Irdeto for Mobile

Download Report

Transcript Irdeto for Mobile

Protecting Content
for MobileTV
BES Conference
February 2007
Company confidential: Internal usage only.
Agenda
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Company confidential: Internal usage only.
2
Agenda
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Company confidential: Internal usage only.
3
Digital Convergence
Television
Mobile Communications
Television
 Over 4 billion users
Mobile Communications
 Over 2 billion GSM subscribers)
 3 billion subscribers expected by end
of 2010 (Ovum).
Mobile TV



Company confidential: Internal usage only.
Attractive new services
Easy to understand
Successful launch (over cellular network)
… but issue with network capacities
4
The Return Channel


Mobile Broadcasting networks and cellular networks (GSM, GPRS or UMTS)
are complementary to Mobile TV services.
The cellular networks provide a ‘return channel’ for:




Service request
Service charging/payment
Video-on-Demand (VOD)
Other interactive services (voting, betting, information)
Mobile Broadcaster
(DVB-H)
Mobile Netowrk Operator
(GSM, GPRS, UMTS)
Company confidential: Internal usage only.
5
Challenges facing Mobile TV

Regulatory factors


Frequency allocation and Licensing
A true consumers’ value proposition
(not simply a technology)


Technology factors






Network (reception in mobile situation)




Standardization,
Availability of terminals
Interoperability
Similar to Cellular networks
Delivery costs low enough for a profitable
value chain
International roaming ?
Service & Content Protection


To set up a trustworthy environment
To secure revenue streams
Company confidential: Internal usage only.


Consumers


Content (Live TV / TV-on demand / Push
TV, not simply a rebroadcast of terrestrial
content)
Relevant Services (Interactivity, ESG and
additional information)
Positive user experience (Easy to use &
easy to pay service)
Value for money & Straightforward pricing
Demand and acceptance
Business factors


Business models
Co-operation along the value chain (“win-
win”)
6
Agenda
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Company confidential: Internal usage only.
7
Why Service & Content Protection?

Service and Content protection is critical for the success of mobile
business models.
Content Owners
Want to protect the
rights of their assets,
and to control their
consumption
 Want to secure
revenues
 Want Trust in the
delivery mechanism

Service Providers
Want to protect their
return on
investment
 Want to build a
trustworthy network
 Want to optimize
revenues through
multiple subscription
models
Consumers

Company confidential: Internal usage only.
Prepared to pay for
premium content.
 Want choice and
flexibility in the way
they consume
content.

8
Service & Content Protection
Re-Distribution
Live Broadcast
Service Protection
Content Protection
Ensures that only paying
customers have access to content
Controls the use of content
once it has reached the device
Solution:
Conditional Access (CA)
Solution:
Digital Rights Management (DRM)
The two technologies can work together to
protect recorded content !
Company confidential: Internal usage only.
9
Digital Rights Management (DRM)
Company confidential: Internal usage only.
Downloading Services to Mobiles


Pictures
Mobile phones have evolved into
multimedia devices
Technologies enable efficient delivery of
rich multimedia content (from ring tones
to live TV) to mobiles
Ringtones
Games
Video clips
Peer-to-peer connection
Music MP3
Company confidential: Internal usage only.
11
Mobile DRM
Rich multimedia content
is delivered to mobile devices
Protects the interests
of the content rights owner,
by providing a way to control
access to the use and
consumption of digital content
Opportunity to define new ways of selling,
distributing and consuming content
Company confidential: Internal usage only.
12
Standards


Many proprietary standards (e.g. Microsoft, iTunes)
Open standard specified by OMA




The Open Mobile Alliance (OMA) is a mobile industry organization
dedicated to promoting the worldwide adoption of mobile data
services by emphasizing interoperability across devices and
networks.
OMA was formed in June 2002. The 350 member companies
represent the world’s leading mobile operators, device and
network suppliers, information technology companies, application
developers and content providers.
OMA DRM specifications released:
- OMA DRM 1.0 (2004)
- OMA DRM 2.0 (2006)
The IPR licensing terms & conditions are defined by the CMLA
(Content Management License Administrator) which is a licensing
and compliance entity formed to provide a full solution
implementation of OMA DRM 2.0.
Company confidential: Internal usage only.
13
Forward lock
Combined delivery
Separate delivery
Separate delivery
DRM v.1.0
Features:
Combined delivery
Forward lock
OMA DRM 1.0
DRM message
Content
Device prohibited from forwarding
content to other devices
DRM message
Rights
Content
Adds rights definition to control
content usage
Rights
Enable super distribution
Content
Company confidential: Internal usage only.
14
OMA DRM 2.0

