content security providers. This means operators or their security providers are beholden to the device maker for security updates and lose control over their own destiny. When new threats arise, the OS may well be updated, but there is no guarantee how timely or efficient this process will be.
This is an important point because security really should be independent of the target platforms and outside the cycle of hardware or device makers. The security tools built into the OS are never as effective as those provided by dedicated revenue protection specialists, because in that case there is no competitive incentive to respond constantly to developments in the threat profile.
In practice, the Android operating system dominates the device world outside the Apple ecosystem, which at first sight might seem to strengthen the case for native security, on the grounds that there is just one target platform. But in reality, Android is fragmented with around 5,000 variants, which has the virtue of flexibility for device makers and developers, but means that quality is variable and security inconsistent. It is true that some variants, such as those from Samsung and in Google Nexus devices, have the Widevine DRM built in and are reasonably secure, but the vast majority do not and are highly vulnerable to content theft.
Browsers vs Apps
A further point arises here with respect to browsers, given that they are promoted as the alternative to downloadable apps for accessing services over the web. Again, some browsers are wide open and even those that are well maintained, such as Chrome, are seriously flawed in that they leave gaps between their own code and the OS, which may not be a variant of Android but could be Windows or Apple iOS. It has been shown that unencrypted content can leak out under many browser implementations, particularly Chrome running on PCs.
The browser approach is also flawed in other respects beyond security, largely as a result of its inherent lack of field upgradeability. This can hinder innovation and differentiation for VSOs since they have to rely on device-specific features and settings available to everybody. By contrast a downloadable player is open to differentiation by definition, allowing operators to create their own user experience and implement competitive add-ons such as data gathering for analytics.
For these reasons, it is unlikely that the browser model will survive in the long term in any case, which is one reason why VSOs should resist pressure to rely on native security.
They will find themselves adrift of the trend now gathering force for upgradeable security, which will depend on the Trusted Execution Environment( TEE) for its integrity.
Rise of the TEE
The foundation for TEE to be deployed widely on connected devices has been laid over the last few years by creating a designated secure area within the SoCs( system on chips) as a core technology for secure downloadable software. This is now established as the defacto standard for the software component of overall video security, along with two critical extensions. One is the Secure Video Path or Protected Media Path, which extends the TEE from the core DRM to the whole video flow inside the device. The other extension is an API enabling the TEE to control the video watermarking functionality, so that unauthorised streams can be identified and traced back to their source after they have been decrypted and therefore exposed to the risk of content redistribution.
Secure download
There is also a third element needed, which is a protected mechanism to deliver secure apps and DRM safely over the network and into the TEE. This has been developed by Trustonic, a joint venture between ARM, G & D and Gemalto, to establish a common security platform embedded in connected devices for use by app developers. This has led to the Trusted Application Management( TAM) technology, which utilises the TEE of mobile devices as the destination for secure apps. Verimatrix has licensed TAM, so that it can provide operators with a robust infrastructure for over-the-air provisioning of Trusted Applications.
It is worth emphasising that the Trustonic platform is now mature and well established, having now been deployed in 1 billion devices, including smartphones, wearables and IoT components from some of the leading Android based device makers. Furthermore it is not confined to Android as TEEs or equivalents are also being developed for other platforms. Intel, notably, has developed its Software Guard Extensions( SGX) to protect select code and data through similar protected areas of execution within its chips.
Meanwhile the GlobalPlatform association is currently standardising a protocol for this to happen. This is laying the foundation for the emergence of an open trusted app store for mobile devices, which will unleash their full potential for premium content consumption.
A key benefit of such a model would lie in enabling security to keep pace with evolving threats and allow extensions to be deployed as required. This is especially relevant at the moment because of the insistence by premium rights holders on forensic watermarking to enhance protection for UHD content. The general trend towards higher content resolutions, as well as earlier release windows, is raising the bar for security and calling for extended protection mechanisms, including tracking and various forms of network forensics in addition to watermarking.
It is just not feasible in the foreseeable future for these newer types of protection to be natively integrated, which strengthens further the case for downloadable clients, supported by local security anchors within a TEE. Indeed, the competitive strength of a content service will increasingly depend on the overall quality of the DRM infrastructure, which is a key consideration not appreciated by many operators.
Business Myths
There is another critical dimension here that is sometimes missed, which is the commercial motivation behind the push for native security. Not only do the leading internet players have little incentive to ensure protection for third- party services delivered to devices running their OSs, but they actually have an interest in managing and instrumenting the media consumption on their flavour of devices – often at the expenses of the service operator’ s ability to manage and optimise their own subscriber’ s experience. So, operators advancing the argument for native security are actually running against their own interests, which rely on having some control over security of their services.
However, there are also promising signals from some of larger operators around the globe that hold substantial content rights of their own, which are unwilling to trust native security alone and are more assured by their relationships with specialist security suppliers for a complete end to end approach. We sincerely hope that these considered moves do not go unnoticed by the larger market.
TV Everywhere 23