Some embodiments relate to digital content protection and, in particular, audiovisual content protection. More specifically, some embodiments relate to a technique that can be applied, inter alia, to access control and content protection systems, such as to impede unauthorized access to content produced by digital content providers.
Conditional Access Systems
The terms “conditional access” (CA) and “conditional access systems” (CA systems or CASs) refer to a set of devices, processes and software the aim of which is to protect digital or analogue content. CASs implement the protection of content by ensuring that a set of requirements are met before authorizing access to the content. The term CAS is often associated with digital television systems (both those broadcast via satellite and those broadcast via cable) even though, historically, the first CASs were analogue (e.g. the Videocrypt system by Thomson Consumer Electronics).
The Digital Video Broadcasting (DVB) standard defines the CAS standards in the specification documents referred to as DVB-CA (Conditional Access), DVB-CSA (Common Scrambling Algorithm) and DVB-CI (Common Interface). These standards define a method allowing a digital television stream to be scrambled while allowing users having a valid decryption smart card to access this stream. The DVB specifications for conditional access are available online and are known to those skilled in the art. Hundreds of millions of pay television decoders currently implement the DVB specifications.
Content protection is achieved by combining the scrambling of the video signal and the encryption of the scrambling keys. The video data stream is scrambled using a secret cryptographic key of 48 bits referred to as a “control word” (CW). Knowledge of a CW at any given time is unlikely to seriously compromise the security of the conditional access system insofar as content providers change the CW multiple times per minute. The duration of validity of a given key (this duration being a parameter of the CAS) is referred to as the “crypto period” (CP). The CW is generated in such a way that knowledge of the CW of CP number n does not allow the CWs of CPs number n+1 and beyond to be guessed or calculated. Knowledge of the CW of CP number n does not allow the CWs of CPs number n−1 and before to be guessed or calculated either. The DVB specifications recommend the use of a physical method to achieve this.
In order for the recipient to be able to decrypt the incoming data stream, the receiving device must be kept permanently informed of successive CWs. In practice, the receiving device must actually be informed of the CWs slightly in advance in order to avoid any interruption in the display of content to the user.
Encryption is used in order to protect the CW during transmission thereof to the recipient: the CW is encrypted so as to become an entitlement control message (ECM). The CAS of the receiving device decrypts the ECM in order to extract the CW therefrom only if the recipient is authorized to do so. The ability to do this is sent to the recipient in the form of an entitlement management message (EMM). EMMs are specific to each subscriber, identified using the smart card inserted into his or her decoder, or to a group of subscribers. EMMs are usually transmitted or renewed once per month. Following a number of attacks in this area, it is apparent that such a frequency of EMM dissemination is not sufficient to prevent fraud. Thus, the company TPS has decreased the time between EMM disseminations to 12 minutes. This frequency may differ greatly between content providers: for example, BSkyB uses a duration of validity of a month and a half. When the Nagravision 2 system was compromised, the company Digital+ started renewing EMMs every three days in order to inhibit the playout of content by pirates.
The contents of ECMs and EMMs are not standardized. Thus, their formats depend on the particular CASs in use.
The CW may reach the receiving device via multiple ECMs at the same time, thereby allowing the use of multiple CASs at the same time. This technique, specified by DVB and known by the term “SimulCrypt”, makes it possible to save bandwidth and encourages multiple operators to multiplex their information and to cooperate. DVB SimulCrypt is very common in Europe. Certain channels, such as CNN International Europe broadcast from Hot Bird satellites, may use up to seven different CASs in parallel.
Decryption cards are read and sometimes updated with specific viewing rights, either via a conditional access module (CAM), a PCMCIA-format card reader (also referred to as the PC card format) meeting the requirements of the DVB-CI standards, or via an ISO/IEC 7816-compatible embedded card reader, such as that of the Sky Digibox.
Given the common and frequent use of CA in DVB systems, numerous illegal tools exist that allow DVB encryption to be weakened or circumvented. There exist CAM emulators and multi-format CAMs. Multi-format CAMs can either read multiple card formats or directly decrypt a compromised CAS. The majority of multiple format CAMs and all CAMs capable of decrypting a signal are based on the reverse-engineering of the corresponding CAS. Numerous CASs have been compromised to date.
