protecting content rights - · pdf filepirated, or used in any way ... • the box office...

1©2015 Irdeto, All Rights Reserved.

PROTECTING

RIGHTSAndrew Gayter

CONTENT


TABLE OF CONTENTS

Chapter 1: Understanding content rights protection 3 Chapter 2: Translating it into security requirements 6

Chapter 3: Examples of Granted Rights and Usage Rules 14

Chapter 4: The right solution for your OTT service 21


Chapter 1

Understanding content rights protection


[What exactly are content rights?]

W hat exactly are content rights, or more specifically, what are rights when made in reference to video,

such as movies or TV programs?

Content rights are the legal rights of many parties, including –

• Individuals such as actors, musicians, artists, writers, photographers

• Media conglomerates such as Time Warner, Comcast, Disney, BBC

• Production companies such as Dreamworks, Paramount, Pixar

The list spans many areas of content creation, production, distribution and marketing.

Rights are established between agreeing parties, but if those rights are infringed, or revoked, then this can impact many things, most significantly, revenue. The ultimate objective is to protect a rights revenue stream in which all parties receive royalties i.e. payment.


[What is required to protect content rights?]

T o protect content rights, systems must have approved security technologies and processes in

place from content transmission, receipt, storage and processing of master files to secure delivery into a video player. Under no circumstances should the content be pirated, or used in any way that doesn’t abide by the agreed terms with the rights holders.

Distribution of premium video content is more complex within the ecosystem of OTT than it is within the CA/IPTV world. There are obvious overlaps of security with broadcast, such as content receipt and processing, but the management of OTT rights is complicated by the diversity of target devices.

CA is typically oriented towards managed devices, whereas OTT generally targets unmanaged devices. The differences being that in the case of managed devices operators own/manage the silicon, Trusted Execution Environment (TEE) and secure boot. Unmanaged devices are not owned by the subscription operator and are therefore outside of their control. Operators do not own the device i.e. iPhone, iPad, Smart TV, console etc. and as a result the surface attack is potentially greater and less secure (due to no single security authority).


Chapter 2

Translating it intosecurity requirements


E ssentially there are two factors that require consideration when protecting content. These are

the granted rights and usage rules.

[Granted Rights]

G ranted Rights describe the content that will be offered and the security it requires:

• Which territory (territories)• What content type (SD, HD, 3D, 4K)• What security (encryption, DRM, output protection,

code hardening, secure players)• Rental or ownership (EST)• Rights window / type of service (transactional,

subscription, advertising, free)• Maximum number of views• Streaming or download• Delivered over broadband internet (including Wi-Fi)

or mobile (2.5G/3G/4G/5G)• Traditional delivery (cable, IPTV, DTT, DTH)• Which devices it can be viewed on• Website, app or both

Let’s explore how some of these elements translate to consumer viewing experiences and what the security implications are for content providers.


Rights windows

R ights windows can be simple i.e. those typically applied to movies, or very complex, including

options such as catch-up and time-shift. For movies, windows usually follow:

• The box office cinema release of theatrical feature movie

• The sale or rental of video for viewing DVD/Blu-Ray players in the home

• Pay-per-view / video-on-demand premium TV services offering feature movies

• Movies aired on subscription based TV channels - cable and satellite pay-TV channels in the US and Europe

• First-run broadcasts of movies on mainstream (network broadcast) free-to-air television

• Continued syndicated (second-run) sales of movies for broadcasting on TV channels

Note: other rights windows exist, such as in-flight windows. These window types are granted to airlines who offer In Flight Entertainment (IFE).

