Date post: | 31-Mar-2015 |
Category: |
Documents |
Upload: | ricardo-norrid |
View: | 214 times |
Download: | 0 times |
Company confidential: Internal usage only.
Protecting Content for MobileTVBES ConferenceFebruary 2007
2Company confidential: Internal usage only.
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Agenda
3Company confidential: Internal usage only.
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Agenda
4Company confidential: Internal usage only.
Digital Convergence
Mobile CommunicationsTelevision
Mobile TV
Mobile Communications Over 2 billion GSM subscribers) 3 billion subscribers expected
by end of 2010 (Ovum).
Television Over 4 billion users
Attractive new services Easy to understand Successful launch (over cellular network) … but issue with network capacities
5Company confidential: Internal usage only.
The Return Channel
Mobile Broadcasting networks and cellular networks (GSM, GPRS or UMTS) are complementary to Mobile TV services.
The cellular networks provide a ‘return channel’ for: Service request Service charging/payment Video-on-Demand (VOD) Other interactive services (voting, betting, information)
Mobile Netowrk Operator(GSM, GPRS, UMTS)
Mobile Broadcaster(DVB-H)
6Company confidential: Internal usage only.
Challenges facing Mobile TV
A true consumers’ value proposition (not simply a technology)
Content (Live TV / TV-on demand / Push TV, not simply a rebroadcast of terrestrial content)
Relevant Services (Interactivity, ESG and additional information)
Positive user experience (Easy to use & easy to pay service)
Value for money & Straightforward pricing
Consumers Demand and acceptance
Business factors Business models Co-operation along the value chain
(“win-win”)
Regulatory factors Frequency allocation and Licensing
Technology factors Standardization, Availability of terminals Interoperability
Network (reception in mobile situation)
Similar to Cellular networks Delivery costs low enough for a
profitable value chain International roaming ?
Service & Content Protection To set up a trustworthy environment To secure revenue streams
7Company confidential: Internal usage only.
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Agenda
8Company confidential: Internal usage only.
Why Service & Content Protection?
Service and Content protection is critical for the success of mobile business models.
Want to protect the rights of their assets, and to control their consumption Want to secure revenues Want Trust in the delivery mechanism
Want to protect their return on investment Want to build a trustworthy network Want to optimize revenues through multiple subscription models
Prepared to pay for premium content. Want choice and flexibility in the way they consume content.
Content Owners Service Providers Consumers
9Company confidential: Internal usage only.
Service & Content Protection
Ensures that only paying
customers have access to content
Solution:
Conditional Access (CA)
Controls the use of content
once it has reached the device
Solution:
Digital Rights Management (DRM)
The two technologies can work together to
protect recorded content !
Service Protection Content Protection
Live Broadcast Re-Distribution
Company confidential: Internal usage only.
Digital Rights Management (DRM)
11Company confidential: Internal usage only.
Downloading Services to Mobiles
Pictures
Ringtones
Games
Video clips
Music MP3
Mobile phones have evolved into multimedia devices
Technologies enable efficient delivery of rich multimedia content (from ring tones to live TV) to mobiles
Peer-to-peer connection
12Company confidential: Internal usage only.
Mobile DRM
Rich multimedia content is delivered to mobile devices
Rich multimedia content is delivered to mobile devices
Opportunity to define new ways of selling, distributing and consuming content
Opportunity to define new ways of selling, distributing and consuming content
Protects the interests of the content rights owner,
by providing a way to control access to the use and
consumption of digital content
Protects the interests of the content rights owner,
by providing a way to control access to the use and
consumption of digital content
13Company confidential: Internal usage only.
Standards
Many proprietary standards (e.g. Microsoft, iTunes) Open standard specified by OMA
The Open Mobile Alliance (OMA) is a mobile industry organization dedicated to promoting the worldwide adoption of mobile data services by emphasizing interoperability across devices and networks.
OMA was formed in June 2002. The 350 member companies represent the world’s leading mobile operators, device and network suppliers, information technology companies, application developers and content providers.
OMA DRM specifications released:- OMA DRM 1.0 (2004)- OMA DRM 2.0 (2006)
The IPR licensing terms & conditions are defined by the CMLA (Content Management License Administrator) which is a licensing and compliance entity formed to provide a full solution implementation of OMA DRM 2.0.
14Company confidential: Internal usage only.
