ATIS Content Provider Meeting May 12, 2011 Content Provider Meeting Downloadable Security for IP- delivered Media Content May 12, 2011
ATIS Content Provider MeetingMay 12, 2011
Content Provider Meeting
Downloadable Security for IP-delivered Media Content
May 12, 2011
ATIS Content Provider MeetingMay 12, 2011
• Introductions & Meeting Objectives• Content Security Environment
• Downloadable Security Solution
• Industry and Business Challenges
• Content Provider Feedback• Next Steps
Agenda
2
ATIS Content Provider MeetingMay 12, 2011
Background
• ATIS has an extensive standards development program for IPTV and IP-based security
• ATIS undertook an initiative to develop IPTV downloadable security solution (and business framework)
• Began to socialize the technical solution and Neutral Management Organization (NMO) concept in 2Q10More recently, ATIS Board expanded the scope from IPTV to IP-delivered media content
• Board encouraged engagement with the content provider community to obtain feedback on target solution
3
ATIS Content Provider MeetingMay 12, 2011
Communicate the motivation, architecture and proposed solution for downloadable security
Discuss degree to which solution intersects with content provider security needs
Understand the importance of hardware-based solutions on content security models and consumer device market
Assess pros/cons of the trust authority (neutral management organization) and how that fits with related industry activities
Summarize feedback on viability of downloadable security for IP-delivered media content
Objectives for Meeting
4
ATIS Content Provider MeetingMay 12, 2011
Current Content Environment
Portability of Portability of solutions across solutions across
devicesdevices
OTT and managed OTT and managed delivery modelsdelivery models
Content Content Anywhere Anywhere
ApplicationsApplications
Growing dependence Growing dependence on software-on software-
based solutionsbased solutions
Challenge - Evolution of security solutions to intersect market &
business needs!5
ATIS Content Provider MeetingMay 12, 2011
• The value proposition for security is directly related to the worth of the object you are trying to secure
• The level or strength of security varies widely for different content in different forms• Popularity Matters – Premium content will inherently
warrant a greater degree of protection
• Quality Matters – More security is needed for a 1080p HD video than a cell phone QCIF video @ 144 lines of resolution
• The Receiving Device Matters – The device usually implies a level of quality, but may also be able to record and duplicate the content. How well does the device obey the “Robustness Rules”
The Variables That Influence Security Requirements
6
ATIS Content Provider MeetingMay 12, 2011
Range of Security Solutions
Integrated Hardware Solutions
Software-based Security Solutions
Downloadable Security
• Acceptability level for each solution
• Usability for premium content
• Portability to many devices
• Security robustness and recovery
Content Providers
7
ATIS Content Provider MeetingMay 12, 2011
Classes of Content Security Solutions
Common Encryption Algorithm Everyone uses the same encryption algorithm
Single Common DRM Ecosystem only permits a single DRM
Separable Hardware-based Security environment on a removable device
Downloadable Secure Execution Environment Security client downloaded into an embedded security device
Separable Software-based Security environment on a single CPU
• Interoperable DRMsInteroperable DRMs• Secure execution Secure execution
environmentenvironment• Applicable to many devicesApplicable to many devices• Future proof (renewable) Future proof (renewable)
solutionsolution• Harmonizes with other Harmonizes with other
ecosystemsecosystems8
ATIS Content Provider MeetingMay 12, 2011
ATIS Downloadable Security Status
The ATIS Board of Directors provided the following re-direction in 4Q10…•Roadmap must support all forms of IP-based media•Provide for more explicit treatment of DRM-secured content•Following areas need to be considered:
• 3 screen experience• Mobile device applications• HTML5-presented content
•Identify how this business framework would relate to other content-related activities in the industry
Technical team is refining architecture & requirements → mid-2011
9
ATIS Content Provider MeetingMay 12, 2011
Downloadable Security Architecture
10
ATIS Content Provider MeetingMay 12, 2011
Server Side Architecture
Unique Code
Global Code
11
ATIS Content Provider MeetingMay 12, 2011
Benefits
CAS/DRM client agnostic Secure execution environment Portability across devices Renewal and recovery mechanism Enforced chain of trust solution Can be extended to new content sources, formats, etc. Can be harmonized with other content security
ecosystems
What are the significant benefits of downloadable security and the QSP approach undertaken by IDSI ?
12
ATIS Content Provider MeetingMay 12, 2011
ATIS Security Approach• Does not specify a CAS or DRM• Defined set of security algorithms implementable by many products• Trust Management Hierarchy (PKI) with well-defined robustness
rules• Requires participation in a chain of trust• Defines Security Profiles based on chain of trust and level of security
robustness of secure execution environment• The device certificate has means for specifying (and authenticating)
security profiles
Security Profiles 0,1,2,3,4
Chain of Trust
Execution Environment
Indirect Direct
Non-secure Secure
13
ATIS Content Provider MeetingMay 12, 2011
Benefits of Security Profiles
• Recognizes that security may vary by type of device• Vendor neutral approach
• Allows Content Owners to specify security profile compliance for access to content in specific formats• For example, content might require the highest profile to
access a very recent title in HD quality but might accept a less secure environment for a low resolution version of the same title
• Security profiles and levels mapped to common licensing regime (HDCP, DTCP, etc.) and FIPS 140-2.
