Más contenido relacionado Multi-network Solutions in the Real World, SCaT Workshops Mumbai: Steve Christian, Verimatrix 2. Topic Bullets
New Technologies – New Opportunities
Transition Options For Graceful Operational Upgrades;
Key Technologies for Flexible Combinations Of
Broadcast & IP Services
Scalability in Multi-Network Deployments
Cost Effective OEM Solutions
Hosted & SaaS Security Architectures
Solutions and Tradeoffs
Essential Considerations for a Successful Transition
©2012 Verimatrix, Inc. 2
3. New Technologies -
New Opportunities
High value premium
service options and
consumption models
Global subscription DVB Service delivery Multi-screen
reach with OTT services content portability
and transparency
Value added services
integration with
open ecosystem
©2012 Verimatrix, Inc. 3
4. “3-Dimensional” Content Security
Network Dimension – beyond broadcast, cable, telco, and mobile
network distribution silos, leveraging advantages of proven IP technologies
Device Dimension
Portability &
transparency with
network-centric key
management for Protection Dimension
flexible mix of devices Multi-layer security to
enable rich business
models, copy traceability
and combat theft of
service
©2012 Verimatrix, Inc. 4
5. VCAS 3 Multi-Network Approach
Unified Subscriber
Security for multi-network
3rd Party Management Interface and
DB across networks, devices deployments (managed and VCAS 3
SMS / Middleware OTT) and content formats Client Support
VCAS 3 Unified Head-end
Verimatrix ViewRight
CSM (IPTV/Hybrid) STB
Linear
DVB One-way
Verimatrix Content & Hybrid
Bcast CSM ViewRight
(DVB one-way) PC / Mac
OMI / Entitlement Interface
Verimatrix
ACSM HTTP Live Key Scramblers, ViewRight
data Encoders, IPTV Web
Verimatrix
Servers,
MultiRights Modulators
PlayReady
MultiRights On-demand
Marlin Content
Internet &
CDN 3rd-party Players
HTML 5 Browsers
MultiRights & DRM Clients
MPEG-DASH
Entitlements
DB
MultiRights Support for all device types using
Other DRM both ViewRight and native DRM
client integrations
MultiRights Framework
MultiRights extension to
©2012 Verimatrix, Inc. 5
additional integrated DRM servers
7. The Streaming Services Option
Content Everywhere – A Maturing Perspective
Tablets as driving force in broad consumer
engagement
HLS established as a growing standards-centric force
Accelerating role of security in OTT TV services
Integration of broadcast and IP service rights both a
necessity and opportunity
©2012 Verimatrix, Inc. 7
8. HTTP Live Streaming (HLS)
High bitrate
chunks
High quality
source video Client dynamically selects
best size chunk per
encoding period
Med bitrate
chunks
Low bitrate
Multi bitrate chunks
HLS encoder
Adaptive streaming
Encoder generates multiple client
different video chunks per
encoding period
Playlist/manifest file
#EXTM3U
#EXT-X-STREAM-INF: BANDWIDTH=240144
#EXT-X-STREAM-INF: BANDWIDTH=684256
#EXT-X-STREAM-INF: BANDWIDTH=1144587,
©2012 Verimatrix, Inc. 8
9. HTTP Live Streaming:
Enhanced Content Security
Security Management
Device Authentication
Subscriber Mgmt / & Entitlement
Middleware/Billing Entitlement Cache
Server
Client Authentication &
Encoder Keyfile Requests
Client Keyfile
Keyfile
Server
Server Key
Data
Program ID & Keyfile
Exchange
(configurable crypto period)
Encrypted
Stream
Content
Stream HTTP
HTTP/Streaming
Live Streaming
Server
Encoder Playlist File (.m3u8) &
AES-128 Encrypted Media Chunks
©2012 Verimatrix, Inc. 9
10. Enhanced HLS for iPhone/iPad
Security Addition to iPhone/iPad QuickTime
Client Authentication & Library included in
Keyfile Requests Operator branded app
Verimatrix
Adaptive CSM
ViewRight Web Quicktime
Client Player
HTTP/Streaming
Server
Playlist File (.m3u8) &
Encrypted Media Chunks
©2012 Verimatrix, Inc. 10
12. Typical DVB Broadcast/One-way
System
Broadcast Broadcast System
Content N x Video Encoders + Configuration Manager
Statistical Multiplexing
and Rate Shaping MPEG-2 TS
ASI or IP Broadcast/One-way STB
GUI / EPG
DVB Simulcrypt
Event Information
TV Program Mux/Scrambler &
Scheduler EIT CA-specific Client Module
Schedules EPG DVB-x Modulator
DVB-x Receiver
with or w/o smart card
DVB Cable, Satellite
or Terrestrial RF network
Subscriber Mgmt and w/DVB-CSA encryption
Activation Billing System Manufacturing
and service time load
management
CW & AC
CA System incl. ECM
CA
EMM & ECM Generators Over-the-air
EMM
Database
STB update STB manufacturer
code release &
provisioning tools
CA CA-specific
Keys HW Encryptor
12
©2012 Verimatrix, Inc.
