Unchained mediahttp://www.digitaltveurope.com/wp-admin/post-new.php

As consumers and service providers alike seek more flexible ways respectively to access and deliver pay-TV services, content security technology providers are answering the call. Stuart Thomson surveys recent developments.

Pay-TV is, famously, supposed to be more or less immune to the effects of the economic downturn. As times get tougher, the argument runs, so people will be more tempted to hunker down at home and spend their leisure hours huddled around the TV. And because the TV advertising business is falling victim to plummeting consumer expenditure in the wider economy as well as the flight of ad spend to the internet, subscription-based models are the way to go.
However, the resilience of pay-TV comes with a caveat. Even if people do keep up their pay-TV subscriptions in the face of recession, they are more likely than before to shop around for the best deal, which will lead to more intensive competition between service providers and put pressure on them to keep costs down. Service providers may therefore want to investigate a range of ways to reduce their cost base – as well as ways to provide more flexible payment plans to customers.
One of the biggest expenses for service providers is consumer premises equipment. Set-tops are a major cost item. One way to eliminate that cost is to shift to a retail model. And what better way to do this than to eliminate the need for the set-top altogether?

Common Interface Plus

Until now, pay-TV providers have largely shied away from using DVB Common Interface (CI) access modules (CAMs), which can be inserted in reception equipment (which meant set-tops until recently, when integrated digital TV sets gave rise to the possibility that the CAM could replace the box entirely), making them interoperable between service providers. CI has had something of a bad reputation in the past, largely because of its failure to secure content once it left the CAM to be displayed on the TV screen. It also failed to allow service providers to port their own branded user interface to the reception device. However, a new specification, CI Plus, which was developed outside the DVB but which is supported by consumer electronics giants Panasonic, Philips, Samsung and Sony, combines enhanced security with interactivity – in this case based on the MHEG standard – and is seen by some as a way to replace the set-top box with a lower-cost item.

One of the most enthusiastic supporters of CI Plus among the conditional access suppliers is Nagravision. “We have been pushing it from the start,” says Ivan Verbesselt, senior vice-president of marketing at Nagravision, whose parent company Kudelski also owns one of the big three global CAM manufacturers, SmarDTV. Verbesselt highlights the three main technical advances embodied by CI Plus: enhanced security, interoperability and interactivity. First (and foremost), CI Plus provides copy protection between the CAM and the TV receiver, which was not available in CI.
“Every operator I have talked to has a high level of interest,” says Verbesselt. “It’s not going to replace the set-top but it’s complementary to it. It’s got a benefit for everyone in the value chain.” Chief among these benefits is the removal of consumer equipment from the operator’s balance sheet, by taking out the need not only for HD set-tops but for expensive HDMI cables. “There is a cost advantage – most set-tops come without HDMI cables, for example,” says Verbesselt. “There is even a green factor. The average DVR consumes 16W of electricity, while the CAM consumes 1W – so there are enough benefits both for the end user and the consumer electronics manufacturer and the operator.”
There is a particular advantage to operators if the CAM can be used to deliver on-demand services. At Cable Congress in March, infrastructure provider Ericsson’s video arm Tandberg Television demonstrated the delivery of video-on-demand supported by targeted advertising via CI Plus modules from Neotion. “Basically it allows you to do VOD with targeted advertising and catch-up TV services, and you don’t need an HD set-top or DVR because you can deliver network-based DVR,” says Edward Allfrey, business development director, cable, at Tandberg Television. “In markets with high cable penetration where people plug an analogue cable into the TV, you can just plug it in and deliver value-added services to the platform.”

CI Plus also comes complete with interactive features, allowing service providers the option to provide a version of their own user interface. “You don’t need to be confronted with the user interface of the TV itself,” says Verbesselt. There has, however, been relatively little interest to date in this feature, says Verbesselt, and he admits that there are limitations. CI Plus supports the MHEG-5 browser, which has its own limitations in terms of the sophistication of the graphical user-interface. “But it’s a starting point – and with what consumer electronics vendors are adding to TVs they can render all kinds of things like widgets,” he says.
Rival conditional access provider Irdeto is also an enthusiastic backer of CI Plus. Unlike Nagravision, which is focusing in the first instance on the digital-terrestrial market, Irdeto’s senior director, market development, Daniel Thunberg, says that his company is looking at the cable market initially, and also believes that there may be an untapped market for CI Plus among IPTV service providers.

