Industry Overview

Protecting premium content is crucial for both content owners and service providers.

Protecting premium content is crucial for both content owners, such as television and film studios, and service providers, such as cable, satellite, pay-TV, and IPTV and streaming services, because it safeguards the revenue generated by their core business.

Historically, content protection was performed in device-specific chips and smart cards or using hardened software solutions. A decade ago, custom-built closed set-top boxes were the only devices being used to consume premium content.

In the last ten years, the advent and rapid growth of streaming and the increase in content consumption across different devices has had a significant impact on the industry. Due to the variety of devices available, further complicated by the different models of each device, custom hardware is no longer viable as the creation of model-specific chipsets would be cost-prohibitive. Smart cards and custom hardware are also no longer practical as not all retail devices can easily pre-integrate proprietary hardware security.

In deciding how to best protect premium content going forward, the industry faces two main challenges:

First, content needs to be provided and secured across an ever-growing range of devices. Now, some consumers have five or more different devices with a screen high-quality enough to consume content on – and they want access to the same content across all of them.

Second, there needs to be consistency in security requirements and implementations. There is no commercial benefit to providing highly robust set-top boxes and at the same time allowing consumers to download unprotected applications onto smart devices and consume premium content that way. So, content needs to be protected at the same level across all devices.

GlobalPlatform Technology

The introduction of GlobalPlatform-certified Trusted Execution Environments (TEEs) and Trusted Applications (TAs) is helping resolve these challenges.

  • Standardized pre-loaded hardware-based security, including built-in keys for authentication and attestation, means that content security vendors do not need to integrate with each chipset and device manufacturer individually. GlobalPlatform TEEs are certified functionally, using the same set of APIs to access standardized functionality and security to deliver robustness, against attacks. This means content protection solutions can be built once and deployed everywhere, with confidence that sensitive content is isolated and protected – from potential threats from applications hosted in open operating systems (OSs) like Android. This creates efficiencies throughout the value chain by decreasing both cost and time to market.
  • The TEE provides a standardized foundation upon which sophisticated, vallue-added service (TAs) can be built – including access to cryptographic algorithms or the hardware-immutable device identity. Premium content protection engines also needs protecting, to reduce intellectual property (IP) infringements and reverse engineering. This is why devices used for content consumption must include a security framework which can build a Chain of Trust, from the content owner to the user.
  • TAs can be updated even after a device has been deployed, which means that premium content protectors can respond to security vulnerabilities and develop ongoing counter-piracy measures.
  • Trusted User Interface (TUI) and Secure Media Path (SMP) are extensions to the GlobalPlatform TEE that allow the TEE to pass decrypted video through a protected channel and to control a device’s user interface. This prevents piracy tactics like capturing clear compressed video, defeating output controls or screenscraping.

Member Comments

“The TEE has become the de-facto standard in the broadcast and video services industries for protecting digital content. The GlobalPlatform Secure Media Path will extend this protection from the core DRM (digital rights management) to the whole video flow – meaning that the video content itself enjoys the full protection of the TEE after it has been decoded and decrypted. The industry collaboration required to achieve such high market penetration of this technology is commendable, and demonstrates the value of a close involvement with GlobalPlatform.”

- Petr Peterka - CTO, Verimatrix
Verimatrix Petr Peterka - CTO

TEE Client API Specification v1.0


TEE Protection Profile v1.2.1


TEE Internal Core API Specification v1.1.2


Receive the latest news from GlobalPlatform

Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.