Q&A: Tom Jahr, Conax
Securing content delivered over different networks to a wide range of devices is complex. From a security perspective, PCs, the various smart phones, tablets and connected TV-platforms are highly different – each needing its tailored security solution. But this does not necessarily mean that the operation has to be complex. A well designed security solution provides the operator with a consistent method of configuring and enforcing business models and content protection rules across all devices, to enable/disable content streaming to specific platforms based on content rights, and to add and remove devices from user accounts, etc. The key is to create an abstraction layer between the device implementations and the management interfaces.
Through this approach, the complexity of OTT and multiscreen security has minimal impact on operator’s day-to-day operation.
To what extent can the delivery of video services to multiple devices be as secure as a service delivered only to set-top boxes?
A set-top box is a dedicated TV-device most often managed by the operator. Such devices are designed to support content and service security, while consumer devices such as TVs and tablets are not. Consequently, the achievable security level for a set-top box will be higher than that of these other devices. But we expect the gap to shrink, in part by hardware security support being introduced to the new consumer devices.
Set-top boxes and consumer devices alike have the potential to offer everything from rather poor to very high content and service security. So, the question is becomes more a matter of whether the security level is optimized given the available resources (such as available bandwidth for security, security hardware, operating system, etc.) – a cost/benefit consideration. Also important to keep in mind is it that security should be non-intrusive and not interfere with the service quality experienced by consumers, but rather sustain it by being flexible and responsive. This is where the competency of the security provider is crucial; applying a mix of software and hardware security depending on the platform to deliver highly secure, cost effective and non-intrusive solutions.
To what extent is the variety of adaptive bit-rate technologies and DRM options for multiscreen a barrier to entry?
The short version is that technology fragmentation drives cost for the industry as a whole and increases entry levels and operational cost. Typically for new industry sectors, it takes some time before technology matures and standards start to emerge. We see this is now happening in the OTT space, with standards such as MPEG DASH and HbbTV gaining traction. That said, standardization of security is another issue. Standardizing security solutions have some unwanted consequences. For example, when a standard is compromised it affects all operations deploying the standard. Also, if a standard is compromised, updating it is typically a lengthy process, during which time affected operations continue losing revenues. So standardizing DRMs and security should be done carefully and just sufficient to achieve the purpose. DVB Simulcrypt is a good example of a successful security standard, enabling competition between CAS vendors and interoperability between content and devices.
How far do standards-based ways of delivering services such as MPEG DASH offer a way forwards?
Standards can give the new momentum to the industry by enabling interoperability, saving cost, increasing competition and choice. MPEG DASH has this potential. Instead of having many instances of the same content to enable different devices, the same content can be distributed to any device. DASH also supports multiple DRMs through the Common Encryption format, enabling different security providers to handle the same content without re-encryption being needed. This will assure content owners that their content is secure. Finally, in addition to being a streaming protocol for unmanaged networks, DASH also supports download and re-distribution of content. So, yes, we believe DASH offers a way forward.
What are the challenges in supporting advanced functionality such as network DVR and companion screen features such as ‘follow me’ across multiple devices and what solutions are in sight?
They each have different challenges. For example – a service such as “follow me” requires user authentication to be as non-intrusive as possible. Studies have shown that if users have to repeatedly log in to access content on different devices, this is detrimental to service uptake. User authentications that don’t deter the quality-of-experience are important. Secure and non-intrusive authentication mechanisms are also relevant to counter account sharing threats. People sharing the same account can kill an operators’ business model, but there are different means to counter this. Authentication wise, the challenge is to offer high security without interfering with the end user experience.
What is Conax planning to highlight at this year’s IBC show?
This year at IBC, Conax (Stand #1.D69) will demonstrate a broad offering of flexible, scalable and robust content security solutions for TV operators positioning for the future; from secure digitization to advanced multiscreen video opportunities – based on security flagship Conax Contego. Features will include the launch of a brand new Cardless CAS addition to the Conax Contego portfolio of solutions. Following the launch of Conax Secure Clients for Over-the-Top devices based on a Conax security hardened PlayReady Client at Anga Cable in June. Additionally, Conax will launch details of its new partner program, Conax Connect and will demonstrate a portfolio of flexible and secure multiscreen solutions.