Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Content for MobileTV

Similar presentations


Presentation on theme: "Protecting Content for MobileTV"— Presentation transcript:

1 Protecting Content for MobileTV
BES Conference February 2007 This presentation provides an overview of the characteristics of typical mobile broadcasting operations. Service and Content protection systems are key enablers for delivering new revenue streams for mobile operators. Different access control techniques are covered. Please see our web site: Company confidential: Internal usage only.

2 Service & Content Protection
Agenda Agenda Mobile TV Service & Content Protection Irdeto Solutions Company confidential: Internal usage only.

3 Service & Content Protection
Agenda Agenda Mobile TV Service & Content Protection Irdeto Solutions . Company confidential: Internal usage only.

4 Mobile Communications
Digital Convergence Television Mobile Communications Television Over 4 billion users Mobile Communications Over 2 billion GSM subscribers) 3 billion subscribers expected by end of 2010 (Ovum). Mobile TV Ever-growing numbers of consumers are embracing the personal benefits of the digital media age. Following the mass-adoption of portable digital audio devices, such as the Apple iPod, many people are becoming aware that they can be liberated from the traditional constraints of consuming media content – it can now be consumed at any time, any place and on a broad range of personal devices. Attractive new services Easy to understand Successful launch (over cellular network) … but issue with network capacities Company confidential: Internal usage only.

5 Mobile Netowrk Operator
The Return Channel Mobile Broadcasting networks and cellular networks (GSM, GPRS or UMTS) are complementary to Mobile TV services. The cellular networks provide a ‘return channel’ for: Service request Service charging/payment Video-on-Demand (VOD) Other interactive services (voting, betting, information) Mobile Netowrk Operator (GSM, GPRS, UMTS) Mobile Broadcaster (DVB-H) Existing cellular telephony operations are compatible with and can enhance emerging Mobile broadcasting propositions. Company confidential: Internal usage only.

6 Challenges facing Mobile TV
Regulatory factors Frequency allocation and Licensing Technology factors Standardization, Availability of terminals Interoperability Network (reception in mobile situation) Similar to Cellular networks Delivery costs low enough for a profitable value chain International roaming ? Service & Content Protection To set up a trustworthy environment To secure revenue streams A true consumers’ value proposition (not simply a technology) Content (Live TV / TV-on demand / Push TV, not simply a rebroadcast of terrestrial content) Relevant Services (Interactivity, ESG and additional information) Positive user experience (Easy to use & easy to pay service) Value for money & Straightforward pricing Consumers Demand and acceptance Business factors Business models Co-operation along the value chain (“win-win”) Solving a wide variety of problems is required for a mobile operation to become successful. One of these aspects is Service and content protection. Company confidential: Internal usage only.

7 Service & Content Protection
Agenda Agenda Mobile TV Service & Content Protection Irdeto Solutions Company confidential: Internal usage only.

8 Why Service & Content Protection?
Service and Content protection is critical for the success of mobile business models. Content Owners Service Providers Consumers Want to protect the rights of their assets, and to control their consumption Want to secure revenues Want Trust in the delivery mechanism Want to protect their return on investment Want to build a trustworthy network Want to optimize revenues through multiple subscription models Prepared to pay for premium content. Want choice and flexibility in the way they consume content. With more than 4 billion TV users and more than 2 billion mobile phone users worldwide, the wireless and broadcast industries are seeing the business opportunities for generating new revenue streams by offering a variety of multimedia services to mobile devices. To secure revenue streams, valuable content needs to be secured in its delivery through the network to the end-user. Service & Content protection solutions are available to mobile multimedia service providers. They fall into two categories: Company confidential: Internal usage only.