Enhanced Security



DRM v.2.0
Features:
More Security
More business
models


Higher security to ensure authenticity and integrity of
both content and right object
Rights object and content encryption key encrypted
using device’s public key to bind to target device
Mutual authentication between device and rights
issuer
Rights issuer can accurately identify device to
determine revocation status (Device revocation)
Support for a variety of distribution and
payment use cases while enhancing user
experience





Company confidential: Internal usage only.
User can preview content
User can register several devices for playback
(Domain)
DRM content can be shared between devices
Non-connected devices acquire content rights via
connected device
Use of removable media/storage
15
OMA DRM Architecture
Content Encryption keys
Content
Issuer
Rights
Issuer
2
Browse to website and
download protected
content
1
Purchase 3
“rights” and
establish
trust
Deliver
protected
rights object
5
Share content
within a user-domain
Company confidential: Internal usage only.
4
Establish
Trust,
6 purchase and
deliver rights
object
Super-distribute
content to a friend
User
16
DRM not suitable for Mobile TV

Device-based DRM does not work for Mobile TV


A breach in Microsoft DRM



“Japanese mobile giant NTT DoCoMo is scrambling to release a new version of its
popular mobile TV handset after unscrupulous users found a loophole allowing
them to watch free mobile TV.” (loss of €250 per handset)
“A program called Fairuse4wm has been posted on the net and is said to be capable
of bypassing Microsoft’s Digital Rights Management (DRM) system.”
“BSkyB has suspended its Sky by Broadband movie service until Microsoft patches a
security loophole in its Windows DRM technology”
Fixing DRM does not work !

"DRM is fundamentally an impossible problem. Making it work at all involves tricks,
and breaking DRM is akin to "fixing" the software so the tricks don't work. Anyone
looking for a demonstration that technical DRM is doomed should watch this story
unfold.” (Bruce Schneier on Microsoft DRM, 15 October 2006)
Company confidential: Internal usage only.
17
Conditional Access (CA)
Company confidential: Internal usage only.
Mobile Broadcast Services


Live broadcast multimedia content is
accessible by mobile phones
Delivers content to a large audience
more cost-effectively than a cellular
network
TV channels
Radio Channels
Data
S-DMB
T-DMB
DVB-H
Company confidential: Internal usage only.
19
Mobile CA
TV and Radio services
delivered to enabled
mobile devices only
Restricts service access
to paying subscribers only
Company confidential: Internal usage only.
20
Mobile Broadcasting Technologies
MBMS (3GPP)
Multimedia Broadcast Multicast Service is a broadcasting service
that requires a UMTS network upgrade.
ISDB-T (NHK)
Terrestrial TV standard in Japan and Brazil. Also usable for mobile TV.
MediaFLO (Qualcomm)
Proprietary technology.
DMB (Digital Multimedia Broadcasting)
Digital radio transmission system for sending multimedia to mobile
devices. Based on Eureka-147 DAB standard
Accepted as a standard by ETSI.
DVB-H (Digital Video Broadcasting-Handheld)
Standard based on DVB-T and adapted to Handhelds
Accepted as a standard by ETSI
Company confidential: Internal usage only.
21
Mobile Broadcasting Technologies
DVB-H
T-DMB
S-DMB
MBMS
FLO
Terrestrial
Terrestrial
Satellite +
Terrestrial
Terrestrial
Terrestrial
DVB-T
DAB
ITU-R Digital
System E
UMTS
CDMA
Channel
size
5,6,7,8 MHz
1.5 MHz
25 MHz
5 MHz
6 MHz
Bit rate
7 to 11 Mbps
1.5 Mbps
7.68 Mbps
0.384 Mbps
Up to 11 Mbps
Band
UHF, VHF, L
UHF, VHF, L
S
(UMTS)
UHF, VHF, L
Up to 12
Up to 30
Up to 3
Up to 30
Network
Origin
Number of
TV channels
Up to 30
Adoption/
Tests
Worldwide
Korea, China,
Europe
Korea
-
US/UK
Strong
Medium
Low
Low
Low
Industry
support
(3 @ 384kbps)
Company confidential: Internal usage only.
22
Competing CA Standards
SIM approach
Device software
approach
BCast smart card profile
Security related functions
in (U)SIM and fully
standardised KMS
Open Security
Framework (OSF)
Proprietary KMS
DRM profile
18Crypt
Extension of
OMA DRM 2.0
to support broadcast.
Fully standardised KMS
Spec. released.
Company confidential: Internal usage only.
Spec. not expected
to be completed before end-2007
23
OSF vs. 18Crypt
Issue with 18Crypt when a breach occurs:

Does the MNO have a dedicated and
specialized team to investigate hacked
phones?

