content security providers . This means operators or their security providers are beholden to the device maker for security updates and lose control over their own destiny . When new threats arise , the OS may well be updated , but there is no guarantee how timely or efficient this process will be .
This is an important point because security really should be independent of the target platforms and outside the cycle of hardware or device makers . The security tools built into the OS are never as effective as those provided by dedicated revenue protection specialists , because in that case there is no competitive incentive to respond constantly to developments in the threat profile .
In practice , the Android operating system dominates the device world outside the Apple ecosystem , which at first sight might seem to strengthen the case for native security , on the grounds that there is just one target platform . But in reality , Android is fragmented with around 5,000 variants , which has the virtue of flexibility for device makers and developers , but means that quality is variable and security inconsistent . It is true that some variants , such as those from Samsung and in Google Nexus devices , have the Widevine DRM built in and are reasonably secure , but the vast majority do not and are highly vulnerable to content theft .
Browsers vs Apps
A further point arises here with respect to browsers , given that they are promoted as the alternative to downloadable apps for accessing services over the web . Again , some browsers are wide open and even those that are well maintained , such as Chrome , are seriously flawed in that they leave gaps between their own code and the OS , which may not be a variant of Android but could be Windows or Apple iOS . It has been shown that unencrypted content can leak out under many browser implementations , particularly Chrome running on PCs .
The browser approach is also flawed in other respects beyond security , largely as a result of its inherent lack of field upgradeability . This can hinder innovation and differentiation for VSOs since they have to rely on device-specific features and settings available to everybody . By contrast a downloadable player is open to differentiation by definition , allowing operators to create their own user experience and implement competitive add-ons such as data gathering for analytics .
For these reasons , it is unlikely that the browser model will survive in the long term in any case , which is one reason why VSOs should resist pressure to rely on native security .
They will find themselves adrift of the trend now gathering force for upgradeable security , which will depend on the Trusted Execution Environment ( TEE ) for its integrity .
Rise of the TEE
The foundation for TEE to be deployed widely on connected devices has been laid over the last few years by creating a designated secure area within the SoCs ( system on chips ) as a core technology for secure downloadable software . This is now established as the defacto standard for the software component of overall video security , along with two critical extensions . One is the Secure Video Path or Protected Media Path , which extends the TEE from the core DRM to the whole video flow inside the device . The other extension is an API enabling the TEE to control the video watermarking functionality , so that unauthorised streams can be identified and traced back to their source after they have been decrypted and therefore exposed to the risk of content redistribution .
Secure download
There is also a third element needed , which is a protected mechanism to deliver secure apps and DRM safely over the network and into the TEE . This has been developed by Trustonic , a joint venture between ARM , G & D and Gemalto , to establish a common security platform embedded in connected devices for use by app developers . This has led to the Trusted Application Management ( TAM ) technology , which utilises the TEE of mobile devices as the destination for secure apps . Verimatrix has licensed TAM , so that it can provide operators with a robust infrastructure for over-the-air provisioning of Trusted Applications .
It is worth emphasising that the Trustonic platform is now mature and well established , having now been deployed in 1 billion devices , including smartphones , wearables and IoT components from some of the leading Android based device makers . Furthermore it is not confined to Android as TEEs or equivalents are also being developed for other platforms . Intel , notably , has developed its Software Guard Extensions ( SGX ) to protect select code and data through similar protected areas of execution within its chips .
Meanwhile the GlobalPlatform association is currently standardising a protocol for this to happen . This is laying the foundation for the emergence of an open trusted app store for mobile devices , which will unleash their full potential for premium content consumption .
A key benefit of such a model would lie in enabling security to keep pace with evolving threats and allow extensions to be deployed as required . This is especially relevant at the moment because of the insistence by premium rights holders on forensic watermarking to enhance protection for UHD content . The general trend towards higher content resolutions , as well as earlier release windows , is raising the bar for security and calling for extended protection mechanisms , including tracking and various forms of network forensics in addition to watermarking .
It is just not feasible in the foreseeable future for these newer types of protection to be natively integrated , which strengthens further the case for downloadable clients , supported by local security anchors within a TEE . Indeed , the competitive strength of a content service will increasingly depend on the overall quality of the DRM infrastructure , which is a key consideration not appreciated by many operators .
Business Myths
There is another critical dimension here that is sometimes missed , which is the commercial motivation behind the push for native security . Not only do the leading internet players have little incentive to ensure protection for third- party services delivered to devices running their OSs , but they actually have an interest in managing and instrumenting the media consumption on their flavour of devices – often at the expenses of the service operator ’ s ability to manage and optimise their own subscriber ’ s experience . So , operators advancing the argument for native security are actually running against their own interests , which rely on having some control over security of their services .
However , there are also promising signals from some of larger operators around the globe that hold substantial content rights of their own , which are unwilling to trust native security alone and are more assured by their relationships with specialist security suppliers for a complete end to end approach . We sincerely hope that these considered moves do not go unnoticed by the larger market .
TV Everywhere 23