Thunberg sees the ability of the specification to support operator-branded environments as important. “One thing we think will be critical for success is the UI. We are looking to create applications that enable operators to transfer their user experience to the CAM,” he says. “Most consumer electronics manufacturers now accept that those who wish to watch pay-TV via a CAM will want to have their own UI. If they switch to free TV then they can use the UI of the TV manufacturer.”

On the downside, Thunberg says the CAMs are still at bit expensive. “There is definitely a need to get the bill of materials down a bit. I think the trend is downwards but, on the other hand, as operators want to add more functionality they need to increase power of the processing chip,” he says. “I think that supporting the right level of functionality is something we are going to have to watch going forward.”

Additional security

Thunberg also points out that ‘pure’ pay-TV operators will probably require the additional security of a dedicated chip inside the CAM to prevent unauthorised redistribution of their content. “What we offer is a personalised chip that’s unique to a specific operator so it would be controlled completely in that case. This would be the case when an operator bought the CAM and subsidised it with unique IDs embedded so it becomes like another set-top.” He says this fits the pattern of existing operator retail models (such as in the Dutch cable market) where subscribers can buy boxes at retail outlets but the choice is not completely open. “It’s pretty much the same with a CAM,” he says.
Thunberg believes that CI Plus plays into the vision of a managed home network very well. “What we see happening is that if you want to enjoy the full range of services you still need a set-top that goes in the living room, but a lot of people will have TVs in other rooms. For those TVs [the CAM] can almost replace the set-top market. We believe a lot of CAMs will go to these types of device.” He says that most operators that Irdeto is talking to want to take advantage of the MHEG-5 capabilities of the box, and adds that the possibility of porting advanced middlewares to the CAM is also being considered for the future.
François Moreau de St Martin, CEO of France Télécom-owned conditional access supplier Viaccess, also believes that operators are going to want to protect their brands. “We believe CI Plus is a market that will take off. We have targeted integrated digital TVs but for the operators it has to be introduced and managed carefully to take into account the user experience,” he says. “Is it to be defined by the operator or the manufacturer? These questions could slow down the trajectory for the operators concerned about the management of the user experience. On a set-top they have control of that. So I think it will take some time to really take off in large volumes.”
CI Plus can also support software-based encryption, and software-based content security provider Verimatrix has teamed up with CAM vendor Neotion to address the market. “CI has a pretty well-established market and CI Plus is the natural extension of that, but the fly in the ointment is the standardisation process,” says Steve Christian, vice-president of marketing, Verimatrix. “It’s a consortium standard. [However], it’s in favour with the MPA and other content producers so that’s a strong endorsement.”

[icitspot id=”10435″ template=”box-story”]

Less enthusiastic about CI Plus is conditional access provider NDS. “We will provide such solutions to customers that ask for them,” says Howard Silverman, product marketing manager at NDS, who adds the caveat that one of the main ways for operators to differentiate their service is through branding, which might be compromised if CAMs are used. He also questions the economic benefit of CAMs. “For a pay-TV operator to have a fully branded service, including the user interface across the platform is a way of really providing a compelling service,” says Silverman. He says that for the same price, an operator could deploy a set-top that will deliver a unified brand. Silverman concedes however that there may be “a niche market of consumers with big wide-screen TVs up on the wall that don’t want a set-top – although you can get set-tops that are pretty elegant.”

Conditional access provider Conax, which does support the initiative, also has a few reservations, particularly about the danger of consumer confusion brought about by the lack of interoperability between CI and CI Plus. “There are CI modules in the market already and many TVs can support CI but will not be able to support CI Plus,” says Geir Bjørndal, vice-president of sales and marketing at Conax. He points out that, for pay-TV operators, there are also other solutions available, such as embedding conditional access in TV sets themselves, which Conax is doing with a Chinese partner for the Chinese cable market and certain African markets. However, this requires a degree of scale.
Bjørndal nevertheless believes that CI Plus will be successful. He sees the terrestrial market as the one that is likely to embrace the technology first. He is more sceptical about how swiftly the interactive capabilities of the CAM will be adopted by service providers. Bjørndal believes that one of the major benefits of the technology is its ability to eliminate the need for a set-top box and, crucially, a second remote control. “For the consumer it simplifies things by eliminating the box. With set-tops you have an additional remote control and in certain regions of the world this is not wanted,” he says. For this reason, CI Plus may see a strong uptake connected to digital switchover in a number of countries.
One criticism leveled at CI Plus is the fact that the specification was developed outside the DVB, and that therefore it lacks the latter’s stamp of approval as a standard. However, Nagravision’s Verbesselt points to the fact that the initiative is very pragmatic, that it has been open for anyone to contribute and that the licensing thresholds have been set very low.