Digital Rights Management
Digital rights management (DRM) aims to control the usage of digital works.
DRM can be applied to any type of physical digital medium (discs, digital versatile discs, Blu-ray, software, etc.) or of transmission (broadcast, Internet services, etc.) by virtue of a CAS, as described above.
DRM software or technical devices may aim to:                restrict the reading of the information medium to a given geographical area (for example DVD zones);        restrict the reading of the information medium to specific equipment (for example the smartphone or tablet versions);        restrict the reading of the information medium to a manufacturer or seller (in order to lock out the competition);        restrict or prevent the private copying of the information medium (transfer to an external device);        restrict or block certain playback functions of the medium (deactivation of fast-forward in certain sections of a DVD). This is very useful for forcing exposure to advertising;        identifying and digitally watermarking any work and any item of recording or playback equipment (in order to facilitate the tracking of unauthorized copies, but first and foremost to prevent customization and hence control of a technology, for example to prevent installation of another operating system on a computer).        
DRM technical measures make use of encryption of a work, in combination with CA. The editor or distributor making use of this CAS provides the key controlling access to the product only in exchange for proof of purchase or subscription allowing access thereto (subscription to a pay channel, VOD, download, etc.). Playback (and/or copy) access to the document thus protected is then authorized only for the item of equipment or for the software identification certified by the provider.
The concepts relating to technical measures for protecting content exist in law (DMCA in Europe and the United States, DADVSI in France) and are the subject of an international agreement. The law recognizes CA as a protective measure and punishes users who circumvent it or publish its secrets.
A DRM architecture is based on the encryption of works. Only a device having the decryption key is capable of reading the work. A problem posed by this principle is the inviolability of hardware used by the public to look up works, so that the decryption keys remain secret. Thus, the secrets of DVD players have been unveiled and DVDs can now be decrypted by software not having the keys. In order to keep inviolable secrets on the computer of each user, manufacturers develop DRM systems that are embedded deeply within the hardware of the computers. The aim is to make it possible for each computer to be remotely (via Internet) and reliably identified. Thus, a client-server architecture allows the use and dissemination of each copy of a work to be continually verified.
Multiple manufacturers already implement purely software-based DRM systems, which are nonetheless subject to circumvention.
The general mode of operation of such a DRM system is laid out below:                the content server S holds content C that is protected by authors' rights (for example music);        the client K is the software or the peripheral allowing C to be read (for example a multimedia player or a digital audio player);        when a user U wishes to download a file F, K delivers a unique identifier to S. S encrypts F (in order to obtain C) specifically for U;        C is subsequently transferred from S to K, usually via the Internet;        when U wishes to read the content F that he or she has downloaded, the player checks whether it already has a licence for F. If the reader does not have a licence, it connects to S. If U is authorized (for example through having made payment), the player downloads a licence L. L is a data structure containing the decryption key and the conditions of use of the content F. L is protected in terms of confidentiality and integrity;        the player verifies that the conditions of use defined by L are met. If this is the case, the reader can decrypt C using the decryption key stored in the licence in order to deliver F to U.        
However, if U changes client (new software, new computer, new audio player), he or she will have to request a new licence L′ according to the conditions of the contract agreed with the provider (for example, iTunes allows seven licences linked to a change in hardware without time restriction for the purchase of one track).
IP Television
IP television, television over IP, or IPTV (Internet Protocol television) is a form of television broadcast over a network using the IP (Internet Protocol).
The term IPTV covers live television, video on demand (VOD), game on demand (GOD, or cloud gaming) and catch-up W. Various communication methods are used. Live television uses a multicast IP solution (also referred to as “IP multicast”), which allows a one-time transmission of information to multiple individuals. VOD and catch-up TV use a unicast IP solution (a single receiver for these streams).
IPTV uses the same infrastructure as Internet access, but with reserved bandwidth. In France, IPTV is often provided along with a high-speed Internet subscription offer. Providers speak of “triple-play” offers (Internet, telephone, television).
IPTV may also be deployed in private communities: specifically, this allows a hotel, hospital or holiday home to be able to offer a bundle of IPTV channels as well as a range of billable and on-demand services; the body offering this network is considered to be the telecom provider.
