Presentation on theme: "Protecting Content for MobileTV"— Presentation transcript:
1Protecting Content for MobileTV BES ConferenceFebruary 2007This presentation provides an overview of the characteristics of typical mobile broadcasting operations. Service and Content protection systems are key enablers for delivering new revenue streams for mobile operators. Different access control techniques are covered.Please see our web site:Company confidential: Internal usage only.
4Mobile Communications Digital ConvergenceTelevisionMobile CommunicationsTelevisionOver 4 billion usersMobile CommunicationsOver 2 billion GSM subscribers)3 billion subscribers expected by end of 2010 (Ovum).Mobile TVEver-growing numbers of consumers are embracing the personal benefits of the digital media age. Following the mass-adoption of portable digital audio devices, such as the Apple iPod, many people are becoming aware that they can be liberated from the traditional constraints of consuming media content – it can now be consumed at any time, any place and on a broad range of personal devices.Attractive new servicesEasy to understandSuccessful launch (over cellular network)… but issue with network capacitiesCompany confidential: Internal usage only.
5Mobile Netowrk Operator The Return ChannelMobile Broadcasting networks and cellular networks (GSM, GPRS or UMTS) are complementary to Mobile TV services.The cellular networks provide a ‘return channel’ for:Service requestService charging/paymentVideo-on-Demand (VOD)Other interactive services (voting, betting, information)Mobile Netowrk Operator(GSM, GPRS, UMTS)Mobile Broadcaster(DVB-H)Existing cellular telephony operations are compatible with and can enhance emerging Mobile broadcasting propositions.Company confidential: Internal usage only.
6Challenges facing Mobile TV Regulatory factorsFrequency allocation and LicensingTechnology factorsStandardization,Availability of terminalsInteroperabilityNetwork (reception in mobile situation)Similar to Cellular networksDelivery costs low enough for a profitable value chainInternational roaming ?Service & Content ProtectionTo set up a trustworthy environmentTo secure revenue streamsA true consumers’ value proposition (not simply a technology)Content (Live TV / TV-on demand / Push TV, not simply a rebroadcast of terrestrial content)Relevant Services (Interactivity, ESG and additional information)Positive user experience (Easy to use & easy to pay service)Value for money & Straightforward pricingConsumersDemand and acceptanceBusiness factorsBusiness modelsCo-operation along the value chain (“win-win”)Solving a wide variety of problems is required for a mobile operation to become successful.One of these aspects is Service and content protection.Company confidential: Internal usage only.
8Why Service & Content Protection? Service and Content protection is critical for the success of mobile business models.Content OwnersService ProvidersConsumersWant to protect therights of their assets,and to control theirconsumptionWant to secure revenuesWant Trust in thedelivery mechanismWant to protect their return on investmentWant to build atrustworthy networkWant to optimize revenues through multiple subscription modelsPrepared to pay forpremium content.Want choice and flexibility in the way they consumecontent.With more than 4 billion TV users and more than 2 billion mobile phone users worldwide, the wireless and broadcast industries are seeing the business opportunities for generating new revenue streams by offering a variety of multimedia services to mobile devices.To secure revenue streams, valuable content needs to be secured in its delivery through the network to the end-user.Service & Content protection solutions are available to mobile multimedia service providers. They fall into two categories:Company confidential: Internal usage only.
9Service & Content Protection Live BroadcastRe-DistributionService ProtectionContent ProtectionEnsures that only payingcustomers have access to contentSolution:Conditional Access (CA)Controls the use of contentonce it has reached the deviceSolution:Digital Rights Management (DRM)To secure revenue streams, Service & Content protection solutions are available to mobile multimedia service providers. They fall into two categories:Content ProtectionDigital Rights Management (DRM) techniques are employed to control and protect the use and consumption of content, according to business rules, in the end-user device. Mobile DRM is primarily concerned with protecting digital content, such as ring tones, wallpaper/screensavers, games, audio and video clips that can be downloaded to portable devices over the mobile network. Note however that DRM techniques are not suitable for protecting higher value content, such as broadcast TV.Service ProtectionConditional Access (CA) is a technique that is employed to enable the access to broadcasting content for subscribing customers only. It is a good approach for operators who wish to offer high value audio and video services via a variety of business models, on a per-service basis i.e. monthly subscription, Pay Per View (PPV) etc.The two technologies can work together toprotect recorded content !Company confidential: Internal usage only.