9 Service & Content Protection
Live Broadcast Re-Distribution Service Protection Content Protection Ensures that only paying customers have access to content Solution: Conditional Access (CA) Controls the use of content once it has reached the device Solution: Digital Rights Management (DRM) To secure revenue streams, Service & Content protection solutions are available to mobile multimedia service providers. They fall into two categories: Content Protection Digital Rights Management (DRM) techniques are employed to control and protect the use and consumption of content, according to business rules, in the end-user device. Mobile DRM is primarily concerned with protecting digital content, such as ring tones, wallpaper/screensavers, games, audio and video clips that can be downloaded to portable devices over the mobile network. Note however that DRM techniques are not suitable for protecting higher value content, such as broadcast TV. Service Protection Conditional Access (CA) is a technique that is employed to enable the access to broadcasting content for subscribing customers only. It is a good approach for operators who wish to offer high value audio and video services via a variety of business models, on a per-service basis i.e. monthly subscription, Pay Per View (PPV) etc. The two technologies can work together to protect recorded content ! Company confidential: Internal usage only.

10 Digital Rights Management (DRM)
Company confidential: Internal usage only.

11 Downloading Services to Mobiles
Mobile phones have evolved into multimedia devices Technologies enable efficient delivery of rich multimedia content (from ring tones to live TV) to mobiles Pictures Ringtones Games Video clips Peer-to-peer connection DRM systems have been designed as a means for managing and controlling the consumption of digital files (e.g. games or multimedia content) delivered as a point-to-point service. They are based on enforcing rules of usage in the portable device itself (based on a counter e.g. play 3 times, or timer e.g. play for 5 days). Music MP3 Company confidential: Internal usage only.

12 Mobile DRM Rich multimedia content is delivered to mobile devices
Protects the interests of the content rights owner, by providing a way to control access to the use and consumption of digital content Several opportunities and business models are available to the operator for defining new ways of selling, distributing and consuming content for mobile end-users. Opportunity to define new ways of selling, distributing and consuming content Company confidential: Internal usage only.

13 Standards Many proprietary standards (e.g. Microsoft, iTunes)
Open standard specified by OMA The Open Mobile Alliance (OMA) is a mobile industry organization dedicated to promoting the worldwide adoption of mobile data services by emphasizing interoperability across devices and networks. OMA was formed in June The 350 member companies represent the world’s leading mobile operators, device and network suppliers, information technology companies, application developers and content providers. OMA DRM specifications released: OMA DRM 1.0 (2004) OMA DRM 2.0 (2006) The IPR licensing terms & conditions are defined by the CMLA (Content Management License Administrator) which is a licensing and compliance entity formed to provide a full solution implementation of OMA DRM 2.0. DRM Standards In addition to proprietary standards (e.g. Apple iTunes, Microsoft DRM, Irdeto KeyDRM), an open standard for mobile applications also exists: the Open Mobile Alliance (OMA). This is an organisation of over 350 companies that has since 2002, defined the OMA Download, OMA DRM and other standards for the mobile device industry. Standards, such as OMA, are important to mobile operators. They facilitate the availability of multi-vendor solutions, while promoting compatibility between the systems. Ultimately, it leads to reduced prices for all players in the value chain (manufacturers, network operators and consumers). Company confidential: Internal usage only.

14 OMA DRM 1.0 DRM v.1.0 Features: Forward lock Combined delivery
Content DRM message Device prohibited from forwarding content to other devices DRM v.1.0 Features: Combined delivery DRM message Content Rights Adds rights definition to control content usage Separate delivery Rights Content Enable super distribution Company confidential: Internal usage only.

15 OMA DRM 2.0 DRM v.2.0 Features: Enhanced Security
Higher security to ensure authenticity and integrity of both content and right object Rights object and content encryption key encrypted using device’s public key to bind to target device Mutual authentication between device and rights issuer Rights issuer can accurately identify device to determine revocation status (Device revocation) DRM v.2.0 Features: Support for a variety of distribution and payment use cases while enhancing user experience User can preview content User can register several devices for playback (Domain) DRM content can be shared between devices Non-connected devices acquire content rights via connected device Use of removable media/storage More Security More business models Company confidential: Internal usage only.

