A recent report published by the NPD Group estimates there will be 204 million connected TV devices by 2017. More specifically, streaming media players and TVs are expected to represent the majority of the growth in installed and Internet connected units over the next three years.
“The evolution of hardware and digital content distribution is constantly changing the TV viewing experience,” explained John Buffone, executive director, NPD Connected Intelligence. “Over the coming years, the consumer’s preferred device for apps on TV will be shaped by the next generation of video game consoles, smart TVs and a new wave of streaming media players.”
As Cynthia Yu, a director at Rambus’ Cryptography Research division explains, consumers increasingly expect connected TVs to offer access to all content – including premium content that requires high levels of security or originating from multiple streaming services.
“Most major industry players are clearly aligned with this trend,” said Yu. “However, it should be noted that viewing premium content requires a strong level of protection against unauthorized access, whether on set-top boxes or connected TVs.”
According to Yu, the hardware-based CryptoFirewall™ meets the most stringent requirements for access to current and next-gen 4K/UHD content and allows devices already in the field with the CryptoFirewall core to be included in multiple content service domains. Designed by Rambus’ Cryptography Research division, the self-contained ASIC cores provide a secure root-of-trust for content protection applications.
In practical terms, this means the CPU-less CryptoFirewall provides a uniformly high level of security across multiple devices. It also effectively renders software attacks irrelevant since it is completely independent of software. In addition, operators and OTT distributors can benefit from the CryptoFirewall’s hardware-based security while continuing to use their existing CAS and DRM systems. In fact, the platform supports simultaneous access multiple services using separate CAS or DRM systems.
When paired with a CAS (conditional access system), the client sends encrypted EMM and ECM data to the CryptoFirewall core to generate a control word, subsequently delivering it directly to the DVB-CSA descrambler or key loader. If used with a DRM, the client relays encrypted rights and usage rules to the CryptoFirewall core, which is responsible for generating and delivering a content decryption key directly to the AES descrambler or key loader.
As we’ve previously discussed on Rambus Press, CryptoFirewall’s cores are designed around two main processes – differentiation and entitlement – which are used to derive the keys tasked with protecting content. Differentiation is the process by which an individual CryptoFirewall core is enrolled in a specific security domain, corresponding to a broadcast or OTT service. This can take place over the air, as it securely provisions service-specific keys and uniquely configures the CryptoFirewall hardware for each service.
Entitlement describes the process by which an individual CryptoFirewall core is granted permission to ‘watch’ certain content or services. This is also done over the air using secure messages. This layered approach allows CryptoFirewall to efficiently and securely generate keys for many different types of content and services, while maintaining strong cryptographic separation throughout the system.
Interested in learning more about how Rambus is securing set-top boxes and connected televisions? Be sure to take a look at our CryptoFirewall product page here. Readers can also check out the details of Rambus’ previous CryptoFirewall licensing deals with a wide range of diverse industry heavyweights including EchoStar and Verimatrix and chip partners, ALi, Broadcom, Entropic, MStar,STMicroelectronics, and ViXS.