10Digital Rights Management (DRM) Company confidential: Internal usage only.
11Downloading Services to Mobiles Mobile phones have evolved into multimedia devicesTechnologies enable efficient delivery of rich multimedia content (from ring tones to live TV) to mobilesPicturesRingtonesGamesVideo clipsPeer-to-peer connectionDRM systems have been designed as a means for managing and controlling the consumption of digital files (e.g. games or multimedia content) delivered as a point-to-point service. They are based on enforcing rules of usage in the portable device itself (based on a counter e.g. play 3 times, or timer e.g. play for 5 days).Music MP3Company confidential: Internal usage only.
12Mobile DRM Rich multimedia content is delivered to mobile devices Protects the interestsof the content rights owner,by providing a way to controlaccess to the use andconsumption of digital contentSeveral opportunities and business models are available to the operator for defining new ways of selling, distributing and consuming content for mobile end-users.Opportunity to define new ways of selling,distributing and consuming contentCompany confidential: Internal usage only.
13Standards Many proprietary standards (e.g. Microsoft, iTunes) Open standard specified by OMAThe Open Mobile Alliance (OMA) is a mobile industry organization dedicated to promoting the worldwide adoption of mobile data services by emphasizing interoperability across devices and networks.OMA was formed in June The 350 member companies represent the world’s leading mobile operators, device and network suppliers, information technology companies, application developers and content providers.OMA DRM specifications released:OMA DRM 1.0 (2004)OMA DRM 2.0 (2006)The IPR licensing terms & conditions are defined by the CMLA (Content Management License Administrator) which is a licensing and compliance entity formed to provide a full solution implementation of OMA DRM 2.0.DRM StandardsIn addition to proprietary standards (e.g. Apple iTunes, Microsoft DRM, Irdeto KeyDRM), an open standard for mobile applications also exists: the Open Mobile Alliance (OMA). This is an organisation of over 350 companies that has since 2002, defined the OMA Download, OMA DRM and other standards for the mobile device industry.Standards, such as OMA, are important to mobile operators. They facilitate the availability of multi-vendor solutions, while promoting compatibility between the systems. Ultimately, it leads to reduced prices for all players in the value chain (manufacturers, network operators and consumers).Company confidential: Internal usage only.
14OMA DRM 1.0 DRM v.1.0 Features: Forward lock Combined delivery ContentDRM messageDevice prohibited from forwarding content to other devicesDRM v.1.0Features:Combined deliveryDRM messageContentRightsAdds rights definition to controlcontent usageSeparate deliveryRightsContentEnable super distributionCompany confidential: Internal usage only.
15OMA DRM 2.0 DRM v.2.0 Features: Enhanced Security Higher security to ensure authenticity and integrity of both content and right objectRights object and content encryption key encrypted using device’s public key to bind to target deviceMutual authentication between device and rights issuerRights issuer can accurately identify device to determine revocation status (Device revocation)DRM v.2.0Features:Support for a variety of distribution and payment use cases while enhancing user experienceUser can preview contentUser can register several devices for playback (Domain)DRM content can be shared between devicesNon-connected devices acquire content rights via connected deviceUse of removable media/storageMore SecurityMore businessmodelsCompany confidential: Internal usage only.