16 Content Encryption keys
OMA DRM Architecture Content Encryption keys Rights Issuer Content Issuer 2 Purchase “rights” and establish trust 3 Establish Trust, purchase and deliver rights object 4 Browse to website and download protected content 6 1 Deliver protected rights object Share content within a user-domain The diagram shows that the DRM agent is integrated into the handset, while at the head-end, one or two entities manage the “trust” within the system. The trust created by the trust entity is used by the DRM server and the DRM agent to exchange (public/private cryptographic) keys, which are in turn used to implement a secure settlement/transaction of rights. The management of trust thus lies with an independent entity, with the merchants employing this trust in their business propositions to subscribers. 5 Super-distribute content to a friend User Company confidential: Internal usage only.

17 DRM not suitable for Mobile TV
Device-based DRM does not work for Mobile TV “Japanese mobile giant NTT DoCoMo is scrambling to release a new version of its popular mobile TV handset after unscrupulous users found a loophole allowing them to watch free mobile TV.” (loss of €250 per handset) A breach in Microsoft DRM “A program called Fairuse4wm has been posted on the net and is said to be capable of bypassing Microsoft’s Digital Rights Management (DRM) system.” “BSkyB has suspended its Sky by Broadband movie service until Microsoft patches a security loophole in its Windows DRM technology” Fixing DRM does not work ! "DRM is fundamentally an impossible problem. Making it work at all involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work. Anyone looking for a demonstration that technical DRM is doomed should watch this story unfold.” (Bruce Schneier on Microsoft DRM, 15 October 2006) In a point-to-point environment, this DRM content protection approach is secure and works well. It is however cryptographically vulnerable when used in a “one-to-many” broadcasting environment (the “blowback attack”). In a DRM environment, one key common to all users, is used for a given piece of content. If this key is pirated, content is effectively available to all. This has serious implications for a mobile television operation based on DRM content protection. In a CA-based broadcasting system on the other hand, unique keys are generated for each subscriber and for each piece of content. These keys also change at different rates, making this approach far more resilient to pirate attacks. Company confidential: Internal usage only.

18 Conditional Access (CA)
Company confidential: Internal usage only.

19 Mobile Broadcast Services
Live broadcast multimedia content is accessible by mobile phones Delivers content to a large audience more cost-effectively than a cellular network TV channels Radio Channels Data Television-style (non-broadcast) content has been available to mobile phone users since early-2005 via 2.5G and 3G networks. Although these mobile networks are optimised for the point-to-point delivery of content, they are not suitable for the mass distribution of the same content, because each mobile receiver must be provided with its own receive bandwidth. In a situation where many users try to simultaneously consume the same data at the same location, a provider could run out of bandwidth. In a Universal Mobile Telecommunications System (UMTS) cell for example, the maximum data rate for all users combined is approximately 2 Mb/s. This means that a cell’s serving capacity is exhausted when more than 31 services at 64 kb/s, or 15 services at 128 kb/s, or 7 services at 256 kb/s are simultaneously demanded. New mobile broadcasting technologies, on the other hand, provide solutions to alleviate these bandwidth restrictions on content delivery. It is now possible to broadcast real-time TV content to mobile devices through a separate and dedicated network. Transmission technologies have been specifically designed to ensure quality and reliability, while addressing issues such as mobility and the limited battery life of mobile devices. S-DMB DVB-H T-DMB Company confidential: Internal usage only.

20 Mobile CA TV and Radio services delivered to enabled
mobile devices only Restricts service access to paying subscribers only Regardless of the network technology employed, Mobile Broadcasting Services or Mobile TV promises new revenue opportunities. These services however, require a more robust and sophisticated content protection system than for DRM because of the “one-to-many” nature of broadcasting. CA technology has been successful at securing the revenue streams of content providers for many years in the traditional Pay-TV industry (terrestrial, cable or satellite). A CA system aims at enabling access to a service for paying viewers only. Content can be purchased in packages, a la carte or on a Pay Per View (PPV) basis. Company confidential: Internal usage only.

