JTG (Joint Technical Group) Marco Pellegrinato Vice President HD Forum Italia

Seminario SMPTE tecnologie emergenti

Rome, May23° -2012

Presented at

JTG (Joint Technical Group)

Marco PellegrinatoVice President HD Forum Italia

The Italian way to Hybrid Broadcast-Broadband services

BROADBAND MEDIA DELIVERY

Italian TV Platform goes OTT-TV

2BROADBAND MEDIA DELIVERY

Italian Platform goes OTT-TV

TERRESTRIAL, SATELLITE, BROADBAND IP

an Open, Interactive, Hybrid platform featuring support for

Content Protection and Security Profile

Italian TV Platform

DTT SAT OTT

an integrated all-digital smart solution since 2004



Who’s is who in Italian TV Platform

Association of Digital Terrestrial Broadcasters and Network Operators (Rai, Mediaset, Telecom Italia Media, Dfree, Local stations through their associations) for promotion and development of Italian digital Platform (founded in 2003)

Industry-wide Association, constituted in 2006 for promoting HD and 3D application & services in Italy. The Association includes Broadcasters (Aeranti-Corallo, Mediaset, Rai, Sky

Italia, Telecom Italia Media), Telco (Fastweb, Telecom Italia), Manufacturers (ADB, Panasonic, Philips,

Samsung, Sony, ST, Telsey), Public Institutions (FUB) and Operators from various sectors (Eutelsat, SES Astra, Fracarro, Frame, IDS, SBP, Sisvel Tech)

Joint Venture created in 2008 by the main Italian terrestrial Broadcasters (Mediaset, RAI

and Telecom Italia Media), to provide Digital Satellite Free To Air television in areas not covered by terrestrial networks under the “tivùsat” brand. Active also on DTT as EPG Provider.



SD

HD

D-B

ook

1.0

• DVB-T• SD (MPEG-2)• V.90 modem• MHP 1.0.3

• DVB-T e T2 (DTT)• DVB-S e S2 (SAT)• SD (MPEG-2)• HD (H264AVC)• 3D (Plano Stereos.)• Ethernet• MHP 1.1.3H

D-B

ook

Colle

ctio

n

HD Book 2.0 DTT

HD Book 1.0SAT

Specifications & Certification Program

Since 2004 DGTVi has released baseline requirements for interoperability of DTT receivers with services offered by operators. Italian DTT has been interactive from day one. DGTVi choose , the DVB standard middleware, for this purpose.

In 2008 HD Forum Italia joined DGTVi in specification activities when they entered into the new HD and Hybrid Broadcast Broadband (HBB) spaces

Aligned HD and HBB specs for satellite were progressed during 2009-2010 in collaboration between HD Forum Italia and Tivù

Both DGTVi and Tivù have developed their own Logo programs, with related certifications, aiming to promote compliant products towards consumers



Facts and figures

Some 9.5 M first generation MHP SD DTT receivers have been sold since 2004

More than 1M MHP SD tivùsat receivers sold in 2 years of operation

Around 1M DGTVi Gold Label certified HDTV devices already in the field: ADB, Fuba, Humax, Sagemcom, Telesystem

+200 iDTV models passed DGTVi Gold Label Certification Program: LG, Loewe, Panasonic, Philips, Samsung, Sharp, Sony, Vestel

Most of Connected TVs sold in Italy nowadays, besides coming with each manufacturer’s own widget portal, are also Gold Label

More than 1.3 M Tivùsat compatible SD CAM (92%) & HD CAM (8%). About 1.8 M DGTVi compatible SD CAM (83%) & HD CAM (17%)



Current OTT-TV Service offerings Broadband Media Delivery – GEM/MHP based OTT-TV Services

• DVB-T• Free Regional TV News• GEM / MHP 1.1.3

• DVB-T e Tivùsat – LCN 999• Widgets and Free OTTV Portal• GEM / MHP 1.1.3

• Tivùsat• tivùsat EPG• GEM / MHP 1.1.3

• DVB-T• Free Catch-up TV Services• GEM / MHP 1.1.3

• DVB-T e Tivùsat – LCN 807• Free Catch-up TV Services• GEM / MHP 1.1.3

• DVB-T – LCN 310• Pay Subscription On Demand TV • GEM / MHP 1.1.3



HDFI / DGTVi JTG current activityHD Book 2.1 DTT ..new system requirements for DTT Italian platform