16Content Encryption keys OMA DRM ArchitectureContent Encryption keysRightsIssuerContentIssuer2Purchase “rights” and establish trust3EstablishTrust, purchase and deliver rights object4Browse to website and download protected content61Deliverprotectedrights objectShare contentwithin a user-domainThe diagram shows that the DRM agent is integrated into the handset, while at the head-end, one or two entities manage the “trust” within the system.The trust created by the trust entity is used by the DRM server and the DRM agent to exchange (public/private cryptographic) keys, which are in turn used to implement a secure settlement/transaction of rights. The management of trust thus lies with an independent entity, with the merchants employing this trust in their business propositions to subscribers.5Super-distributecontent to a friendUserCompany confidential: Internal usage only.
17DRM not suitable for Mobile TV Device-based DRM does not work for Mobile TV“Japanese mobile giant NTT DoCoMo is scrambling to release a new version of its popular mobile TV handset after unscrupulous users found a loophole allowing them to watch free mobile TV.” (loss of €250 per handset)A breach in Microsoft DRM“A program called Fairuse4wm has been posted on the net and is said to be capable of bypassing Microsoft’s Digital Rights Management (DRM) system.”“BSkyB has suspended its Sky by Broadband movie service until Microsoft patches a security loophole in its Windows DRM technology”Fixing DRM does not work !"DRM is fundamentally an impossible problem. Making it work at all involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work. Anyone looking for a demonstration that technical DRM is doomed should watch this story unfold.” (Bruce Schneier on Microsoft DRM, 15 October 2006)In a point-to-point environment, this DRM content protection approach is secure and works well. It is however cryptographically vulnerable when used in a “one-to-many” broadcasting environment (the “blowback attack”). In a DRM environment, one key common to all users, is used for a given piece of content. If this key is pirated, content is effectively available to all. This has serious implications for a mobile television operation based on DRM content protection.In a CA-based broadcasting system on the other hand, unique keys are generated for each subscriber and for each piece of content. These keys also change at different rates, making this approach far more resilient to pirate attacks.Company confidential: Internal usage only.
18Conditional Access (CA) Company confidential: Internal usage only.
19Mobile Broadcast Services Live broadcast multimedia content is accessible by mobile phonesDelivers content to a large audience more cost-effectively than a cellular networkTV channelsRadio ChannelsDataTelevision-style (non-broadcast) content has been available to mobile phone users since early-2005 via 2.5G and 3G networks. Although these mobile networks are optimised for the point-to-point delivery of content, they are not suitable for the mass distribution of the same content, because each mobile receiver must be provided with its own receive bandwidth. In a situation where many users try to simultaneously consume the same data at the same location, a provider could run out of bandwidth. In a Universal Mobile Telecommunications System (UMTS) cell for example, the maximum data rate for all users combined is approximately 2 Mb/s. This means that a cell’s serving capacity is exhausted when more than 31 services at 64 kb/s, or 15 services at 128 kb/s, or 7 services at 256 kb/s are simultaneously demanded.New mobile broadcasting technologies, on the other hand, provide solutions to alleviate these bandwidth restrictions on content delivery. It is now possible to broadcast real-time TV content to mobile devices through a separate and dedicated network. Transmission technologies have been specifically designed to ensure quality and reliability, while addressing issues such as mobility and the limited battery life of mobile devices.S-DMBDVB-HT-DMBCompany confidential: Internal usage only.
20Mobile CA TV and Radio services delivered to enabled mobile devices onlyRestricts service accessto paying subscribers onlyRegardless of the network technology employed, Mobile Broadcasting Services or Mobile TV promises new revenue opportunities. These services however, require a more robust and sophisticated content protection system than for DRM because of the “one-to-many” nature of broadcasting.CA technology has been successful at securing the revenue streams of content providers for many years in the traditional Pay-TV industry (terrestrial, cable or satellite). A CA system aims at enabling access to a service for paying viewers only. Content can be purchased in packages, a la carte or on a Pay Per View (PPV) basis.Company confidential: Internal usage only.
