Last modification: 27-05-2015 / 01:51 PM GMT+01:00 Solution Overview Media Protection Irdeto Keys & Credentials A VENDOR-NEUTRAL, TECHNOLOGY-AGNOSTIC SERVICE TO MANAGE THE COMPLEX ECOSYSTEM OF SECURITY SUPPLIERS, INTERFACES AND PROCESSES THAT UNDERPIN A PAY-TV OPERATOR’S PLATFORM AND SERVICE OFFERING The long-term security contracts typically subscribed to by Pay-TV operators can also lock them into relationships with their partner’s chipset and set-top-box (STB) suppliers. Dependence on a monolithic security solution not only takes critical choices out of the operator’s hands, it diminishes their control over current and future strategic business decisions. Irdeto Keys & Credentials gives control back to the operator. As an independent managed service, Keys & Credentials provides a comprehensive and efficient approach to managing multiple security technologies while ensuring operators maintain full control over their platform delivery and technology choices. KEY BENEFITS Irdeto Keys & Credentials enables Pay-TV operators to partner with the security, chipset or set-top box (STB) providers of their choice regardless of previous and / or future technology decisions. By ensuring that all security and technology choices can remain independent, Irdeto enables operators to: • • • Leverage the latest advances in technology to bring new services to market quickly Cultivate a more competitive bidding process for each new service offering Control future service offerings by directly managing and enhancing their content distribution platforms www.irdeto.com ©2015 Irdeto, All Rights Reserved. 1 In a fast-moving industry, operators need to ensure current and future business plans are not impeded by limited technology options WHY OPERATORS ARE LOOKING TO CHANGE THEIR SECURITY SET-UP technology, there is simply insufficient competition. The restrictions on chipset and STB partnerships common to most security agreements means that, over time, an operator may not have access to the latest features or functionality options available from other vendors. This hinders the operator’s ability to bring new services to market and can cause them to fall out of step with the needs of a rapidly-evolving consumer market. Perhaps most importantly, technology lock-in diminishes the operator’s ability to maintain longer-term control over their service offerings and strategy. By gaining direct control over the design and architecture of the service platform, operators can ensure that it is always in alignment with current and future strategic business decisions. The advantage of a more flexible security solution brings with it the increased complexity of managing a growing number of diverse security processes and workflows Another side-effect of technology lock-in is decreased bargaining power when requesting bids for new platform builds. Ideally, an operator would request qualified bids from multiple vendors to maintain a healthy level of price competition. With a limited number of vendor options for each OEM Partners? Production? Licensing Authorities? For all of these reasons, operators worldwide are increasingly motivated by alternatives to traditional security vendor relationships. As they look to define new generations of managed Customer Premises Equipment (CPEs), they seek modular architectures that can leverage the latest technology advances and innovation on all levels. This ensures direct access to technology breakthroughs and shorter time-tomarket for new features, functionalities and service offerings. However, in order to benefit from the advantages of modular architectures, the operator must be able to work directly with each of their system-onchip (SoC) suppliers and Revocation? OEMs to gain control of the keys in the chipset – the fundamental rootOS versions? of-trust. In-field Provisioning? Operators must also be able to manage each key or security asset through its entire lifecycle. This requires an ability to support security upgrades at all points in the management ecosystem down to each device on the network. MANAGING COMPLEXITY For operators, the freedom to mixand-match technology components and vendors brings advantages as well as a new set of challenges. Taking control of service platform design also entails taking on the security elements that underpin the myriad features and functionalities offered. Critical to controlling the platform is controlling the keys in the chipset. This is a highly specialized field, requiring deep expertise and experience in managing the multiple workflows that exist between the SoC foundry, STB production and activation of services in the subscriber’s home. Achieving this level of control requires the ability to: 1. Provision multiple types of security assets 2. Ensure smooth interactions with numerous ecosystem operators 3. Manage the end-to-end lifecycle of diverse security assets, from production to renewal, update or revocation 4. Accommodate the variations in security processes for all CPEs Some of the world’s largest Pay-TV operators including two tier 1 North American MSOs and a major panEuropean operator have called on Irdeto to help them move to modular technology architectures that leverage multiple suppliers. A solution is required to reduce this complexity www.irdeto.com ©2015 Irdeto, All Rights Reserved. 2 Irdeto brings 40 years of content security experience to delivering the Pay-TV industry’s first vendor-agnostic, fully managed security service THE SOLUTION Operator Supporting this complex array of security processes would pose an obstacle for most operators who need to stay focused on their core competencies of subscriber retention and acquisition. OEMs SOC Vendors Because it is a fully managed service, Irdeto Keys & Credentials allows operators to retain control over their technology choices and partner relationships without having to directly manage the multiple and complex operational processes involved in a multi-vendor security system. Operator Asset Packages SOC Assets Licensing Authorities Third Party Assets IrdetoKeys & Credentials Managed Service Secure Production Facilities Asset Distribution Infrastructure Ecosystem Management Personnel Ecosystem Management Lifecycle Management across devices Highlights include: • • • • Comprehensive management of complex, highly technical security processes specific to each chosen technology Coordination with all technology suppliers, OEMs and