All windows can be made more difficult to manage due the dynamics of rights and the contracts that define the granted rights. For example, black outs, which refer to one or more segments of a rights window in which rights are not granted. For example, a service may be granted rights for three months, but within the second month


two weeks are blacked-out because a special event is occurring in a primary region, such as USA. Windows may also be broken up by broadcasters to enable better use of programs within schedules i.e. programs may get shifted due to sports/news events. OTT platforms may adjust availabilities to suit marketing campaigns and promotions. Within platforms it’s often the case that promotional materials will have different rights to the main content. For example, the physical master of a movie may only become available (delivered) 24hrs before being made available (to reduce the chance of piracy) for broadcast, or online, whereas service may use promotional materials i.e. images, clips, trailers prior to the main content being made available.

Services must also honour the end of rights windows and have systems in place to remove content from platforms, storage, caches and Content Delivery Networks (CDNs). Many rights holders will insist upon systems having emergency takedown policies. Takedown policies are a systems ability to remove content within a specific time-period, for example four hours. These policies are used when rights for content have been revoked for some reason, for example piracy, or strikes. Other examples could be actors, musicians, script writers having royalty issues, or simply that rights have expired for the musical score, or image.


[Content Usage Rules]

U sage rules specify how the retailer and customer can use the content available, including the

allowable monetization rules:

• How many devices can be registered• How often those devices can be changed• On how many devices can that content be downloaded

simultaneously• Whether the content can be shared with a household,

and if so, how many times• How many people can view the content concurrently• Whether side loading, lending or gifting is allowed

Granted rights and usage rules define the framework/conditions of the rights agreement.

Monetization rules refer to how the content may be used to generate revenue. This can be as rental, purchase including Electronic Sell Through (EST), or as subscription. Content can be supported by additional monetization models, such as advertising, promotions and sponsorships. Sponsorships can add further complexity with rules that define how sponsorship content may be used, for example blocking competitor advertising.


[Technology and processes for receiving, storing and delivering content]

I n addition to granted rights and usage rules, additional requirements are set by rights holders to ensure that

a retailer has the correct technology and processes in-place to best protect how content is received, stored and delivered. Studios and content holders will require questionnaires to be completed prior to any agreement. These documents will require details of the intended security mechanisms and systems being proposed.

[Receiving and content storage requirements]

• Secure receipt of content, especially high-resolution masters, i.e. 4k, UHD, HD etc.

• Secure storage of content digitally or physically in a library (must be encrypted)

• FACT and/or MPAA accreditation of storage (audited)• Physical and electronic access rights and logging,

tracking and reporting (audited)• Secure storage of duplicates/backups off site

(accredited and audited)• Deletion or physical return of masters as required

(audited)


Delivery restrictions

• Maximum and minimum bitrates (some studios e.g. Disney will dictate the minimum and maximum bitrates that can be used)

• GeoIP restrictions (on site and CDN, whitelists, which regions)

• Approved DRM(s) (per device)• Player/App code hardening and following robustness

rules (per device)• Digital outputs - disabled or restricted (HDCP, DTCP-

IP), exception rules• Analog output - requires CGMS-A, disabling or Analog

Sunset (HD to SD) (exception rules define fall backs if output protection is not supported on the device)

• Device registration and management, e.g. flip counts• Rental files and storage retention policies• Fingerprinting, watermarking, etc. as required (4K,

UltraViolet)• Approved Streaming Protection Technologies (per

device)


Actors

ProducersStudios

Distributors

Writers Cinema

Pay TV

DVD/Blu Ray

Consumers

Consumers

Consumers

Content rights stakeholders

Rights & Rules

Maximum Revenue


Chapter 3

Examples of Granted Rights and Usage Rules


T here are no standards adopted by all content owners, making the job of a content provider

even more difficult. What is important to keep in mind, however, is to define viewing rules that are as easy as possible for consumers across all content. Passing the complex, differing viewing rights from different sources onto consumers would make the operator’s service extremely user unfriendly and confusing.

[What usage rules do content providers enforce in the real world?]

G ood question! They not only vary widely from one OTT provider to another, but can also change from

month to month by a single provider. This is due to two reasons:

• Service providers are experimenting and fine-tuning their usage rules to find the sweet spot that appeals to their target customers.

