video display devices that are not
DTCP-IP capable. Since content security and integrity
remain the primary concerns of content rights owners,
they are understandably reluctant to allow distribution of
high value content to such “uncontrolled” devices.
On the other hand, offering DLNA within their home
media gateways comes with potential security issues
for pay-TV operators. Opening their platforms to devices
that are not controlled could lead to security threats.
Even so, supporting the broadest range of device types
is a must for operators to offer competitive TV Every-
where services.
So, how can the TV Everywhere environment be secured
in order to facilitate content licensing and, ultimately, to
maximize the content monetization potential and sub-
scriber ARPU?
Verimatrix and Access together meet this challenge by
providing a unique architecture, combining DRM and
DLNA and thus bridging the pay-TV and CE universes.
This document provides a brief overview while a more
detailed technical description is available under NDA
from either company.
The Connected Home – Devices
Content enters the home from multiple sources with dif-
ferent usage rules (constraints) that depend on the busi-
ness rules defined by the content owner, to be enforced
by the pay-TV operator.
The media consumption devices belong to different
device families:
• Residential Gateway (RGW) or Set-top Box (STB)
• Second STB, e.g. low-cost (possibly retail) “zapper”
STB with no PVR
• Connected/Smart TV and STB
• Apple iOS devices: iPhone, iPad, iPad Mini, iPod
• Android devices, e.g. Samsung Galaxy tablets and
smart phones
• Windows Phone platforms
• Game Consoles e.g. Wii, PlayStation, Xbox
• Desktop computing platforms: Windows OS, Mac
OS
• Any Digital Media Access device, such as Portable
Media Players
The challenge of offering a competitive TV Everywhere
service, and the associated content security, lies in cop-
ing with the mix of managed (often operator-provided)
devices and unmanaged CE devices. This is where
ACCESS and Verimatrix offer a joint solution for pay-TV
operators.
Connected Home Solution for Pay-TV | 3
ACCESS and Verimatrix Connected Home Solution for Pay-TV
Connected Home Solution for Pay-TV
Verimatrix and ACCESS have combined forces to pro-
vide pay-TV operators with an interoperable and secure
solution for TV Everywhere content delivery. DLNA is
used as a technology leverage that bridges the pay-
TV and Consumer Electronics (CE) worlds. The opera-
tor distributes its content to CE devices with a minimum
investment while granting the required security level
thanks to the combination of Verimatrix Video Content
Authority System (VCAS™) and ACCESS NetFront™
Living Connect.
This unique solution brings real value to operators and
content owners by enhancing their offer within the home
with opportunities for increasing their ARPU. The busi-
ness models that used to be constrained by studios and
rights owners are now enabled; for instance, content
sharing within the user’s domain or providing remote
playback functionality.
Business Models
The joint solution is agnostic in terms of content distri-
bution and devices, thereby enabling advanced multi-
screen and multi-network business models. The sup-
ported models for content delivery to the residential
gateway are linear, on-demand and push TV/video ser-
vices. The re-distribution of content in the Home Net-
work supports the following models:
• Streaming
• “Download and play” including progressive download
• Multi-Room
• “On the go” place shifting
• “Off-Line” time shifting (PVR)
• Push VOD
All types of networks such as xDSL, FTTH/FTTC, DVB-
T/S/C, 3G/4G/LTE, and hybrid network variants, are fully
supported. The solution complements the traditional ver-
tical broadcast model and offers a bridge to cloud based
OTT services (i.e. multi-network and multi-screen).
ACCESS NetFront Living Connect
NetFront™ Living Connect is a Digital Living Network
Alliance (DLNA) Technology Component™ solution
that enables Pay TV operators and device manufac-
turers to quickly and efficiently implement multiroom
and multiscreen services. NetFront Living Connect
can be deployed on set-top boxes, digital TVs, home
gateways, smart phones, tablets, digital cameras, net-
work attached storage (NAS) boxes and more. It ena-
bles device and content discovery within the home net-
work and subsequent streaming, or possibly copying
of the content, between devices in the home. This uti-
lizes home networking technologies including Ethernet,
MoCA and Wi-Fi, etc., and standard protocols such as
UPnP, HTTP, and MPEG-2 TS.