21 Mobile Broadcasting Technologies
MBMS (3GPP) Multimedia Broadcast Multicast Service is a broadcasting service that requires a UMTS network upgrade. ISDB-T (NHK) Terrestrial TV standard in Japan and Brazil. Also usable for mobile TV. MediaFLO (Qualcomm) Proprietary technology. DMB (Digital Multimedia Broadcasting) Digital radio transmission system for sending multimedia to mobile devices. Based on Eureka-147 DAB standard Accepted as a standard by ETSI. The two most popular industry standards in the mobile broadcasting field are DMB and DVB: Digital Mobile Broadcasting (T-DMB & S-DMB) DMB is a video and audio broadcasting technology that provides broadcasting services to portable devices and mobile phones via terrestrial transmitters (T-DMB). It is based on the Eureka 147 Digital Audio Broadcasting (DAB) standard (also known as ITU-R Digital System A). T-DMB adds video support and text broadcasting to the DAB standard. Satellite DMB (S-DMB) is based on the ITU-R Digital System E technical specification. It uses a satellite, together with terrestrial repeaters, to achieve wide-area coverage for mobile TV. Digital Video Broadcasting – Handhelds (DVB-H) DVB-H is a global standard based on the DVB-T (Terrestrial) broadcasting standard, with an extension to provide support for mobile devices. It delivers content in broadcast mode using IP Datacasting (IPDC). DVB-T frequencies (VHF and UHF TV) are used for this service. A major challenge today is the availability of spectrum. T-DMB networks can be deployed on frequencies reserved for Digital Audio Broadcasting (DAB) services. For DVB-H networks, there is a very complex situation where, in many countries, spectrum earmarked for DVB-H services has to first be cleared of existing services e.g. analogue TV, before DVB-H services can be launched. This may delay the “roll-out” of DVB-H and give T-DMB networks an advantage. DVB-H (Digital Video Broadcasting-Handheld) Standard based on DVB-T and adapted to Handhelds Accepted as a standard by ETSI Company confidential: Internal usage only.

22 Mobile Broadcasting Technologies
DVB-H T-DMB S-DMB MBMS FLO Network Terrestrial Satellite + Terrestrial Origin DVB-T DAB ITU-R Digital System E UMTS CDMA Channel size 5,6,7,8 MHz 1.5 MHz 25 MHz 5 MHz 6 MHz Bit rate 7 to 11 Mbps 1.5 Mbps 7.68 Mbps 0.384 Mbps Up to 11 Mbps Band UHF, VHF, L S (UMTS) Number of TV channels Up to 30 Up to kbps) Up to 3 Adoption/ Tests Worldwide Korea, China, Europe Korea - US/UK Industry support Strong Medium Low DVB-H network requires a greater level of infrastructure to offer a similar service to DMB. DVB-H has the potential to deliver much higher data rates but uses higher order modulation and requires a much higher signal-to-noise ratio, which in turn requires many more sites or higher transmit power, both of which add considerably to the cost. However, from the point of view of DMB, matching the throughput of DVB-H is not necessary. It is possible to roll out an acceptable service using fewer carriers thereby saving costs on equipment and sites. In terms of spectrum availability DAB networks are already operational in many countries and in others spectrum has generally been set aside for DAB services. For DVB-H there is a very complex situation where, in many countries, spectrum marked for DVB-H services is required to be cleared of existing services e.g. analogue TV before DVB-H can be launched. This has the potential to curtail the development of DVB-H and gives DAB based DMB networks a distinct advantage. It is possible that DMB will quickly gain more widespread acceptance if it is able to be launched sooner. The final point is one of equipment availability. At the moment it is unlikely that DVB-H equipment will be available for deployment at S-band in the short term. DMB equipment is available at S-Band albeit for S-DMB rather than T-DMB however it is likely that T-DMB equipment will be available soon. Company confidential: Internal usage only.

