Scalable Solutions forSecure Multi-NetworkService DeliverySCAT WorkshopMumbai – March 2012
Topic Bullets   New Technologies – New Opportunities     Transition Options For Graceful Operational Upgrades;   Key Te...
New Technologies -New Opportunities           High value premium            service options and           consumption mode...
“3-Dimensional” Content Security     Network Dimension – beyond broadcast, cable, telco, and mobile  network distribution ...
VCAS 3 Multi-Network Approach                                                        Unified Subscriber                   ...
Essential IP Technologies
The Streaming Services Option           Content Everywhere – A Maturing Perspective   Tablets as driving force in broad c...
HTTP Live Streaming (HLS)                                                             High bitrate                        ...
HTTP Live Streaming:  Enhanced Content Security                              Security Management                          ...
Enhanced HLS for iPhone/iPad            Security Addition to iPhone/iPad QuickTime                    Client Authenticatio...
Scalable DeploymentArchitectures
Typical DVB Broadcast/One-way   SystemBroadcast                                                   Broadcast System Content...
VCAS for DVB – Flexible SolutionsBroadcast                                                         Broadcast System Conten...
Hosting Flexibility (DVB)Partner Hosting Service                      Hosting                 Management System           ...
Hosting Flexibility (DVB & IP)Partner Hosting Service                                                            Local Sec...
STB Client Flexibility Traditional Smartcard Advanced Cardless Combination of card and cardless deployment DVR busines...
STB Clients for DVB                                                ViewRight DVB                                          ...
ViewRight STB for DVB      Unique Choice of Smart Card and Cardless Characteristics   HW-based (SC) client model     Per...
ViewRight DVB-CI               Secure CAM for Consumer Receivers   For use in STBs and integrated TVs     With DVB-CI ex...
ViewRight ONE – Integrated DVB/IP            API                         Common API and Integration Model                 ...
Building theNetwork of the Future
An Integrated Solution:   DVB FoundationSMS / Middleware                                            Single Security Author...
An Integrated Solution:   DVB & OTTSMS / Middleware                                            Single Security Authority  ...
An Integrated Solution:   MultiRights – Multi DRM FrameworkSMS / Middleware                                              S...
Summary         Scalable Broadcast Security and Internet Innovation   Pay-TV operators of all types need to unify their  ...
Thank YouContact Information:+1 858 677 7800www.verimatrix.com
VCAS 3 Architecture                                                 Multi-Network, Multi-Format Video Services            ...
Upcoming SlideShare
Loading in …5
×

Multi-network Solutions in the Real World, SCaT Workshops Mumbai: Steve Christian, Verimatrix

1,037 views

Published on

Scalable Solutions for Secure Multi-Network Service Delivery

New advanced options for addressable digital video security systems provide flexibility during new network deployments or upgrades of existing digital networks. In particular, such solutions can provide cost effective scalable configurations for smaller deployments that can be upgraded to full multi-network head-ends in a seamless manner. Effective solutions can support updates without compromising security or adding complications to the consumer’s experience.
In this session Verimatrix will outline:
- Hosted and SaaS model security architectures with or without subscriber management
- Security challenges and transition options that enable graceful operational upgrades
- The key technologies that enable flexible combinations of traditional broadcast and IP security
- Tradeoffs to be considered with regard to any given solution path
- Security functionalities that are essential to successful transition execution

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,037
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Multi-network Solutions in the Real World, SCaT Workshops Mumbai: Steve Christian, Verimatrix