21Mobile Broadcasting Technologies MBMS (3GPP)Multimedia Broadcast Multicast Service is a broadcasting service that requires a UMTS network upgrade.ISDB-T (NHK)Terrestrial TV standard in Japan and Brazil. Also usable for mobile TV.MediaFLO (Qualcomm)Proprietary technology.DMB (Digital Multimedia Broadcasting)Digital radio transmission system for sending multimedia to mobiledevices. Based on Eureka-147 DAB standardAccepted as a standard by ETSI.The two most popular industry standards in the mobile broadcasting field are DMB and DVB:Digital Mobile Broadcasting (T-DMB & S-DMB)DMB is a video and audio broadcasting technology that provides broadcasting services to portable devices and mobile phones via terrestrial transmitters (T-DMB). It is based on the Eureka 147 Digital Audio Broadcasting (DAB) standard (also known as ITU-R Digital System A). T-DMB adds video support and text broadcasting to the DAB standard.Satellite DMB (S-DMB) is based on the ITU-R Digital System E technical specification. It uses a satellite, together with terrestrial repeaters, to achieve wide-area coverage for mobile TV.Digital Video Broadcasting – Handhelds (DVB-H)DVB-H is a global standard based on the DVB-T (Terrestrial) broadcasting standard, with an extension to provide support for mobile devices. It delivers content in broadcast mode using IP Datacasting (IPDC). DVB-T frequencies (VHF and UHF TV) are used for this service.A major challenge today is the availability of spectrum. T-DMB networks can be deployed on frequencies reserved for Digital Audio Broadcasting (DAB) services. For DVB-H networks, there is a very complex situation where, in many countries, spectrum earmarked for DVB-H services has to first be cleared of existing services e.g. analogue TV, before DVB-H services can be launched. This may delay the “roll-out” of DVB-H and give T-DMB networks an advantage.DVB-H (Digital Video Broadcasting-Handheld)Standard based on DVB-T and adapted to HandheldsAccepted as a standard by ETSICompany confidential: Internal usage only.
22Mobile Broadcasting Technologies DVB-HT-DMBS-DMBMBMSFLONetworkTerrestrialSatellite + TerrestrialOriginDVB-TDABITU-R Digital System EUMTSCDMAChannel size5,6,7,8 MHz1.5 MHz25 MHz5 MHz6 MHzBit rate7 to 11 Mbps1.5 Mbps7.68 Mbps0.384 MbpsUp to 11 MbpsBandUHF, VHF, LS(UMTS)Number of TV channelsUp to 30Up to kbps)Up to 3Adoption/TestsWorldwideKorea, China, EuropeKorea-US/UKIndustry supportStrongMediumLowDVB-H network requires a greater level of infrastructure to offer a similar service to DMB.DVB-H has the potential to deliver much higher data rates but uses higher order modulation and requires a much higher signal-to-noise ratio, which in turn requires many more sites or higher transmit power, both of which add considerably to the cost.However, from the point of view of DMB, matching the throughput of DVB-H is not necessary. It is possible to roll out an acceptable service using fewer carriers thereby saving costs on equipment and sites.In terms of spectrum availability DAB networks are already operational in many countries and in others spectrum has generally been set aside for DAB services. For DVB-H there is a very complex situation where, in many countries, spectrum marked for DVB-H services is required to be cleared of existing services e.g. analogue TV before DVB-H can be launched. This has the potential to curtail the development of DVB-H and gives DAB based DMB networks a distinct advantage. It is possible that DMB will quickly gain more widespread acceptance if it is able to be launched sooner.The final point is one of equipment availability. At the moment it is unlikely that DVB-H equipment will be available for deployment at S-band in the short term. DMB equipment is available at S-Band albeit for S-DMB rather than T-DMB however it is likely that T-DMB equipment will be available soon.Company confidential: Internal usage only.
