Italian TV Platform goes OTT-TV

Report
Presented at
BROADBAND MEDIA DELIVERY
Italian TV Platform goes OTT-TV
The Italian way to Hybrid
Broadcast-Broadband services
JTG (Joint Technical Group)
Marco Pellegrinato
Vice President HD Forum Italia
Seminario SMPTE
tecnologie emergenti
Rome, May23° -2012
Italian TV Platform
an integrated all-digital smart solution since 2004
ITALIAN TV PLATFORM
TERRESTRIAL, SATELLITE, BROADBAND IP
DTT
SAT
OTT
an Open, Interactive, Hybrid platform
featuring support for
Content Protection and Security Profile
2
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
Who’s is who in Italian TV Platform
Association of Digital Terrestrial Broadcasters and Network Operators (Rai, Mediaset,
Telecom Italia Media, Dfree, Local stations through their associations) for promotion and
development of Italian digital Platform (founded in 2003)
Industry-wide Association, constituted in 2006 for promoting HD and 3D application
& services in Italy. The Association includes Broadcasters (Aeranti-Corallo, Mediaset, Rai, Sky
Italia, Telecom Italia Media), Telco (Fastweb, Telecom Italia), Manufacturers (ADB, Panasonic, Philips,
Samsung, Sony, ST, Telsey), Public Institutions (FUB) and Operators from various sectors
(Eutelsat, SES Astra, Fracarro, Frame, IDS, SBP, Sisvel Tech)
Joint Venture created in 2008 by the main Italian terrestrial Broadcasters (Mediaset, RAI
and Telecom Italia Media), to provide Digital Satellite Free To Air television in areas not
covered by terrestrial networks under the “tivùsat” brand. Active also on DTT as
EPG Provider.
3
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
HD-Book
Collection
D-Book 1.0
Specifications & Certification Program
SD
HD
4
•
•
•
•
DVB-T
SD (MPEG-2)
V.90 modem
MHP 1.0.3
•
•
•
•
•
•
•
DVB-T e T2 (DTT)
DVB-S e S2 (SAT)
SD (MPEG-2)
HD (H264AVC)
3D (Plano Stereos.)
Ethernet
MHP 1.1.3
Since 2004 DGTVi has released baseline requirements for
interoperability of DTT receivers with services offered by
operators. Italian DTT has been interactive from day one. DGTVi
choose
, the DVB standard middleware, for this purpose.
HD Book 1.0
SAT
HD Book 2.0
DTT
In 2008 HD Forum Italia joined DGTVi in specification activities
when they entered into the new HD and Hybrid Broadcast
Broadband (HBB) spaces
Aligned HD and HBB specs for satellite were progressed during
2009-2010 in collaboration between HD Forum Italia and Tivù
Both DGTVi and Tivù have developed their own Logo programs,
with related certifications, aiming to promote compliant products
towards consumers
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
Facts and figures
Some 9.5 M first generation MHP SD DTT receivers have been sold
since 2004
More than 1M MHP SD tivùsat receivers sold in 2 years of operation
Around 1M DGTVi Gold Label certified HDTV devices already in the
field: ADB, Fuba, Humax, Sagemcom, Telesystem
+200 iDTV models passed DGTVi Gold Label Certification Program:
LG, Loewe, Panasonic, Philips, Samsung, Sharp, Sony, Vestel
Most of Connected TVs sold in Italy nowadays, besides coming with
each manufacturer’s own widget portal, are also Gold Label
More than 1.3 M Tivùsat compatible SD CAM (92%) & HD CAM (8%).