Hybrid systems

While CI Plus vendors are initially looking to target the terrestrial broadcast and cable markets, other types of service provider are also looking for flexibility in the way they approach the market and target different groups of subscribers, which also has implications for the way in which content is secured. One of the most talked about trends in pay-TV in recent months has been the growing popularity of hybrid delivery of content combining a broadcast infrastructure with IP delivery of on-demand and so-called ‘long-tail’ content.

“For a pay-TV operator to have a fully branded service, including the user interface across the platform is a way of really
providing a compelling service.”
Howard Silverman, NDS

Hybrid comes in various flavours. The most frequently-cited example of DVB-IP hybrid service is the DSL-based IPTV provider that wants to make use of the availability of digital-terrestrial free-to-air services to lighten the load on its network.
Verimatrix’s Christian says that hybrid deployments of this sort will grow in popularity over the next few years as IPTV service providers seek to take advantage of the large market of people forced to convert to digital TV as a consequence of digital switchover. Verimatrix developed a DVB-compliant version of its software-based content protection technology to target exactly this market.

Another variation is the network-agnostic operator that wants to extend his reach by making use of whatever physical infrastructure – cable, satellite, terrestrial or IP – is available. “Basically you have normal pay-TV operators that would distribute broadcast content over DVB and have a hybrid set-top that would connect via Ethernet to broadband and deliver on-demand services over IP,” says Irdeto’s Thunberg. However, he adds, most operators have focused on getting HD and DVR services up and running rather than invest time and effort in building a hybrid VOD platform.
Other examples of hybrid could include free-to-air or satellite pay-TV players using an open internet connection to deliver on-demand services, while a fourth type of hybrid deployment could involve an IPTV service provider using a broadcast system to increase reach and the number of services offered.

Software-based content security provider SecureMedia’s vice-president of business development and studio relations, Whit Jackson, sees over-the-top internet-delivered content as a major emerging trend. One of the company’s customers is over-the-top provider Gek TV, which delivers Mandarin and Cantonese-language content to subscribers in the US via internet devices that can be plugged into the TV or PC. “We are now starting to see managed networks and over-the-top blending together a bit,” says Jackson. He points to the example of major US content providers such as HBO and Time-Warner that want to enable viewers to be able to watch their cable-delivered services while traveling or outside the home. Jackson points out that cable operators (and programmers) are nervous about cannibalising their core business, however, and have a desire to at least restrict such services to customers that have paid a regular subscription for their home cable service. “Programmers and operators want to provide expanded viewing [opportunities] but still have control from the headend to make sure only authorised viewers have access to content and it’s not being shared with many people that are not know to them,” he says. Jackson adds that SecureMedia’s content security can support a range of models, including delivery via peer-to-peer networks: “We can [support] the delivery of content to the set-top or PC or mobile device. The system is network agnostic; it doesn’t care about the transport.”
Jackson believes that the technology exists to support more flexible business models, allowing content to be removed from a network that’s controlled end-to-end by a service provider while still remaining in a secure state. “When SecureMedia processes [content] we start with a base key and then make keys for every video frame, so every frame is encrypted differently,” he says. “No-one is going to go through it on a frame-by-frame basis.” He points to the example of the company’s recent deal with UK-based hospitality industry specialist Vode, which uses SecureMedia’s Encryptonite ONE system to pre-encrypt on-demand content at the source that can then be delivered to multiple resellers and accessed via SecureMedia’s MediaPass servers when a hotel signs up for a service. “In terms of multiple storefronts, what we are deploying in the hospitality space might provide a model going forward,” says Jackson.
Verimatrix sees European cable as a key opportunity. “Cable operators going from analogue to digital want to be hybrid, not only delivery RF cable but IP-based video,” says Christian. He believes that this presents an opportunity because it makes no sense in the long term to run a smartcard-based conditional access system for RF video and a software system for IP video. The company believes that operators will converge on software. “I believe that the customer we have talked to realise that it makes no sense to operate two CA systems,” says Steve Oetegenn, chief sales and marketing officer at Verimatrix.

