Steve Christian is SVP of Marketing , Verimatrix |
BY STEVE CHRISTIAN
When something sounds too good to be true it usually is , and that is certainly the case when it comes to the misleading promises of native digital rights management ( DRM ) implementations on mobile devices .
The perception of free or very inexpensive content security has arisen through a variety of commercial factors associated with the growth in premium content , now including live sports , coupled with a trend towards 4K / Ultra HD ( UHD ) and shorter windows for blockbuster movies . Video service operators ( VSOs ) are , as a result , under pressure to uphold increasingly strong client-side security to reassure rights holders that their premium content can safely be distributed to mobile devices .
There had been hopes that multiscreen security would be unified under HTML5 with its associated Encrypted Media Extensions ( EME ) and the Content Decryption Module Interface ( CDMi ). These have been dashed because the model only applied to the browser world and failed to simplify cross-platform content delivery for the apps that dominate most mobile services .
The result is that VSOs and content owners now need to manage and secure content delivery and subscriber management across all the combinations of streaming format and principal DRM platforms that have emerged .
This has played into the hands of some big Internet players , especially Google , which have been able to argue that VSOs should adopt the security mechanisms already built into browsers or device operating systems . This would imply VSOs should use Google ’ s Widevine DRM , which is increasingly available in Android-based consumer electronic ( CE ) devices , or for Windows devices , Microsoft ’ s PlayReady DRM , which is trending towards free as its effective licencing costs are being continually reduced .
As a result , a myth has built up , sustained and promulgated by many consultants and systems integrators serving VSOs who have failed to understand the fallacies , that these products offer sustainable security at negligible cost . Both these assumptions are utterly wrong and should be challenged vigorously by the content security industry .
Key limitations of native DRM The first point is largely financial and logistical , which is that the DRM is not
|
an isolated security component but an ongoing project with long-term implications for security , customer retention , service differentiation and technical flexibility . The DRM should be regarded as part of a continuous development programme capable of responding to challenges as they emerge , which can result in unscheduled R & D and additional testing , for example , when a new standard is implemented or a service is extended . It is not difficult to see that this will incur significant ongoing operational costs .
A key second point immediately follows with the need for the DRM , as well as other critical components of content security , to be totally renewable in the field so that newly identified vulnerabilities can be fixed remotely and transparently to users . Crucially , VSOs will need this field upgrade capability to be completely independent both of the device maker and developer of the associated OS . This is necessary to ensure VSOs are not beholden for security updates to third parties whose priorities will almost certainly be different . They may lack the urgency to resolve problems quickly or anticipate them in advance .
This factor will already be apparent to many VSOs that have supported browsers that lack such field upgradeability and are subject to some known vulnerabilities . They may soon also discover that the browser model is unlikely to survive for long in its current form precisely because of its inflexibility and because it cannot properly embrace the apps that have come to predominate the mobile arena .
It is also admittedly true that the app model itself is unsustainable in its current form . It has led to devices , especially smartphones , becoming bloated with apps , making it hard for users to navigate to the one they want . Furthermore , content associated with apps is largely
|
unsearchable , creating an expanding zone of dark data inaccessible from traditional search engines .
Such content is being indexed , while apps will in effect be partly cloudified to reduce the storage and processing burden on client devices . Given this complexity and uncertainty , there is a pressing need for a common security platform , which is fortunately emerging around the Trusted Execution Environment ( TEE ).
For connected devices , the TEE will help reinstate the security previously taken for granted in the dedicated hardware of the set-top box while adapting and extending it for the mobile connected era . The TEE provides an insulated area of the system on chip ( SoC ), where secret keys can be held and secure downloadable software can be executed without risk of compromise from the OS and standard apps .
Critical video extensions of TEE The TEE has quickly become the de facto standard for the software component of overall video security , reinforced by three critical extensions to protect content and security functions against compromise . The first is the Secure Video Path or Protected Media Path , which extends the TEE from the core DRM to the whole video flow inside the device , so content is fully protected during playback .
The second extension is an application programming interface ( API ) enabling the TEE to control the video watermarking functionality , so unauthorised streams can be identified and traced back to their sources after they have been decrypted and therefore exposed to the risk of content redistribution . The latter is essential given that forensic watermarking has been mandated by
|
MovieLabs as a core component for protecting HD studio content , as well as becoming a requirement for premium live sports .
The third TEE element is a protected mechanism for delivery of secure apps and DRM safely over the network and into the secure zone of a device ’ s TEE . This has been developed by Trustonic , a joint venture between ARM , G & D and Gemalto , to establish a common security platform embedded in connected devices for use by app developers . This has led to the Trusted Application Management ( TAM ) technology , which utilises the TEE of mobile devices as the destination for secure apps and has already been deployed in one billion devices .
The TEE is becoming the rock upon which content security will be built in a multi-screen , connected world of mobile devices . It is widely supported by key industry players , including Verimatrix , as a common platform for renewable security independent of other technology trends . Native security solutions that are unable to exploit the field upgradeability enabled by the TEE will look increasingly obsolete .
Meanwhile , the TEE will help bring on a new era of trusted apps that can be accessed securely from a store and where relevant , downloaded to the device , irrespective of the precise delivery model . �
For more information , download the Frost & Sullivan white paper Native vs Downloadable DRM : The Long-term Implications of Short-term Choices at www . verimatrix . com / downloadableDRM
|