Strategies for Securing OTT Video in a Multiscreen World – Bill Rosenblatt

Guest post by Bill Rosenblatt, GiantSteps Media Technology Strategies

Life is not simple for providers of over-the-top (OTT) Internet video services – whether they are pay TV operators or new pure-Internet players. 

Services like Netflix have proven that it’s possible to attract large audiences to Internet-delivered premium video content, but staying competitive is difficult.  Devices that can consume Internet video are proliferating to include set-top boxes (STBs), Smart TVs, optical disc players, and game consoles as well as PCs, laptops, and smartphones. 

Consumers have become conditioned to “all my media on all my devices all the time” from their experiences with digital music and e-book services, and they expect no less from video; meanwhile, Hollywood studios and other video content licensors have raised, not lowered, their expectations that their content be protected from unauthorized use.

In general, the technological complexity of building, maintaining, and scaling multiscreen OTT video services isn’t decreasing. Operators require a range of capabilities including streaming video, content protection, application development, and other technologies. Yet no single, “silver bullet” stack with all these capabilities has emerged that operators can rely on to build out their services in a future-proof, scalable, and interoperable manner.

A multiscreen rights management capability on the server side is the key to minimizing and isolating complexity among several moving parts as operators build and expand their services to more and more devices.  By making OTT service deployment easier, operators can better respond to competitive developments in the marketplace while minimizing total cost of ownership (TCO).

The major moving parts of an OTT provider’s infrastructure are application development technologies, adaptive bitrate streaming, and digital rights management (DRM).   In the first category, HTML5 is of increasing interest as a means of creating applications with as much of a single code base as possible but that run on a wide variety of devices, both in web browsers and natively in apps for mobile devices as well as in-home devices such as set-top boxes and Smart TVs.

The latest developments in the HTML5 world include standards for sending and consuming DRM-protected video.  The Encrypted Media Extensions (EME) are a set of routines that integrate DRM schemes within browsers that support it.  EME-enabled browsers make use of Content Decryption Modules (CDMs), which are interfaces for specific DRMs that handle license requests, license acquisition and storage, and content decryption in secure execution environments.  The EME/CDM mechanism replaces older browser plugin schemes such as NPAPI and Microsoft Silverlight.  With HTML5 EME, browser-based applications are more efficient than with plugins, and a greater portion of the code base can be portable across multiple platforms.

The market for browsers continues to be quite fragmented.  Although Google, Apple, and Microsoft together claim about three-quarters of the browser installed base, other vendors claim significant shares particularly on certain types of devices, such as ACCESS (NetFront) in game consoles and UC in mobile phones in Asian markets.

An increasing number of browsers support HTML5 EME, but only with specific DRMs.  For example, Microsoft Internet Explorer supports Microsoft’s PlayReady DRM; Google Chrome supports Google’s Widevine DRM; and Mozilla Firefox is expected to support Adobe’s Primetime DRM and Intertrust’s Marlin DRM shortly.  Thus, the markets for both browsers and DRMs are likely to remain fragmented for some time.

In contrast, the market for adaptive bitrate technologies is coalescing around the new MPEG Dynamic Adaptive Streaming over HTTP (DASH) standard as well as Apple’s HLS, the most popular of several proprietary adaptive streaming technologies now on the market.

DASH aggregates most of the advantages of the existing proprietary technologies.  DASH also makes it easier to integrate with Hollywood-approved DRMs through a scheme called Common Encryption (CENC).  CENC allows an operator to use a single encryption key for each content title at each resolution across multiple DRMs, instead of requiring a different key for each DRM.  CENC takes advantage of the fact that all major DRMs for streaming video use the same basic encryption scheme (a variant of the US government standard AES).  CENC enables operators to simplify their infrastructures and save storage of files on content delivery networks (CDNs).

In other words, the primary sources of ongoing complexity – and thus the bottlenecks to scalability of OTT services across multiple device types – are DRMs and browsers.  The best strategy for providers to minimize this complexity is to adopt a multiscreen rights management capability on the server side.

A multiscreen rights manager is a set of software that acts as a single interface between a service provider’s back end systems and apps on all client platforms.  It enables DRMs to be added and changed as the market evolves and needs dictate.  It can abstract away DRM-specific license parameters and manage much of the communication with apps on different devices when a user selects a content item.  It can also generate CENC encryption keys to include in DRM licenses and respond to requests for keys from Encoder-Packagers, which encrypt content files and send them to CDNs. Finally, the multiscreen rights manager can also maintain content usage rules that span devices, such as the bitrates and number of concurrent streams per account that are permissible according to the operator’s licenses with copyright owners.

With multiscreen rights management, operators of OTT video services can isolate and manage the complexity of building out services across a maximum variety of client platforms while minimizing TCO for years to come.

A more detailed version of this article is available as a white paper from GiantSteps Media Technology Strategies, commissioned by Irdeto.  Click here to download. Irdeto will be at TV Connect (28 — 30 April 2015 Excel, London)