Transcript Secure Streaming Media

IPcypher™
Network Security Technologies
For Internet Protocol Networks
Goals for IP Security
# 1 – No Unauthorized Copies
MSO’s
– Flexible (don’t lock into
one technology or
provider)
– Upgradeable
– Cost Efficient ($ / sub)
– Will it satisfy Hollywood?
Consumers
– No perceived restrictions
Convergence – hype or reality?
•
•
•
•
IP Network conversion – “When?” not “If”
Consumer Demand is high
More MSO Revenue/ Sub opportunity
Asia and other “green field” markets are there
already
• Will ’02 be the year?
Vulnerabilities
• Access
– Establish Unique Identity of Consumer
– PPV, Subscription Management (get only what you
pay for)
• Delivery
– Encrypt Data to Eliminate Interception of Content
• Playback
– Monitor for hacked players, VCR Utilities, etc.
• Output
– Macrovision, 5C, etc.
Concerns
• Whose security standard will be
adopted?
• Is there a threshold that must be met
to license VOD?
IPcypher
“Intelligent, real-time, data encryption for IP based networks.”
•
Real-time encryption: only solution for real-time communications, provides capability
•
Intelligent Encryption: IPcypher system can recognize and parse multiple media
of unique session encryption, fully automated supporting broadcast, live events, archived
content and real time communications. Process is performed without affecting latency,
performance or quality of service.
formats then encrypt at the protocol payload level ensuring persistence and transparency
unlike all other solutions that encrypt IP payload. This ensures encryption without data
expansion. IPcypher is NOT a tunneling technology.
•
Persistent encryption: encrypted data can be held securely in network or client
•
Transparent encryption: encrypted data can effectively navigate all devices on IP network
storage devices such as a personal video recorder or at any point in the distribution chain
without any change to software or hardware of third parties.
such as proxies, NATs, firewalls, caches, storage devices, and client hardware/software processes.
IPcypher
“Intelligent, real-time, data encryption for IP based networks.”
•
Client-side security technologies: provides tamper evidence and tamper
•
US government cryptography standards: uses standard encryption
•
Platform and Format Independence: support for a variety of formats including
monitoring capability for open or semi-open client environments. Prevents data packets
from being captured by network stack hacking, screen-scraping, VCR- like utilities, incircuit emulators, and other techniques.
technology tested by the US government and approved for NSA, department of defense,
and CIA communications. Provides unique session keys and/or massive key rotation
based upon standards key management schemes.
Mpeg 2, Mpeg 4, Windows Media, Real, QuickTime, Video Conferencing (H.323 etc.),
Instant Messaging protocols and VoIP. Support for a variety of platforms and operating
systems including Wireless 3G technology and devices.
IPcypher packet vs. IPSEC packet
Standard
Packet
Widevine
IPcypher
Packet
IPSec Packet
IP Header
TCP/UDP
Header
Content
IP Header
TCP/UDP
Header
Protected
Content
IP
Header
ESP
Header
IP Header
TCP/UDP
Header
Potential difference
of up to 285 bytes per
protected packet
when compared to
IPSEC.
Content
ESP
Trailer
Widevine IPcypher Client Security
• Tamper Resistance – E-shield
– Tamper Hardening Technology that makes alterations of the
security difficult.
• Tamper Monitoring - ActiveGuard
– Tamper evidence technology monitors the integrity of security on a
computer or device. Constantly monitors different operational
characteristics of the operating environment. Functions in both on
and offline modes.
• Tamper Response
– Executes the appropriate tamper response as dictated by MSO’s
business rules.
The Widevine IPcypher Framework
Widevine Cypher Application Framework
Application
Widevine Cypher Protocol Encryption
Transport
Widevine Cypher Datagram Encryption
Network
Widevine Cypher Bridge
Link
IPcypher Unicast Configuration
IPcypher
software
performs all
functions
including key
generation and
management
Multicast configuration - CA/Smart Cards
Integrating with Smart
Card systems.
Create IP Conditional Access Stream
IPCypher
Encryption System
Providing technologies for
companies looking to
delivery CA services.
IP Encrypted Stream
Multiplexor
IPCAS Stream
IPcypher
Framework
ECM
CW
IPCypher Client
Side Security
ECM
Manager
SK
IP Conditional
Access
Receiver
Manage Entitlements
EMM
SMS
Subscription Data
EMM
Manager
Smart Card or
client software
EMM Renewal
Decoded
Stream
The Widevine IPcypher
system can also be
integrated easily with
ANY existing key
management schemes.
Decode IP Conditional
Access Stream
Content
Content
Extending existing
Conditional Access
Systems to support IP.
Authorized Content
IPcypher™
Network Security Technologies
For Internet Protocol Networks
Tom Claeys
VP Business Development
[email protected]
206-254-3156
www.widevine.com