OMA DRM 1.0
DRM v.1.0Features:
Combined delivery
DRM message
ContentRightsCo
mbi
ned
deliv
ery
Adds rights definition to control content usage
Forward lock
Content
DRM message
Forw
ard
lock
Device prohibited from forwarding content to other devices
Separate deliveryRights
ContentEnable super distributionSe
para
te d
elive
ry
15Company confidential: Internal usage only.
OMA DRM 2.0
Enhanced Security Higher security to ensure authenticity and integrity of
both content and right object Rights object and content encryption key encrypted
using device’s public key to bind to target device Mutual authentication between device and rights
issuer Rights issuer can accurately identify device to
determine revocation status (Device revocation)
DRM v.2.0Features:
More Security
More business models
Support for a variety of distribution and payment use cases while enhancing user experience
User can preview content User can register several devices for playback
(Domain) DRM content can be shared between devices Non-connected devices acquire content rights
via connected device Use of removable media/storage
16Company confidential: Internal usage only.
OMA DRM Architecture
Purchase “rights” and establish trust Deliver
protected rights object
Super-distribute content to a friendShare content
within a user-domain
Establish Trust, purchase and deliver rights object
Browse to website and download protected
content
ContentIssuer
Content Encryption keys
RightsIssuer
1
2
3
4
5
6
User
17Company confidential: Internal usage only.
DRM not suitable for Mobile TV
Device-based DRM does not work for Mobile TV “Japanese mobile giant NTT DoCoMo is scrambling to release a new
version of its popular mobile TV handset after unscrupulous users found a loophole allowing them to watch free mobile TV.” (loss of €250 per handset)
A breach in Microsoft DRM “A program called Fairuse4wm has been posted on the net and is said to
be capable of bypassing Microsoft’s Digital Rights Management (DRM) system.”
“BSkyB has suspended its Sky by Broadband movie service until Microsoft patches a security loophole in its Windows DRM technology”
Fixing DRM does not work ! "DRM is fundamentally an impossible problem. Making it work at all
involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work. Anyone looking for a demonstration that technical DRM is doomed should watch this story unfold.” (Bruce Schneier on Microsoft DRM, 15 October 2006)
Company confidential: Internal usage only.
Conditional Access (CA)
19Company confidential: Internal usage only.
Mobile Broadcast Services
TV channels
Radio Channels
Data
Live broadcast multimedia content is accessible by mobile phones
Delivers content to a large audience more cost-effectively than a cellular network
S-DMB
DVB-H
T-DMB
20Company confidential: Internal usage only.
Mobile CA
TV and Radio servicesdelivered to enabled mobile devices only
TV and Radio servicesdelivered to enabled mobile devices only
Restricts service accessto paying subscribers only
Restricts service accessto paying subscribers only
21Company confidential: Internal usage only.
Mobile Broadcasting Technologies
MBMS (3GPP)Multimedia Broadcast Multicast Service is a broadcasting service that requires a UMTS network upgrade.
ISDB-T (NHK)Terrestrial TV standard in Japan and Brazil. Also usable for mobile TV.
MediaFLO (Qualcomm)Proprietary technology.
DMB (Digital Multimedia Broadcasting)Digital radio transmission system for sending multimedia to mobiledevices. Based on Eureka-147 DAB standardAccepted as a standard by ETSI.
DVB-H (Digital Video Broadcasting-Handheld)Standard based on DVB-T and adapted to HandheldsAccepted as a standard by ETSI
22Company confidential: Internal usage only.
Mobile Broadcasting Technologies
DVB-H T-DMB S-DMB MBMS FLO
Network Terrestrial Terrestrial Satellite + Terrestrial
Terrestrial Terrestrial
Origin DVB-T DAB ITU-R Digital System E
UMTS CDMA
Channel size
5,6,7,8 MHz 1.5 MHz 25 MHz 5 MHz 6 MHz
Bit rate 7 to 11 Mbps 1.5 Mbps 7.68 Mbps 0.384 Mbps Up to 11 Mbps
Band UHF, VHF, L UHF, VHF, L S (UMTS) UHF, VHF, L
Number of TV channels
Up to 30 Up to 12(3 @ 384kbps)
Up to 30 Up to 3 Up to 30
Adoption/Tests
Worldwide Korea, China, Europe
Korea - US/UK
Industry support
Strong Medium Low Low Low
23Company confidential: Internal usage only.
