Designed by the Rambus Cryptography Research Division (CRD), self-contained CryptoFirewall™ (CF) ASIC cores offer a secure hardware-based root-of-trust for content protection applications.
According to Cynthia Yu, a Rambus CRD director, CryptoFirewall ASIC security cores have been integrated into at least 65 chipsets, including those manufactured by Ali, ST, MStar, Broadcom, Entropic and ViXS.
“Our CryptoFirewall cores facilitate a high level of security across set-top boxes and connected TVs. Essentially, the core is designed to shield cryptographic keys and computations within a chip – even if surrounding components are compromised – ensuring comprehensive protection against the unauthorized access of content and services,” said Yu.
“In practical terms, this means the CryptoFirewall core allows consumers to securely view content, including video with the most stringent security requirements such as 4K/UHD. In addition, our provider-agnostic security block supports instant delivery of content from multiple distributors including OTT content, which means that operators now have a security mechanism that allows for all content to flow to their customer’s TV.”
So, how does the Rambus CryptoFirewall platform operate? As Yu explains, the cores are designed around two main processes – differentiation and entitlement – which are used to derive the keys tasked with protecting content. Differentiation is the process by which an individual CryptoFirewall core is enrolled in a specific security domain, corresponding to a broadcast or OTT service. Differentiation can take place over the air, as it securely provisions service-specific keys and uniquely configures the CryptoFirewall hardware for each service.
Entitlement describes the process by which an individual CryptoFirewall core is granted permission to ‘watch’ certain content or services. This is also executed over the air using secure messages. This layered approach allows CryptoFirewall to efficiently and securely generate keys for many different types of content and services, while maintaining robust cryptographic separation throughout the system.
“Operators and OTT distributors can benefit from CryptoFirewall’s hardware-based security that satisfies the most stringent requirements for premium content, all while continuing to use their existing CAS and DRM systems,” Yu concluded. “On the consumer side, viewers can watch preferred content directly on a connected TV or via a set-top box.”
Interested in learning more about how Rambus is securing set-top boxes and connected televisions? Be sure to check out our CryptoFirewall product page here.