Security is very much on the minds of IPTV providers as they seek to assure content developers that their systems can reliably protect valuable assets from the continual threat of piracy.

Traditionally, cable and satellite providers have provided video security using smart cards, which could be replaced if compromised, but a new generation of security is now coming in the form of software clients which also are replaceable at less cost and effort. There are also new capabilities within the software, such as digital watermarks, that promise to deliver more tools to combat content theft and redistribution.

“The way of the world is to go with software. It is less expensive,” said Steven Hawley, principal and consulting analyst with Advanced Media Strategies. “But that's only the second most important reason for the service provider.”

Highest on the priority list is the need to earn the trust of content providers so that they are willing to make their content available to IPTV service operators.

Content security comes in three parts-encryption, authentication and watermarking-Hawley explained, and each is significant. Encryption makes the video stream unwatchable until it hits the set-top box. It is the IPTV equivalent of picture-scrambling. Authentication identifies the user and establishes what the user is entitled to see-the premium channels that users subscribes to, for instance.

“The process of identification and authentication is done by an exchange of data between a server and the client-either a card or a piece of software-running in the set-top box,” Hawley said. A common technique used in IPTV is public key encryption, which involves an exchange of keys or strings of data between the set-top box and server. If the keys complement each other correctly, the system will revoke encryption and put the video into the clear.

The third part, watermarking, involves putting a unique ID on the content that remains if it is stolen once it has been converted by the set-top box for viewing on the TV set.

“When you are playing the content, you have essentially negated the Digital Rights Management,” said Steve Oetegenn, chief sales and marketing officer for Veramatrix, a security software maker. “So just prior to playing that content, we embed a unique ID within the video stream itself that identifies the digital set-top box the content was played on, the date and time and ID number from the control system, and that digital water mark lives with the content from then on, invisible to the human eye.”

A watermark can be applied at multiple places within the content distribution process, Hawley said, but putting it on at the set-top box as companies such as Vermatrix and Widevine are doing, provides options.

“The watermark can carry business rules: play once, play unlimited, copy once, copy never,” he said. If content turns up that appears to be stolen, the watermark can be used to identify the original source and determine where it was stolen so that video pirates can be apprehended.

“There is a variation on watermarking known as fingerprinting,” Hawley said. “It embeds an identifier such as a number or ID code into the content, which can be identified over the Internet. An example of this is with Apple's iTunes. If you are running iTunes software on your computer, and you insert a commercial music CD, iTunes will contact a service called Gracenote and match the ID on the CD with a database that populates your screen with the album title, artist, names of the songs, etc., without having to type them in. In an IPTV context, a fingerprint would be used to individually identify the subscriber.

The move from hardware-based smart cards to software security clients is a global one and well underway, Hawley said.

Even long-time security vendors such as Irdeto, in business almost 40 years, are adding software clients to their product repertoire, said Ellie Sanchez, marketing manager for the Americas.

“Smart cards are basically our bread and butter,” Sanchez said. “But most telcos are looking for two-way solutions and smart cards are more one-way. It is definitely cost-effective. When you read about current solutions to piracy, they are all smart card swaps, and that becomes very expensive. Software solutions provide more flexibility. They are an easy upgrade, cost effective, flexible, and they give control to the operator.”

Today, when a smart card solution has been hacked, the service provider-a cable or satellite service, usually-must mail a new smart card to each subscriber and hope they put it in their set-top box correctly, Hawley said. That involves not only the cost of new smart cards but also postage and the time spent administering the solution, he said.

Software solutions could potentially be hacked as well. There is general agreement that content pirates are a well-funded and clever bunch - but in that instance, a new software version is easily downloaded, said Matt Cannard, vice president of marketing for Widevine, which recently announced SureWest Communications as a customer. “It's a renewable option,” he said.

There are those who believe software-based solutions are unproven. Benjamin Jun, vice president of technology for Cryptography Research, which makes smart card and custom ASIC-based security solutions, admits software is cheap to implement and deploy, but since it hasn't been widely deployed yet, could still prove vulnerable.

“Satellite systems today have some of the most sophisticated hackers in the world because they can make more money than other hackers and face less risk of going to jail,” he said. “But they will only attack these [IPTV] systems when they get big. They make their money by attacking the widely based system.”

The problem he foresees is that if the security system built into an IPTV offering at the outset doesn't work as the deployment scales, it will be very difficult for service providers to change.

“Security isn't a feature you can buy and add on later,” he said. “Security is the absence of any problem. Making a system functional is one thing, making it secure means making sure it doesn't have any unintended functionality.”

As more IPTV service providers push to get their way into the market and to lower price points, there is a real risk of vulnerability, Jun said. “I think we will see some systems fail,” he said.

Irdeto's Sanchez also agrees that some of the IPTV providers are concerned that software is a newer solution and is, as yet, not proven. Irdeto has found greater acceptance of this approach in the U.S. than it has globally, she said.

“The way we built our soft client, we based it on our years of experience producing security solutions,” Sanchez said. “It is just as secure as a smart card and just as robust.”

That doesn't mean implementing one of these software systems is a guarantee for an IPTV provider against security issues.

Hawley points out that IPTV providers also need to be sure their content protection plans extend to the other devices-PCs, cellphones, other mobile devices-that they intend to support. Oetegenn of Veramatrix points out the service providers also will have to protect access to their service, especially as they add exclusive content.

IPTV SECURITY SOLUTIONS