Competing CA Standards
SIM approach BCast smart card profile
Security related functions in (U)SIM and fully standardised KMS
Open Security Framework (OSF)
Proprietary KMS
Device software approach
DRM profileExtension of OMA DRM 2.0
to support broadcast.
18CryptFully standardised KMS
Spec. not expectedto be completed before end-2007
Spec. released.
24Company confidential: Internal usage only.
OSF vs. 18Crypt
Issue with 18Crypt when a breach occurs:
Does the MNO have a dedicated and specialized team to investigate hacked phones?
Who is liable? Handset manufacturers will deny
responsibility as they comply with standard requirements. Moreover there might be a conflict of interest as a hacked phone might generate more handset sales
Stack provider, software vendor, OS provider, …??
If the handset manufacturer does not solve the breach the content owner will stop providing content and start legal action
The keys of the phone can be revoked. But if one phone is pirated all phones in that model are very likely to be pirated. And this might lead to high operational costs to manage phone replacement or customer complaints
18Crypt model
OSF model
25Company confidential: Internal usage only.
Overall Mobile Architecture
IPE Modulator
Irdeto CAControl System
ControlWord (CW)
ECMsEMMs (U)SIM
or SMDIrdeto PIsys offers: State-of-art security Numerous business models Simplicity of use Ease of integration Advanced bandwidth management.
EncoderEncoder +Scrambler
Subscriber Management
System
SMS-C
OTA server
26Company confidential: Internal usage only.
Mature & proven CA technologies available for Mobile service protection
Irdeto has developed two innovative technologies: Dual Key Hierarchy – limits bandwidth
required for key exchange Rapid Refresh – increases security
through rapid cycling of rights Mobile subscribers may be roaming or
powered down for significant periods, but demand immediate gratification. The delivery of EMMs Over The Air (OTA) helps in reducing costs and ensures their rapid delivery to the device.
Adapting CA solution to Mobile
27Company confidential: Internal usage only.
Irdeto CA Key Hierarchy
Typical Key Usage Typical Key Lifespan
Key Management Months
Group size: 4,096 ~ 16,380 Devices
Key & Entitlement Management
Days/Weeks
Group size: 256 ~ 1,792 Devices
CW Provisioning Hours/Minutes
Per Service/Event
Scrambling Seconds
Per 10s Content (crypto-period)
28Company confidential: Internal usage only.
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Agenda
Company confidential: Internal usage only.
CA Business Models
30Company confidential: Internal usage only.
Supported CA Business Models
Irdeto PIsys for Mobile supports different CA models:
Subscription Subscription for a fixed duration, can either be a single channel or a bouquet
Pre-Paid with voucher
Vouchers are entitling particular package and duration. Enabling via phone (IVR or SMS) or Internet.
Pre-enablement Free entitlement with flexible channel-choice
Ordered Pay per View
Subscribers order an event via SMS, phone or internet every time they wish to watch an event
Local Pay per View Subscriber has credit stored on SIM card. Credits are debited when the subscriber wishes to watch an event.
Impulse Pay per View
Credit stored on SIM but purchases are reported via return path to operator for (pre/post) billing and logging purposes
Video on demand Content to be delivered over the broadcast channel (Push VOD or nVOD) or over the cellular network (VOD over 3G).
PVR Push-VOD, DRM models; CA and DRM integration required
Company confidential: Internal usage only.
Head-end & Client Architectures
32Company confidential: Internal usage only.
Head-end architecture
ScramblerEncoder IP Encapsulator
Multiplexer
Scheduling System
Subscriber Management
System
Content
ECMGEIS
KMS EMMG
Conditional Access System
Database
OTA Server
SMS-C
GSM/UMTS
DVB-HSimulcryptECMs/CWs
IB E
MM
s
OOB EMMs
AppletMgmt
Components supplied by Irdeto
33Company confidential: Internal usage only.
Client Side Architecture
ESG
SDP
Content
Mobile Device
DVB-HReceiver
GSMReceiver
IP S
tack
ESGClient
KMSDeviceAgent
(Softcell)
Decoder
ApplicationsApplications
SMSBIP
GSM/UMTS
DVB-H
CDP
EMM
ECM
EMM
ECM/CW
EMM/Msgs
Descrambler
CW
CA Applet
(U)SIM
Components supplied by Irdeto
34Company confidential: Internal usage only.
