Oct 11, 2016


The TEE (Trusted Execution Environment) was first conceived as a way of protecting valuable data assets in all categories during transmission, but since then video has become ever more predominant across both fixed and mobile IP networks. The internet as a whole has become a major transport medium even for premium video content, raising new security threats, especially illicit content redistribution.

As a result the TEE has gained a lot of traction within the broadcasting and pay-TV community, providing insulation for key security assets as well as unencrypted content itself. The TEE’s development in turn is being shaped ever more by the changing nature of the threat landscape in pay TV. One factor changing that landscape has been the emergence of ultra HD (UHD) services, raising the stakes further by making content more valuable, and with ever increasing bandwidth, also easier to pirate.

When I presented at the TEE Conference two years ago, I was optimistic over the prospect of harnessing the TEE to protect UHD content in particular, speculating on the challenges and how they would be met. I am gratified to note that our fundamental object of evangelizing the TEE has been achieved, since it has become the defacto standard for the software component of overall video security. It has since been implemented in many SoCs (system-on-chips) for set-top boxes (STBs) and connected TVs.

Indeed it is now serving very well as a core technology for secure downloadable software, providing a secure container, secure boot and secure loading, separation between different trusted applications, and a communication protocol to the “normal” external software world, called REE (Rich Execution Environment).

But this is only a first step because it just protects the core software such as the DRM, which runs as a trusted application. Verimatrix has been pushing for two key extensions that we contend are essential to provide the more complete protection for premium content that rights holders and representative bodies such as MovieLabs are increasingly calling for.

The first of these we call the Secure Video Path or Protected Media Path, which extends the TEE from the core DRM to the whole video flow. The idea is that video content itself enjoys the full protection of the TEE after it has been decoded and decrypted (not just the operation of the DRM). This protection occurs before being rendered on the screen or re-encrypted for transmission from a STB to a TV over a HDMI link.  While the video is being decrypted, it resides in secure video buffers to which the regular STB or connected TV operating system, such as Android, does not have access.

While this TEE extension protects the video flow, it does nothing by itself to prevent unauthorized redistribution of content after it has been decrypted, for example by camcording. This is where watermarking comes in and why it was mandated by MovieLabs to secure UHD content—and why also it will increasingly be required to help tackle live premium sports piracy over the internet.

The other critical extension of the TEE involves an additional API so that it can now control the video watermarking functionality. The idea is that the forensic watermark identifies unauthorized streams and their source, and so to operate securely the marking must take place inside the TEE (or a combination of TEE and SVP) of the relevant client device.

Currently, Verimatrix is working on the requirements for extending the TEE API to watermarking within GlobalPlatform’s Premium Content Task Force (PCTF), alongside mobile chip designer ARM, Ericsson and Nagra. Our aim is to bring this specification back to GlobalPlatform so that it can be made available as a universal standard on mobile devices. This is essential to make watermarking interoperable between different implementations of the technology and therefore effective as a weapon against piracy on a global scale.

We then want to go further and establish a common framework for downloading trusted applications into the TEE within the mobile ecosystem in a way that is both technically and commercially feasible. GlobalPlatform calls it TEE Management Framework. This is needed to make the mobile ecosystem beyond the closed environment of dedicated STBs secure for delivery of premium video to connected devices, meeting the challenge of getting trusted application software safely into the TEE after the device has been sold in the retail market to a consumer. (I plan on expanding on this last aspect of the TEE in subsequent blogs – stay tuned)

With these developments in progress, I am excited to be a part of this year’s TEE Conference where I will be presenting a session on “Expanding the Layers of Security for Ultra HD Content” on October 13, 2016 at 12:45pm. Please join me so we can continue this conversation.