23Competing CA Standards SIM approachBCast smart card profileSecurity related functions in (U)SIM and fully standardised KMSOpen Security Framework (OSF)Proprietary KMSDevice software approachDRM profileExtension of OMA DRM 2.0 to support broadcast.18CryptFully standardised KMSThere are currently two approaches to securing DVB mobile broadcasting services. Both are part of the ETSI TS v1.1.1 specification (also referred as the DVB Bluebook A100, Dec. 2005).Open Security Framework (OSF)This standard is based on Conditional Access technology and is tailored for mobile environments. It uses a secure hardware client component, which can be the mobile operator’s (U)SIM card.18CryptThis standard is based on OMA DRM 2.0 with extensions to support broadcasting. It is purely a device software based solution.Spec. not expectedto be completed before end-2007Spec. released.Company confidential: Internal usage only.
24OSF vs. 18Crypt OSF model 18Crypt model Issue with 18Crypt when a breach occurs:Does the MNO have a dedicated and specialized team to investigate hacked phones?Who is liable?Handset manufacturers will deny responsibility as they comply with standard requirements. Moreover there might be a conflict of interest as a hacked phone might generate more handset salesStack provider, software vendor, OS provider, …??If the handset manufacturer does not solve the breach the content owner will stop providing content and start legal actionThe keys of the phone can be revoked. But if one phone is pirated all phones in that model are very likely to be pirated. And this might lead to high operational costs to manage phone replacement or customer complaintsOSF modelIrdeto believes that the OSF approach is superior for the following reasons:1. It provides robust security as a result of the features built into its Java SIM platforms. It is a proven approach and implements the security techniques developed in combating piracy in Pay-TV applications. The OSF solution is ported onto a (U)SIM to carry the security applet. The (U)SIM is owned and controlled by the mobile operator, ensuring that his revenue stream is protected.2. It provides a single entity that is responsible for system security. This entity will investigate piracy attacks and restore system security in the event that a breach occurs. In 18Crypt (and in OMA DRM in general), the response to a security breach is to revoke the entire population of devices in which a security breach occurs; this is commercially infeasible once a large number of devices has been deployed.3. OSF provides the ability to replace the secure components of the device if the system is successfully attacked (in the form of either a downloadable replacement applet, or a replacement SIM card). This is less expensive than replacing the whole handset (for 18Crypt).4. OSF offers flexibility and differentiation. The OSF model allows regionalisation of Key Management System (KMS) implementations and it supports customisable business models.5. It is more widely supported by operators, broadcasters and the device manufacturers. Content providers are familiar and comfortable with CA technology. Obtaining premium content is easier for CA-based operators, compared to DRM-based broadcasting deployments.6. OSF offers the possibility to SimulCrypt. This technique allows different operators the freedom to select different CA systems for a common broadcasting platform. SimulCrypt allows Mobile Network Operators (MNOs) in this situation to deploy their own CA system, without having to share this core component with their competitors.18Crypt modelCompany confidential: Internal usage only.
25Overall Mobile Architecture Encoder +ScramblerEncoderIPEModulatorControlWord (CW)(U)SIMor SMDECMs EMMsIrdeto CAControl SystemIrdeto PIsys offers:State-of-art securityNumerous business modelsSimplicity of useEase of integrationAdvanced bandwidth management.The basis of a CA system relies on the digital television stream being scrambled with a secret key. The secret key is then protected and transmitted along with the scrambled signal. In the receiver, the secret key is retrieved only if the user’s access-granting criteria are met. This method is a secure and proven technology, as it has been deployed and refined in Pay-TV CA systems for many years. The CA system offers a broad range of subscription models to meet operators’ requirements and business models.Content is conveyed to the end-user via the network, after scrambling at the head-end. The keys used to scramble the content (Control Words) are encrypted and embedded within the transmitted stream in the form of Entitlement Control Messages (ECMs). Encrypted end-user authorisations (entitlements) are conveyed to the device in the form of Entitlement Management Messages (EMMs). These EMMs can be conveyed to the end-user either in-band (IB) in the DVB-H signal, or out-of-band (OOB) SMSs (Short Message Services) via the 3G/GSM network.Subscriber Management SystemSMS-COTA serverCompany confidential: Internal usage only.
