Security for Pay-TV Content from BT TV

CASE STUDY PREMIUM CONTENT: Security for Pay-TV content from BT TV

THE CHALLENGE

BT needed a studio-approved and market-leading content protection solution to deliver its BT TV service to a wide variety of devices in its ecosystem from Android and Apple small screen devices through to Smart TVs and everything in between.

In an effort to expand their existing online video-on- demand streaming services to include more programming to a greater UK audience, BT TV sought to leverage the investment in their existing over-the-top (OTT) infrastructure. BT TV has seen its 1.8m customer base shift from a traditional STB experience to its customers deman- ding more OTT and on-the-go services.

Expanding Customers, Devices, and Threats

The acquisition of EE in 2016 has given BT an opportunity to leverage an expanded subscriber base and new product offering. In addition to previously existing programming, they would now aggregate a new bouquet of premium channels and content, appeal to a much larger audience, and scale the TV business.

Likewise, by that time, the evolving broadband TV culture consisted of advanced, af- fordable, high-powered smart phones, tablets and other OTT devices comprising new screens for new business. The goal was to bring all the leading content into one “super aggregation” service – a broad programming spectrum to include BT Sport, AMC, Dis- ney, BBC, AMC, Discovery, ESPN and many others.

All of this required new levels of content protection techniques that could successfully scale delivery to a large, highly discriminating tele- vision audience.

Content protection for BT TV is key as the increasingly widespread number of illegal, pirated streams threatens the company’s revenues and business model. Likewise, it was critical to protect the primary programming video assets in order to sustain strong commercial rela- tionships with content providers, reassuring them their content would remain protected.

Another speed-bump to delivering BT TV was device fragmentation. Google says there are now over two billion monthly active Android devices. This huge number presented the challenge of uniformly reaching a fragmented and varied device implementation because with the Android operating system comes varied performances, behaviors, as well as reactions to security measures.

THE SOLUTION

Working across business, product, and technology teams, Inside Secure gathered customer and implementation requirements for rendering of protected HTTP Live Streams and offline playback across platforms. The process also included integration of:

• PlayReady DRM implementation on Android and iOS • Obfuscation (for reverse engineering prevention), and anti-tampering technologies (runtime dynamic modification prevention) • Media Player features

• Support for Live and VOD programming

• DRM Packaging Server • SDKs for Android, iOS, and tvOS

Achievements included security features that ensured flawless user experience that would not be hacked. One requirement for achieving scalable technical and commercial success for such a super-aggregated service was thorough testing.

Another example was addressing the problem where some new devices were wrongly identified in BT TV trials as being unauthorized devices. Inside Secure was asked to come up with a custom library deployment for secured and accurate identification of legitimate or compromised devices. Inside Secure and the BT team worked hand- in-hand on a functional solution that would accurately report the state of devices amongst a vast number of configurations in the interests protecting both content owners and the service provider, BT. Custom App IDs

In that same regard, delivering to a variety of Amazon platforms in a short period of time was critical.

“Inside Secure made our job so much easier because we can provide premium content and not be worried about the threats.”

Darren Taft Portal Developer at BT

Specifically, there was a need to launch a technical trial in rapid time frame with a closed user group using the Amazon App Store app beta process. To do so, it was technically necessary to provide a custom control on app IDs to ensure proper testing and delivery.

Thanks to Inside Secure’s flexibility and fast-paced development cycle it was possible to re-visit the enforcement of strict AppID/license coupling for this testing scenario, allowing BT to have this custom control for their app. This enabled the use of larger test campaigns, faster issue tracking and solving, and a reduction in time-to-market for the BT apps. All this was accomplished through the provisioning of temporary license grants for one of the world’s largest content streaming companies enabling state-of-the-art testing and seamless roll out.

Erroneous Device Rooting Reports

Another solution was in detecting false reports of rooted devices by retrieving their configuration. Eventually, a custom Inside Secure Content Protection Client feature would allow the automation of secure retrieval of information from a device to raise support cases when a device was being incorrectly treated as insecure. Here’s how the technical solution was delivered.

The feature that would be needed would have to enable the diagnosis of devices that were being reported as insecure. Due to technical constraints specified by BT a custom- tailored companion app was designed specifically for the customer based on Inside Secure’s extensive expertise in Android security developed over years in the security market. A bespoke companion app for short term troubleshooting was going to be needed to do such a device security check. This was mainly root detection for Android devices (thousands of reports across more than 100 different device models) as too many false positives on root detection caused by unknown builds of Android clouded the picture. The companion app reported to BT staff the reason for device blocking.

Ensuring customer satisfaction necessitates service delivery that does not generate false security breaches alerts. Specifically, false reporting of rooted devices could disrupt the user experience, or even force subscriber cancellation. Automating the secure retrieval of information from a device was the only way support cases could be raised for devices incorrectly treated as insecure. Specifically, to identify the false reporting of rooted devices, a functionality was created in the core Inside Secure Content Protection Client SDK avoiding incorrect treatment of all “rooted” devices as insecure, thereby avoiding erroneously punishing the user and keeping the BT TV business model vibrant.

THE RESULT

The proactive efforts of the Inside Secure team resulted in a sound technical foundation for BT’s new service. The BT TV App delivers live channels and shows on demand over smartphone, tablet, laptop and other OTT devices as part of the package. Customers can watch as many as 50 live channels, including BT Sport, anywhere they are, and catch up on the latest shows programming above as well as the likes of AMC, Comedy Central, SyFy, and Discovery. Children can watch Nickelodeon and Cartoon Network, and anyone has seamless watching from on demand set top box viewing to the BT TV app with the ‘Continue Watching’ feature.

BT TV reaches a wide audience of millions of users, and has the strength to continue growing. Benefits include a consistent user experience across platforms and device types, as well the secure delivery of a new, broad range of HD quality programming acquired from studios and blockbusters as well as premium sports (Premier League, Champions League, etc.).

“Content Protection is critical for us. The extent of stolen, illegal streams is becoming more and more widespread; and, we need to protect the crown jewels—and this [Inside Secure solution] allows us to have better conversations with our Content Providers by giving them the reassurance that they will be protected.” Scott Room Head of UX and Design, BT TV

Additionally, more features, value, and increased stickiness for existing TV subscribers and new customers contribute to a new generation of streaming business for BT, built on secure provisioning to consumers. Best of all, content is now viewable anytime, anywhere, with or without network connectivity.