DLNA enables an extended whole home DVR capa-
bility by treating a single DVR or RGW as a Digi-
tal Media Server (DMS), which receives the ser-
vice provider’s content and redistributes it within
the home to client devices called Digital Media
Players (DMP) or Digital Media Renderers (DMR).
Among the benefits for pay-TV operators are:
• Enables new business models
• Multi-room viewing via standardized technology
• Provides cost savings by leveraging robust DLNA
and CVP-2 specifications
• One-stop solution for operators
• Modular architecture supports Quad-play multi-screen
• Provides Premium Video distribution using DTCP-IP Link
• Integrates seamless with proprietary CA/DRM
NetFront Living Connect has achieved an extensive
track record of successful DLNA Certified® device
deployments on a variety of CE devices. It is optimized
for embedded devices and features high portability
together with a flexible modularity that allows it to func-
tion with any OS or CPU while also providing for easy
customization.
4 | February 2014
VERIMATRIX, INC. AND ACCESS™ WHITE PAPER
Combining of DRM and DLNA Tech-nologies – The Best of Both WorldsThe Verimatrix and ACCESS collaboration is based on the
common understanding of offering the appropriate secu-
rity level to the operator for enabling Home Network fea-
tures and by re-enforcing security whenever and wher-
ever required. The DTCP-IP keys remain controlled by
the pay-TV operators or by a trusted third-party. There
is a single integration point in the head-end via the Veri-
matrix Operator Management Interface (OMI), and at the
device level through the Verimatrix ViewRight® security cli-
ent. The OMI component features APIs to manage entitle-
ments, messages, devices, content and configurations.
OMI provides a unified head-end interface for operators
offering digital-TV services through different networks and
subscriber devices. OMI simplifies head-end integration
and enables homogenous subscriber and rights man-
agement for heterogeneous networks and devices. VCAS
then secures pay-TV services delivery to all types of sub-
scriber devices over various networks such as DVB one-
way, IPTV, OTT and hybrid networks and receiver/display
devices. The operator benefits from a proven and secure
end-to-end solution, which is trusted by content providers.
The level of security that is applied to each type of content
is mapped to content rights within DTCP-IP usage. The
content distribution security is adjustable dynamically:
• Non-protected
• DTCP-IP only
• VCAS only
• VCAS + DTCP-IP
The solution is made even more powerful through the con-
sumption reports that the ACCESS component provides.
Use Cases
There are several key use cases related to sharing of high-
value content within the subscriber’s domain, whether at
home or away. They range from simple streaming of live
content or content stored on a RGW/DVR , for example
the Verimatrix ViewRight Gateway to other devices in the
home such as smart TVs or tablets, to accessing con-
tent while away from home. Use case examples:
• Content Sharing within the Home Network
• Content Sharing with Cloud Assistance
• Off-Line Consumption
Verimatrix Video Content Authority System (VCAS™)Verimatrix VCAS provides the content security tools and
support digital TV operators require in order to address
the new opportunities arising from the accelerating con-
vergence of video delivery over various types of networks
– whether managed or unmanaged – to a multitude of
devices. This convergence must encompass a proactive
revenue protection and enhancement approach that ena-
bles service operators to cast a much wider net with their
service offerings. As a consequence, the central value
proposition for the pay-TV enterprise shifts beyond that of
traditional, single network content protection alone, towards
the broader perspective of multi-network revenue security:
• Extending the operator brand and subscriber rela-
tionship beyond the living room
• Addressing the competitive impact and opportuni-
ties of OTT and mobile video
• Providing personalized choices and viewing models
across all client devices
• Enabling content monetization spanning multiple
networks and geographies
• Assuring subscriber loyalty and potential for
enhanced ARPU.
Deployment Versatility and OpportunitiesVCAS is the realization of the Verimatrix 3-dimensional
digital-TV security strategy, which extends beyond the
legacy conditional access approach in order to pro-
tect pay-TV services delivered to any screen over any
network while combating any threat. VCAS enables a
number of network specific solutions built on a common
platform with modular extensions per market segment.