One example of an operator that has gone down the hybrid route is France’s Numericable, which delivers services over DSL and fibre as well as cable. Numericable, which uses Nagra conditional access, also delivers on-demand content over IP on its cable network. IPTV operators such as France Télécom and Portugal Telecom have similarly turned to satellite to extend their reach. “IPTV service providers with DSL networks can find it difficult to bring triple-play services to all their subscribers,” says Viaccess’s Moreau de St Martin, who supplies conditional access services to France Télécom. “A hybrid system with satellite is a good solution to that. Orange is already doing it and has [signed up] 200,000 subscribers in six months.”

Software-based content security provider Latens already provides a hybrid system to Polish cable operator Multimedia Polska, which delivers content from a single conditional access headend to cable and IPTV-over-DSL subscribers in order to extend its reach.

The concept of a pay-TV operator delivering on-demand content over both satellite and broadband connections through a mix of push and pull technologies is very much in the ascendant. However, not all broadcasters with one-way networks are looking to broadband connections. SecureMedia is providing content security to a DVB-T player in Spain that is delivering on-demand content over-the-air, with subscribers ordering titles via SMS messages on their mobile phones. The content is encapsulated in IP and delivered over the air to secure set-tops. SecureMedia uses secured storage on the system-on-a-chip in the box to give an additional level of security. Jackson sees similar opportunities emerging in central and eastern Europe.

“There is a huge potential for growth in hybrid systems,” says NDS’s Silverman. “We see it as a central part of our business. Many of our customers are looking at hybrid to bridge TV and the web. We certainly see a strong uptake of hybrid satellite-broadband set-tops.” NDS has already delivered systems that support the delivery of on-demand content over the internet via progressive download to Nordic pay-TV group Viasat and France’s Canal Plus.
According to Silverman, security is still best provisioned via a smartcard. “For the satellite market smartcard systems are still the most secure and robust way of protecting your branded services. When you have a two-way IP network there are ways to leverage the two-way network to put some security functions at the headend, and we have got a couple of customers for that in Europe.”

Conax’s Bjørndal also believes there will be a significant market for this type of hybrid system. Conax customer ITI Neovision in Poland has adopted a similar approach to delivering on-demand content and Canal Digital in the Nordic markets is also interested. For broadcast clients with internet-delivered on-demand content, Bjørndal says that a single smartcard-based system will be adopted. Conax has also teamed up with DVR technology provider TiVo to develop hybrid systems that could enable the latter to market.

Additional services

Ultimately, giving operators (and their customers) flexibility extends not only to the ability to deliver content over multiple network types but to multiple devices within the home as well. This has further security implications, involving the maintenance of the conditional access system to other devices in the home (perhaps via use of USB keys to transfer content rights between one device and another – a solution favoured by NDS and Nagravision) or some form of bridge to a DRM system. The former is unlikely to meet with approval from consumer electronics companies, while the latter suffers from the  lack of interoperability between different DRM systems.

DRM interoperability initiatives are many and various. One with a strong pay-TV bent is the Copy Protection and Copy Management (CPCM) initiative within the DVB. NDS has devoted a considerable amount of attention to this area, contributing to CPCM – basically a digital rights management standard – which would offer a standards-based way to transfer content rights between trusted devices inside and outside the home “NDS has put a lot of effort into [CPCM] as part of an industry-wide effort,” says Silverman. The main priority now, he says, is to establish a trust authority that can license the technology and enter into agreements with technology providers. “CPCM can be implemented in a wide range of devices – including TVs,” he says.