23 Competing CA Standards
SIM approach BCast smart card profile Security related functions in (U)SIM and fully standardised KMS Open Security Framework (OSF) Proprietary KMS Device software approach DRM profile Extension of OMA DRM 2.0 to support broadcast. 18Crypt Fully standardised KMS There are currently two approaches to securing DVB mobile broadcasting services. Both are part of the ETSI TS v1.1.1 specification (also referred as the DVB Bluebook A100, Dec. 2005). Open Security Framework (OSF) This standard is based on Conditional Access technology and is tailored for mobile environments. It uses a secure hardware client component, which can be the mobile operator’s (U)SIM card. 18Crypt This standard is based on OMA DRM 2.0 with extensions to support broadcasting. It is purely a device software based solution. Spec. not expected to be completed before end-2007 Spec. released. Company confidential: Internal usage only.

24 OSF vs. 18Crypt OSF model 18Crypt model
Issue with 18Crypt when a breach occurs: Does the MNO have a dedicated and specialized team to investigate hacked phones? Who is liable? Handset manufacturers will deny responsibility as they comply with standard requirements. Moreover there might be a conflict of interest as a hacked phone might generate more handset sales Stack provider, software vendor, OS provider, …?? If the handset manufacturer does not solve the breach the content owner will stop providing content and start legal action The keys of the phone can be revoked. But if one phone is pirated all phones in that model are very likely to be pirated. And this might lead to high operational costs to manage phone replacement or customer complaints OSF model Irdeto believes that the OSF approach is superior for the following reasons: 1. It provides robust security as a result of the features built into its Java SIM platforms. It is a proven approach and implements the security techniques developed in combating piracy in Pay-TV applications. The OSF solution is ported onto a (U)SIM to carry the security applet. The (U)SIM is owned and controlled by the mobile operator, ensuring that his revenue stream is protected. 2. It provides a single entity that is responsible for system security. This entity will investigate piracy attacks and restore system security in the event that a breach occurs. In 18Crypt (and in OMA DRM in general), the response to a security breach is to revoke the entire population of devices in which a security breach occurs; this is commercially infeasible once a large number of devices has been deployed. 3. OSF provides the ability to replace the secure components of the device if the system is successfully attacked (in the form of either a downloadable replacement applet, or a replacement SIM card). This is less expensive than replacing the whole handset (for 18Crypt). 4. OSF offers flexibility and differentiation. The OSF model allows regionalisation of Key Management System (KMS) implementations and it supports customisable business models. 5. It is more widely supported by operators, broadcasters and the device manufacturers. Content providers are familiar and comfortable with CA technology. Obtaining premium content is easier for CA-based operators, compared to DRM-based broadcasting deployments. 6. OSF offers the possibility to SimulCrypt. This technique allows different operators the freedom to select different CA systems for a common broadcasting platform. SimulCrypt allows Mobile Network Operators (MNOs) in this situation to deploy their own CA system, without having to share this core component with their competitors. 18Crypt model Company confidential: Internal usage only.

25 Overall Mobile Architecture
Encoder + Scrambler Encoder IPE Modulator Control Word (CW) (U)SIM or SMD ECMs EMMs Irdeto CA Control System Irdeto PIsys offers: State-of-art security Numerous business models Simplicity of use Ease of integration Advanced bandwidth management. The basis of a CA system relies on the digital television stream being scrambled with a secret key. The secret key is then protected and transmitted along with the scrambled signal. In the receiver, the secret key is retrieved only if the user’s access-granting criteria are met. This method is a secure and proven technology, as it has been deployed and refined in Pay-TV CA systems for many years. The CA system offers a broad range of subscription models to meet operators’ requirements and business models. Content is conveyed to the end-user via the network, after scrambling at the head-end. The keys used to scramble the content (Control Words) are encrypted and embedded within the transmitted stream in the form of Entitlement Control Messages (ECMs). Encrypted end-user authorisations (entitlements) are conveyed to the device in the form of Entitlement Management Messages (EMMs). These EMMs can be conveyed to the end-user either in-band (IB) in the DVB-H signal, or out-of-band (OOB) SMSs (Short Message Services) via the 3G/GSM network. Subscriber Management System SMS-C OTA server Company confidential: Internal usage only.