  1. 1. Scalable Solutions forSecure Multi-NetworkService DeliverySCAT WorkshopMumbai – March 2012
  2. 2. Topic Bullets New Technologies – New Opportunities  Transition Options For Graceful Operational Upgrades; Key Technologies for Flexible Combinations Of Broadcast & IP Services Scalability in Multi-Network Deployments  Cost Effective OEM Solutions  Hosted & SaaS Security Architectures Solutions and Tradeoffs  Essential Considerations for a Successful Transition ©2012 Verimatrix, Inc. 2
  3. 3. New Technologies -New Opportunities High value premium service options and consumption models Global subscription DVB Service delivery Multi-screenreach with OTT services content portability and transparency Value added services integration with open ecosystem ©2012 Verimatrix, Inc. 3
  4. 4. “3-Dimensional” Content Security Network Dimension – beyond broadcast, cable, telco, and mobile network distribution silos, leveraging advantages of proven IP technologies Device Dimension Portability & transparency with network-centric key management for Protection Dimensionflexible mix of devices Multi-layer security to enable rich business models, copy traceability and combat theft of service ©2012 Verimatrix, Inc. 4
  5. 5. VCAS 3 Multi-Network Approach Unified Subscriber Security for multi-network 3rd Party Management Interface and DB across networks, devices deployments (managed and VCAS 3SMS / Middleware OTT) and content formats Client Support VCAS 3 Unified Head-end Verimatrix ViewRight CSM (IPTV/Hybrid) STB Linear DVB One-way Verimatrix Content & Hybrid Bcast CSM ViewRight (DVB one-way) PC / Mac OMI / Entitlement Interface Verimatrix ACSM HTTP Live Key Scramblers, ViewRight data Encoders, IPTV Web Verimatrix Servers, MultiRights Modulators PlayReady MultiRights On-demand Marlin Content Internet & CDN 3rd-party Players HTML 5 Browsers MultiRights & DRM Clients MPEG-DASH Entitlements DB MultiRights Support for all device types using Other DRM both ViewRight and native DRM client integrations MultiRights Framework MultiRights extension to ©2012 Verimatrix, Inc. 5 additional integrated DRM servers
  6. 6. Essential IP Technologies
  7. 7. The Streaming Services Option Content Everywhere – A Maturing Perspective Tablets as driving force in broad consumer engagement HLS established as a growing standards-centric force Accelerating role of security in OTT TV services Integration of broadcast and IP service rights both a necessity and opportunity ©2012 Verimatrix, Inc. 7
  8. 8. HTTP Live Streaming (HLS) High bitrate chunks High quality source video Client dynamically selects best size chunk per encoding period Med bitrate chunks Low bitrate Multi bitrate chunks HLS encoder Adaptive streamingEncoder generates multiple client different video chunks per encoding period Playlist/manifest file #EXTM3U #EXT-X-STREAM-INF: BANDWIDTH=240144 #EXT-X-STREAM-INF: BANDWIDTH=684256 #EXT-X-STREAM-INF: BANDWIDTH=1144587, ©2012 Verimatrix, Inc. 8
  9. 9. HTTP Live Streaming: Enhanced Content Security Security Management Device AuthenticationSubscriber Mgmt / & EntitlementMiddleware/Billing Entitlement Cache Server Client Authentication & Encoder Keyfile Requests Client Keyfile Keyfile Server Server Key Data Program ID & Keyfile Exchange (configurable crypto period) Encrypted Stream Content Stream HTTP HTTP/Streaming Live Streaming Server Encoder Playlist File (.m3u8) & AES-128 Encrypted Media Chunks ©2012 Verimatrix, Inc. 9
  10. 10. Enhanced HLS for iPhone/iPad Security Addition to iPhone/iPad QuickTime Client Authentication & Library included in Keyfile Requests Operator branded app Verimatrix Adaptive CSM ViewRight Web Quicktime Client Player HTTP/Streaming Server Playlist File (.m3u8) & Encrypted Media Chunks ©2012 Verimatrix, Inc. 10
  11. 11. Scalable DeploymentArchitectures