7

• 1 year later the v. 2.0 publishing • kick off on April 19th 2011 • 15 experts joined JTG (HDFI, Tivù, DGTVi, Industry)• BAS Framework(1) and CENC(2) support included• MPEG-DASH(3) support • download http://www.hdforumitalia.org

HD Book DTT 2.1 it’s here:

Published on January

2012

VOLUME 1

(1) BAS: Broadband Application Security(2) CENC: Common Encryption Format(3) MPEG-DASH: replaces OIPF-HAS in HD Book 2.0



1. Application Security: Introduction of a Security Framework for broadband applications.• Support to generic “BAS Framework(*)” (Broadband Application Security)

2. Content Protection: DRM support to prevent content overspill over broadband distribution.• Support to “MPEG-CENC” (Common Encryption Format)

3. Extended Broadband Media Delivery: alignment to the emerging standards in broadband content encoding and streaming. • Support to “MPEG –DASH (**)” (Dynamic Adaptive Streaming over HTTP)• Support to IPv6 and manual IP Address settings (subnet, GTW, DNS prime & sec.)• Support to HTTPS Streaming

4. Support to new AGCOM decision: Parental Control management (User PIN code mandatory on TV start up)

5. Plano Stereoscopic 3DTV • DVB subtitle behaviour: user select 3DTV with no subtitle vs. HDTV with subtitle overlay• 3DTV backward compatibility: verification test results upon n° 7 iDTV brands (2011/2012):

• HDTV-2D compatibility: 11 platforms = 72% OK (8 approved; 2 pending; 1 conditional)• 3DTV-3D compatibility: 12 platforms = 58% OK (7 approved; 4 pending; 1 conditional)

8

5 new topics added to HD Book 2.1 DTT

HD Book 2.1 DTT

(*) replace MHP Security solution selected in previous version(**) replace HAS (OIPF) solution selected in HD Book 2.0 DTT



Target: Interactive HD receivers (STBs and iDTVs)Feature: ready for broadcast interactive and HD services plus protected OTT services • A DGTVi Golden label receiver will be eligible also to tivùon! label by complying

with the following specifications:− “tivùon! DRM Profile” - Final 1.0”, Marlin based DRM specifications− “tivùon! BAS Profile” - Final 1.0”, specific implementation profile of DGTVi/HDFI Broadband

Applications Security (BAS) framework for securing OTT-TV applications.

The 2 documents will be merged into “tivùon CPAS 1.0” (Content Protection & Application Security), a tivùon! specific document for securing OTT-TV services with content delivery protection.

+

tivùon! label introduced by Tivù

DGTVi related initiatives


Italian Platform goes OTT-TV10

46 5DTT SATTivùon

HD Book 2.1 DTT(January 2012)

Tivùon CPAS 1.0(1)

(April 2012)HD Book 2.0 SAT

(June 2012)

ISSUES

PUBLISHER

*CPAS: Content Protection & Application Security document will merge tivùon! BAS & DRM Profiles specifications into an independent publishing in the scope to implement tivùon! Services.

tivùon! Profile : BAS + DRM specifications (2012)

Tivù JTG current activity



tivùon! Profile

11

RationaleThe publishing of HD Book 2.1 DTT specification extended Italian digital platform with new features beyond that already included in previous release, they are: BAS Framework, Common Encryption Format: MPEG-CENC, Enhanced Streaming support: MPEG-DASH. Despite the Openness of a Digital Platform is considered a valuable plus for stakeholders, most of the Italian service providers and broadcasters needs could not be encompass by a set of open common specifications.Although DCA(*), Security, or Content Protection solutions to avoid illegal overspill on Internet are out of the scope of Open Platform, they would be realised trough specific Profiles on top of it.Reference model adopted to extend platform requirements to specific profiles is the following:• Open Platform: set of common specifications which rely upon industry standards (DVB; ETSI; EITF; OIPF; ISO-

MPEG).

• Multi Profiles: set of implementation specific criteria & service functionalities applicable on top of the Open Platform. other Profile

implementation specific

tivùon! Profile

implementation specific

OPEN PLATFORMbaseline requirements

other Profileimplementation specific• DTT

• SAT• OTT

(*)DCA: Delegate Certification Authority



BAS Framework: a public specification

12

Requirements

security requirements provided to BAS compliant broadband applications are the followings:

1. Trusted source: selected applications download shall be allowed trough secure trusted servers only.

2. Trusted client: selected applications download shall be allowed to secure trusted devices only.

3. Device shunning: selected applications download for secure trusted devices may be restricted by some service providers.