• Service providers negotiate different content rights agreements with content owners. OTT market leaders, such as Netflix, have been able to negotiate more flexible rights from Hollywood studios than other OTT providers due to their scale.

Let’s take a snapshot of the popular OTT offers in the market as of mid 2015.


Netflix (in the Netherlands)


Foxtel (in Australia)

How many devices can I use Foxtel Play on?You can register up to three devices on your Foxtel Play account. These can be a combination of Foxtel Play and Foxtel Go devices but it must contain at least one Foxtel Play device and you are restricted to only one Xbox 360. You can change one of the devices registered to your account once per month. You are only able to watch video on up to two registered devices at the same time.

How long are Catch Up (Anytime) TV shows available for on Foxtel Play?The length of time shows are available for depends on the channel and the show. However most programs should be available for a minimum of seven days. You can see the expiry date in the info attached to each episode.


Amazon Instant Video (in USA)

Purchased videos:Downloading: You may download videos you purchase to two compatible download devices, such as Fire tablets or TiVo boxes.* After downloading a purchased video, you retain the ability to stream that video as described above.

Viewing Period: Indefinite

Rental videos:Downloading: You may download videos you rent to one compatible download device, such as Fire tablets or TiVo boxes.* Once you have downloaded a rental video to a TiVo, you may not watch it on any other device using the same Amazon.com account. Once you have downloaded a rental video to a Fire tablet,


you may not download that video to another device or simultaneously watch it on more than one device using the same Amazon.com account. However, you may start watching a downloaded video on your Fire tablet and later stream that video on another compatible device (as long as it isn’t playing simultaneously on more than once device).

Viewing Period: When you rent a video, your viewing rights are contained within two periods:• You must complete watching rental videos within a

window (typically 30 days) from your payment of the rental fee. The length of this window can be found on the detail page or on a link from the detail page, such as the “Learn more about renting and buying” link on website detail pages.

• You’ll typically have 15 to 30 days to begin watching the video, and once you start watching it, you’ll typically have 48 hours to finish watching it. We’ll usually notify you when the viewing period for a title is close to expiring.


UPC / LGI


Chapter 4

The right solution foryour OTT service


[Content rights protection is more than just a DRM (or multiple DRMs)]

H opefully, it can be seen that protecting rights is far more complex than just ensuring that a DRM

is used. DRM occupies only a small proportion of what modern, sophisticated OTT platforms must employ to ensure rights compliance. DRM fulfills many of the delivery requirements, such as output protection and robustness, but many additional layers of functionality and processes are required to make every possible effort that the rights and usage rules are correctly exploited and protected.

[What to look for in a content rights management solution?]

1. Ability to apply the required security throughout the process and management of content through receipt, processing and storage.

2. Support for the required DRMs, players on the allowed devices and required delivery formats.

3. Rules, policy, access and authorization management that goes beyond traditional DRM to enable complex usage rules and monetization models.


#1 and #2 above can be satisfied by adopting security practices and using what we call ‘dumb’ DRM. #3 on the list is always an absolute necessity for premium content and can be costly to develop and maintain.

What should you ask for in an RFP?

I f you are writing an RFP, these would be good things to include as your requirements:

• License server • Target devices, browsers (versions), required DRMs

and delivery formats• Geo-blocking (regions)• User authentication and authorization• URL tokenization and claims• Entitlement management (access to content and

packages)• Device management (identification, limits, flip

counts, DRM policies per device type)• Business policies (SVOD, TVOD, ad-funded, rental,

free)• Fraud management (VPN and proxy blocking, IP

sharing)• Concurrent stream management (streams per

household)• Flexible deployment models - fully managed service

in the cloud or on site, licensed• Hybrid head-end for managing both CA and DRM

protecting content rights - · pdf filepirated, or used in any way ... • the box office...

Documents