Converged-hybrid-broadcast-OTT-security

A converged security strategy for broadcast TV & streaming services

Posted On

By Ali Hodjat


In the first blog in this two-part series, we looked at how broadcasters have evolved from their traditional role of delivering content over RF-based networks (satellite, terrestrial, and cable), to embracing over-the-top (OTT) streaming services. 

This two-pronged content delivery approach has seen the introduction of hybrid TV devices such as set-top boxes and smart TVs that are capable of receiving both broadcast and streaming services, which has required two separate security clients. The dual content security systems have increased the cost for service providers and device makers through the need for additional backend infrastructure and security policies as well as additional device integrations and certifications, and higher royalties or subscription fees as charged by CAS and DRM vendors. The question is whether a converged security platform can reduce the total cost of ownership (TCO). 

Global opportunities for a converged security strategy

There is indeed a large global opportunity for converged security strategies as evidenced by various third-party market research. The total smart TV market share is estimated at about 30% of all TV households (TVHH) worldwide, with such TV sets accounting for some 70% of all TV set sales in 2018.

If we include hybrid STBs, which are more common in newer deployments than the old single-network STBs, the penetration of devices supporting converged cardless security likely exceeds 50% of the world’s TVHH. With smart TV sales forecasted to increase from $157 billion in 2018 to $258 billion by 2024, it means that converged cardless TV security will soon be universal.

Avoiding costly and time consuming one-off client integrations

However, as good as that may sound in theory, it does not help if each operator still has to go through the same kind of time consuming and costly CAS client security integration and certification as with the traditional STB approach. What if smart TVs could actually be delivered from the factory with integrated security clients? All the operator needs is a set of pre-provisioned keys, allowing the consumer to take a new TV set home, plug it in, select service provider and voilà! The service becomes available instantly with no cumbersome set-up for the user while not forcing the service provider to incur costly technician support (or “truck roll,” the bane of cable operators) to help install the new device for the consumer.

Service providers will benefit from reduced impact of security hardware costs. Therefore, the volume of smart TV sets that can be instantly authenticated for use with a provider’s TV service, thanks to pre-integration of the TV with a given converged security platform, becomes a major consideration when analyzing the cost benefits among competing security systems.

The solution: Intertrust ExpressPlay XCA

If a converged security platform for broadcast and OTT streaming service providers sounds like a nirvana scenario, there is actually a real-world solution implementing this kind of technology already. With a long and solid history of DRM and content protection innovations, Intertrust is uniquely positioned to solve the pain points that broadcasters face. 

Our cloud-based and studio approved ExpressPlay XCA™ product, part of the Intertrust ExpressPlay service, seamlessly bridges the worlds of CAS and DRM into a single unified infrastructure. It lets broadcasters deliver content to smart TVs without requiring STBs or external security modules, thus reducing TCO considerably. Featuring a single and converged content security stack for both DVB (digital video broadcasting) and OTT services it enables operators to service broadcast-only devices, OTT, and hybrid broadcast-OTT devices. 

ExpressPlay XCA uses the same content protection engine as Intertrust’s Marlin DRM system, which we discussed in the first blog post in this two-part series. The use of open-standard Marlin DRM technology means that our converged security platform  is both flexible and future proof. 

The DRM-based converged XCA solution enables further cost reduction leveraging  a cloud-based content security service for both broadcast TV and streaming. Also it enables a self-certification program for device makers as they integrate Marlin DRM security core, which also accelerates time-to-market. Supported by a significant partner ecosystem, operators have a large choice of pre-integrated smart TV models and chipsets. 

The mechanics of ExpressPlay XCA

The mechanics of ExpressPlay XCA, as shown in the diagram, are as follows:

  • Cloud architecture

Service operators can use the ExpressPlay XCA functionality from the Intertrust ExpressPlay  cloud service without using dedicated on-premise hardware. This not only reduces costs, but it also speeds up the overall service deployment.

  • Single client device stack for OTT and over-the-Air programming (OTA)

Combining the cloud deployment with a security client that supports both OTA and OTT services from the outset, ExpressPlay XCA allows an operator to distribute content in various ways such as unicast/multicast and in multiple formats such as MPEG-2 TS with DVB CSA and MPEG-DASH

with CENC. The DRM license management is completely transparent to the viewer.