IP technology allows the interface to be shared with other applications (Internet, VoIP). Moreover, codecs of increasingly better performance (MPEG-2, MPEG-4 and VC-1) make it possible to optimize the consumption of bandwidth. The IP network thus allows more content and functionalities to be broadcast. In a conventional or satellite TV network employing video broadcast technology, the entirety of the content is continuously provided to the user, who subsequently selects it via his or her decoder. He or she may then choose from a variety of options while the telecom, cable or satellite provider continuously feeds the broadcast channel. However, an IP network operates differently: the content remains in the network, and only those items of content selected by the user are transmitted thereto. This makes it possible to free up bandwidth and to avoid user choice being limited by the size of the broadcast channel. Only those channels that are being watched are transmitted over the IP network by virtue of multicasting, unlike VOD in which the video is transmitted using unicast and hence the bandwidth is used for each viewer.
The IP platform also allows a truly interactive and personalized viewing experience. For example, the provider may add an interactive programme guide allowing users to search by title or by actor, or else “picture-in-picture” (PiP) functionality allowing a second channel to be watched on the TV screen. In this way, viewers are able to look up player statistics while watching the match or else select the camera angle. They may also access music and photos stored on their computers directly from their television, use a mobile phone to schedule the recording of a program, or else set parental controls.
All of this is nevertheless made possible by virtue of the existence of terrestrial, satellite and cable networks in combination with sophisticated decoders. In order to set up an interaction between the receiver and the transmitter, a parasitic channel is required. It is for this reason that terrestrial, satellite and cable television networks are not interactive. However, interactivity via these networks is made possible through the combined use of TV networks and data networks such as the Internet or a mobile communication network.
The Marlin System
Marlin is a DRM platform created by an open standards community called the Marlin Developer Community (MDC). MDC develops the required technology and manages partners and services allowing the creation of interoperable digital content distribution services. The Marlin technology provides consumers with the capability to manage inter-device relationships, network services and digital content. With Marlin, content providers and device manufacturers are able to create and support content access services over open networks.
MDC was formed in 2005 by five companies: INTERTRUST, PANASONIC, PHILIPS, SAMSUNG and SONY. MDC published its first set of specifications in May 2006. The founders of MARLIN also formed the Marlin Trust Management Organization (MTMO) in order to create a neutral trust organization capable of managing and granting Marlin licences. The MTMO started operating commercially in January 2007.
Marlin was created with specific design aims. First and foremost, Marlin allows consumer devices to import content from multiple and independent services and to permit peer-to-peer interactions. Secondly, Marlin is based on a general-purpose DRM architecture. The specifications of the Marlin system define both the technical features and the architecture that are required for the interoperability of devices and services.
The majority of implementations of Marlin respect the core specifications of Marlin. This core defines (1) the basic components, (2) protocols, (3) and consumer domain model that allow interoperability between devices implementing Marlin and (4) services implementing the Marlin specifications. These specifications are based on the Octopus and NEMO reference technologies which have been adapted for inter-device peer-to-peer interactions.
Octopus:
The management of rights within Marlin is based on Octopus, which is a general-purpose DRM architecture. The Octopus core system is a graph-based relationship engine. In Marlin, Octopus node objects are used to represent system entities (such as users and devices) and links between nodes represent relationships. The system of nodes and links manages where, how, and when content can be used in the system. Octopus is available on various platforms and its media format is cryptographically agnostic.
NEMO (Networked Environment for Media Orchestration) provides a service provision framework allowing trusted connections between various components of a Marlin DRM system. Based on web services standards, NEMO defines service interfaces, service access policies as well as support and trust relationships among distributed entities that play well-defined and certified roles. The NEMO framework allows Marlin components to create protected messages and to exchange them between authenticated and authorized entities. The services supported by NEMO may be operated together with other, application-specific media services that are not necessarily required to be NEMO-compliant.
