© 2014 KUDELSKI GROUP / All rights reserved.

anyCAST CONNECT June 2, 2015

2 C O N F I D E N T I A L 222 2

KUDELSKI MAIN BRANDS AND ACTIVITY LINES

INTEGRATED DIGITAL TV

CYBER SECURITY

PUBLIC ACCESS

Integrated security and multiscreen user experience solutions for the monetization of digital media.

Innovative, flexible and cost-efficient solutions to deliver premium content securely over broadcast,

broadband and connected devices.

Renewable Conditional Access Modules for digital TV access; full range of SD and HD

set-top boxes and chipsets.

Integrated access and management solutions for car parks, ski lifts, sports, entertainment

and exhibition facilities.

Tailor-made cyber security solutions and services for enterprises, financial institutions,

government agencies and media customers.

3 C O N F I D E N T I A L 333 3

NAGRA Digital TV: 3 Product Units

C o n t e n t & A s s e t S e c u r i t y

C o n n e c t e d D e v i c e s & U s e r E x p e r i e n c e

M u l t i s c r e e n

DIGITAL TV SOLUTIONS

pp

anyCAST CAS/DRM/MDRM

OpenTV STB Middleware & Applications

MediaLive Service Platform & Secure Player

4 C O N F I D E N T I A L 444444444 4

CONNECT Clients: STB, TV, Open Devices

 

   

   

5 C O N F I D E N T I A L 555 5

anyCAST CONNECT 2-way embedded client for STB, Gateways and mobile devices Includes PRM (Nagra DRM)

Security adapted for any device Nagra HW RoT, 3rd Party RoT or pure software

Converged Security Service Platform for single product definition and SMS integration

Supports Broadcast & OTT distribution

6 C O N F I D E N T I A L 6666666666 6

anyCAST PRM (DRM)

DRM for MVPD “rich” use cases

1-way and 2-way

multiple devices STB, iOS, Android, Mac, PC

DECE and DTLA approved DRM solution for OTT and Home Networking

7 C O N F I D E N T I A L 7777777 7

anyCAST CAS & PRM (DRM) in Mixed Use Cases

8 C O N F I D E N T I A L 88888888 8

Merged CAS & DRM Platform - anyCAST

MANY previous CAS and DRM platforms Now all combined with “common crypto” including across CAS and DRM

9 C O N F I D E N T I A L 999 9

Server Infrastructure Server Infrastructure

Device Device

Messaging: a CAS that works like a DRM

Middleware manages connection Head-End Encrypted Media Extensions (EME) Compatable In Band (Broadcast) EMM no longer needed

SMS / CMS CAS HE

Middleware CAS Client

Broadcast system

Portal CAS HE

Middleware Connect Client

Connected system

1.1 Right request 1.3 Broadcast notification 2.1 Get right

2.2 Set right

1.1 Right request

1.2 Send right 1.2 Assign right

1.5 right update notification

1.4 Get right

10 C O N F I D E N T I A L 110000000000 10

BROADBAND CAS

Kernel

Middleware / TV OS

BROADBAND CONNECT

Secure Client

Middleware / TV OS

CONNECT REE Client

TEE

DRM DVL

11 C O N F I D E N T I A L 11111111111 11

REE: Rich OS Execution Environment TEE: Trusted Execution Environment

Moving Security Critical Elements into the TEE

Operator Pay-TV application

CONNECT-TEE client

Hardware security resources

Browser/app framework

  

  

  

     

  

Secure Player CONNECT-REE

client

Platform resources

12 C O N F I D E N T I A L 1222 12

FRAND - Security & Indemnification - I Nagra uses uses FRAND (actually free) content cyphers with fully disclosed operating modes

DVB CSA2, (CSA3), AES 128 Allows unilateral simulcrypt (operators can replace us somewhat economically) Follows Kirchoff’s Theorem on security disclosure Signaling and packet structure framework follows DVB, SCTE, HLS and MPEG-DASH standards .

