GlobalPlatform Industry Interview – Premium Content Protection
GlobalPlatform recently spoke with members of its Premium Content Task Force about the role of GlobalPlatform Specifications in protecting premium content. In this industry interview, they share their thoughts about the state of the industry and the part that GlobalPlatform can play in the ecosystem.
Can you tell us why the GlobalPlatform membership created a Premium Content Task Force?
GlobalPlatform established the Premium Content Task Force in 2012, in response to the growing consumption of premium content on mobile devices, tablets, set-top boxes and smart TVs, and the requirement for the content to be hosted in a protected and secure environment. The group, which comprises 58 GlobalPlatform member companies, recognizes that stakeholders need to have clearly defined standards to ensure market consistency, promote product confidence and encourage a commercially viable ecosystem. Yet the industry currently experiences a lack of harmonization with respect to Ultra High Definition (UHD) content protection compliance and robustness requirements, laboratory testing and other issues. This provides challenges for technology companies that need to understand different requirements for UHD protection.
What are some of the group’s key objectives and initiatives?
The task force works with content copyright holders, aggregators, technology providers and device manufacturers to understand commonalities and differences in the technology and security requirements needed to protect content. It aims to reduce the compliance burden on manufacturers, helping them to avoid multiple certification programs by using GlobalPlatform certification in partial fulfilment of the requirements of digital rights management (DRM) compliance programs. In creating a common vocabulary and tools, the task force helps manufacturers to show DRM schema operators how their architecture meets those requirements.
The task force also aspires to promote GlobalPlatform’s overarching security goals to the industry. This includes security’s formalization, through the Trusted Execution Environment (TEE), through APIs and through certification to assist stakeholders in overcoming fragmentation in the industry.
How does the task force view the DRM / content protection industry today?
We perceive a great diversity of requirements with respect to security in the market today. Movie studios have different requirements to streaming services, thanks to differences in the economics of their services. But even the studios take varying positions, based on factors such as quality of encoding, release window, streaming versus download, the region that the content is being released into and in addition any bilateral agreements that may have been reached between studios and individual providers. The bottom line is that the different UHD DRM schema cannot be described as aligned.
The industry is in the early stages of formalizing UHD, 4K and high dynamic range video (HDR) protection requirements and at present there is a clear lack of harmonization. This diversity operates at different levels of the device hierarchy and affects approaches to compliance including schema, lab testing and certification. There is also diversity regionally in terms of the go to market ecosystem, with competing standards in different geographies.
There is also a perception that the industry is not yet mature, with limited content currently available for UHD devices.
Hence it’s true that studios have started to set the direction for the industry and have called for lab-based third party certification of content protection implementation. But the stated current lack of requirements harmonization for types of content and devices has resulted in the place the industry finds itself today. Even though studios and DRM schema would prefer lab testing, vendors are still opting for self-assessment rather than formal certification.
But even players who do not see the business value today of certification are enthusiastic about what GlobalPlatform is doing to advance the TEE’s role in content protection and are monitoring it carefully. The perception of threat may be low at this point but so is the availability of premium content. The situation may look very different in the future if the threat is not addressed soon.
It’s clear that fragmentation leads to greater friction and ultimately it’s in the industry’s interests to reduce or eliminate friction, thus opening up the marketplace to a wider range of compatible and interoperable platforms for the secure playback of premium content.
Does GlobalPlatform have any suggestion on how to address this fragmentation scenario?
GlobalPlatform has a baseline technology, anchored around the TEE Protection Profile, readily and freely available to the industry. Utilizing TEE technology will provide needed protections for premium content and standardizing the TEE will reduce industry fragmentation. GlobalPlatform also adds additional value through certification of TEEs to a known security threshold.
The task force has recently reviewed UHD DRM schema requirements and mapped the commonalities and differences to GlobalPlatform’s Protection Profile. By defining the commonalities, we were able to isolate the differences required by each DRM schema.
The industry will benefit from a proven and ready to go baseline technology being in place. This is why the availability of GlobalPlatform’s TEE, the Protection Profile and compliance scheme, as well as the fact that GlobalPlatform is already in the ecosystem gathering contributions from all the industry players, is so important. In many ways the organization is ahead of the curve in defining the security of content protection. In addition we can leverage our experience of achieving penetration of our technologies in other industries. We fully expect that these baseline technologies will play a huge role in the protection of premium content in the coming years.
Can you share with us some of the accomplishments of the task force thus far?
The group has made concrete achievements in recent years. These include:
- Establishing a liaison agreement with the Secure Content Storage Association (SCSA) and continuing outreach to the industry through meetings with major film studios, DRM providers and the Advanced Access Content System Licensing Administrator (AACS LA);
- Conducting surveys of public and non-public DRM schema, with the goal of understanding commonality and differences in various UHD DRM schema requirements;
- Completing a gap analysis between SCSA compliance and robustness rules (CRR) and the GlobalPlatform TEE Protection Profile;
- Mapping the GlobalPlatform TEE Protection Profile against movie studio enhanced content protection requirements;
- Publishing system requirements for secure video playback platforms;
- Delivering presentations at major events including the Anti-Piracy and Content Protection Summit in recent years.
We also have the goal of helping our membership understand how different UHD DRM schema requirements relate to each other, how they can be aligned, and how they are mapped to the GlobalPlatform TEE Protection Profile as a common base.
What will the task force focus on going forward?
The TEE is a significant part of the premium content protection chain but it is not the only part. Pressing security threats also lie elsewhere in the chain, meaning that they are outside the scope of GlobalPlatform’s Protection Profile. Hence we can add to our value proposition by considering where extension profiles for covering the secure media path and secure output would be beneficial to the industry. Our gap analysis between SCSA compliance and robustness rules and the GlobalPlatform TEE Protection Profile is an example of where we may identify a need for a specific extension.
What is GlobalPlatform doing to build industry awareness of this baseline technology and associated certification program?
GlobalPlatform organizes the only TEE seminar in the industry. The next event will take place in Santa Clara, California. It also carries out online and face to face training on the TEE for TEE providers and application developers. Its ongoing engagement with studios, streaming service providers, and relevant industry associations such as SCSA and AACS LA enables it to educate significant industry players about its technology and certification program. The GlobalPlatform TEE Certification Scheme, managed by its TEE Security Evaluation Secretariat, enables vendors to confirm conformance of their TEE products to the organization’s TEE Protection Profile, through independent security evaluation. It also conducts ongoing outreach through a variety of initiatives including this industry interview.
Where should interested parties go if they want to learn more, or get directly involved in GlobalPlatform’s efforts?
Any members that are interested in participating in this work can find out more on the member website. Any non-member that would like to get involved in the association's TEE discussions and Premium Content Task Force should visit the membership pages.