The main products that implement MARLIN are:                EXPRESSPLAY: EXPRESSPLAY is a hosted service provided by Inter-trust INTERTRUST since May 2013. EXPRESSPLAY was mainly designed to embed Marlin content protection within Internet-based content distribution services. EXPRESSPLAY offers a hosted Marlin server component for managing MARLIN keys and a software development kit (SDK) for iOS and Android clients.        The BLUEWHALE MARLIN Broadband Server: is a configurable implementation of the Marlin server that provides the necessary support for the delivery of digital content to Marlin clients. In order to prepare the information required by the clients, a BLUEWHALE server is integrated within the back-end business logic of a service provider using an XML interface. The server translates the business logic into Marlin rights objects, creating and managing user registrations and licences.        BENTO4 Packager: The BENTO4 Packager is a software tool for packaging and parsing content. BENTO4 operates with MARLIN clients. This tool packages, encrypts and protects content files on the server side. On the client side, this tool allows content to be decrypted and parsed.        SUSHI MARLIN Client SDK: The SUSHI MARLIN Client SDK is used to create a client with DRM functionality. This software development kit (SDK) provides the primary MARLIN components required to determine licence conditions and to control access to protected content. The SUSHI MARLIN Client SDK can be adapted for content playback hardware devices. The SUSHI MARLIN Client SDK can also be used by service access applications in order to enrich such applications with DRM functionality. The SUSHI MARLIN Client SDK is no longer provided by INTERTRUST as of May 2013.        The Marlin Partner Program: In October 2008, the MDC announced the creation of the Marlin Partner Program (MPP). The MPP initially included over 25 companies. In January 2014, this programme included 42 partner companies. Partner members identify, develop and provide a variety of technical components and integration services, the aim of which is to create a marketplace for Marlin solutions. Network operators, service providers, device manufacturers and other companies deploying Marlin-based products and services may thus collaborate with MPP member companies.        Marlin Trust Management Services: The MARLIN technology is based on standards but the security of a Marlin system is managed by an independent entity called the Marlin Trust Management Organization (MTMO). The MTMO maintains the integrity and security of the system using its key management services.        The Current Deployment of MARLIN: MARLIN has been commercially deployed throughout the world in a variety of devices and services. MARLIN is included in the Japanese national IPTV standard and has been deployed by ACTVILA, a web-based television portal launched in 2007. The ACTVILA portal service, created by HITACHI, PANASONIC, SHARP, SONY, and TOSHIBA, included a deployment of Internet TV services. SONY uses MARLIN in PLAYSTATION Network, thus providing users with a video download service allowing content to be purchased or rented on the PS3, PS4 and PSP systems. MARLIN is also used in PHILIPS NetTV BLU-RAY players.        
The following standards organizations have incorporated MARLIN into their specifications:                Ultraviolet, the cloud-based digital rights distribution and authentication system by the Digital Entertainment Content Ecosystem consortium (DECE LLC); the Open IPTV Forum.        Additionally, the following national initiatives have selected MARLIN: the Italian Internet services platform developed by the TIVU Sat consortium; YouView of London, UK, the British connected open Internet platform;        the TNT 2.0 specifications by the French HD Forum;        lastly, Chinese consumer media services such as iQIYI of Beijing, China (founded by BAIDU, Inc. of Beijing, China) and PPTV are also MARLIN members.        
Over-the-Top Services
An over-the-top (OTT) service is a service for providing audio, video and other media over the Internet without the involvement of a traditional network operator (such as a cable, telephone or satellite company) in the control or distribution of content. The Internet access provider distributing the content may be aware of the content of IP packets in its network, but is not responsible for, nor capable of controlling, the display of content, the observance of authors' rights and/or the redistribution of content.
OTT is very different to the purchase or rental of audio or video content from a traditional network provider, such as pay television, video on demand, IP television or the AT&T U-verse service. OTT instead relates to content originating from third parties, such as HULU, NETFLIX, CRUNCHYROLL or TOU.TV, and delivered to the user device by an Internet access provider that serves merely as a transporter of IP packets.
Consumers can access an OTT service via various devices that are connected to the Internet, such as desktop computers, laptops, games consoles (such as the PLAYSTATION 4, the WII U and the XBOX ONE), set-top boxes (STBs) (such as the ROKU), smartphones (including ANDROID phones, IPHONE and WINDOWS phones), smart TVs (such as GOGGLE TV) and tablets.