Enhanced content security for HTTP Live Streaming
The Verimatrix Adaptive Content Security Manager (ACSM) is the core component of the Verimatrix Video Content Authority System (VCAS™) for Internet TV. VCAS for Internet TV offers a complete system for authenticated and protected video service delivery to STBs, connected TVs, PCs/Macs and a variety of mobile device classes over un-managed networks that implement HTTP Live Streaming (a.k.a. adaptive rate streaming). This enables HTTP streaming and OTT delivery alongside established pay-TV methods and technologies, supported by the unified VCAS security authority.
ACSM supports authentication, key distribution and user control and acts as the root Certificate Authority in a PKI hierarchy. It uses X.509 certificates to validate and authorize all content protection communication within the pay-TV network, including messaging between VCAS sub-system components as well as between the head-end system and authenticated subscriber receivers. The receivers are equipped with Verimatrix ViewRight™ Web software-based clients.
The HTTP Live Streaming protocol is increasingly adopted by over-the-top (OTT) service providers for live, catch-up and on-demand services. The core protocol provides automatic bit-rate adaptation to allow a common video stream URL to be shared between devices that have different screen resolutions, processing power and available network bandwidth. This ensures the best possible viewing experience for any given combination of these parameters, even when devices roam between networks. This enables operators to reach outside current service areas, and to extend subscription services to users on-the-go through Wi-Fi, WiMAX and 3G/4G networks.
HTTP Live Streaming is an ideal technology for inclusion in a VCAS multi-screen security deployment, and it incorporates a baseline security model for service delivery. The tight integration with VCAS includes important extensions to the standard model that improve the capability to support subscription and transaction based pay-TV services. In particular, ACSM ensures that decryption keys are managed and selectively distributed to authorized clients only.
ACSM is the target of HTTPS requests for key files associated with each live program stream and on-demand asset. Encryption keys are generated by ACSM and provided to the third-party encoder via the Verimatrix MultiCAS/Adaptive interface. The encoder then undertakes the actual AES encryption of the HTTP Live Streaming chunks prior to downstream distribution.
To learn more about adaptive streaming technology and its benefits, please download the Verimatrix white paper "Adaptive Rate Streaming: Pay-TV at an Inflection Point"
- Platform OS: Red Hat Enterprise Linux 5.3
- Database support: Oracle (10g R2 Enterprise Edition)
- Sub-system interfaces: Authenticated via PKI and X.509 digital certificates.
- GUI: Flexible Java-based secure administrative functions through OMI component.
- Event logging: Comprehensive and secure.
- Implementation: Single machine or distributed load balanced cluster to meet any size of operator deployment.
- Encryption: AES-CBC, by streamers/scrambler from e.g. Envivio, Harmonic, Allegro and Inlet Technologies.
- Device Authentication: Flexible auto-configuration and one-time field provisioning.
- Media Entitlement: Efficient asset by asset entitlement validation via reference to subscriber/device database.
- Keyfile Delivery: Via device authenticated SSL/TLS.
- Network management: SNMP v1, v2c, v3