26Adapting CA solution to Mobile Mature & proven CA technologies available for Mobile service protectionIrdeto has developed two innovative technologies:Dual Key Hierarchy – limits bandwidth required for key exchangeRapid Refresh – increases security through rapid cycling of rightsMobile subscribers may be roaming or powered down for significant periods, but demand immediate gratification. The delivery of EMMs Over The Air (OTA) helps in reducing costs and ensures their rapid delivery to the device.Company confidential: Internal usage only.
27Irdeto CA Key Hierarchy Typical Key UsageTypical Key LifespanKey ManagementMonthsGroup size: 4,096 ~ 16,380 DevicesKey & Entitlement ManagementDays/WeeksGroup size: 256 ~ 1,792 DevicesCW ProvisioningHours/MinutesPer Service/EventScramblingSecondsPer 10s Content (crypto-period)Irdeto Key Hierarchy System:To manage large subscriber bases without imposing severe bandwidth penalties, Irdeto makes use of a multi-level key hierarchy in its CASs.At the top of the hierarchy is a unique key, known only to the CAS control system and the smart card. Further down the hierarchy, other keys are common to increasingly larger groups of smart cards.Smart card groups are used to reduce the bandwidth requirements of the CAS. Each member of a group is accessed by a common Group Key, rather than a series of individually addressed messages. Groups can be up to 256 subscribers in size. For example, if there are 1 million subscribers, instead of sending 1 million authorization or refresh messages, Group Keys reduce the number of messages by a factor of up to 256 or to about 3907 messages.At the bottom of the key hierarchy, the service key or Control Word is delivered to a smart card that possesses the correct product keys.Company confidential: Internal usage only.
29CA Business ModelsCompany confidential: Internal usage only.
30Supported CA Business Models Irdeto PIsys for Mobile supports different CA models:SubscriptionSubscription for a fixed duration, can either be a single channel or a bouquetPre-Paid with voucherVouchers are entitling particular package and duration. Enabling via phone (IVR or SMS) or Internet.Pre-enablementFree entitlement with flexible channel-choiceOrdered Pay per ViewSubscribers order an event via SMS, phone or internet every time they wish to watch an eventLocal Pay per ViewSubscriber has credit stored on SIM card. Credits are debited when the subscriber wishes to watch an event.Impulse Pay per ViewCredit stored on SIM but purchases are reported via return path to operator for (pre/post) billing and logging purposesVideo on demandContent to be delivered over the broadcast channel (Push VOD or nVOD) or over the cellular network (VOD over 3G).PVRPush-VOD, DRM models; CA and DRM integration requiredCompany confidential: Internal usage only.
31Head-end & Client Architectures Company confidential: Internal usage only.
32Head-end architecture EncoderScramblerIP EncapsulatorContentSimulcrypt ECMs/CWsDVB-HScheduling SystemIB EMMsMultiplexerEISECMGKMSEMMGSMS-CGSM/ UMTSOOB EMMsSubscriber Management SystemIrdeto PIsys consists of several functional blocks:Entitlement Control Message (ECM) Generator – Generates the messages that ensure the secure delivery of the Control Words (CW) and access criteria to the (U)SIM card.Entitlement Management Message (EMM) Generator – Manages encryption keys and entitlements on (U)SIM cards.Encryption Manager – Controls the encryption and authentication of EMMs and ECMs.Key Management System (KMS) - Responsible for the secure storage and management of all keys associated with the Irdeto cryptographic system.Event Information System (EIS) - Responsible for managing the access criteria sets for services and/or events.PIsys database – Contains Security client details, Information related to the security hardware ((U)SIM or SMD), as well as Package and schedule information (access criteria sets)DatabaseOTA ServerApplet MgmtConditional Access SystemComponents supplied by IrdetoCompany confidential: Internal usage only.
