Revenue Security – The Cornerstone of Pay-TV
Pay-TV operators share a fundamental goal: to securely monetize content and – specifically – to protect content and services from unauthorized access, a.k.a. “piracy.” They have a particular desire to secure their video services – their service revenue streams - from various threats, such as theft of service, smart card piracy, device cloning, etc. As pay-TV moves to digital delivery in India, operators must prepare to address ever-evolving threat models, which now also include content redistribution over the Internet.
While security in analog cable TV systems is primarily focused on preventing theft of service, the threat models are different and more challenging for digital TV services. Therefore, as Indian cable TV operators plan their transition to digital, they must proactively address a unique set of technology and business issues. Ultimately, the objective is to choose a security policy and technology path that minimizes costs without sacrificing the ability to meet evolving service (revenue) requirements in the long run. The choice of security technology is critical to operators’ future competitiveness and financial performance.
The Rise of the Software-Empowered Operator
The legacy CA approach of relying on dedicated security subsystems at each and every device is clearly outdated – but legacy implementations that still rely on extensive client side logic, key manipulation and persistent storage encourages an environment where threats are focused at the weakest links in these diverse client implementations.
The natural response to this is to ensure that the core security functionality and content rights management logic resides as much as possible in the head-end cloud subsystems. When business rule decision-making and entitlement management become cloud-centric for security reasons, the opportunity also exists to make the systems much more responsive and dynamic to usage patterns and asynchronous events. Unification of security also offers the most seamless experience for consumers.
As an example, domain-based entitlement management enforces business rules to a logical group of devices (as opposed to an individual device) to ensure that entitled content is automatically available to all the subscriber domain's devices. Such dynamic entitlements support more flexible and Web-like business models than the pay-TV world has historically seen.
Unifying security infrastructure across networks and devices offers many benefits, including the ability to revoke clients and renew client security on the basis of knowledge or suspicion of threats on particular kinds of devices. It seems that the device that is most significant in terms of revenue streams is often attacked first; being able to revoke and renew security on that device in order to sufficiently address any threats, can help significantly protect an operator’s bottom line.
The foundation of this renewability and revocability is software-centric communications logic built on the firm foundations of hierarchical certificate structures – the very foundations of Internet security. In each client device, there is a minimum set of subsystems that are needed to ensure an adequate revenue security, including a hardware root-of-trust. Traditionally, hardware-based roots–of-trust can provide cryptographic keys, code verification keys and secure device IDs.
Recent advancements include hardware security cores inside STB chipsets/system-on-chips (SoCs) that perform highly sensitive content protection functions on a personalized basis. This hardware security core approach brings significant security and architectural advantages. When such a hardware root-of-trust is combined with a proven software security environment, a robust revenue security regime is created.
The increasing proliferation of cloud-based video services will push operators to re-think their security strategy in order to optimize revenue security while reducing operational costs. Security, in all its forms, is a continuing concern for video operators as they move towards a software-empowered model. An even greater concern is that the introduction of higher resolution, more valuable content services, such as UHD/4K, are matched by enhanced security approaches that must employ as much next-generation techniques as commercially reasonable.
It is clear that the software-empowered video operator model requires a new vision of revenue security that is a substantial leap forward from most of the current offerings.
The new generation of software-based, IP-centric security solutions, where control and integrity can be managed at the point of service origin, are especially well aligned with the vision of a more dynamic, flexible and extensible value proposition that will drive the new marketplace.
The end is in sight for the single-vendor monolithic video solutions that we have seen in the past. The landscape is much brighter for specialist vendors that have proven component integration points — often standards-centric — with other members of a deployment ecosystem. The result is less vendor lock-in and a promise of significant reduction in deployment cost.
Digital TV Security Considerations
Indian cable operators, whether small or large, can benefit from taking a software-empowered approach by adopting a flexible and effective digital TV security architecture. Such an approach can be an essential enabler of innovative business models that improve the competitive position versus satellite-based broadcasters and pure OTT operators. Choosing the overall security solution is therefore a critical strategic decision. This process should also expand the perspective of the security technology consideration from traditional single network content protection to the broader concept of multi-network revenue security.
There are many pay-TV security factors, not least financial, which need to be considered, such as:
- Initial purchase cost (CAPEX)
- Operational cost (OPEX)
- Cost of an unresolved security breach (ongoing loss of revenue)
- Cost to overcome a security breach (security renewal)
- Set-top box (STB) certification cost and delivery lead time