Pay-TV providers are likely to take in-home distribution one step at a time. Verimatrix’s Oetegenn says that the focus for now is on whole-home DVR: “We are seeing requests about how to support that and support the movement of content around the home.”  Verimatrix markets its own PC security software, and for devices outside that ecosystem it recommends what it calls the Multirights approach of managing keys for different DRM systems from the headend.
Some CA players such as Latens and Viaccess have begun to emphasise the usefulness of combining conditional access with middleware in order to better target content at IPTV subscribers and manage the distribution of content to multiple devices in the home via DLNA-linked devices. Viaccess’s recent acquisition of IPTV middleware provider Orca Interactive highlights the growing importance to the company of the hybrid market. “We want to make it easier for operators to launch end-to-end,” says Moreau de St Martin. “All the integration is done in advance and there is no difficulty in introducing new features.” He cautions however that integrating triple-play services and multi-device distribution is far from easy. While the level of integration achieved by Viaccess customer Orange is very advanced compared with other providers it still has a long way to go to integrate all the services it runs over a single infrastructure. Operators are also still attached to the security provided by hardware solutions for premium content, he says. “Card-less solutions only make sense when you have a permanent IP connection to the network and you can rely on the networks as the hardware part – it’s not easy to hack that,” he says.

“Middleware and CAS together allows you to be much more efficient,” says Jeremy Thorp, CEO of Latens. “If you think about a CAS database and a middleware database there is a lot of information that’s shared. If you do it in one platform you provide a single point of integration.” This, he says, makes personalisation of services easier to manage. Viewer preferences and identity can be stored at the headend, enabling users to reboot a set-top or add a new set-top to the network without losing their preferences.

The use of gateway devices for in-home distribution involves a degree of complexity in DVB systems such as cable, according to Thorp. “In the gateway, if you want to enable devices other than set-tops, you have to take off the common scrambling algorithm. You have DVB-CSA re-encrypted in AES – you don’t want smartcards in a PC or laptop,” says Thorp. “We can provide a CA system that can talk to any device,” he adds, pointing out that Latens’ technology is DVB-compliant but uses AES scrambling. “Cable operators are being persuaded to [use AES] because it gives them advantages in DVR and VOD, where you have to be careful what you leave in the clear. With DVB-CSA you need hardware assistance; with AES it’s all software.”(Nagravision’s Verbesselt, on the other hand, says the use of AES in mixed DVB-IP networks is “a big mistake” because it involves a proprietary element. “There are things that need to be in the silicon. In HD it’s not going to improve. That’s where standardisation can play a big role,” he says.)

Outside the service

Moving content to devices outside the service provider’s control is complex. “Potentially we can bridge to other DRMs. There isn’t going to be a standard DRM system,” says Thorp. “If you have, for example a PlayStation 3 connected to a TV and want to play content from a DVR, you could use a linked encryption approach. The PS3 could discover the network and negotiate [to play the content]. It requires the DVR vendor to have DTCP-IP functionality in the box to be able to send out content link-to-link encrypted that can be played out but not stored.”

Nagravision’s Verbesselt says DRM bridges have so far largely failed to catch on. He says that Nagravision is a strong backer of CPCM, the big advantage of which is that it defines most of the business models that operators would be likely to think of, he says. “There aren’t many business models that could not be supported by it,” he says. However, the future evolution of content security in the networked home is far from clear. DLNA 2.0, the latest version of the home-networking specification, has embraced Digital Transmission Content Protection IP (DTCP-IP), the proprietary DRM specification mentioned by Thorp, which protects the digital outputs of DVD players and integrated products. Verbesselt says that Nagravision will also support DTCP. “One [possibility] could be to bring CPCM into DLNA, which also includes discovery that’s UPnP-based, but ‘could be done’ and ‘has been done’ are different things,” he says. To make matters more complicated, a number of Hollywood studios and consumer electronics manufacturers have also recently banded together to create another specification, the Digital Entertainment Content Ecosystem (DECE), which appears to be more internet-centric.

Conax’s Bjørndal argues that alternative technologies may play a role. “We are looking at how to bridge content from the conditional access to the DRM domain but we are also looking to see how watermarking can play a role,” he says. “If you can watermark the content in every home so that it’s traceable then that’s a good technology that will enable more content to be made available in a more open platform.”

The extent to which these technologies can be meaningfully integrated is something that that service providers and technology companies are still trying to work out. Irdeto’s Thunberg says that CPCM is a complementary technology to CI Plus and that it could be retroactively integrated with the CAMs later this year. “Our customers have asked us also to support various types of interactivity,” he says, referring to the possibility of adding VOD services and also transferring content to PCs and other devices in the future.

Operators are likely to be cautious about making too many bold moves at one time in the current economic climate, especially when the future evolution of technology remains so unclear. However, the days when one-size content security schemes fitted all are disappearing. In the new world of integrated TVs, hybrid networks and multi-device distribution, flexibility will be key.