licensing authorities using pre-established, proven workflows Support for all security keys and certificates throughout the full lifecycle of initial production, provisioning, renewal/updating and revocation Dedicated team of security technology experts working in highly secure, state-of-the-art facilities to ensure the secure generation, provisioning, revocation and renewal of all operator-owned and third-partysupplied security keys and certificates. Irdeto also performs the monitoring and reporting required to track the performance of all processes across the supply chain. HOW IT WORKS Lifecycle of Security Assets Produce Irdeto Keys & Credentials ensures that operators maintain ownership and control over all crucial security assets while offloading the complexity of managing the various security processes and workflows. Irdeto experts manage the full lifecycle of key and security assets as well as interfacing with the associated ecosystem of suppliers. Provison All Keys & Credentials activities are carried out within dedicated, highsecurity facilities using advanced cryptography. Staffed by a team of experts in both security management and service provider operations, Irdeto delivers a world-class, nextgeneration security management system. Leveraging Irdeto’s 40-years of experience as a global leader in content security, Keys & Credentials allows operators to benefit from the efficiencies of a shared-cost infrastructure with the assurance that each company’s security requirements and its vendor relationships are supported and managed to their unique specifications, with full dissociation from all cryptographic operations for other customers. Update Revoke As part of the service, Irdeto integrates the operator’s security asset management system into the workflows of SoC suppliers and OEMs www.irdeto.com ©2015 Irdeto, All Rights Reserved. 3 Keys & Credentials Use Case Examples ABILITY TO ADD NEW SERVICES EASILY Having invested in a powerful home gateway platform, a major North American MSO wanted greater control over the addition of new features and services to their IP connected boxes. By leveraging the hardware root of trust for the backbone of the STB security, Keys & Credentials has been able to provide highly secure DRM- CONTROL THE PLATFORM DESIGN AND LEVERAGE COMPETITIVE BIDS Like all major MSOs, Charter Communications traditionally purchased set-top boxes that had been developed by their long-term STB and CA partners. This limited Charter’s service offerings to features and functionalities that were currently available or soon to become available BREAK FREE OF VENDOR LOCK-IN Operating in an increasingly fragmented and complex environment, this tier 1 pan-European operator delivers a range of services to its subscribers through STBs with embedded security related components from a variety of vendors. These technologies include CA systems, DRM systems, public key infrastructure certificates and more. They wanted to extend the control they have over their set-top boxes, notably for new and future features as well as the price at which these can be offered, instead of being restricted by the exclusive reliance on their incumbent CA vendor. With the introduction of their next generation STB platform, they took www.irdeto.com protected video delivery of streamed content over IP, enabling a whole range of on-demand offers direct to subscribers. significantly reduced error levels and enabled the operator provide better overall customer service to their customer base. Initially, this operator began developing the necessary processes “in-house” but quickly switched to a managed service once they realized the benefits for cost reduction and efficiency through Irdeto’s established relationships with SoC and STB vendors. The fully-managed Keys & Credentials service has also Furthermore, in order to extend the life cycle of their deployed set tops, this operator will soon be rolling out an extension of their current Keys & Credentials service to include the Field Key Provisioning Service, which enables the secure deployment of new services to devices in the field. from their partners. As a result, Charter did not feel fully in control of their STB decisions or the price negotiation process. box, it has also fostered competition and enabled them to receive bids from a worldwide range of vendors. When it came to their new Worldbox project, Charter leveraged Irdeto to help enable them to take control, and specify their own set-top design architecture. This freed up the process to request bids and proposals from any competent STB or technology vendor. Not only has this given Charter direct control over the features and functionalities of their the opportunity to do exactly that and involved Irdeto as an independent Licensing Authority. Specifically, this means that Irdeto, on behalf of this customer, are embedding a separate root of trust in the SoCs of their new set-top boxes, alongside those that are routinely provided by their incumbent CA vendor. This provides the operator with a means to activate new services without requiring the involvement of their incumbent CA vendor, as well as the ability to even replace the CA vendor altogether – if they so desired – without having to swap out already deployed set-top boxes. Keys & Credentials allows for the coordinated management of all of these technologies in compliance ©2015 Irdeto, All Rights Reserved. By taking management control of the core security elements of Charter’s new World Box, Keys & Credentials has put Charter back in control of their service features and functionalities. For example, Charter can now activate downloadable CAS on their new settop platform, effectively eliminating the need for a CableCARD. with ETSI K-LAD (TS 103 162). This has enabled the MSO to establish its long term security and technology needs, while directly controlling its media distribution ecosystem and determining exactly which vendors and technology partners it wishes to work with and when. The fact that it is not beholden to the individual needs and development cycles of partners and vendors with regard to the roll out of new technology, has enabled this MSO to set up a clear, independent path to be able to deploy security functionalities that underpin new subscriber services as and when they wish without necessitating the direct or explicit support from their incumbent CA vendor. 4
© Copyright 2024