Security Icon

Security

CryptoMedia Content Protection Core

Designed to cost-effectively secure the broadcast and streaming of digital content, our CryptoMedia Content Protection Core provides pay TV operators and over-the-top (OTT) media providers robust security against security threats, like side channel attacks, through a hardware root-of-trust embedded directly in the device multimedia chipset. The core enables a cardless solution that is compatible with existing conditional access systems (CAS) and digital rights management implementations.

How CryptoMedia Content Protection Core works

Functioning essentially as a smart card within a set-top-box (STB) or multimedia chipset, the CryptoMedia Content Protection Core is a separate, on-chip security block that protects and stores cryptographic keys and computations from attacks. The core is extremely resistant to a wide range of sophisticated attacks, such as side-channel attacks, while providing the flexibility to integrate with multiple CAS or DRM solutions. This combination of robust security and broad compatibility provides a trusted security solution for the broadcast and streaming of premium content without the need for a smart card.
CryptoMedia Content Protection Core

CryptoMedia Content Protection Core provides side channel attack resistance in a wide variety of ecosystem configurations:

In broadcast systems: the core receives the data it needs for operation in standard encrypted messages via infield provisioning from the CAS, including: pay-per-view (PPV) and subscription updates and security configurations.

In OTT systems: the core is configured via license files that are updated via infield provisioning to enable feature upgrades.

In CAS: the core is designed to work with a variety of CAS providers as it can either help derive or directly generate the control word and deliver it into the key ladder or descrambler.

In DRM systems: as with CAS providers, the core functions with diverse DRM systems.  The operation is similar to the CAS, except the derived key is the content encryption key that is delivered to an AES decryption engine. In both cases, generation and derivation of the control word or content encryption key is handled in secure, protected hardware.

Our CryptoMedia solution supports a multi-domain security feature that is unique to our core and is based on an advanced hardware root-of-trust. This innovative feature allows premium content to flow securely directly to pay TV devices like STBs, forming a secure foundation for convenient access to all pay TV content on one device. It enables new ways to distribute pay content, providing benefits to both operators and OTT distributors:

  • Operators can provide their subscribers with instant individual choice of content on the STB or TV
  • OTT distributors can deliver content directly and securely to operator STBs and TVs
 

Our core is integrated into leading multimedia chipsets. To view a list of our SoC partners, click here.

Solution Offerings

Security Features

  • Provides the most robust hardware protection via a hardware root-of-trust (all access decisions in hardware)
  • Reduces costs associated with the design, manufacture, and operation of STBs
  • Supports multiple CAS and DRM solutions
  • Enables infield key provisioning and feature / content upgrades
  • Cost-effective embedded security with no external interface to attack
  • Resistant to a wide range of sophisticated side channel attacks, including simple power analysis (SPA) and differential power analysis (DPA)
  • Provides advanced logic to protect against glitching and fault injection
  • Provides secure integration with a variety of descramblers and key ladders
  • Meets studio security requirements including UHD/4K content like MovieLabs Enhanced Content Protection (ECP) specification, facilitating licensing of premium content
 

Other Key Features

  • Supports all major content distribution platforms – satellite, cable, IPTV, OTT, physical media
  • Integrates easily — reference implementations and services available as needed
  • Compatible with MPEG2 and DVB transport, CENC, MPEG DASH, HTML5 EME, and more
  • Gate-level netlist targeted to vendor-specified cell library
  • Full technical documentation:
    • Interface specifications
    • Integration guides
    • Validation guides
    • Manufacturing test and personalization specs
  • Test and Verification:
    • Verification models
    • Emulation boards
    • Functional verification tests
    • System and validation tests

The CryptoMedia Content Protection Core utilizes standard chip manufacturing processes. Our engineering team has worked closely with leading chip manufacturers to integrate the CryptoFirewall security core into transport chips used in set-top boxes, smart TV chipsets, removable smart cards used by leading conditional access providers, and stand-alone ASICs.

Smarter than a Smart Card cover

Smarter than a Smart Card

Set-top boxes (STBs) were initially secured by Conditional Access System (CAS) smart cards. However, this approach is no longer effective. Smart cards cannot prevent unauthorized access to premium 4K and UHD content, as they are not designed to protect the interface between the card and box, or the STB SoC itself. This is one of the reasons why cardless CAS set-top boxes, equipped with a hardware-based root-of-trust, are increasing in popularity amongst major operators. A hardware root-of-trust, provided by platforms such as Rambus’ CryptoMedia, offers operators robust security protection with an integrated security core that acts to effectively decrease potential attack vectors.
Download White Paper

Related Markets & Applications

FREE Webinar: Secure Silicon IP Series: Complexity vs. Security