Unified Security Expedites Rollouts Of Next-Gen Hybrid TV Services

Steve Christian, VP, Marketing, Verimatrix

Steve Christian, VP, Marketing, Verimatrix


By Steve Christian, VP Marketing, Verimatrix
 
Advances in multi-network, multi-screen video security and distribution are making it possible for pay-TV providers to greatly strengthen their ability to keep customers engaged amid a growing onslaught of competition from pure-play over-the-top (OTT) video suppliers.

As evidenced by multi-vendor projects worldwide in which Verimatrix is a key player, service providers now have recourse to a wide range of integrated service options where unified workflows can be employed to support grooming, packaging, encryption and other processes across the IP and legacy pay-TV programming domains. Along with the cost savings that come with eliminating duplicative functions, this hybrid content management model supports an integrated user experience that in many ways achieves the market benefits long envisioned for a fully converged next-generation TV service.

Specifically, service providers are discovering that while it may take some time before they can eliminate the need for dual transport feeds, they don’t have to wait to accomplish three major goals that represent a quantum leap beyond today’s bifurcated TV Everywhere and set-top service paradigms. These include:

  • Harmonization of content presentation, navigation and other feature sets on all devices to where the mode of delivery is transparent to the viewing experience;
  • Unified management of entitlements to ensure all policies are enforced on a per-session basis;
  • Holistic accumulation and analysis of performance and subscriber data in real time. This enables unified cross-platform advertising campaigns, persistent quality assurance and seamless, synchronized content experience as users move from one device to the next.

One Example of the New Service Strategy

One illustration of what these capabilities mean to pay-TV providers’ service profiles can be found in Sweden, where Com Hem, the nation’s largest pay-TV provider, is applying advanced technologies to support seamless multi-device access to linear TV, large VOD libraries, OTT content and applications across multiple delivery systems, including HFC, DSL and fiber. By developing a unified back-office solution encompassing middleware, content protection and content management from acquisition to play-out, Com Hem will be able to support a completely integrated user experience that can be easily scaled and enhanced as future needs arise.

The vendor grouping assembled by Com Hem to make all this possible typifies the flexibility service providers now have to build a hybrid service foundation suited to their needs without relying on single vendor end-to-end solutions. For example, TiVo is providing Com Hem a user navigation and interface platform in conjunction with client-side software that supports a unified experience on all devices.

In fact, as revealed by TiVo CEO Tom Rogers in an earnings call in May, TiVo views the launch of the service on Com Hem, slated for this summer, as the template for all future deployments on the TiVo platform in the U.S. and Europe. “The multi-room multi-device elements of our offering have gained us a lot of traction in the operator community,” Rogers told analysts on the call.

At the same time, Com Hem is deploying Harmonic’s NSG 9000 HectroQAM unified edge platform to enable efficient distribution of VOD and multi-screen IP video together with traditional linear pay-TV over the operator’s HFC networks. And for help with integration, customization and deployments Com Hem is utilizing SeaChange International’s Professional Services along with the vendor’s Adrenalin back-office platform to enable integrated use of a wide range of legacy and new third-party components.

Critically, with support from the Verimatrix Video Content Authority System (VCAS™) infrastructure, Com Hem is able to leverage a single conditional access (CA) system to support revenue security across all devices (see diagram). Broadcast and hybrid set-top boxes will leverage VCAS ViewRight cardless clients to extend CA protection to IP content streamed using the Apple HTTP Live Streaming (HLS) adaptive bitrate protocol to PC/Mac, tablet and mobile devices.


VCAS Unified Security Architecture

VerimatrixIntegration

In the architecture enabling Com Hem’s converged approach to multiscreen Pay TV, content from all sources is fed into the unified VCAS head-end, where protection mechanisms for each session are dynamically applied as the packager assigns each stream the appropriate features from the TiVo service platform.


This multi-platform security solution provides a way to filter content usage in accord with the different rights policies associated with live and on-demand content, depending on whether it’s accessed on-net or off-net over the HFC or fiber/DSL networks. This is a very challenging hurdle to clear on the off-net side, where rights sensitivities, especially for live content, can be highly granular depending on whether the user is on a PC, tablet or smartphone and whether the session is taking place inside or outside the home. The approach provides what Com Hem development manager Jens Persson recently called “the absolute best television experience” for subscribers.

Current Approaches to Multi-network Revenue Security

When it comes to providing security as part of hybrid service management it’s important to note that a unified rights management solution can be employed with any of the three strategies that are commonly in play in different parts of the world. Com Hem represents one approach, where the goal is to cap the use of the legacy CA on older set-tops while growing the cross-platform service with use of the Verimatrix security solution on new hybrid set-tops as well as IP devices. Another strategy is where the legacy CA is supporting new as well as old set-tops on traditional network delivery, while the new security architecture is running simultaneously in support of the IP-based distribution system.