About 1.8 M DGTVi compatible SD CAM (83%) & HD CAM (17%)
5
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
Current OTT-TV Service offerings
Broadband Media Delivery – GEM/MHP based OTT-TV Services
6
• DVB-T
• Free Catch-up TV Services
• GEM / MHP 1.1.3
• DVB-T
• Free Regional TV News
• GEM / MHP 1.1.3
• DVB-T – LCN 310
• Pay Subscription On Demand TV
• GEM / MHP 1.1.3
• DVB-T e Tivùsat – LCN 807
• Free Catch-up TV Services
• GEM / MHP 1.1.3
• DVB-T e Tivùsat – LCN 999
• Widgets and Free OTTV Portal
• GEM / MHP 1.1.3
• Tivùsat
• tivùsat EPG
• GEM / MHP 1.1.3
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
HDFI / DGTVi JTG current activity
HD Book 2.1 DTT ..new system requirements for DTT Italian platform
HD Book DTT 2.1 it’s here:
•
•
•
•
•
•
VOLUME 1
1 year later the v. 2.0 publishing
kick off on April 19th 2011
15 experts joined JTG (HDFI, Tivù, DGTVi, Industry)
BAS Framework(1) and CENC(2) support included
MPEG-DASH(3) support
download http://www.hdforumitalia.org
Published on January 2012
7
(1) BAS: Broadband Application Security
(2) CENC: Common Encryption Format
(3) MPEG-DASH: replaces OIPF-HAS in HD Book 2.0
BROADBAND MEDIA DELIVERY
Italian Platform goes7OTT-TV
HD Book 2.1 DTT
5 new topics added to HD Book 2.1 DTT
1. Application Security: Introduction of a Security Framework for broadband applications.
• Support to generic “BAS Framework(*)” (Broadband Application Security)
2.
Content Protection: DRM support to prevent content overspill over broadband distribution.
• Support to “MPEG-CENC” (Common Encryption Format)
3.
Extended Broadband Media Delivery: alignment to the emerging standards in broadband
content encoding and streaming.
• Support to “MPEG –DASH (**)” (Dynamic Adaptive Streaming over HTTP)
• Support to IPv6 and manual IP Address settings (subnet, GTW, DNS prime & sec.)
• Support to HTTPS Streaming
4.
Support to new AGCOM decision: Parental Control management (User PIN code mandatory on TV start
up)
5.
Plano Stereoscopic 3DTV
• DVB subtitle behaviour: user select 3DTV with no subtitle vs. HDTV with subtitle overlay
• 3DTV backward compatibility: verification test results upon n° 7 iDTV brands (2011/2012):
• HDTV-2D compatibility: 11 platforms = 72% OK
• 3DTV-3D compatibility: 12 platforms = 58% OK
8
(*) replace MHP Security solution selected in previous version
(**) replace HAS (OIPF) solution selected in HD Book 2.0 DTT
(8 approved; 2 pending; 1 conditional)
(7 approved; 4 pending; 1 conditional)
BROADBAND MEDIA DELIVERY
8
Italian Platform goes OTT-TV
DGTVi related initiatives
tivùon! label introduced by Tivù
Target:
Interactive HD receivers (STBs and iDTVs)
Feature: ready for broadcast interactive and HD services plus protected OTT services
• A DGTVi Golden label receiver will be eligible also to tivùon! label by complying
with the following specifications:
−
−
“tivùon! DRM Profile” - Final 1.0”, Marlin based DRM specifications
“tivùon! BAS Profile” - Final 1.0”, specific implementation profile of DGTVi/HDFI Broadband
Applications Security (BAS) framework for securing OTT-TV applications.
The 2 documents will be merged into “tivùon CPAS 1.0” (Content Protection & Application Security), a tivùon!
specific document for securing OTT-TV services with content delivery protection.
+
9
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
Tivù JTG current activity
tivùon! Profile : BAS + DRM specifications (2012)
PUBLISHER
6
DTT
4
Tivùon
5
SAT
tivùon! Profile - CPAS
ISSUES
CPAS
Content Protection and
Application Security
for tivùon! Service
Final 1.0
HD Book 2.1 DTT
Tivùon CPAS 1.0(1)
HD Book 2.0 SAT
(January 2012)
(April 2012)
(June 2012)
*CPAS: Content Protection & Application Security document will merge tivùon! BAS & DRM Profiles
specifications into an independent publishing in the scope to implement tivùon! Services.
10
BROADBAND MEDIA DELIVERY
10
Italian Platform goes OTT-TV
tivùon! Profile
Rationale
The publishing of HD Book 2.1 DTT specification extended Italian digital platform with new features beyond that already
included in previous release, they are: BAS Framework, Common Encryption Format: MPEG-CENC, Enhanced Streaming
support: MPEG-DASH.