  12. 12. Typical DVB Broadcast/One-way SystemBroadcast Broadcast System Content N x Video Encoders + Configuration Manager Statistical Multiplexing and Rate Shaping MPEG-2 TS ASI or IP Broadcast/One-way STB GUI / EPG DVB Simulcrypt Event InformationTV Program Mux/Scrambler & Scheduler EIT CA-specific Client Module Schedules EPG DVB-x Modulator DVB-x Receiver with or w/o smart card DVB Cable, Satellite or Terrestrial RF network Subscriber Mgmt and w/DVB-CSA encryption Activation Billing System Manufacturing and service time load management CW & AC CA System incl. ECM CA EMM & ECM Generators Over-the-air EMM Database STB update STB manufacturer code release & provisioning tools CA CA-specific Keys HW Encryptor 12 ©2012 Verimatrix, Inc.
  13. 13. VCAS for DVB – Flexible SolutionsBroadcast Broadcast System Content Configuration Manager N x Video Encoders + Statistical Multiplexing and Rate Shaping MPEG-2 TS ASI or IP Broadcast/One-way STB GUI / EPG DVB Simulcrypt VerimatrixTV Program Mux/Scrambler & SI Server EIT ViewRight STB for DVB Schedules DVB-x Modulator EPG DVB-x Receiver VCAS-secured smart card or cardless DVB-C, DVB-S Subscriber Managenent or DVB-T Network and Billing Systems Manufacturing Verimatrix Time Load OMI CW & AC Over-the-air Verimatrix ECM STB update Verimatrix Code BCSM Broadcast CSM Signing Database EMM and Provisioning Key Verimatrix Gun EncryptionEngine Kickstart Install + License Management/Enforcement ©2012 Verimatrix, Inc. 13
  14. 14. Hosting Flexibility (DVB)Partner Hosting Service Hosting Management System Local Secure Subscriber Managenent and Billing Systems DVB distribution ECM & EMM Local Operator DVB Simulcrypt VPN Router and Firewall Mux/Scrambler(s) Local Operator VPN Access Signal SourcesArmingServer VCAS for DVB VCAS Operator Instances (virtual machines) Verimatrix SI Server VCAS Database Server Cluster Local Operator Management Console (virtual machines) ©2012 Verimatrix, Inc. 14
  15. 15. Hosting Flexibility (DVB & IP)Partner Hosting Service Local Secure IP Streaming distribution Hosting Management System Local Secure Subscriber Managenent and Billing Systems DVB distribution ECM & EMM Local Operator VCAS for Internet TV DVB Simulcrypt VPN Router and Firewall Operator Instances Mux/Scrambler(s) Local Operator VPN Access (virtual machines) Signal SourcesArmingServer VCAS for DVB VCAS Operator Instances (virtual machines) Verimatrix SI Server VCAS Database Server Cluster Local Operator Management Console (virtual machines) ©2012 Verimatrix, Inc. 15
  16. 16. STB Client Flexibility Traditional Smartcard Advanced Cardless Combination of card and cardless deployment DVR business rule control Push VOD option DVB-CI for Smart-TVs ViewRight ONE for integrated IP services ©2012 Verimatrix, Inc. 16
  17. 17. STB Clients for DVB ViewRight DVB Broadcast/One-way STBDVB SI (EPG) Tables Removable Security (Smart Card) Option OSD messages, etc EPG and EMM ViewRight Address Control User inputs Filter STB for DVB Apps EMMs ECMs OSD commands Control Words Composite,Encrypted content Component, Scart, Descrambler HDMI, etc. output ©2012 Verimatrix, Inc. 17
  18. 18. ViewRight STB for DVB Unique Choice of Smart Card and Cardless Characteristics HW-based (SC) client model  Personalization resides in Smart Card  Personalized Smart Card is unique to a service operator SW-based (NSC) client model  Personalization resides in STB  Individualization process performed during STB manufacture  Personalized STB is unique to a service operator  An STB card reader is recommended for flexibility and Smart card addition possible at subscriber premises Card-based and cardless operation enabled in same network at the same time ©2012 Verimatrix, Inc. 18
  19. 19. ViewRight DVB-CI Secure CAM for Consumer Receivers For use in STBs and integrated TVs  With DVB-CI expansion slots Single service decryption Allows STB to be generic (“CA agnostic”)  No CA client integration required ©2012 Verimatrix, Inc. 19
  20. 20. ViewRight ONE – Integrated DVB/IP API Common API and Integration Model API API API Administration/configuration/logging Abstraction ViewRight Web for ViewRight STB for DTCP-IP (Option) DVB STB OpenSSL VideoMark Library Porting Layer (or other crypto lib) Option Transport HW Security Interface Bootstrap Operating System and drivers Event Drivers HW SoC security RAM/ROM Transport SoC CPU and general purpose OTP ID logic Keys Storage HW support logic ©2012 Verimatrix, Inc. 20