26 Adapting CA solution to Mobile
Mature & proven CA technologies available for Mobile service protection Irdeto has developed two innovative technologies: Dual Key Hierarchy – limits bandwidth required for key exchange Rapid Refresh – increases security through rapid cycling of rights Mobile subscribers may be roaming or powered down for significant periods, but demand immediate gratification. The delivery of EMMs Over The Air (OTA) helps in reducing costs and ensures their rapid delivery to the device. Company confidential: Internal usage only.

27 Irdeto CA Key Hierarchy
Typical Key Usage Typical Key Lifespan Key Management Months Group size: 4,096 ~ 16,380 Devices Key & Entitlement Management Days/Weeks Group size: 256 ~ 1,792 Devices CW Provisioning Hours/Minutes Per Service/Event Scrambling Seconds Per 10s Content (crypto-period) Irdeto Key Hierarchy System: To manage large subscriber bases without imposing severe bandwidth penalties, Irdeto makes use of a multi-level key hierarchy in its CASs. At the top of the hierarchy is a unique key, known only to the CAS control system and the smart card. Further down the hierarchy, other keys are common to increasingly larger groups of smart cards. Smart card groups are used to reduce the bandwidth requirements of the CAS. Each member of a group is accessed by a common Group Key, rather than a series of individually addressed messages. Groups can be up to 256 subscribers in size. For example, if there are 1 million subscribers, instead of sending 1 million authorization or refresh messages, Group Keys reduce the number of messages by a factor of up to 256 or to about 3907 messages. At the bottom of the key hierarchy, the service key or Control Word is delivered to a smart card that possesses the correct product keys. Company confidential: Internal usage only.

28 Service & Content Protection
Agenda Agenda Mobile TV Service & Content Protection Irdeto Solutions Company confidential: Internal usage only.

29 CA Business Models Company confidential: Internal usage only.

30 Supported CA Business Models
Irdeto PIsys for Mobile supports different CA models: Subscription Subscription for a fixed duration, can either be a single channel or a bouquet Pre-Paid with voucher Vouchers are entitling particular package and duration. Enabling via phone (IVR or SMS) or Internet. Pre-enablement Free entitlement with flexible channel-choice Ordered Pay per View Subscribers order an event via SMS, phone or internet every time they wish to watch an event Local Pay per View Subscriber has credit stored on SIM card. Credits are debited when the subscriber wishes to watch an event. Impulse Pay per View Credit stored on SIM but purchases are reported via return path to operator for (pre/post) billing and logging purposes Video on demand Content to be delivered over the broadcast channel (Push VOD or nVOD) or over the cellular network (VOD over 3G). PVR Push-VOD, DRM models; CA and DRM integration required Company confidential: Internal usage only.

31 Head-end & Client Architectures
Company confidential: Internal usage only.

32 Head-end architecture
Encoder Scrambler IP Encapsulator Content Simulcrypt ECMs/CWs DVB-H Scheduling System IB EMMs Multiplexer EIS ECMG KMS EMMG SMS-C GSM/ UMTS OOB EMMs Subscriber Management System Irdeto PIsys consists of several functional blocks: Entitlement Control Message (ECM) Generator – Generates the messages that ensure the secure delivery of the Control Words (CW) and access criteria to the (U)SIM card. Entitlement Management Message (EMM) Generator – Manages encryption keys and entitlements on (U)SIM cards. Encryption Manager – Controls the encryption and authentication of EMMs and ECMs. Key Management System (KMS) - Responsible for the secure storage and management of all keys associated with the Irdeto cryptographic system. Event Information System (EIS) - Responsible for managing the access criteria sets for services and/or events. PIsys database – Contains Security client details, Information related to the security hardware ((U)SIM or SMD), as well as Package and schedule information (access criteria sets) Database OTA Server Applet Mgmt Conditional Access System Components supplied by Irdeto Company confidential: Internal usage only.