Despite the Openness of a Digital Platform is considered a valuable plus for stakeholders, most of the Italian service
providers and broadcasters needs could not be encompass by a set of open common specifications.
Although DCA(*), Security, or Content Protection solutions to avoid illegal overspill on Internet are out of the
scope of Open Platform, they would be realised trough specific Profiles on top of it.
Reference model adopted to extend platform requirements to specific profiles is the following:
• Open Platform: set of common specifications which rely upon industry standards
(DVB; ETSI; EITF; OIPF; ISO-MPEG).
• Multi Profiles: set of implementation specific criteria & service functionalities applicable on top of the Open Platform.
• DTT
• SAT
• OTT
11
(*)DCA: Delegate Certification Authority
tivùon! Profile
other Profile
other Profile
implementation specific
implementation specific
implementation specific
OPEN PLATFORM
baseline requirements
BROADBAND MEDIA DELIVERY
Italian Platform goes
11OTT-TV
BAS Framework: a public specification
Requirements
security requirements provided to BAS compliant broadband applications are the followings:
1. Trusted source: selected applications download shall be allowed trough secure trusted servers only.
2. Trusted client: selected applications download shall be allowed to secure trusted devices only.
3. Device shunning: selected applications download for secure trusted devices may be restricted by some
service providers.
4. Confidentiality: selected applications may be confidentially delivered to client devices.
5. Restricted resources: usage of selected APIs accessing sensible resources (e.g. tuner, semi-permanent memory,
...)
might be grant to selected applications only.
6. Restricted APIs: usage of specific APIs (e.g. API towards CAS cards) might be grant only to those applications
delivered by selected service providers only.
12
BROADBAND MEDIA DELIVERY
Italian Platform goes
12OTT-TV
BAS Framework: a public specification
How does it works.
Broadband Application Security (BAS), it’s a framework of the digital Italian platform designed in the
scope to allows logical security elements to MHP based broadband applications. Bas framework has been
developed by JTG(1). BAS consists of two complementary set of specifications:
1.
BAS Framework, included into “HD Book 2.1 DTT” document, define a generic TLS infrastructure
(transport layer security) with certificates and public keys.
2.
BAS Profile, included into “tivùon! BAS Profile” document, define a specific implementation operated
by a Trust Anchor (tivùon!) acting as Certification Authority, issuing system certificates.
BAS exclusively applies to MHP applications downloaded by a broadband secure channel, alternatively, legacy
broadcast MHP applications are out of the scope of BAS framework. Consequently they freely runs on tivùon!
compliant devices.
BAS
FW.
13
X.let
CERT.
MHP
resource
manager
PRF
file CERT.
https:// SERVER
(1) JTG: Joint Technical Group. Is a technical team of
experts participated by DGTVi; HD Forum Italia and Tivù
TLS-PKI
MHP
STACK
tivùon! RECEIVER
BAS
PROFILE
CERT.
BAS
FRW.
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
tivùon! BAS Profile
Certificate Requirements & Trust Anchor
Tivù’s BAS Profile
throughout the usage of X509v3
Certificates,
BAS provides the following feature:
5. based
Tivù Public
Key Infrastructure
(fig. 1)
An implementation of the BAS Addendum [6] employs X.509 Version 3 certificates for
1. Device authentication
throughout
Identity
certificate
PI-CRL
binding
an identity to aPlatform
public key, and
constraining
the usage of the
certified key to a
specific purpose. The following section defines a PKI to support issuance, namespace
constraints, management, use and validation of certificates to realize the trust management
2. Service authentication
throughout Server Identity certificate SI-CRL
requirements set in [6].
3. Application authentication
throughout
Application Authorisation Certificate APPA-CRL
5.1. tivùon!
PKI
The graphical depiction of the tivùon! PKI Hierarchy is constructed to support the identity to
bindings and
4. above elements are key
trusted
bytheir
theuses.
same authority: tivùon! Trust Anchor
Figure 1 tivùon! PKI Hierarchy
14
Briefly, the hierarchy depicted above is anchored by the tivùon! Trust Anchor. This hierarchy
is designed to support the authentication and authorization requirements defined in BAS §5.
