Widevine's Mensor

The system offers scaling and watermarking for IPTV.

Video and audio watermarking is a relatively new technology that is used in post production to mark movie content and could be used in digital cinema applications. There are significant challenges of scalability, performance and economy in adapting the same technology to today's home entertainment content delivery networks.

Session-based watermarks

Figure 1. IPTV network Click image to enlarge.

A session-based watermark marks each instance of access to content with who — the ID of the accessing device — and when — a timestamp denoting the time of access. The watermark is designed to be invisible and indelible, in that it will survive in copies of the content despite significant distortions. Should a copy of the content appear in an unauthorized location, then the watermark may be used to identify the origin of the copy. (See Figure 1.)

A content delivery network is essentially a multinode network for distributing content. A source node (content owner or aggregator) transmits content to several hundred operators, or intermediate nodes, around the country. Each operator then serves up the content to its community of subscribers for viewing on a variety of consumer devices or terminal nodes.

The biggest problem for session-based watermarking lies at the edge. Low-powered STBs, PVRs and mobile devices can't spare 100 million instructions per second (MIPS) of CPU. This is the power required to perform the entire watermarking computation. It is a problem that cannot be solved by traditional watermarking architectures. Widevine Technologies' Mensor solves this problem by inserting a 64-bit payload with less than 1MIPS of CPU processing.


Watermarking can be separated into analysis and insertion. The analysis involves the intense signal processing of A/V data to determine the locations at which payload data may be hidden in the content. This is performed at the source node. The insertion process can be made lightweight — little more than a controlled byte copy. In many watermarking products, the analysis and insertion are performed as an atomic process. This is because many of these are derived from technologies meant for high-end or single-stream applications where scaling is not a consideration. In the Mensor solution, the analysis process performed at the server generates watermarking metadata. (See Figure 2.)


Watermarking metadata is packaged, secured and multiplexed in with the encrypted content, imposing a negligible bandwidth overhead. The metadata is accessible only by the insertion process that is part of the Widevine Virtual SmartCard client that resides securely within the receiving device.


The inserter reads the metadata with the instructions of the byte offset and code needed to insert a one or a zero. It then computes the payload to write from the unique device ID and the timestamp derived from a secure clock.

When insertion is performed on an intermediate node, the metadata is modified, allowing downstream insertion. When insertion is performed on a terminal node, the metadata is removed from the content. Then the system inserts a 64-bit payload with less than 1MIPS of CPU processing.

Further benefits

Watermarking is a target for hackers. The architectural split, introduced for scaling, means the essential signal processing know-how is operated in a secure environment, on a headend server. Only the relatively trivial insertion code is exposed to hacking on a client device.

Metadata exposure could aid an attack on the analysis algorithm. Watermarking must be integral to the content security system with one client providing both decryption and watermark insertion, uniquely marking content each time it is decrypted.

Renewability, portability

If the watermarking algorithm is defeated, then renewals will only affect the server at the headend and should not require client changes. As with encryption, the watermarking algorithm is a pluggable module. Widevine has licensed watermarking technology from three industry suppliers after an extensive RFP process.

The simplicity of the insertion code means that it does not rely on DSP, special instruction sets or large memory resources. This makes it possible to port the insertion client to client devices already supported by the Widevine Virtual SmartCard.

Reza Rassool is chief engineer for Widevine Technologies.