Traditionally, content has been distributed on managed networks where the bandwidth is guaranteed and robust. Managed networks are networks under management by at least one operator, often a user or processor that can determine if a request for content should be granted. Managed networks can define access and use of the network, such as setting bandwidth usage for certain authorized users. Managed networks give operators a stable platform to manage their network of content distribution across devices, such as televisions and computers. Recently, there has been a significant increase in the number of mobile devices that are able to provide video playback, such as laptops, mobile phones, smart phones, net books and tablets. Content is typically provided to such mobile devices on unmanaged networks whose bandwidth can fluctuate and be sporadic. Unmanaged networks are networks not under direct management by an operator, such as a 3G network, broadband Internet networks or WiFi hot spots where any user can access the network. These unmanaged networks allow users greater access to content over a network from virtually any location. As the networks are unmanaged, the distribution of content over these networks presents unique challenges in security and access to content.
Distribution of video content on unmanaged networks, known as “Over-the-Top” (OTT) distribution, has become popular. Many solutions have been introduced for distributing this content over these unmanaged networks. For example, several protocols allow for adaptive bitrate streaming that adjusts the video bitrate to available resources such as bandwidth and processing power, enabling an immediate yet uninterrupted viewing experience. One such protocol is specified by Apple in the HTTP Live Streaming (HLS) protocol. This protocol, which Apple has integrated into its QuickTime player, uses the concept of slicing the video into chunks in order to deliver the content to the device while retaining the ability to switch to alternate bitrate versions of the content. This allows the ability to adapt to fluctuating bandwidth, which can be problematic on an unmanaged network. The HLS protocol takes into account encryption of the chunks. The chunks can be encrypted using AES-CBC-128. The key is served from the HTTP server and can be retrieved over HTTPS.
However, security for OTT content often lacks certain features that are typically found in Conditional Access (CA) or Digital Rights Management (DRM) systems, such as user/device authentication, device provisioning, output control signaling and content rating/parental control. In two way content protection systems, the client can provide information back to the head-end that can aid in clone detection or identification of other attacks. Yet, in devices with limited hardware (HW) security, attacks such as jail-breaking or rooting may jeopardize the overall security of the device and the content streamed to it. Jail-breaking or rooting are processes that allow devices running a certain operating system to gain full access to previously “locked” features of an operating system, removing the limitations imposed by the device manufacturers, the network operator, or the developer.
Therefore, the flexibility of unmanaged networks presents its own set of issues. The ability for mobile devices to access content over a network from virtually any location greatly increases the number devices that will request such content, many of which requests may be from unauthorized users or devices. Unmanaged networks also make it more difficult to develop data on users or devices, as well as presenting challenges in authenticating and tracking users and devices accessing content from different access points.