Originally featured on BroadcastEngineering.com
FLO Forum vets open standard security solution for MediaFLO technology
The FLO Forum, an industry group looking to promote the global standardization of QUALCOMM’S MediaFLO mobile TV delivery technology, has taken another step toward this goal. It is currently working to define an open standard security specification — dubbed the OpenCA initiative — enabling any conditional access (CA) vendor to implement its security on both the headend and handset side of the MediaFLO architecture.
Key elements of the OpenCA specification and framework include:
- A provision for a “secured container” in the terminal, such as a SIM card, smart card or SD card, for increased protection;
- A standard interface allowing CA systems from various vendors to interoperate with headend multiplexers;
- The ability for CA systems residing on the same broadcast system to share encryption keys, enabling multiple field devices to decrypt a single encrypted signal without the need to swap out CA elements;
- Renewable security, which allows operators to update or fix a mobile phone’s key management system as needed for protection against security attacks;
- Ability to replace one key management system with another, reducing the likelihood of locking an operator into one specific security vendor’s CA solution;
- Simulcrypting capability.
In addition, an open standard security solution based on the OpenCA specifications would include a clearly defined scrambling algorithm, such as AES; a standard method for a security system to interact with the MediaFLO scrambling system; and a standard mechanism for carrying entitlement messages over the MediaFLO broadcast stream.
A complete MediaFLO OpenCA solution would include three components. A headend component would define and manage the commercial offerings for different types of services, such as pay per view, and pay per time. An OpenCA software component running on the secured container on the media device would control access to the broadcast content according to the end user’s granted rights. Last, a driver running on the terminal would offer a layer of abstraction between the mobile TV and OpenCA applications.
Security vendors would be able to integrate a security system based on the OpenCA specification directly into the key management system of a mobile phone. In CDMA or other non-SIM card environments, the OpenCA can be placed in a secure module in the handset. The key management system client (with the OpenCA) can also be placed on a microSD card. In other mobile devices, such as personal media players, the key management system could be embedded into a security chip on the devices.
An open standard security solution would give network operators more flexibility in the choice of CA vendor and would prevent them from being locked in to one solution. They would be able to choose security solutions that mesh best with their particular business models and their customers’ needs. In turn, it would be easier for content owners to push for more powerful security solutions from the CA vendors. There would be more of a guarantee that content was protected against piracy, meaning that the content providers would be more likely to offer quality premium content to consumers.
The FLO Forum began discussing the OpenCA specification last year. Thus far, it has ratified an Open CA Requirements specification document. The FLO Forum Technical Committee is now working on the technical specifications of an Open CA framework. This is expected to be complete by the second half of the year.
FLO Forum member and CA and DRM vendor Nagravision has already committed to developing products based on the OpenCA specification. The products will include headend, handset and SIM card software. The company has been working with other security vendors in the Forum to define the OpenCA specification.
For more information, visit www.floforum.org.