It’s rare when what were once conditional access specialists, have anything to announce, other than a particular chip integration or a design win, but at CES this week Nagra, Verimatrix and Irdeto have each shown new steps which show the changing way they see their respective futures.
For Nagra, it was two announcements, working with both Samsung TVs and MStar chips to come up with what it is calling TVKey. This is a serious change in strategy for Nagra, in that it is offering its own hardware root of trust on both Samsung TVs and on any TV built around an Mstar TV chip.
Today, security in the OTT market has become homogenized around browsers, initially sidelining security players into securing Apps, but as 4K content emerged and the Movielabs specifications for securing it also emerged, every device has to have a hardware root of trust, either in play today or in planning. It has challenged everyone in this market except of course the platform vendors – Apple, Microsoft and Google – who after all, made the market this way quite deliberately.
One way to do this which we have covered for years, has been an independent security core, in particular one from Rambus which today it calls CryptoMedia, and we are beginning to see examples of operators using this and partnering it with not just one DRM for key management, but with multiple DRMs (Dish India comes to mind), some with set top designed-in, others browser based.
TVKey is really Nagra taking its own hardware root of trust, and making sure it can work with any browser or app on smart TVs, with hardware support. So Nagra is trying to retrospectively compete with Rambus and says that its hardware root of trust can be open to other DRM suppliers. Most notably it will work with app companies who have little experience of DRM, but who want to write apps which deliver 4K video to Samsung TVs, and so the DRM is likely to be its native Nagra, or one from the browser players.
Chris Schouten at Senior Director Product Marketing at Nagra told us, “The TVKey root of trust (RoT) could indeed be used for third-party DRMs and Nagra is open to having such discussions.”
The TVkey is effectively to be sold as a dongle, with the original meaning of the world dongle, to take all security calculations out of the incumbent device and put them into a secure tamperproof, portable chip held in a USB drive. It would be a great way to take your TV with you wherever you go.
The word dongle (originally, pre-Wikipedia) came out of having to have a similar chip around 40 years ago or so, which plugged into the back of an enterprise computer, which would not work without it, and used it for decryption of apps. Since then it has come to mean anything extra you can plug into a device, such as a flash drive.
In truth, little has physically changed for Nagra, just the perception. Companies like Samsung have always been keen to open their systems up to as many different operator types as possible, and Mstar and set top chip makers like Broadcom, have rented spare room on their silicon to security vendors as it has become available. Every time a chip moves from one geometry to the next, it is capable of a huge series of additional features. Cryptographic Research prior to Rambus buying it, was the first company to work out how to get a secure hardware root of trust onto Broadcom chips, but open it to the rest of the world. Nagra has had its own root of trust on similar chips for years, as did NDS before it became part of Cisco. All that has changed it that it is now open for others to use, in particular Widevine, Playready and Fairplay key servers, we suspect.
But with the emergence of the ARM architecture for portable devices, and as it has moved to set tops and larger devices, the Trusted Execution Environment (TEE), built around ARM Trust Zone, had become a key area of focus in using hardware to secure DRM.
Nagra will tell you that this is far from ideal, partly because you cannot put security into a core design, not until it becomes silicon, it has to be built into the physical chip, and chip makers have differing implementations of Trust Zone, with different flaws and routes into them.
Schouten said, “A major difference between a component based solution where TEE comes from chipset vendors and the Root of Trust from another vendor, is that Nagra is able to secure the entire end-to-end implementation either by using our CAS or by working closely with other security vendors as in the case of the TVkey specification. We feel this approach is always superior to a “piecemeal”, component approach where security responsibility is split between different parties.”
So, this is one way, but certainly unlikely to be the only way, that smart TV makers can prove that their security is up to scratch for 4K and UHD. Another is to use a TEE, and yet another is to use a Conditional Access Module (CAM) and the thinking behind the TVkey is its portability and, we suspect, price.
Its’ time may also have come in the US market, where CableCARD, the US version of CAM is a failure, and the replacement suggested by the outgoing FCC chairman, has been rejected.
Nagra and Samsung have gone a step further establishing a co-venture to license TVkey technology to industry stakeholders including chipset, dongle, TV and conditional access vendors. The mantra is that it is quick, cheap and can be retrofitted to existing TVs – that, more or less, was where the smart card came in many years ago. But what was cheap back then, is no longer the case.