• If implemented correctly, can be complimentary to existing content ecosystems
14
ATIS Content Provider MeetingMay 12, 2011
NMO Meetings with Industry
• Approximately 30 companies attended ATIS-sponsored NMO meetings held in late 2010
• Operators, content owners, CE & chip, security and network manufacturers
• Discussed proposed ecosystem, partner relationships, structure
• Overall reaction was favorable (i.e., framework is constructed properly), but there are a number of open issues:
• Indemnification and liability of NMO partners• Acceptable solution for multiple clients or secure parts in a
device• Interaction with other content-related activities in industry (e.g.,
UltraViolet™)
• Follow-up meetings deferred till 2Q11 to facilitate refinement of architecture 15
ATIS Content Provider MeetingMay 12, 2011
Participating Companies at NMO Meetings
Alcatel-Lucent
AT&T
Beyond Broadband Technologies
Broadcom Corp.
Cisco Systems
Ericsson, Inc.
Home Box Office (HBO)
Intertrust
Intel
LG Electronics
Marconi Pacific
Microsoft, Corp.
Motorola
Motion Picture Association of America (MPAA)
Nagravision
NBC Universal
NDS America
Neustar
Panasonic
STMicroelectronics
TELUS
Time Warner
Verizon
Viaccess
Viacom/MTV
Warner Brothers
16
ATIS Content Provider MeetingMay 12, 2011
Neutral Management Organization (NMO)
Neutral Management Organization (NMO)
Certificate Authority
Revocation Review Process
Test Labs
Approved Test Scripts
Hook IP Licensing
Agreement
Robustness Rules
Certificate Authority
CE Vendors
CA Policies
IDSI Spec
IIF ISS Standards
IIF T&I Standards
Multiple IPTV PKI Operators
ATIS(and other standards)
Revocation Request
Revocation List
Fault Arbitration Process
Security Breach Resolution NewCo LLC
(Oversight)
(Ongoing Operations)
QSP Vendors
17
ATIS Content Provider MeetingMay 12, 2011
Security Ecosystem ComparisonClass of Solution
Example Ecosystem
Compliance Process
Robustness Rules
Recovery Process
Revocation InteroperableDRMs
Common Encryption Algorithm
UltraViolet Enforced centrally
Enforced across ecosystem
Software download
Ecosystem
Single Common DRM
Marlin Enforced centrally
Controlled by Trust Mgt. org.
Controlled by Trust Mgt. org.
Issued by Trust Mgt. org.
Separable Hardware-based
Cable Card Enforced centrally
Enforced centrally
HW/Card replaced
Issued centrally
Separable Software-based
Vendor DRM
Vendor Controlled by DRM vendor
Software download
DRM vendor
Downloadable Secure Execution Environment
Proposed NMO
QSP (NMO); Devices (ITL)
Enforced by NMO
Secure software download
Issued by CAs; oversight by NMO
18
ATIS Content Provider MeetingMay 12, 2011
Relationship to Other Content Activities
• Numerous standards groups and forums are working on security for IP-based content
• Industry groups recognize the need to develop solutions that support both broadcast and Internet delivered content• Protective adaptive streaming• TV services over the web via HTML5
• Downloadable security solution can be harmonized with, and complementary to, existing operations like UltraViolet™• DSS does not specify a CAS or DRM client• Provides mechanism to download additional clients or renew
19
ATIS Content Provider MeetingMay 12, 2011
Content Provider Feedback
• Downloadable security approach ?• Trend of hardware- versus software-based solutions ?• Applicability of downloadable solution to portable
consumer device market ?
• Value assessment of security profile structure ?
• Neutral entity to manage security across devices, clients, providers ?
20
ATIS Content Provider MeetingMay 12, 2011
THANK YOU !
21
Proposed Next Steps
ATIS Content Provider MeetingMay 12, 2011
Back Up Slides
22
ATIS Content Provider MeetingMay 12, 2011
Downloadable Security Architecture(under development)
23
ATIS Content Provider MeetingMay 12, 2011
ATIS IIF Security ProfilesProfile 0 is defined as:• No authentication and no integrity check of ISS/A and ISS/E (i.e. there is no chain of
trust and the Native Security Solution (NSS) execution environment is non-secure. A PC used to access a web site.)
Profile 1 is defined as: • Authentication and integrity of ISS/A and ISS/E are verified by software on the IPTV
Device (i.e., an indirect chain of trust).• An NSS execution environment that is non-secure
Profile 2 is defined as:• Authentication and integrity of ISS/A and ISS/E are verified by hardware on the IPTV
Device (i.e., a direct chain-of-trust).• An NSS execution environment that is non-secure. (e.g. A web appliance)
Profile 3 is defined as:• Authentication and integrity of ISS/A and ISS/E are verified by software on the IPTV
Device (i.e., an indirect chain-of-trust).• A secure NSS execution environment as defined in ATIS-0800024.
Profile 4 is defined as:• Authentication and integrity of ISS/A and ISS/E are verified by hardware on the IPTV
Device (i.e., a direct chain-of-trust).• A secure NSS execution environment as defined in ATIS-0800024. (e.g., STB)
24