33 Client Side Architecture
Mobile Device DVB-H DVB-H Receiver ESG SDP ESG Client Applications Decoder CDP IP Stack Descrambler Content CW EMM EMM KMS Device Agent (Softcell) CA Applet GSM/ UMTS ECM ECM/CW Client CA Architecture The mobile device receives the DVB-H signal and makes the multicast IP content available on the IP stack. Irdeto’s implementation of the KMS Device Agent (Softcell) is integrated into the DVB-H device by the handset manufacturer. Softcell receives ECMs and EMMs by joining IP multicast addresses after parsing SDP files, and sends them to the (U)SIM card. All security related computations are done by an Irdeto applet running in the multi-application JAVA (U)SIM card. The content encryption keys are then sent back via Softcell from the (U)SIM to the ISMACryp descrambler which is closely coupled with the H.264 decoder. A secure channel is used to protect the content encryption keys between the (U)SIM and the mobile device. GSM Receiver SMS BIP EMM/Msgs (U)SIM Components supplied by Irdeto Company confidential: Internal usage only.

34 Hardware Component Irdeto supports 2 secure hardware components:
SMD (Surface Mounted Device) SIM (Subscriber Identity Module) SMD can be supplied by Irdeto to manufacturer to be placed directly on the chipboard of their device. This is adapted for: Non-connected devices (PDAs, Portable Multimedia Players (PMPs), in-car devices) Phones without SIMs (CDMA phones) SIM is a smart card that securely stores the key identifying a mobile phone service subscriber, as well as subscription information, preferences and text messages. The equivalent of a SIM in UMTS is a Universal Subscriber Identity Module (USIM). Irdeto will place its secure Java applet on the existing MNOs SIM card. Company confidential: Internal usage only.

35 Benefits of the (U)SIM The (U)SIM is owned by the MNOs. It is their only asset in the mobile device. MNOs have full control over it. With DVB-H and an Irdeto CA solution, MNOs will keep ownership of their subscriber base. The (U)SIM is a tamper resistant device and as such, it offers high levels of security. With the Irdeto CA solution, the (U)SIM handles all security related processing (ECMs and EMMs). The (U)SIM offers easy-to-manage customer relationship. Customer management and service provisioning can be handled via the OTA server. In addition, security updates can be managed without swapping terminals or impacting the customer experience. Irdeto’s basic requirements for the (U)SIM are: JavaCard V & Global Platform V2.1.1 Irdeto applet size on (U)SIM: ~30K Other security related requirements (available upon request). Company confidential: Internal usage only.

36 Interoperability Company confidential: Internal usage only.

37 Technology Partners Head-End Platforms Devices SIM Cards
Irdeto partners with H/E equipment vendors to offer an integrated solution for broadcasting and mobile services, including service & content protection. Irdeto provides the necessary support to device manufacturers to ensure highly reliable and efficient integrations. The process is based on field experience with device manufacturers for TU Media. Irdeto’s solution is based on (U)SIM cards as well as OTA platforms, together with the technical expertise of leading smart card manufacturers. Company confidential: Internal usage only.

