The need for a converged security solution

Posted On

By Team ExpressPlay


In our series on smart TV support for converged security, we’ve been discussing the aggressive hybrid strategies DVB broadcasters are pursuing in response to the rise of the smart TV. In this blog, we will zoom in on the need for content protection that covers all digital video broadcasting (DVB) and over-the-top (OTT) delivery scenarios without the need for separate silos of a conditional access system (CAS) and digital rights management (DRM) support.

What converged security means for broadcasters and OEMs

The installed smart TV base has reached critical mass in DVB markets, making smart TVs an attractive place for both broadcasters and multichannel video programming distributors (MVPDs) to anchor new hybrid service strategies. And with broad smart TV support for the HbbTV standard, broadcasters can now provide a large share of their customers easy access to both legacy and direct-to-TV content without requiring set-top-boxes (STBs). In fact, the latest generation of systems-on-a-chip (SoC) used with smart TVs can eliminate the need for conditional access modules (CAMs) as well. 

Getting beyond CAMs and STBs

So, how does freedom from CAMs and STBs benefit broadcasters and OEMs? For one thing, both CAMs and smartcards present several barriers to hybrid DVB-OTT service delivery. These include:

1. Security vulnerabilities

There are security vulnerabilities that are incompatible with the content protection requirements that accompany current high-value content licensing policies. For example, pirates have become adept at exploiting control words encrypted as entitlement control messages (ECM) unique to each CAS, which transmits authorization for decryption to the receiver via a CAS-specific entitlement management message (EMM).

In some cases, pirates reverse-engineer the ECMs, which are easier to defeat than the algorithms used to scramble the content. In other cases, they utilize logic analyzers to read electronic waves or power consumption patterns to enable emulation of the CA algorithm without having to break the code.

2. Inconvenience

One of the primary selling points of smart TVs is the highly convenient click-and-subscribe model. By contrast the use of STBs, CAMs, and smartcards typically requires consumers to obtain and install these devices before they can gain access to the service. This might entail a wait of several weeks before a pay-TV operator can arrange for a support engineer to install the STB and wire things correctly.

3. Higher costs

Any model that relies on several devices incurs higher costs for operators and consumers, whether the devices are rented to the consumer by the operator, or the consumer has to purchase the STB in retail. This in turn creates a business risk as consumers increasingly opt for cheaper, all-in-one solutions from other providers.

By enabling the provision of converged security through USB CAM form factors, the second-generation CI Plus 2.0 standard simplifies installation for consumers and lowers device costs. However, it still requires the operator to pay for and manage a legacy CAS with all its inconveniences.

SoC-based content protection and the enduring conditional access problem

In a traditional pay-TV system, an STB or CAM incorporates CAS software and in some cases also a CAS-specific, proprietary chip (refer to the left hand side of the diagram below). One solution some broadcasters have considered is using smart TV SoCs to perform the embedded CAS processes without the need for any extra security hardware. These chipsets typically integrate a proprietary component from the CAS provider.


However, this solution does not offer lower costs for providers or consumers. In fact, according to research, such systems cost premium TV service operators up to about $3 billion globally. So while card-free, chip-based CA protection can reduce some costs, the onerous fees related to CAS usage will remain, as will integration and certification costs in cases where SoCs haven’t been pre-integrated with the chosen CAS. 

As depicted on the right hand side of the diagram (“Broadcast direct to TV with DRM”), modern smart TV chipsets typically provide Trusted Execution Environment (TEE), secure video path (SVP), and hardware roots of trust. By leveraging DRM-based technology with such hardware security features, broadcasters can avoid the extra costs related to integration of proprietary hardware associated with an embedded CAS.

These steps, along with other measures supported by the Trusted Application (TA) running in the TEE, including sandboxing, firewalls, and other techniques providing enhanced security features, deliver hardware-level security comparable to advanced STBs and CAM.

The direct to TV broadcasting solution offers another major anti-piracy advantage by eliminating digital content theft that otherwise could be achieved with the help of high-bandwidth digital content protection (HDCP) “strippers” to pull unencrypted video out of the HDMI link from the STB to the TV set. Without the need for an HDMI link, such piracy is no longer possible.

Keeping up with market demands

The need for innovation in core areas of competence isn’t the only challenge. Providers must also compete over which content protection approach will resonate best in any given market. Guessing wrong can produce major losses when new models are rolled out. OEMs can also suffer lost sales when their perfectly good models are outmoded by competing sets that conform to new protection approaches.

It’s not hard to imagine the market appeal of broadcasters and TV sets that free consumers from STB and CAM installation. In such cases, they can buy smart TV models and instantly connect to their choice of broadcast and OTT premium service providers without having to deal with CAMs or STBs.

A fully converged security platform

It’s never been more important than now for broadcasters and OEMs to adopt converged direct-to-TV broadcast security strategies. Intertrust’s ExpressPlay XCA is designed for just that purpose, offering a converged security platform for enabling legacy and direct-to-TV services on smart TVs with the most convenience and lowest possible costs. To learn more about why a converged security strategy is critical for smart TV OEMs and broadcasters and how ExpressPlay XCA can help, read the full whitepaper.


intertrust-expressplay-drm CTA Banner

Related blog posts



Posted on 27 Mar 2024

Mastering the tide: Protecting live streaming from the surge of piracy

Read more



Posted on 06 Jul 2023

Curbing account sharing: how service providers can preserve revenue

Read more



Posted on 30 Jun 2022

Six advantages of direct-to-TV broadcast content protection technology

Read more