13. VCAS for DVB – Flexible Solutions
Broadcast Broadcast System
Content Configuration Manager
N x Video Encoders +
Statistical Multiplexing
and Rate Shaping MPEG-2 TS
ASI or IP Broadcast/One-way STB
GUI / EPG
DVB Simulcrypt
Verimatrix
TV Program Mux/Scrambler &
SI Server EIT ViewRight STB for DVB
Schedules DVB-x Modulator
EPG
DVB-x Receiver
VCAS-secured smart card or cardless
DVB-C, DVB-S
Subscriber Managenent or DVB-T Network
and Billing Systems
Manufacturing
Verimatrix Time Load
OMI
CW & AC
Over-the-air
Verimatrix ECM STB update Verimatrix Code
BCSM Broadcast CSM Signing
Database EMM and Provisioning
Key Verimatrix
Gun EncryptionEngine
Kickstart Install + License Management/Enforcement
©2012 Verimatrix, Inc. 13
14. Hosting Flexibility (DVB)
Partner Hosting Service
Hosting
Management System
Local Secure
Subscriber Managenent
and Billing Systems DVB
distribution
ECM
& EMM Local Operator
DVB Simulcrypt
VPN Router and Firewall
Mux/Scrambler(s)
Local Operator VPN Access
Signal
Sources
Arming
Server
VCAS for DVB
VCAS
Operator Instances
(virtual machines) Verimatrix
SI Server
VCAS Database
Server Cluster Local Operator
Management Console
(virtual machines)
©2012 Verimatrix, Inc. 14
15. Hosting Flexibility (DVB & IP)
Partner Hosting Service Local Secure
IP Streaming
distribution
Hosting
Management System
Local Secure
Subscriber Managenent
and Billing Systems DVB
distribution
ECM
& EMM Local Operator
VCAS for Internet TV DVB Simulcrypt
VPN Router and Firewall
Operator Instances Mux/Scrambler(s)
Local Operator VPN Access
(virtual machines)
Signal
Sources
Arming
Server
VCAS for DVB
VCAS
Operator Instances
(virtual machines) Verimatrix
SI Server
VCAS Database
Server Cluster Local Operator
Management Console
(virtual machines)
©2012 Verimatrix, Inc. 15
16. STB Client Flexibility
Traditional Smartcard
Advanced Cardless
Combination of card and cardless deployment
DVR business rule control
Push VOD option
DVB-CI for Smart-TVs
ViewRight ONE for integrated IP services
©2012 Verimatrix, Inc. 16
17. STB Clients for DVB
ViewRight DVB
Broadcast/One-way STB
DVB SI (EPG) Tables
Removable Security
(Smart Card)
Option OSD messages, etc
EPG and
EMM ViewRight
Address Control User inputs
Filter STB for DVB
Apps
EMMs
ECMs OSD commands
Control Words Composite,
Encrypted content Component, Scart,
Descrambler
HDMI, etc. output
©2012 Verimatrix, Inc. 17
18. ViewRight STB for DVB
Unique Choice of Smart Card and Cardless Characteristics
HW-based (SC) client model
Personalization resides in Smart Card
Personalized Smart Card is unique to a service operator
SW-based (NSC) client model
Personalization resides in STB
Individualization process performed during STB manufacture
Personalized STB is unique to a service operator
An STB card reader is recommended for flexibility and Smart card
addition possible at subscriber premises
Card-based and cardless operation enabled in same network
at the same time
©2012 Verimatrix, Inc. 18
19. ViewRight DVB-CI
Secure CAM for Consumer Receivers
For use in STBs and integrated TVs
With DVB-CI expansion slots
Single service decryption
Allows STB to be generic (“CA agnostic”)
No CA client integration required
©2012 Verimatrix, Inc. 19
20. ViewRight ONE – Integrated DVB/IP
API Common API and Integration Model
API API API
Administration/configuration/logging Abstraction
ViewRight Web for
ViewRight STB for
DTCP-IP (Option)
DVB
STB
OpenSSL VideoMark
Library Porting Layer
(or other crypto lib) Option
Transport
HW Security Interface Bootstrap Operating System and drivers
Event Drivers
HW SoC security RAM/ROM Transport SoC CPU and general purpose
OTP
ID logic Keys Storage HW support logic
©2012 Verimatrix, Inc. 20
22. An Integrated Solution:
DVB Foundation