Who is liable?

OSF model



18Crypt model
Company confidential: Internal usage only.
Handset manufacturers will deny
responsibility as they comply with standard
requirements. Moreover there might be a
conflict of interest as a hacked phone might
generate more handset sales
Stack provider, software vendor, OS
provider, …??
If the handset manufacturer does not
solve the breach the content owner will
stop providing content and start legal
action
The keys of the phone can be revoked.
But if one phone is pirated all phones in
that model are very likely to be pirated.
And this might lead to high operational
costs to manage phone replacement or
customer complaints
24
Overall Mobile Architecture
Encoder +
Scrambler
Encoder
Control
Word (CW)
IPE
Modulator
ECMs
EMMs
Irdeto CA
Control System
Subscriber
SMS-C
Management
OTA
server
Company confidential: Internal
usage
only.
System
Irdeto PIsys offers:
 State-of-art security
 Numerous business models
 Simplicity of use
 Ease of integration
 Advanced bandwidth management.
(U)SIM
or SMD
25
Adapting CA solution to Mobile


Mature & proven CA technologies available for Mobile
service protection
Irdeto has developed two innovative technologies:
 Dual Key Hierarchy – limits bandwidth


required for key exchange
Rapid Refresh – increases security
through rapid cycling of rights
Mobile subscribers may be roaming or
powered down for significant periods, but demand
immediate gratification. The delivery of EMMs Over
The Air (OTA) helps in reducing costs and ensures their
rapid delivery to the device.
Company confidential: Internal usage only.
26
Irdeto CA Key Hierarchy
Typical Key Usage
Typical Key
Lifespan
Key Management
Months
Group size: 4,096 ~ 16,380 Devices
Key & Entitlement
Management
Days/Weeks
Group size: 256 ~ 1,792 Devices
CW Provisioning
Hours/Minutes
Per Service/Event
Scrambling
Seconds
Per 10s Content (crypto-period)
Company confidential: Internal usage only.
27
Agenda
Agenda
Mobile TV
Service & Content Protection
Irdeto Solutions
Company confidential: Internal usage only.
28
CA Business Models
Company confidential: Internal usage only.
Supported CA Business Models

Irdeto PIsys for Mobile supports different CA models:
Subscription
Subscription for a fixed duration, can either be a single channel
or a bouquet
Pre-Paid with voucher
Vouchers are entitling particular package and duration. Enabling
via phone (IVR or SMS) or Internet.
Pre-enablement
Free entitlement with flexible channel-choice
Ordered Pay per View
Subscribers order an event via SMS, phone or internet every
time they wish to watch an event
Local Pay per View
Subscriber has credit stored on SIM card. Credits are debited
when the subscriber wishes to watch an event.
Impulse Pay per View
Credit stored on SIM but purchases are reported via return path
to operator for (pre/post) billing and logging purposes
Video on demand
Content to be delivered over the broadcast channel (Push VOD
or nVOD) or over the cellular network (VOD over 3G).
PVR
Push-VOD, DRM models; CA and DRM integration required
Company confidential: Internal usage only.
30
Head-end & Client Architectures
Company confidential: Internal usage only.
Head-end architecture
Content
Scrambler
Simulcrypt
ECMs/CWs
IP Encapsulator
IB EMMs
Encoder
DVB-H
Multiplexer
EIS
Scheduling
System
KMS
Subscriber
Management
System
ECMG
EMMG
Database
Conditional Access System
Company confidential: Internal usage only.
OOB
EMMs
SMS-C
Applet
Mgmt
OTA Server
Components supplied by Irdeto
GSM/
UMTS
32
Client Side Architecture
Mobile Device
DVB-H
ESG
DVB-H
Receiver
SDP
IP Stack
CDP
ESG
Client
Applications
Decoder
Descrambler
CW
EMM
GSM/
UMTS
ECM
SMS
BIP
GSM
Receiver
Content
EMM
KMS
Device
Agent
CA
Applet
ECM/CW
(Softcell)
EMM/Msgs
(U)SIM
Company confidential: Internal usage only.
Components supplied by Irdeto
33
Hardware Component

Irdeto supports 2 secure hardware components:



SMD can be supplied by Irdeto to manufacturer to be placed
directly on the chipboard of their device. This is adapted for:



SMD (Surface Mounted Device)
SIM (Subscriber Identity Module)
Non-connected devices (PDAs, Portable Multimedia Players
(PMPs), in-car devices)
Phones without SIMs (CDMA phones)
SIM is a smart card that securely stores the key identifying a
mobile phone service subscriber, as well as subscription
information, preferences and text messages. The equivalent of
a SIM in UMTS is a Universal Subscriber Identity Module
(USIM). Irdeto will place its secure Java applet on the existing
MNOs SIM card.
Company confidential: Internal usage only.
34
Benefits of the (U)SIM




The (U)SIM is owned by the MNOs. It is their only asset in the mobile device.
MNOs have full control over it. With DVB-H and an Irdeto CA solution, MNOs
will keep ownership of their subscriber base.
The (U)SIM is a tamper resistant device and as such, it offers high levels of
security. With the Irdeto CA solution, the (U)SIM handles all security related
processing (ECMs and EMMs).
The (U)SIM offers easy-to-manage customer relationship. Customer
management and service provisioning can be handled via the OTA server. In
addition, security updates can be managed without swapping terminals or
impacting the customer experience.
Irdeto’s basic requirements for the (U)SIM are:



JavaCard V2.1.2 & Global Platform V2.1.1
Irdeto applet size on (U)SIM: ~30K
Other security related requirements (available upon request).
Company confidential: Internal usage only.
35
Interoperability
Company confidential: Internal usage only.
Technology Partners
Head-End Platforms
Irdeto partners with H/E
equipment vendors to offer
an integrated solution for
broadcasting and mobile
services, including service &
content protection.
Devices
SIM Cards
Irdeto provides the necessary
support to device
manufacturers to ensure
highly reliable and efficient
integrations. The process is
based on field experience
with device manufacturers
for TU Media.
Irdeto’s solution is based on
(U)SIM cards as well as OTA
platforms, together with the
technical expertise of leading
smart card manufacturers.
Company confidential: Internal usage only.
37
Some DVB-H devices
Company confidential: Internal usage only.
38
USPs & Case Studies
Company confidential: Internal usage only.
Irdeto USPs


Proven & Secure technologies: Conditional Access
Solution optimized for Mobile environment

Bandwidth saving techniques
-


Single accountable owner for security
Solution based on the (U)SIM
-

Flexibility
High level of security
Requirement from the MNOs as they have full control on it
Flexibility
-

On-going bandwidth consumption enhancements…
Based on the OSF specification


Dual hierarchy keys
Delivery of rights out-of-band
In case of a breach, only the Irdeto applet needs to be updated. This can
be done over-the-air.
Support of multiple subscription models that can be customized to the
operators’ needs
SimulCrypt
Ease of integration for client (based on experience with over
20 different device manufacturers)
Convergence of CA and DRM based on our knowledge and
expertise in both areas
Company confidential: Internal usage only.
40
Ku-Band
12,214-12,239 GHz
Ku-Band
13,824-13,883 GHz
S-Band
2,630-2,655 GHz
S-DMB
Broadcasting
center

7,877 gap fillers in
2005.
Coverage over 58
cities.
World’s First Mobile Multimedia Broadcasting Service




March 2004: Satellite launch
May 2005: Commercial launch of TU Media service
May 2006: 540,000 subscribers
August 2006: 680,000 subscribers
Company confidential: Internal usage only.
41
Services

15 video channels
Entertainment, Sport, News, Music,
Movie, Drama, Adult, Games,
Education & MLB

Devices
Over 40 different devices including
mobile Phones, PDAs, in-car devices,
PMPs.
19 audio channels
Pricing

Initial Subscription fee:
Approx. US$16

Monthly Subscription fee:
Approx. US$10-12.5

Premium Channel:
US$ 3-4 per month
Company confidential: Internal usage only.
Irdeto supplied over 2 millions SMDs/SIMs to the Korean
S-DMB device manufacturers.
42
Service launched before the 2006
world cup of Football in Germany on
May 31st, 2006.
(Berlin, Stuttgart, Köln, Frankfurt,
München, Nürnberg, Hamburg,
Leipzig, Hannover, Dortmund,
Gelsenkirchen, Saarbrücken)
Services
4 video channels
 2 DAB audio channels

Pricing
24 months subscription contract
 Monthly subscription fee: € 9.95
 Samsung handset: € 169
 LG handset: € 99

Company confidential: Internal usage only.
43