The statement “Content is King” has always been relevant in the Video landscape. And with the exponential increase in the number of content (OTT) platforms and consumer expectations, the value of content is now colossal. It has become nearly impossible to keep track of the available content and the number of content platforms that compete for consumer’s attention and wallets. This convergence of content and platforms has led to a very curious and intriguing challenge. The challenge to secure not only the content but also the associated service.
The payTV industry is well-aware of this intrinsically complex scenario and forms part of many conversations I have with our customers on a daily basis. The world of Conditional Access Systems had it covered by securing not only the content but also focusing on the devices (STBs). The Head End components in payTV are typically driven by using industry grade standards like DVB (CSA-x) and the devices are governed by security principles driven by OEMs, Chipset vendors and Conditional Access Systems. The Conditional Access Systems have matured over time and are considered a stable, scalable and secure technology.
Now coming back to the topic where content and platforms are growing at pace. Content is being consumed on open and unmanaged devices with various platforms like Android, iOS, AirPlay, browsers, etc. These platforms/Operating Systems have invested heavily in Digital Rights Management (commonly known as DRMs) that include leading platform DRMs such as Widevine, FairPlay and PlayReady. For an operator, this creates a complex picture of how to formulate the right DRM strategy. While the operator must ensure full device coverage, it is also critical to have similar business and operational rules for all DRMs - and on top of all, the need for a secured overall service - which a multi-DRM solution should be considered a baseline for.
All this inherent complexity leads to a critical requirement for end to end security. For a streaming service, there are multiple security challenges and therefore a need for an approach such as Active Service Protection to secure both content and service in real time.
Typically though, there are a few key points that need to be reviewed by an operator prior to commissioning a new technology project and I’ve outlined these below.
Content Security
Depending on requirement, the platform DRMs are well equipped to secure the content by using the latest encryption algorithms. Once the content is secured using DRMs, the second step is to add a unique identification to the content which can be used to identify the source of leakage if it happens. This identification mark can be added as a Forensic Watermark at both server level and at the device level. A Forensic Watermark is a crucial step to ensuring that the respective device ID responsible for leakage is identified. The key aspects to selecting a comprehensive watermarking solution are quick integration, robustness, true forensic nature and efficient detection tools.
DRM-Common Business Rules
With multiple platforms like Android, iOS, Browsers and streaming devices being used by video Operators, the integration of DRMs into the ecosystem becomes a complex decision. The most efficient multi-DRM solution would employ strategies to ensure common business rules among different platforms. This allows the operator to have the most efficient content, pricing and application roadmap strategies. The operator can then focus on increasing the revenue and quickly deploy changes without worrying about the impact of each platform DRM.
The most efficient multi-DRM system ensures a wide choice of pre-integrated packagers, comprehensive platform coverage and a structured documentation/process for integration with the operator’s business backend.
Service Security
With secured and identifiable content, another critical component is a securing the service. Illegal streaming services can clone the client applications or the communication between clients and the business backends to mimic logic to steal content. With multiple stakeholders involved such as the backend platforms, applications, middleware and third-party APIs, it’s extremely important to define the right service security strategy. To ensure service security, Operators can deploy tools such as Secure Session Management to ensure that the sessions between the client application and backend are secured using DRM keys. These advanced service security methods will ensure the critical information exchanged between the client devices and the backend maintains the content security.
Anti-Piracy Strategy
A major aim of the overall security chain is to defeat the piracy through Active Security. OTT operators are facing a big challenge due to global piracy networks and services. Containing the content in geographical boundaries is becoming difficult and leads to massive revenue losses. The Operator therefore needs the right Anti-Piracy strategy consisting of global threat assessment, monitoring services and disruption through legal and technical measures.
A holistic approach towards the overall service security is key whilst defining the Anti-Piracy strategy. Security therefore is a multi-pronged process which necessitates a focus on production, delivery and consumption of content.