SMS / Middleware
Single Security Authority Linear
Content
Broadcast
Client Support
Bcast CSM Key &
(DVB one-way) control
data ViewRight
DVB One-way DVB STB
Multiplexers,
Scramblers
OMI / Entitlement Interface
Verimatrix
Entitlements
DB
©2012 Verimatrix, Inc. 22
23. An Integrated Solution:
DVB & OTT
SMS / Middleware
Single Security Authority Linear
ViewRight
Content
Client Support
CSM Multiplexers,
(IPTV/Hybrid) Scramblers ViewRight
OMI / Entitlement Interface
Key &
control Desktop
data
ACSM
Verimatrix
Adaptive Streaming IP return path
for ViewRight IPTV, Internet &
Hybrid, or OTT clients OTT
ViewRight
Web
Encoders,
Encryptors,
Servers
Entitlements
DB
On-demand
Content
©2012 Verimatrix, Inc. 23
24. An Integrated Solution:
MultiRights – Multi DRM Framework
SMS / Middleware
Single Security Authority Linear
Content
ViewRight
Client Support
Broadcast CSM Key &
(DVB one-way) control
data ViewRight
DVB One-way DVB STB
CSM Multiplexers,
Operator Management Interface
(IPTV/Hybrid) Scramblers
ViewRight
Hybtrid STB
ACSM IPTV &
Verimatrix
Adaptive Streaming IP return path Hybrid
for ViewRight IPTV,
Hybrid, or OTT clients ViewRight
PC / Mac
MultiRights
Marlin Server
Encoders, iPhone &
Encryptors, Android
MultiRights Internet &
PlayReady Server Servers
OTT
Entitlements
DB
MultiRights
Blu-ray Server On-demand
Content 3rd-party Players
MultiRights Framework & DRM Clients
©2012 Verimatrix, Inc. 24
25. Summary
Scalable Broadcast Security and Internet Innovation
Pay-TV operators of all types need to unify their
reach with IP and OTT delivery models
VCAS 3 unified approach to security enables a
extended value proposition to consumers
Adaptive streaming standards like HLS successfully
enable OTT services to all types of video platforms
Multi-screen offerings are at the heart of a flexible
enhanced user service experience
©2012 Verimatrix, Inc. 25
27. VCAS 3 Architecture
Multi-Network, Multi-Format Video Services
Linear
TV Schedule Data Content
(ReporTV,
VCAS 3 Head-end: Any Network ViewRight and MultiRights
Tribune, etc.) Single Security Authority Client Support
Verimatrix ViewRight STB
IPTV & Hybrid
SI Server (IPTV/Hybrid)
(EPG data)
Content Security Broadcast Encryption (BEM)
VCAS
Manager - CSM ViewRight
OMI/SEI (IPTV/Hybrid)
Verimatrix MPOS & Desktop PC/Mac
DVB Cable
Self-Provisioning MultiCAS MultiCAS MultiCAS
RTES
Service
Admin
Server IP DVB Adapt
Mgmt
Broadcast CSM ViewRight STB
(DVB one-way) DVB (DVB one-way)
Subscriber Mgmt
Terrestrial
& Billing System(s) Network DVR
& MMDS
Domain
Service
Catcher
Mgmt
(SMS / OSS)
ViewRight
EncryptionEngine DVB Web
(DVB one-way) Satellite
Pre-Paid Voucher Video Head-end:
Authorization Encoders, Groomers
Content
ViewRight
Service
Mgmt
Scramblers & Multiplexers Mobile
Adaptive CSM
(Push) VOD & nDVR Servers
(Internet TV)
Routers & Modulators
Switches & Firewalls Mobile
Middleware(s)
Service
Device
Mgmt
MultiRights
3rd-party Players
Marlin DRM Server
Web Apps: Internet TV HTML 5 Browsers
(DECE & OIPF)
/OTT & DRM Clients
DVR Programming,
Widgets, etc.
Message
Service
Mgmt
MultiRights VPP VRUN RKE AdaptPP ViewRight
PlayReady DRM Professional Downstream
Emergency Alert Server delivery
On-demand Encryption (VEM)
System (EAS) Wholesale/
Entitlement
Retail IPTV Retailer 1
Service
Mgmt
MultiRights: No local Middleware
Retailer MPEG-DASH Server Video No local VCAS
VPN No local broadcast
Entitlement Kiosk
MultiRights Framework
Manager
IPTV Retailer 2
On-demand Local Middleware/SMS
CASmon No local VCAS
Content VPN
(Monitoring & QA) No local broadcast
IPTV Retailer 3
Local Middleware/SMS
Network Management Local VCAS
VPN No local broadcast
and Monitoring
IPTV Retailer 4
Local Middleware/SMS
Local VCAS
©2012 Verimatrix, Inc. Local broadcast 27