It implements a single security authority for multiple net-
works and devices, supporting various video and DRM
formats while providing a harmonized cross-network
entitlement management, for these market segments:
• VCAS for IPTV, securing managed networks, includ-
ing IP-Hybrid networks and receivers, enhanced by
secure Wholesale/Retail content distribution, and a
Hospitality-optimized version
• VCAS for Internet TV, featuring enhanced HTTP
Live Streaming (HLS) security for OTT
• VCAS for DVB, securing “one-way” broadcast net-
works (cable, satellite and terrestrial)
• Verimatrix MultiRights (multi-DRM support):
Microsoft PlayReady and Marlin DRMs
• VideoMark™ and StreamMark® user-specific
forensic video watermarking.
Pay-TV OperatorBack-endSystems
VerimatrixVCASOMI
Netword-adaptedContent and
Revenue SecuritySubscriber
Connected Home Solution for Pay-TV | 5
Architecture Overview
The custom secure modules are:
• Secure Content Manager: supports Content
Aggregation, Metadata Aggregation
• Report Manager: provides exhaustive consump-
tion reports base on each content ID
• Object Rights Manager: manages entitlement
translation for mutual understanding and enforcement
(e.g., content is recordable; content is deliverable to a
second device; DTCP-IP is enabled; third-party DRM
is allowed; off-line consumption is enabled)
• Device and Domain Manager: Management of
devices and home domain, interface with Operator
subscriber management and CA cloud services.
• Secure Peer layer API: provides secure access to
DTCP-IP keys and constants, read and write mecha-
nism for secured data.
NetFront Living Connect, ViewRight Clients and Whole-Home DVRInherent in the manner that content is recorded, and
how the keys to access the same are managed, VCAS
protection may be extended via ViewRight Gateway to
other VCAS enabled devices in the home. For instance,
other STBs or connected TVs in the home may already
be VCAS enabled.
For the purposes of media sharing around the home,
VCAS has been issued a MIME type by IANA (Internet
Assigned Numbers Authority) such that CDS may sig-
nal VCAS content protection in the description element.
The playback process on any ViewRight enabled device
in the home domain is identical to that for local DVR
playback as described above, with the exception that
the content must be discovered and fetched across the
local home network. In particular, the additional content
protection layers and mechanisms scale in a very effec-
tive manner from the recording to playback device in this
architecture.
Keeping content persistently protected by VCAS from
the central ViewRight Gateway to other low cost con-
nected display devices is an economical and secure
way to transfer and view content, especially as it elimi-
nates the risk and cost of the re-encryption step on the
gateway device.
NFLC
NFLC-S Modules
NFLC
DLNA Standard(HTML5 RUI, CVP-2, DTCP-IP)InteroperabilityConsumer ElectronicsMultiplicity of Devices
Tailor Made Add-onsManage CA/DRM metadata
CA/DRM interoperabilitySecure mechanisms
Bridge between:- DRMs- CAS to DRM- PayTV to CE
NFLC-SModules
NetFront Living Connect – Context
DTCP-IP
SecureContentManager
SecureMedia
Manager
DLNAWeb
ServerMPE
AKE AES
CDS
ObjectRights
Manager Device andDomain Manager
SecurePeer Layer
API
ReportManager
MIDDLEWARE
VCAS DRM/CAS
MEDIA PLAYER
NFLC
Home Gateway
PVR
NVRAMSecured Hardware SoC NVRAM
KEYS
APIs
NetFront Living Connect Context and Architecture
NetFront Living Connect – Architecture
Whole Home DVR System with ViewRight Enabled Client Devices
ViewRight Gatewayacts as RGW and
DLNA DMS
2nd ViewRight STB as DLNA DMR
Optionalmobile device
as DLNA controllerWiFi
ViewRight Desktop PC application
as DLNA DMR
VCAS broadcastcontent
Home Network
6 | February 2014
VERIMATRIX, INC. AND ACCESS™ WHITE PAPER
Extending Distribution in Home Networks via DLNA and DTCP-IP
NetFront Living Connect and DTCP-IP
The concept of a RGW device, such as ViewRight Gate-
way, is gaining more attention with the aim of minimiz-
ing the number of STBs in the home (typically a signifi-
cant capital expense for the service operator), while
leveraging other devices already in the home such as
Connected TVs, PCs, game consoles, etc. DLNA ena-
bles such a business model by treating a single DVR or
RGW as a Digital Media Server (DMS), which receives
the service provider’s content and redistributes it within
the home to client devices called Digital Media Players
(DMP) or Digital Media Renderers (DMR).