Hardware Component
Irdeto supports 2 secure hardware components: SMD (Surface Mounted Device) SIM (Subscriber Identity Module)
SMD can be supplied by Irdeto to manufacturer to be placed directly on the chipboard of their device. This is adapted for:
Non-connected devices (PDAs, Portable Multimedia Players (PMPs), in-car devices)
Phones without SIMs (CDMA phones)
SIM is a smart card that securely stores the key identifying a mobile phone service subscriber, as well as subscription information, preferences and text messages. The equivalent of a SIM in UMTS is a Universal Subscriber Identity Module (USIM). Irdeto will place its secure Java applet on the existing MNOs SIM card.
35Company confidential: Internal usage only.
Benefits of the (U)SIM
The (U)SIM is owned by the MNOs. It is their only asset in the mobile device. MNOs have full control over it. With DVB-H and an Irdeto CA solution, MNOs will keep ownership of their subscriber base.
The (U)SIM is a tamper resistant device and as such, it offers high levels of security. With the Irdeto CA solution, the (U)SIM handles all security related processing (ECMs and EMMs).
The (U)SIM offers easy-to-manage customer relationship. Customer management and service provisioning can be handled via the OTA server. In addition, security updates can be managed without swapping terminals or impacting the customer experience.
Irdeto’s basic requirements for the (U)SIM are: JavaCard V2.1.2 & Global Platform V2.1.1 Irdeto applet size on (U)SIM: ~30K Other security related requirements (available upon request).
Company confidential: Internal usage only.
Interoperability
37Company confidential: Internal usage only.
Technology Partners
Head-End Platforms
Devices SIM Cards
Irdeto partners with H/E equipment vendors to offer an integrated solution for broadcasting and mobile services, including service & content protection.
Irdeto provides the necessary support to device manufacturers to ensure highly reliable and efficient integrations. The process is based on field experience with device manufacturers for TU Media.
Irdeto’s solution is based on (U)SIM cards as well as OTA platforms, together with the technical expertise of leading smart card manufacturers.
38Company confidential: Internal usage only.
Some DVB-H devices
Company confidential: Internal usage only.
USPs & Case Studies
40Company confidential: Internal usage only.
Irdeto USPs
Proven & Secure technologies: Conditional Access
Solution optimized for Mobile environment Bandwidth saving techniques
- Dual hierarchy keys- Delivery of rights out-of-band- On-going bandwidth consumption enhancements…
Based on the OSF specification Single accountable owner for security Solution based on the (U)SIM
- Flexibility- High level of security- Requirement from the MNOs as they have full control on it
Flexibility- In case of a breach, only the Irdeto applet needs to be
updated. This can be done over-the-air.- Support of multiple subscription models that can be
customized to the operators’ needs- SimulCrypt
Ease of integration for client (based on experience with over 20 different device manufacturers)
Convergence of CA and DRM based on our knowledge and expertise in both areas
41Company confidential: Internal usage only.
World’s First Mobile Multimedia Broadcasting Service March 2004: Satellite launch May 2005: Commercial launch of TU Media service May 2006: 540,000 subscribers August 2006: 680,000 subscribers
7,877 gap fillers in 2005.Coverage over 58 cities.
Ku-Band13,824-13,883 GHz
S-Band2,630-2,655 GHz
Ku-Band12,214-12,239 GHz
S-DMBBroadcasting
center
42Company confidential: Internal usage only.
Services Devices 15 video channels
Entertainment, Sport, News, Music, Movie, Drama, Adult, Games, Education & MLB
19 audio channels
Over 40 different devices including mobile Phones, PDAs, in-car devices, PMPs.
Irdeto supplied over 2 millions SMDs/SIMs to the Korean S-DMB device manufacturers.
Pricing Initial Subscription fee:
Approx. US$16 Monthly Subscription fee:
Approx. US$10-12.5 Premium Channel:
US$ 3-4 per month
43Company confidential: Internal usage only.
Service launched before the 2006 world cup of Football in Germany on May 31st, 2006.(Berlin, Stuttgart, Köln, Frankfurt, München, Nürnberg, Hamburg, Leipzig, Hannover, Dortmund, Gelsenkirchen, Saarbrücken)
Services 4 video channels 2 DAB audio channels
Pricing 24 months subscription contract Monthly subscription fee: € 9.95 Samsung handset: € 169 LG handset: € 99