  • Multi-tenant client

Since ExpressPlay XCA targets retail devices such as smart TVs, it’s logical to assume that those devices are not bound to a specific broadcast operator. With ExpressPlay XCA, multiple operators can share the resources of the same device in a similar fashion to how OTT VOD services already do today. The ExpressPlay XCA client enables multiple broadcast operators to transmit their services to the same device, while the ExpressPlay XCA client takes care of the various separate  operator environments and the integrity of their operations.

ideal path diagram

 

The ExpressPlay XCA architecture allows service providers to issue, activate, and deactivate content access rights in accordance with different business models for various use cases including free-to-air (FTA), free-to-view (FTV), pay-per-view (PPV), multi-tier subscription, and other models. 

ExpressPlay XCA Reduces TCO

Service providers can now eliminate the cost and logistics of providing STBs for smart TV households. Using the cloud-based ExpressPlay XCA service, subscribers simply click on the remote control to enable a new service. This approach is a win-win situation for service providers, consumers and content providers since it leads to lower CAPEX (no external security hardware such as STB or CAM to purchase), and lower OPEX (no truck rolls or other distribution logistics). When taken together it should allow more competitively priced services for consumers. Moreover, content providers appreciate the improved content protection that stems from using embedded security clients in Smart TV SOCs supporting TEE that protects delivery of Ultra HD and other premium content. 

The XCA client SDK, based on the open-standard Marlin DRM specification as implemented by Intertrust, is approved for the highest value premium content including UHD thanks to meeting or exceeding the Enhanced Content Protection (ECP) specification from MovieLabs, an entity jointly owned by a number of Hollywood studios. 

Summary of ExpressPlay XCA Advantages

Here is a summary of the attributes that contribute to the ExpressPlay XCA advantages:

  • Full support for both broadcast and OTT streaming use cases
  • Built on top of Intertrust’s industry-strength DRM SDKs and services
  • Pre-integrated with major TV and STB brands
  • Support for one-way DVB networks and unconnected devices
  • Studio approved DRM – meets the MovieLabs requirements for UHD content
  • Fully managed cloud-based service
  • Optionally supports forensic watermarking for broadcast and OTT content

 

Through a cloud-based DRM as a service model that amortizes costs across a rapidly expanding global customer base, ExpressPlay XCA delivers by far the lowest TCO of any option in the converged security space. Dual solutions relying on legacy CAS in combination with DRM support are far more expensive. 

ExpressPlay XCA is designed from the outset to overcome the typical legacy CAS limitations with a future-proof hybrid DVB-OTT next-gen security solution. ExpressPlay XCA bridges the otherwise disparate worlds of CAS and DRM by supporting DVB one-way plus broadband and DVB-OTT hybrid services.

The converged security client means that no client device security hardware is required; there are no smart cards or DVB-CI/CAM modules, and, together with manufacturer self-certification, the costs are lowered for device makers and operators alike. This ensures that Intertrust offers the lowest TCO among all providers of multi-network and multi-screen content security.

HD+ Germany Selects ExpressPlay XCA

Announced at the IBC 2019 show, the largest free TV operator in Germany, HD+, selected ExpressPlay XCA to protect and manage video streams over major broadcast and IPTV networks. HD+ joined other operators in the Free TV Alliance, a collaboration between the four major European free digital satellite television broadcasters to promote free satellite TV and their broadcast technology, all through XCA’s converged security.

Additionally, HiSense and TCL are providing smart TVs with XCA software for select 2020 models, while STB leader CommScope is providing hardware with embedded XCA security to television operators. These device leaders join Vestel and other TV majors which were announced at CES 2019.

In July 2020 it was announced that multi-brand TV manufacturer, Vestel, is set to offer direct access to HD+ on a wide selection of UHD TVs for the German market. From September, selected UHD TVs with built-in HD+ will be available under popular brand names, such as Toshiba, Telefunken, JVC, and Hitachi.

Conclusion

ExpressPlay XCA goes well beyond protecting your service revenue and brand reputation. Our solution presents major cost savings for operators by unifying the hybrid TV content security architecture and limiting dependency on external and costly CA hardware. As hybrid TV service models that combine OTT services with broadcast content take hold worldwide, broadcasters and MVPDs have more reason than ever to adopt a cardless converged security strategy  in order to protect their content across the growing number of viewing platforms while benefiting from reduced TCO.

This blog post is complemented by an extensive white paper titled The ideal path to converged content protection for hybrid TV servicesdownload it now!

Ali Hodjat

About Ali Hodjat

Ali Hodjat is a Director of Product Marketing at Intertrust Technologies. He has extensive experience in leading product management and product marketing activities in the fields of content protection and pay-TV security, anti-piracy, and IoT security solutions.