A third approach entails the need to apply security to IP devices in instances where operators are using new media gateways to support multi-screen service in the home. Here the legacy CA system continues to support the pay-TV service delivered over MPEG-2 transport to the premises, while additional protection with DRM security is applied when content is transcoded and formatted for streaming to PCs, tablets and smartphones.

It’s also interesting to note that next-generation security solutions are being implemented by entities that want to support a highly centralized distribution architecture that delivers pre-encrypted high-value content in pre-encoded formats to local pay-TV distributors, eliminating the need for locally installed digital encoders and encryption servers. In such instances, for example, Comcast Media Center’s HITS fiber-distributed network backbone service to some 90 cable properties and Iowa Network Services’ turnkey wholesale/retail IPTV service for independent telco affiliates, the providers are able to create a controlled hierarchical distribution of content keys to address security requirements at all points in the distribution chain.

The Expanding Protected Content Marketplace

There’s another trend line unfolding in the evolution to multi-screen services where the security capabilities embodied in VCAS are playing a vital role. This has to do with content suppliers’ need to more efficiently and securely manage distribution of their high-value assets into multiple points of exposure by performing content preparation, packaging and protection at core staging points.

Unlike the days when it was possible to deliver in-the-clear programming in a single contribution format over secure links to cable and other distribution partners, content today must be fed into a multitude of aggregation points for distribution by Web partners, including OTT players and pay-TV providers for TV Everywhere applications, as well as into origin servers run by the content suppliers themselves. This means the supplier must manage content encryption and the distribution of decryption keys and digital rights policies suited to each distribution format. Therefore, end users accessing any given outlet can be authorized to consume that content on whatever device they happen to be using.

The scope of what’s entailed for this emerging distribution marketplace is well represented by the processes established by the UltraViolet (UV) consortium, where each motion picture studio and other content licensees operating in the UV domain have incorporated the requisite pre-encryption and file-formatting processes into their post-production workflows. UV, which was designed to support downloads of purchased content for storage on users’ devices or to allow them to stream their purchased content from storage in the cloud, has been gaining market traction primarily by virtue of the popularity of the streaming-from-the-cloud option, which users seem to prefer over the burdens of downloading and organizing content for storage on their own devices.

VCAS, as a UV-sanctioned security architecture that is also widely deployed in more than 600 service provider facilities worldwide, is well positioned to facilitate operators’ participation in this growing global electronic sell-through marketplace. With the UV Digital Locker in place to manage end users’ ownership rights, VCAS-equipped service providers can readily add the convenience of cloud-based storage as a benefit to their subscribers by becoming UV Locker Access Streaming Providers (LASPs) under the consortium’s licensing program. VCAS security will allow operators’ subscribers to stream their cloud-stored UV content whenever they want it wherever they happen to be, whether they’re using a set-top box or a connected IP device.

The Role of Integrated Partner Solutions

A vast technology partner ecosystem within the multi-screen supply chain is benefitting service providers in many other ways as well. In some cases, as with the Com Hem example, the fact that the platform employs open standards makes it easy for operators to integrate the security infrastructure into whatever multi-vendor workflow the operator chooses to create. In other cases, Verimatrix has teamed with specific vendors to facilitate their ability to offer their solutions with a full-scale security infrastructure baked in.
 
For example, Verimatrix and Harmonic, by integrating Harmonic’s MediaPrism convergence suite with the VCAS platform, can offer operators a unified head-end that securely delivers SD and HD content over unmanaged networks to Internet-connected CE devices with full assurance that all rights policies will be enforced.  Both live and VoD content can be delivered using the same protocols with support for automatic adaptation to available network types, continuous flow at optimal bitrates for playback and the incorporation of targeted advertising segments.

Verimatrix has also teamed with Akamai in the CDN supplier’s move to support the new hybrid service management capabilities for service providers and content suppliers alike. Akamai’s Sola Media Solution set and its cloud-based Sola Vision subset rely on a modularized workflow system with open APIs that allow customers to tap into a wide range of suppliers to deliver live and on-demand content to all types of devices.

The joint Akamai-Verimatrix solution combines the multi-network VCAS security with Akamai’s CDN-based delivery acceleration and an audience analytics portfolio that can measure per-session performance across multiple parameters, including those required for monetization through dynamic advertising. With Sola Vision, the cloud-based storage allows service providers and content suppliers to perform transcoding, DRM wrapping and other functions for on-demand content in Akamai-operated datacenters. Sola Vision also provides support for multi-platform distribution of live content through on-the-fly processing at the edge CDN locations.

The common thread through all these iterations of hybrid service management is the comprehensive multi-network, multi-screen security infrastructure enabled by VCAS. Whether operators choose to offer their multi-screen services in a closed legacy managed network environment, a pure IP managed environment or some combination of the two, they can proceed with confidence that the integrated service experience can be offered to maximum effect with full assurance that all usage policies will be adhered to as ever more devices enter the CE ecosystem. This type of unified multi-network and multi-screen workflow enables a better consumer experience and provides the “stickiness” that pay-TV operators need to gain a competitive edge against the pure-play OTT providers.