4. Confidentiality: selected applications may be confidentially delivered to client devices.

5. Restricted resources: usage of selected APIs accessing sensible resources (e.g. tuner, semi-permanent memory, ...) might be grant to selected applications only.

6. Restricted APIs: usage of specific APIs (e.g. API towards CAS cards) might be grant only to those applications delivered by selected service providers only.



BAS Framework: a public specification

Broadband Application Security (BAS), it’s a framework of the digital Italian platform designed in the scope to allows logical security elements to MHP based broadband applications. Bas framework has been developed by JTG(1). BAS consists of two complementary set of specifications:

1. BAS Framework, included into “HD Book 2.1 DTT” document, define a generic TLS infrastructure (transport layer security) with certificates and public keys.

2. BAS Profile, included into “tivùon! BAS Profile” document, define a specific implementation operated by a Trust Anchor (tivùon!) acting as Certification Authority, issuing system certificates.

BAS exclusively applies to MHP applications downloaded by a broadband secure channel, alternatively, legacy broadcast MHP applications are out of the scope of BAS framework. Consequently they freely runs on tivùon! compliant devices.

(1) JTG: Joint Technical Group. Is a technical team of experts participated by DGTVi; HD Forum Italia and Tivù

TLS-PKI tivùon! RECEIVER

BAS PROFI

LE

MHP STACK

BAS FRW.

MHPresource manager

CERT.https:// SERVER CERT.

PRFfile

CERT.

X.letBAS

FW.

How does it works.



tivùon! BAS Profile

14

Certificate Requirements & Trust Anchorthroughout the usage of X509v3 based Certificates, BAS provides the following feature: (fig. 1)

1. Device authentication throughout Platform Identity certificate PI-CRL2. Service authentication throughout Server Identity certificate SI-CRL3. Application authentication throughout Application Authorisation Certificate APPA-CRL 4. above elements are trusted by the same authority: tivùon! Trust Anchor




15

How does it work1.A system entity located on receiver stack is devoted to MHP resources management (DVB-GEM). System entity only grants access to those resources included in DVB-GEM Permission Request File (PRF) once MHP X.let is authenticated by BAS tivùon! Profile

2.BAS tivùon! Profile specifications configures DVB-GEM Resources into three hierarchical levels:

• Basic Resources: are those ones defined by DVB-GEM which can be accessed by any trusted application coming from an HTTPS server with a valid certificate. Currently there are no basic resources defined for a tivùon! compliant receiver.

• System Resources: are those ones controlled by the system entity under BAS conditions: (id 0x01) Marlin DRM Agent; (id 0x01) Persistent storage

• Private Resources: are those ones owned by single companies: (id 0x01) Application storage

3.BAS permission mechanism is based onto the following assumptions:

• an Xlet (with associated PRF file) is downloaded throughout an HTTPS server with mutual authentication based upon certificates.

• an Xlet may include one or more certificates to allows device to validate requests and grant access to resources.




16

Platform “Security Class” level assignments

1.Current platform implementations largely differ in terms of security measures supported: some platforms uses secure chipsets with crypto operations implemented in hardware, exposed through secure interface. Others implementing white box cryptography in software with anti-tampering and obfuscation techniques.

2.Most of the Italian service providers and broadcasters willing to join the tivùon! initiative feel that a mechanism to ensure some degree of differentiation, with respect to the class of security associated with a platform implementation, is required.

3.Adding support for platform security classes in the TivùOn ecosystem implies:

• To define a set of applicable Platform Security Classes and related key security mechanisms applied.

• To assign and to signal in a secure way the Platform Security Class assigned.

• To expose the Platform specific Security Class to the Application layer (GEM) trough a read-only system property specifically defined: system.drm.securityclass

• To negotiate a liability agreement between the Certification Authority and the Platform manufacturer responsible for assigning a Security Class to owned platform.