BROADBAND MEDIA DELIVERY
Italian Platform goes
14OTT-TV
tivùon! BAS Profile
How does it work
1. A system entity located on receiver stack is devoted to MHP resources management (DVB-GEM). System entity
only grants access to those resources included in DVB-GEM Permission Request File (PRF) once MHP X.let is
authenticated by BAS tivùon! Profile
2. BAS tivùon! Profile specifications configures DVB-GEM Resources into three hierarchical levels:
• Basic Resources: are those ones defined by DVB-GEM which can be accessed by any trusted application
coming from an HTTPS server with a valid certificate. Currently there are no basic resources defined for a
tivùon! compliant receiver.
• System Resources: are those ones controlled by the system entity under BAS conditions: (id 0x01) Marlin
DRM Agent; (id 0x01) Persistent storage
• Private Resources: are those ones owned by single companies: (id 0x01) Application storage
3. BAS permission mechanism is based onto the following assumptions:
• an Xlet (with associated PRF file) is downloaded throughout an HTTPS server with mutual authentication based
upon certificates.
• an Xlet may include one or more certificates to allows device to validate requests and grant access to
resources.
15
BROADBAND MEDIA DELIVERY
Italian Platform goes
15OTT-TV
tivùon! BAS Profile
Platform “Security Class” level assignments
1. Current platform implementations largely differ in terms of security measures supported: some platforms uses
secure chipsets with crypto operations implemented in hardware, exposed through secure interface. Others
implementing white box cryptography in software with anti-tampering and obfuscation techniques.
2. Most of the Italian service providers and broadcasters willing to join the tivùon! initiative feel that a mechanism
to ensure some degree of differentiation, with respect to the class of security associated with a platform
implementation, is required.
3. Adding support for platform security classes in the TivùOn ecosystem implies:
• To define a set of applicable Platform Security Classes and related key security mechanisms applied.
• To assign and to signal in a secure way the Platform Security Class assigned.
• To expose the Platform specific Security Class to the Application layer (GEM) trough a read-only system
property specifically defined: system.drm.securityclass
• To negotiate a liability agreement between the Certification Authority and the Platform manufacturer
responsible for assigning a Security Class to owned platform.
16
BROADBAND MEDIA DELIVERY
Italian Platform goes
16OTT-TV
tivùon! BAS Profile
Platform “Security Class” definition table
An example of Security Class table defined in tivùon! Profile is the following:
Security Class ID
17
Security and Key
Protection mechanism
id-level-0 ::= { id-class (1) }
Unspecified
id-level-1 ::= { id-class (2) }
Reserved
id-level-2 ::= { id-class (3) }
White-box Cryptography
and Software Tamper
Resistance
id-level-3 ::= { id-class (4) }
Reserved
id-level-4 ::= { id-class (5) }
Hardware-assisted
Secure Boot with
Software Integrity
Protection
id-level-5 ::= { id-class (6) }
Reserved
id-level-6 ::= { id-class (7) }
Dedicated Security
Processor and Memory
id-level-7 ::= { id-class (8) }
Reserved
Note
Information about the security
measures implemented in the
platform not available
Software security implementation
PCs, Macs, iOS and Android
devices, etc…)
(e.g.:
Hardware Root of Trust (such as a
One Time Programmable (OTP)
Key) used to ensure the Integrity of
System Software and Applications
Trusted Platform Module or SOC
(Security on Chip)
BROADBAND MEDIA DELIVERY
Italian Platform goes
17OTT-TV
tivùon! DRM Profile
DRM Profile: what’s that ?
The aim of DRM Profile is to complement HD-Books in the area of Content Protection for broadband media
delivery. Tivù has decided to foster the development of OTT-TV services by Italian broadcasters through the
creation of a “DRM Ecosystem”, to encourage them to profit from Free OTT services, protecting content
distribution to avoid illegal overspill on Internet. tivùon! DRM Profile fits within this initiative.