38 Some DVB-H devices Company confidential: Internal usage only.

39 USPs & Case Studies Company confidential: Internal usage only.

40 Irdeto USPs Proven & Secure technologies: Conditional Access
Solution optimized for Mobile environment Bandwidth saving techniques Dual hierarchy keys Delivery of rights out-of-band On-going bandwidth consumption enhancements… Based on the OSF specification Single accountable owner for security Solution based on the (U)SIM Flexibility High level of security Requirement from the MNOs as they have full control on it In case of a breach, only the Irdeto applet needs to be updated. This can be done over-the-air. Support of multiple subscription models that can be customized to the operators’ needs SimulCrypt Ease of integration for client (based on experience with over 20 different device manufacturers) Convergence of CA and DRM based on our knowledge and expertise in both areas Irdeto has supplied more than 300 successful DVB satellite, cable and IP content protection solutions to customers worldwide, using its content protection systems, and across a wide variety of subscriber base sizes. Irdeto has experienced implementation engineers on its staff who will ensure that the content protection solution we deliver meets the security requirements of the proposed project. Aside from the advantage of choosing a content security vendor with an excellent security record and a long-term strategy aimed at maximising operator revenues, minimising operator costs and eliminating piracy, we believe that the USPs of the Irdeto content protection proposition are: Certified CA solution: The Merdan Group (USA) has certified the Irdeto SoftClient IPTV CA system as being highly robust for Pay-TV applications No piracy for 6 years: Irdeto’s content protection systems have been free of piracy for more than 6 years. Unique security strategy: Irdeto’s content security system resilience is based on a unique combination of high technology, combating piracy activities and lobbying for anti-piracy legislation. Low EMM Bandwidth CAS: Irdeto’s patented multi-layer key hierarchy reduces the EMM (subscriber entitlement) bandwidth required for a CA operation. This permits the operator to re-deploy the saved bandwidth for other revenue-generating opportunities. Hybrid operation from one CA system: Content protection for some combinations of mediums is possible with the Irdeto PIsys CA system. PIsys is suitable for digital TV, IPTV and Mobile operations. Company confidential: Internal usage only.

41 World’s First Mobile Multimedia Broadcasting Service
Ku-Band 12,214-12,239 GHz 7,877 gap fillers in 2005. Coverage over 58 cities. Ku-Band 13,824-13,883 GHz S-Band 2,630-2,655 GHz S-DMB Broadcasting center World’s First Mobile Multimedia Broadcasting Service March 2004: Satellite launch May 2005: Commercial launch of TU Media service May 2006: 540,000 subscribers August 2006: 680,000 subscribers In 2003, Irdeto signed the world’s first mobile CA contract with SK Telecom of Korea (later re-organised as TU Media). It introduced the S-DMB system for broadcasting video, audio and data to various types of mobile receivers (mobile phones, portable receivers, PDAs and in-car devices), supplied by leading manufacturers (Motorola, Samsung, LG, etc.). TU Media currently offers 15 TV channels and 19 radio channels to more than 40 different types of S-DMB receivers. This is currently the largest mobile broadcasting operation worldwide, with more than 750,000 subscribers (September 2006) since its commercial launch in May 2005. Company confidential: Internal usage only.

42 Services Devices Pricing
15 video channels Entertainment, Sport, News, Music, Movie, Drama, Adult, Games, Education & MLB 19 audio channels Over 40 different devices including mobile Phones, PDAs, in-car devices, PMPs. Irdeto supplied over 2 millions SMDs/SIMs to the Korean S-DMB device manufacturers. Pricing Initial Subscription fee: Approx. US$16 Monthly Subscription fee: Approx. US$ Premium Channel: US$ 3-4 per month Irdeto has supplied more than 2 million SMDs/SIMs to the Korean S-DMB device manufacturers Company confidential: Internal usage only.

43 (Berlin, Stuttgart, Köln, Frankfurt, München, Nürnberg, Hamburg,
Service launched before the 2006 world cup of Football in Germany on May 31st, 2006. (Berlin, Stuttgart, Köln, Frankfurt, München, Nürnberg, Hamburg, Leipzig, Hannover, Dortmund, Gelsenkirchen, Saarbrücken) Services 4 video channels 2 DAB audio channels Pricing 24 months subscription contract Monthly subscription fee: € 9.95 Samsung handset: € 169 LG handset: € 99 debitel (Germany); since its commercial launch in May 2006, an Irdeto CA solution has been protecting content for this operation, offering 4 TV channels and 2 DAB radio channels. Company confidential: Internal usage only.


Download ppt "Protecting Content for MobileTV"

Similar presentations


Ads by Google