17

Platform “Security Class” definition table

An example of Security Class table defined in tivùon! Profile is the following:



tivùon! DRM Profile

The aim of DRM Profile is to complement HD-Books in the area of Content Protection for broadband media delivery. Tivù has decided to foster the development of OTT-TV services by Italian broadcasters through the creation of a “DRM Ecosystem”, to encourage them to profit from Free OTT services, protecting content distribution to avoid illegal overspill on Internet. tivùon! DRM Profile fits within this initiative.

The “DRM ecosystem” concept promoted by Tivù is based on the widest acceptance of DRM technologies already adopted by Italian Operators and Manufacturers.

• Tivù mandates the implementation of Marlin DRM on “abilitato tivùon!” labelled devices and strongly recommends the implementation of at least another DRM solution, compatible with the existing platform specifications (e.g. those ones which are already deployed and used in the Italian market).

• tivùon! DRM Profile specification is reflecting this DRM ecosystem concept and related specifications are aiming to promote the coexistence of concurrent DRM solution in parallel with Marlin DRM technology.

• “abilitato tivùon!” brand is a spontaneous participation program proposed to CE manufacturers, aimed to extend the current Gold Label (DTT) and Broadband Ready (tivùsat) devices capabilities with OTT Content Protection, Broadband Application Security and Adaptive Streaming solutions.

DRM Profile: what’s that ?



tivùon! DRM Profile

Service Profiles: Two types of CoD services are addressed: • Streaming CoD services (MANDATORY) • Download CoD services (RECOMMENDED)

Device Profiles: There are 2 receiver profiles as clients for protected CoD services:• Streaming Device that is not equipped with storage for content files. Streaming Device:

• SHALL support Streaming CoD services.• SHALL allow persistent internal storage of at least 1500 kB for licences. • MAY actually behave as a Download Device if accessing content located in external storage is supported.

• Download Device that is equipped with storage for content and license files. Download Device:• SHALL be able to store the content and/or license for future playback • SHALL support Streaming CoD services and it SHALL support Download CoD services.

Tivù DRM Ecosystem: SHALL be compliant with the following Marlin specifications: • Marlin Simple Secure Streaming (MS3)• Marlin Broadband (BB)

Marlin Compliance and Robustness rules: SHALL apply for MS3 and Marlin BB profiles implementations. • Streaming Devices SHALL be compliant with Marlin MS3 and BB Compact Implementation. • Download Devices SHALL be compliant with Marlin MS3 and BB Full Implementation.

Requirements

(*) CoD: Content on Demand



tivùon! Service Trial: 200 users launched on may 2012

A Coopetitive Video Portal for free access to catch-up TV service

Content Providers selector

Searching tool by Genre Searching tool by key word entry

Application Launcher on Tivùsat EPG

Content Synoptic

Content Browser and Selection

only



tivùon! Service Trialfunctional block diagram

MHP applet+ metadata

tivùon!CDS &

Appl. Back End

Internet

Fron

t End

Mediaset

DAM

Fron

t En

d

RAIDAM Fr

ont

End

La7DAM Fr

ont

End

SAS

streaming

streaming

streaming

metadata

metadata

metadata

SLAsMHP applet+ metadata

MARLIN

HOSTEDMARLIN

SERVICES

SAS

SAS

SAS

streaming

Content Key

tivùon! Trial Platform: a distributed architecture over Internet layer

Service Provider

Content Providers

MS3 SERVER

MS3 SERVER

MS3 SERVER



Conclusions

1. Broadband Media Delivery via Over The Top platforms could represent a New Age for TV Broadcaster offering Free or Pay TV services.

2. Bringing back younger audiences to TV consumption throughout new appealing non-linear large screen TV services, would be the new deal for commercial and public broadcasters to compete against the Internet global giants of video value proposition.

3. “Italian TV Platform goes OTT-TV” because it is aware of the new challenge. Its own cross platform breakthrough design is an outstanding reference for Industry standards, Operator needs and Customer satisfaction, encouraging a Coopetitive approach in relying with regulatory policies and Authority recommendations.

4. Nationwide organisation representatives, Industries and platform designers would be aimed to merge their own specific implementation profiles into a wider convergence set of common European requirements & specifications capable to fulfil large scale economy cost reduction for CE manufacturers, Content owners, Broadcasters, Service Operators, Broadband Telcos.

Seminario SMPTE tecnologie emergenti

Rome, May23° -2012

Presented at

THANK YOU

[email protected]

Documents

JTG (Joint Technical Group) Marco Pellegrinato Vice President HD Forum Italia