The two will create a corporate body to license the new TVKey technology – announced originally at IBC 2016 – to industry stakeholders.
The TVkey framework is based on a Nagra-designed root of trust in TV chips which communicate securely with the TVkey device. This creates a Secure Media Path and enables strict enforcement of usage rules as required by Hollywood for the protection of high-value content.
Once pay TV operators launch their own keys, then there may be some traction to drag in rivals like Verimatrix. Right now, it is content to work alongside Rambus, seen to be openly independent as a security core, unlikely for its terms to change or for any financial leverage to be worked in the market. But as Nagra adapts to this new role and with Samsung simply saying “Yes, our TVs can talk to your CA or DRM, whatever it is,” there is every chance that other DRM suppliers will be drawn in.
MStar then duly obliged by licensing the technology a few days later in its EMC SoCs for 4K Ultra HD HDR televisions, pending finalization of the new TVKey licensing body. The MStar EMC is a high-end 4K Ultra HD HDR TV chipset series and enables pay TV operator applications and branding using an HBBTV2.0 HTML5 TV application SDK for both Android TV and Linux OS.
But MStar is similar to Samsung – in that it will embrace a multitude of technologies to make its chips/TVs desirable.
Meanwhile, also tipping its hat to the volumes in the Smart TV market, Verimatrix said that its Forensic Watermarking will become integrated into the next generation of Samsung Smart TVs.
So Nagra does not have a clean sweep here. It would have liked to see its own Civolution plus its in-house AnyMark forensic watermarking adopted by Samsung, and who’s to say that it won’t also get a relationship to run in parallel with the deal Verimatrix made this week. But for now, the 12-year investment in watermarking that Verimatrix has persisted in, has finally paid off since its launch at a lonely IBC stand in 2004.
Its deal with Samsung announced for CES also includes the Verimatrix Video Content Authority System (VCAS) Ultra architecture, which puts the VideoMark forensic watermarking to work. Both are integrated with Samsung’s next-generation Smart TV platform to establish a secure chain-of-custody across the UHD ecosystem.
We asked the obvious question of Verimatrix, is this secured against the TVKey of Nagra, especially as the Verimatrix announcement referred to using TEE for security, and it told us, “So far the effort for integrating VCAS Ultra and VideoMark forensic watermarking with Samsung Smart TVs has been independent of TVKey. However, it is easily extendable to be used alongside TVKey in the near future.” We read that as “if an operator asks for it, we can do it easily, but we would push TEE or Rambus in the first instance”.
The modern world of content protection is all about putting trust into not one, but multiple stacks of security hardware, and multiple software layers and building ways of revoking and re-aligning the hardware root of trust or the entire DRM around a new system overnight, so that when 4K systems are broken, they can be fixed overnight and questions can be asked later.
Petr Peterka, CTO of Verimatrix said, “Samsung’s decision to integrate VideoMark watermarking as part of VCAS Ultra optimally positions its future Smart TVs to secure high-quality content, pushing Samsung ahead in the race against piracy.”
That’s like an open invite to every other TV maker out there to come and sign a similar deal, or Samsung will get all the business.
Meanwhile Irdeto took to CES the fact that it has integrated with one of the world’s pay TV middleware successes, Frog by Wyplay, the French open source set top middleware platform, which has found success in 2016 at Telefonica, DishTV India, and before that at its native Canal+ in France, SFR and Vodafone, as well as Sky Italia, not to mention on new chips such as those from Huawei’s HiSilicon.
Irdeto said this week that it has joined the Frog by Wyplay community to offer integrated security solutions for operators worldwide, which suggests that it is behind the security on one or more of those deals, and showing yet another way into the fragmented, but still growing DRM marketplace.
The partnership is part of an ongoing relationship between Irdeto and Wyplay, and introduces Irdeto Rights and Irdeto Cloaked CA to the existing Frog community. Rights is a full blown multi-DRM system and its Cloaked CA, is a way of offering protection to DRMs when they run on a software only environment, with no hardware root of trust.
Irdeto and Wyplay said they will join forces to offer a turn-key Android security system, which will no doubt rely on the ARM based Trustonic TEE for a hardware root of trust.