This model may also be extended from recorded/stored
content on the DVR/RGW to live linear content, with or
without the intermediate recording step.
For premium content, DLNA provides a mechanism to
signal content protection in the Content Directory Ser-
vice (CDS) via a standardized MIME type. By default,
DLNA supports Digital Transmission Content Protec-
tion for Internet Protocol (DTCP-IP) link protection that
is independent of the CA/DRM used to deliver the con-
tent to the home. When DTCP-IP is used, the DMS ter-
minates the service provider’s CAS/DRM, decrypts the
content and re-encrypts it for further distribution within
the home over DTCP-IP.
Challenges of DLNA Content Distribution
DLNA guidelines create a very powerful framework for
effective content sharing using a home network. How-
ever, just using the technology may not fully address all
relevant issues for pay-TV content distribution. The fol-
lowing list outlines possible shortfalls:
Domain Control
Typically a pay-TV operator has full control of how many
subscriber devices (e.g. STBs) there are in a home and
will charge the user accordingly. With DLNA the opera-
tor can deliver content to the DVR/RGW but then have
no direct control over how many devices the content
can be re-distributed to within the home.
Content Protection
Another potential issue is that many devices that carry
the DLNA logo do not support DTCP-IP link protection
as it is optional and not necessary for sharing photos or
music within the home. Moreover, makers of PCs and
mobile devices may defer DTCP-IP adoption due to per-
ceived complexity of implementing the DTLA (Digital
Transmission Licensing Administrator, LLC).
Copy Control
CAS/DRM systems typically deliver content with a set of
Copy Control Information (CCI) and Usage Rules. DLNA
via DTCP-IP has a limited mechanism to propagate this
control and while it may suffice for simple streaming to
other devices in the home it is not adequate for copying
or moving content within the home domain.
Also, operators may desire to limit the period of time
a consumer can store a recording in the home. This is
easily achievable with many traditional CAS and DRM
systems, but DTCP-IP does not come with an ade-
quate set of rights expressions to propagate these rules
throughout the home.
Transcoding
DLNA defines several different video formats and deliv-
ery protocols, which may make devices in a home
incompatible with each other. Moreover, there will always
be some devices in the home not suitable for playing
HD content. Transcoding somewhere in the home is one
possible solution, but this requirement adds another
complication when dealing with protected content.
Content Rating
Broadcasters and service operators are often required
to provide content ratings and enforce parental controls.
DLNA has no such requirement although it has an ability
to communicate content rating in the metadata provided
by the CDS but actual enforcement is up to the client
device. It would be preferable if an authorized user could
set up the parental rating limit once and have it consist-
ently enforced by all devices.
Connected Home Solution for Pay-TV | 7
Remote Access
DLNA has been designed explicitly for the local home
network only. This prevents sharing of content outside
of the home even though there are non-DLNA products
that allow consumers to do this today. It would be desir-
able to to be able search the home network content
remotely but then stream it directly, for instance from a
Network DVR. This way the consumer has access to the
content he/she owns regardless of the location.
Logging and Reporting
Logging and Reporting is a typical feature that is not part
of protocol specifications, thus making it challenging to
provide evidence that the business rules and rights have
been respected.
User Interface
Consumers subscribing to a satellite or cable service
with whole home DVR capability expect a consistent
look & feel, navigation and an overall user experience to
be at least consistent if not identical across all of the TV
screens. Today, CE vendors put their own look & feel on
the end device to preserve their branding. DLNA defined
now the CVP-2 Premium Video Guidelines to overcome
this problem and allows Remote User Interface tech-
nology based on HTML5. However, just implementing
the standard does not remove the need to implement a
mechanism that enables Service provider to control the
Video distribution.
Combining Verimatrix ViewRight® and ACCESS NetFront Living ConnectThe approach taken by ACCESS and Verimatrix within
the networked home environment, in order to address
the challenges of DLNA redistribution as already identi-
fied above, is based on the tight integration of NetFront
and VCAS to deliver and end-to-end solution that lever-
ages the DLNA standard while providing the fine grain
control that pay-TV operators require. The central con-
cept is that of explicit VCAS support for ViewRight Gate-
way as a special type of ViewRight client, and the exten-
sion of device management for this type of client in order
to more actively enable the control of DTCP-IP devices.