The “DRM ecosystem” concept promoted by Tivù is based on the widest acceptance of DRM technologies
already adopted by Italian Operators and Manufacturers.
18
•
Tivù mandates the implementation of Marlin DRM on “abilitato tivùon!” labelled devices and strongly
recommends the implementation of at least another DRM solution, compatible with the existing platform
specifications (e.g. those ones which are already deployed and used in the Italian market).
•
tivùon! DRM Profile specification is reflecting this DRM ecosystem concept and related specifications are
aiming to promote the coexistence of concurrent DRM solution in parallel with Marlin DRM technology.
•
“abilitato tivùon!” brand is a spontaneous participation program proposed to CE manufacturers, aimed to
extend the current Gold Label (DTT) and Broadband Ready (tivùsat) devices capabilities with OTT Content
Protection, Broadband Application Security and Adaptive Streaming solutions.
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
tivùon! DRM Profile
Requirements
Service Profiles: Two types of CoD services are addressed:
•
Streaming CoD services (MANDATORY)
•
Download CoD services (RECOMMENDED)
Device Profiles: There are 2 receiver profiles as clients for protected CoD services:
•
•
Streaming Device that is not equipped with storage for content files. Streaming Device:
•
SHALL support Streaming CoD services.
•
SHALL allow persistent internal storage of at least 1500 kB for licences.
•
MAY actually behave as a Download Device if accessing content located in external storage is supported.
Download Device that is equipped with storage for content and license files. Download Device:
•
SHALL be able to store the content and/or license for future playback
•
SHALL support Streaming CoD services and it SHALL support Download CoD services.
Tivù DRM Ecosystem: SHALL be compliant with the following Marlin specifications:
• Marlin Simple Secure Streaming (MS3)
• Marlin Broadband (BB)
Marlin Compliance and Robustness rules: SHALL apply for MS3 and Marlin BB profiles implementations.
• Streaming Devices SHALL be compliant with Marlin MS3 and BB Compact Implementation.
• Download Devices SHALL be compliant with Marlin MS3 and BB Full Implementation.
19
(*) CoD: Content on Demand
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
tivùon! Service Trial: 200 users launched on may 2012
A Coopetitive Video Portal for free access to catch-up TV service
Application Launcher on Tivùsat EPG
Content Providers selector
Content Browser and Selection
Content Synoptic
Searching tool by Genre
Searching tool by key word entry
only
20
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
tivùon! Service Trial
functional block diagram
Service Provider
Front End
tivùon!
CDS &
Appl. Back End
MHP applet
+ metadata
streaming
SAS
Mediaset
metadata
MHP applet
+ metadata
Content Providers
DAM
SAS
Front
End
SLAs
MS3
streaming
SAS
RAI
metadata
DAM
Front
End
SERVER
Content Key
streaming
MS3
MARLIN
metadata
DAM
Front
End
SERVER
La7
SAS
MS3
streaming
HOSTED
MARLIN
SERVICES
tivùon! Trial Platform: a distributed
architecture over Internet layer
SERVER
21
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
Conclusions
1. Broadband Media Delivery via Over The Top platforms could represent a New Age for TV
Broadcaster offering Free or Pay TV services.
2. Bringing back younger audiences to TV consumption throughout new appealing non-linear
large screen TV services, would be the new deal for commercial and public broadcasters to
compete against the Internet global giants of video value proposition.
3. “Italian TV Platform goes OTT-TV” because it is aware of the new challenge. Its own cross
platform breakthrough design is an outstanding reference for Industry standards, Operator
needs and Customer satisfaction, encouraging a Coopetitive approach in relying with
regulatory policies and Authority recommendations.
4. Nationwide organisation representatives, Industries and platform designers would be aimed to
merge their own specific implementation profiles into a wider convergence set of common
European requirements & specifications capable to fulfil large scale economy cost reduction
for CE manufacturers, Content owners, Broadcasters, Service Operators, Broadband Telcos.
22
BROADBAND MEDIA DELIVERY
Italian Platform goes OTT-TV
Presented at
THANK YOU
marco.pellegrinato@mediaset.it
Seminario SMPTE
tecnologie emergenti
Rome, May23° -2012

similar documents