13 C O N F I D E N T I A L 1333 13

FRAND - Security Indemnification - II Root of Trust and associated Key Ladder can be FRAND (or free i.e. ETSI) or proprietary or both

If we use our own proprietary one we have increased security guarantees through hidden counter measures and recovery options If we use FRAND for Root of Trust and Key Ladder, the security guarantees are less as there are no hidden counter measures or recovery mechanisms FRAND Root of Trust likely “keyed” by third party so indemnification further fragmented

14 C O N F I D E N T I A L 114444444444 14

Security as a Service Who is responsible? It’s Obvious!

Threat models vary by network topology, network fragmentation, geographical footprint and content values What works today or at launch may not hold tomorrow

License Agreement/Contract

Security Data Hardware/Software

Secure Key Provisioning Service(s)**

Database Chip

Qualifier(s)

Chip Manufacturer(s)

Set-top Box Manufacturer(s)

Box/SW Qualifier(s)

Subscriber

Set-top Application Provider(s)

Content Providers

MVPD(s)

CAS Vendor(s)

*In some implementations one or more of these functions are performed by the same entity or organization **Also known as Black Box Operator $ – flow of payment L – incurred liability

Metadata Provider(s)

Separable security HW renewal, e.g. card swap

1

2

3

4

5 6

7

8

9

10

11

12

13

14

15

17

18

19

20 21

16 22 23

24

Middleware Provider(s)

25

26

Advertisers

27 28

$L $

$$

$

$L

$

$L $

$$

L

L

L L

L

License Agreement/Contract

Security Data Hardware/Software/Content

Database Chip

Qualifier(s)

Chip Manufacturer(s)

Subscriber

Content Providers

Video Distributor

DRM Vendor(s)

*In some implementations one or more of these functions are performed by the same entity or organization $ – flow of payment L – incurred liability

1

13 14

16

Advertisers

17 $L

$L

$

$L

Application Integration

(Mobile)

2

Device Qualifier(s)

Retail Device Manufacturer e.g. VidiPath

Browser App Player Plug-in

(PC/Mac)

$

3

4

5

2

6

8 L

7

15

9

10

11 12

$L

L

L

L

L

15 C O N F I D E N T I A L 1555 15

Device and Security Diversity Our customers need security on anything from a several year old smart phone to a hardened 4K capable multi-tuner home gateway / DVR

The same signal may have to be decrypted in a range of devices Wide range of operating environments from secure processor (TEE, Secure Micro) to open SW systems Wide range of security maturity in SoC suppliers Wide range of features like Root of Trust in secure HW to SW emulation Protected and unprotected video paths and outputs

Permissions and security expectations vary widely and no one size fits all “Best Effort” is not always a negative phrase Best Effort on so many platforms requires huge efforts

16 C O N F I D E N T I A L 1666 16

Content Security, Meta Data and User Interfaces - I Primary content – audio, video, description, essential captioning - protected by CAS and DRM Additional meta data – guide descriptions, graphics, links etc. – can also be protected by CAS or DRM especially if broadcast/multicast

Represents a fraction of 1% in overhead Represents a smaller fraction of 1% in threat model

17 C O N F I D E N T I A L 1777 17

Content Security, Meta Data and User Interfaces - II The extent to which a viewer or viewing device can bundle or unbundle meta-data and UEX is 99%+ a Policy decision by the operator with little impact on content security If viewing device is breaking UEX Policy it can be revoked!

Requires meta-data / UEX policy and rules tied to CAS/DRM (code signing, certificates or similar) or perhaps server certificates as suggested in CVP-2Easily enforced by CAS and DRM systems or by cloud servers

Without a clear policy on UEX disaggregation anything and everything is possible but nothing gets focused on or accomplished? DCAS Technology and UEX Policy are 99% separable

18 C O N F I D E N T I A L 118888888888 18