  21. 21. Building theNetwork of the Future
  22. 22. An Integrated Solution: DVB FoundationSMS / Middleware Single Security Authority Linear Content Broadcast Client Support Bcast CSM Key & (DVB one-way) control data ViewRight DVB One-way DVB STB Multiplexers, Scramblers OMI / Entitlement Interface Verimatrix Entitlements DB ©2012 Verimatrix, Inc. 22
  23. 23. An Integrated Solution: DVB & OTTSMS / Middleware Single Security Authority Linear ViewRight Content Client Support CSM Multiplexers, (IPTV/Hybrid) Scramblers ViewRight OMI / Entitlement Interface Key & control Desktop data ACSM Verimatrix Adaptive Streaming IP return path for ViewRight IPTV, Internet & Hybrid, or OTT clients OTT ViewRight Web Encoders, Encryptors, Servers Entitlements DB On-demand Content ©2012 Verimatrix, Inc. 23
  24. 24. An Integrated Solution: MultiRights – Multi DRM FrameworkSMS / Middleware Single Security Authority Linear Content ViewRight Client Support Broadcast CSM Key & (DVB one-way) control data ViewRight DVB One-way DVB STB CSM Multiplexers, Operator Management Interface (IPTV/Hybrid) Scramblers ViewRight Hybtrid STB ACSM IPTV & Verimatrix Adaptive Streaming IP return path Hybrid for ViewRight IPTV, Hybrid, or OTT clients ViewRight PC / Mac MultiRights Marlin Server Encoders, iPhone & Encryptors, Android MultiRights Internet & PlayReady Server Servers OTT Entitlements DB MultiRights Blu-ray Server On-demand Content 3rd-party Players MultiRights Framework & DRM Clients ©2012 Verimatrix, Inc. 24
  25. 25. Summary Scalable Broadcast Security and Internet Innovation Pay-TV operators of all types need to unify their reach with IP and OTT delivery models VCAS 3 unified approach to security enables a extended value proposition to consumers Adaptive streaming standards like HLS successfully enable OTT services to all types of video platforms Multi-screen offerings are at the heart of a flexible enhanced user service experience ©2012 Verimatrix, Inc. 25
  26. 26. Thank YouContact Information:+1 858 677 7800www.verimatrix.com
  27. 27. VCAS 3 Architecture Multi-Network, Multi-Format Video Services Linear TV Schedule Data Content (ReporTV, VCAS 3 Head-end: Any Network ViewRight and MultiRights Tribune, etc.) Single Security Authority Client Support Verimatrix ViewRight STB IPTV & Hybrid SI Server (IPTV/Hybrid) (EPG data) Content Security Broadcast Encryption (BEM) VCAS Manager - CSM ViewRight OMI/SEI (IPTV/Hybrid)Verimatrix MPOS & Desktop PC/Mac DVB Cable Self-Provisioning MultiCAS MultiCAS MultiCAS RTES Service Admin Server IP DVB Adapt Mgmt Broadcast CSM ViewRight STB (DVB one-way) DVB (DVB one-way) Subscriber Mgmt Terrestrial& Billing System(s) Network DVR & MMDS Domain Service Catcher Mgmt (SMS / OSS) ViewRight EncryptionEngine DVB Web (DVB one-way) Satellite Pre-Paid Voucher Video Head-end: Authorization Encoders, Groomers Content ViewRight Service Mgmt Scramblers & Multiplexers Mobile Adaptive CSM (Push) VOD & nDVR Servers (Internet TV) Routers & Modulators Switches & Firewalls Mobile Middleware(s) Service Device Mgmt MultiRights 3rd-party Players Marlin DRM Server Web Apps: Internet TV HTML 5 Browsers (DECE & OIPF) /OTT & DRM ClientsDVR Programming, Widgets, etc. Message Service Mgmt MultiRights VPP VRUN RKE AdaptPP ViewRight PlayReady DRM Professional Downstream Emergency Alert Server delivery On-demand Encryption (VEM) System (EAS) Wholesale/ Entitlement Retail IPTV Retailer 1 Service Mgmt MultiRights: No local Middleware Retailer MPEG-DASH Server Video No local VCAS VPN No local broadcast Entitlement Kiosk MultiRights Framework Manager IPTV Retailer 2 On-demand Local Middleware/SMS CASmon No local VCAS Content VPN (Monitoring & QA) No local broadcast IPTV Retailer 3 Local Middleware/SMSNetwork Management Local VCAS VPN No local broadcast and Monitoring IPTV Retailer 4 Local Middleware/SMS Local VCAS ©2012 Verimatrix, Inc. Local broadcast 27

×