33Client Side Architecture Mobile DeviceDVB-HDVB-HReceiverESGSDPESGClientApplicationsDecoderCDPIP StackDescramblerContentCWEMMEMMKMSDeviceAgent(Softcell)CAAppletGSM/ UMTSECMECM/CWClient CA ArchitectureThe mobile device receives the DVB-H signal and makes the multicast IP content available on the IP stack.Irdeto’s implementation of the KMS Device Agent (Softcell) is integrated into the DVB-H device by the handset manufacturer.Softcell receives ECMs and EMMs by joining IP multicast addresses after parsing SDP files, and sends them to the (U)SIM card.All security related computations are done by an Irdeto applet running in the multi-application JAVA (U)SIM card.The content encryption keys are then sent back via Softcell from the (U)SIM to the ISMACryp descrambler which is closely coupled with the H.264 decoder.A secure channel is used to protect the content encryption keys between the (U)SIM and the mobile device.GSMReceiverSMS BIPEMM/Msgs(U)SIMComponents supplied by IrdetoCompany confidential: Internal usage only.
34Hardware Component Irdeto supports 2 secure hardware components: SMD (Surface Mounted Device)SIM (Subscriber Identity Module)SMD can be supplied by Irdeto to manufacturer to be placed directly on the chipboard of their device. This is adapted for:Non-connected devices (PDAs, Portable Multimedia Players (PMPs), in-car devices)Phones without SIMs (CDMA phones)SIM is a smart card that securely stores the key identifying a mobile phone service subscriber, as well as subscription information, preferences and text messages. The equivalent of a SIM in UMTS is a Universal Subscriber Identity Module (USIM). Irdeto will place its secure Java applet on the existing MNOs SIM card.Company confidential: Internal usage only.
35Benefits of the (U)SIMThe (U)SIM is owned by the MNOs. It is their only asset in the mobile device. MNOs have full control over it. With DVB-H and an Irdeto CA solution, MNOs will keep ownership of their subscriber base.The (U)SIM is a tamper resistant device and as such, it offers high levels of security. With the Irdeto CA solution, the (U)SIM handles all security related processing (ECMs and EMMs).The (U)SIM offers easy-to-manage customer relationship. Customer management and service provisioning can be handled via the OTA server. In addition, security updates can be managed without swapping terminals or impacting the customer experience.Irdeto’s basic requirements for the (U)SIM are:JavaCard V & Global Platform V2.1.1Irdeto applet size on (U)SIM: ~30KOther security related requirements (available upon request).Company confidential: Internal usage only.
37Technology Partners Head-End Platforms Devices SIM Cards Irdeto partners with H/E equipment vendors to offer an integrated solution for broadcasting and mobile services, including service & content protection.Irdeto provides the necessary support to device manufacturers to ensure highly reliable and efficient integrations. The process is based on field experience with device manufacturers for TU Media.Irdeto’s solution is based on (U)SIM cards as well as OTA platforms, together with the technical expertise of leading smart card manufacturers.Company confidential: Internal usage only.
39USPs & Case StudiesCompany confidential: Internal usage only.