The end result provides much improved Domain Control,
a more granular Copy Control mechanism that supports
different and pre-defined transcoding profiles (i.e. con-
tent resolutions), flexible and secure Remote Access, a
better DTCP-IP provisioning and revocation method by
performing it in real-time and only to devices that have
been properly authenticated by VCAS and associated
with an existing subscriber. This mechanism provides
an ability to manage DTLA keys and certificates from the
head-end including revocation, which is far superior to
using only static keys.
Last but not least, by combining VCAS and ACCESS
NetFront Living, connect logging and usage informa-
tion is provided to backend system/operator. Exhaus-
tive reporting is provided linked to each content ID, for
example number of views, partial views, no view, suc-
cessful views, start and end time of each view, which
device/client accessed that content. Such information is
communicated securely back to the head-end.
For more details, please contact an ACCESS or Verima-
trix representative or request the aforementioned docu-
ment subject to NDA.
Verimatrix Video Content Authority System (VCAS™)
Verimatrix – ACCESS: Monetize the Connected Home
Reproduction or redistribution of this document is prohibited without prior written prior consent from Verimatrix or ACCESS. Confidential Information - Copyright © 2014 Verimatrix, Inc. and ACCESS. All Rights Reserved.
Verimatrix, Inc. 6059 Cornerstone Court West San Diego, CA 92121, USA Telephone: +1-858-677-7800 www.verimatrix.com
ACCESS CO., LTD. Sumitomo Fudosan Sarugaku-cho Bldg. 2-8-8 Sarugaku-cho, Chiyoda-ku, Tokyo 101-0064, Japan www.access-company.com
Trusted By Major Studios and BroadcastersBased on the favorable results in independent audits,
and an excellent service record in more than 700 deploy-
ments in some 100 countries, VCAS is the approved
pay-TV and revenue security choice by operators on a
worldwide basis. VCAS operators benefit with the most
favorable access to premium content, from e.g. Discov-
ery, Disney, ESPN, HBO, Showtime and Turner.
Interoperable, DLNA Certified and Commercial DeployedNetFront™ Living Connect is a market-leading Digital
Living Network Alliance (DLNA) Technology Component™
solution that enables Pay TV operators and device manu-
facturers to quickly and efficiently implement multiroom
and multiscreen services. NetFront Living Connect
can be deployed on set-top boxes, digital TVs, home
gateways, smart phones, tablets, digital cameras, net-
work attached storage (NAS) boxes and more.Service
providers can provide a true multi-room, multi-screen
experience with ACCESS’ solution via standardized
technology at low cost by leveraging robust DLNA spec-
ifications. Device manufacturers experience a shorter
time-to-market with the integration-ready Software
Development Kit and are future-proofed with support
for advanced DLNA use cases. This expertise has led
to ACCESS NetFront™ products being deployed glob-
ally in over one billion consumer devices. ADB, Airties,
Sony, Humax, NEC, Samsung, Pantech, NTT and Vestel
are some of the high profile partners who are integrating
the technology in their products.
Benefit from ACCESS-Verimatrix Partner EcosystemThe Verimatrix and ACCESS business strategy includes
building and sustaining a network of strategic alliances
with a broad range of the most significant pay-TV tech-
nology providers. These relationships, which emphasize
seamless technology integration, ease of operation and
extended value, enable the companies to offer best-of-
breed, advanced solutions to our customers.
Why Verimatrix and ACCESS
• 3-Dimensional Security architecture for TV Every-
where applications
• Harmonized multi-network rights management across
broadcast, streaming and file-based applications
• Market leading cardless security technology for
broadcast and IP networks
• Enhanced HTTP Live Streaming (HLS) security
• Integrated MultiRights PlayReady License Server
• Cross-DRM device and domain entitlement man-
agement – VCAS Super Domains
• Verimatrix ViewRight ONE multi-network embedded
security client libraries
• Layered security regimes with rapid response and
renewability options
• Video watermarking solutions for user-specific foren-
sic tracking
• Most widely deployed system among tier 1 telecom-
munications operators globally.
• As a DLNA Promoter, ACCESS’ DLNA technology
leads with new advanced use cases
VERIMATRIX, INC. AND ACCESS™ WHITE PAPER