40Irdeto USPs Proven & Secure technologies: Conditional Access Solution optimized for Mobile environmentBandwidth saving techniquesDual hierarchy keysDelivery of rights out-of-bandOn-going bandwidth consumption enhancements…Based on the OSF specificationSingle accountable owner for securitySolution based on the (U)SIMFlexibilityHigh level of securityRequirement from the MNOs as they have full control on itIn case of a breach, only the Irdeto applet needs to be updated. This can be done over-the-air.Support of multiple subscription models that can be customized to the operators’ needsSimulCryptEase of integration for client (based on experience with over 20 different device manufacturers)Convergence of CA and DRM based on our knowledge and expertise in both areasIrdeto has supplied more than 300 successful DVB satellite, cable and IP content protection solutions to customers worldwide, using its content protection systems, and across a wide variety of subscriber base sizes. Irdeto has experienced implementation engineers on its staff who will ensure that the content protection solution we deliver meets the security requirements of the proposed project.Aside from the advantage of choosing a content security vendor with an excellent security record and a long-term strategy aimed at maximising operator revenues, minimising operator costs and eliminating piracy, we believe that the USPs of the Irdeto content protection proposition are:Certified CA solution: The Merdan Group (USA) has certified the Irdeto SoftClient IPTV CA system as being highly robust for Pay-TV applicationsNo piracy for 6 years: Irdeto’s content protection systems have been free of piracy for more than 6 years.Unique security strategy: Irdeto’s content security system resilience is based on a unique combination of high technology, combating piracy activities and lobbying for anti-piracy legislation.Low EMM Bandwidth CAS: Irdeto’s patented multi-layer key hierarchy reduces the EMM (subscriber entitlement) bandwidth required for a CA operation. This permits the operator to re-deploy the saved bandwidth for other revenue-generating opportunities.Hybrid operation from one CA system: Content protection for some combinations of mediums is possible with the Irdeto PIsys CA system. PIsys is suitable for digital TV, IPTV and Mobile operations.Company confidential: Internal usage only.
41World’s First Mobile Multimedia Broadcasting Service Ku-Band12,214-12,239 GHz7,877 gap fillers in 2005.Coverage over 58 cities.Ku-Band13,824-13,883 GHzS-Band2,630-2,655 GHzS-DMBBroadcasting centerWorld’s First Mobile Multimedia Broadcasting ServiceMarch 2004: Satellite launchMay 2005: Commercial launch of TU Media serviceMay 2006: 540,000 subscribersAugust 2006: 680,000 subscribersIn 2003, Irdeto signed the world’s first mobile CA contract with SK Telecom of Korea (later re-organised as TU Media). It introduced the S-DMB system for broadcasting video, audio and data to various types of mobile receivers (mobile phones, portable receivers, PDAs and in-car devices), supplied by leading manufacturers (Motorola, Samsung, LG, etc.). TU Media currently offers 15 TV channels and 19 radio channels to more than 40 different types of S-DMB receivers. This is currently the largest mobile broadcasting operation worldwide, with more than 750,000 subscribers (September 2006) since its commercial launch in May 2005.Company confidential: Internal usage only.
42Services Devices Pricing 15 video channelsEntertainment, Sport, News, Music, Movie, Drama, Adult, Games, Education & MLB19 audio channelsOver 40 different devices including mobile Phones, PDAs, in-car devices, PMPs.Irdeto supplied over 2 millions SMDs/SIMs to the Korean S-DMB device manufacturers.PricingInitial Subscription fee:Approx. US$16Monthly Subscription fee:Approx. US$Premium Channel:US$ 3-4 per monthIrdeto has supplied more than 2 million SMDs/SIMs to the Korean S-DMB device manufacturersCompany confidential: Internal usage only.
43(Berlin, Stuttgart, Köln, Frankfurt, München, Nürnberg, Hamburg, Service launched before the 2006 world cup of Football in Germany on May 31st, 2006.(Berlin, Stuttgart, Köln, Frankfurt,München, Nürnberg, Hamburg,Leipzig, Hannover, Dortmund,Gelsenkirchen, Saarbrücken)Services4 video channels2 DAB audio channelsPricing24 months subscription contractMonthly subscription fee: € 9.95Samsung handset: € 169LG handset: € 99debitel (Germany); since its commercial launch in May 2006, an Irdeto CA solution has been protecting content for this operation, offering 4 TV channels and 2 DAB radio channels.Company confidential: Internal usage only.