Smartcard, Embedded, and Software-based Security

With all that hinges on high-quality video with seamless delivery, doesn’t it make sense to protect your content and your investments with the best security available? It is essential to devote as much interest to protection as you do to content, and while much of the technology we offer comes with security integrated, you should always consider the best option for your unique situation.


Multi-Network Platform and Architecture

Verimatrix and DigitalGlue offer a complete multi-network content and revenue security solution for DVB, IPTV, OTT and Hybrid services. The Verimatrix Video Content Authority System (VCAS™) provides the tools and support digital TV operators require in order to address the new opportunities arising from the accelerating convergence of video delivery over various types of networks – whether managed or unmanaged – to a multitude of devices. This convergence must encompass a proactive revenue protection and enhancement approach that enables service operators to cast a much wider net with their service offerings. As a consequence, the central value proposition for the Pay-TV enterprise shifts beyond that of traditional, single network content protection alone, towards the broader perspective of multi-network revenue security.

Our proposition embodies the following characteristics:

  • Elimination of the boundary between CA and DRM philosophies
  • Efficient service delivery independent of network technology
  • Network upgrades without the burden of re-integration
  • Future-proofing against standards transitions
  • A frictionless multi-screen rights management experience for consumers

VCAS – Deployment Flexibility and Versatility

VCAS is the realization of the Verimatrix 3-dimensional digital TV security strategy, which extends the domain of security beyond a legacy conditional access (CA) approach in order to protect Pay-TV services delivered to any screen over any network while combating any threat. The VCAS architecture combines a number of network specific security solutions built on a common platform. VCAS is fundamentally based around card-less client implementations, integrating the best hardware security subsystems of the client devices with robust, renewable software architectures. It implements a single security authority for multiple networks and devices, supporting various video and digital rights management (DRM) formats while providing a harmonized cross-network entitlement management.

VCAS has been deployed widely, including proven configurations that secure services of the following types:

IPTV / Telco TV, securing large scale IP managed network services using Multicast and VOD protocols, further enhanced by secure Wholesale/Retail content distribution options.

Hospitality-optimized IPTV, offering solutions for small to large scale hotels, resorts and cruise ships.

Internet TV, providing enhanced HTTP Live Streaming (HLS) security for live and on-demand OTT services to the broadest range of device types.

DVB Broadcast, securing “one-way” networks: cable, satellite and DVB/ISDB-T terrestrial.

Broadcast-Hybrid, combining Multicast and/or RF broadcast with Internet TV to provide a highly effective architecture for modern cable deployments that includes integrated forensic watermarking.

Online Video Publishing with Multi-DRM support, featuring harmonized rights management for streaming that uses enhanced HLS security, MPEG-DASH, Microsoft Smooth Streaming/PlayReady and Marlin DRMs.

Based on a highly modular system architecture and efficient form factor, VCAS is inherently cost effective for the smallest deployment with field-proven scaling to Tier 1 operations with millions of subscribers.

Uniquely, VCAS features domain-based entitlement management across VCAS and third-party DRMs (VCAS Super Domains), enforcing domain size or explicit device membership rules. Specifically, when content is entitled to a domain (as opposed to a device), it is automatically available to all the super domain’s devices, whether IPTV, DVB, HLS or third-party DRM clients managed under the MultiRights framework.

Thanks to a vast Verimatrix partner ecosystem, operators can choose from a wide variety of pre-integrated components, such as middleware/subscriber management systems (SMS) and video-on-demand (VOD) servers, and hundreds of receiver models, including DVB, IPTV and hybrid set-top boxes, Windows and Mac OS computing platforms, iOS and Android smart phones and tablets, smart TVs, and gaming consoles.


Multi-network: The delivery of video services over two or more separate transport networks, e.g. DVB and IP, DVB-S and DVB-T, IPTV and mobile. The services may terminate in a single-network receiver, or a hybrid receiver that supports two or more network types. The networks may be managed (controlled by the Pay-TV operator), or unmanaged (for example, controlled by an ISP not affiliated with the Pay-TV operator). Multi-network services may be offered over two or more managed networks, or a combination of managed and unmanaged networks. The latter network type is often associated with over-the-top (OTT) video services delivery.

Multi-screen: The delivery of video services to more than one type of receiver devices, such as TV, PC/Mac, smart phones and web tablets. Multi-screen services may include multi-network delivery.

Hybrid: The delivery of video services over two or more separate transport networks, e.g. DVB-S and IP, DVB-S and DVB-T, IPTV and mobile. The services terminate in a hybrid receiver that supports two or more (managed or unmanaged) network types. Hybrid devices may be part of multi-screen video services.


DTV Broadcast Protection

The multi-network VCAS platform enables digital TV operators to combine standards-based and proven Digital Video Broadcast (DVB) technology for broadcast (one-way) networks, while supporting future extension to multiple network topologies from a single security authority.

VCAS for DVB secures content and associated revenue for broadcast services over satellite, cable and terrestrial networks with no return path. Key features:

  • Support for advanced Pay-TV business models that provide service operators with virtually unlimited flexibility in defining Pay-TV products and services, incl. impulse pay-per-view.
  • Choice of card-less and card-based client security in same network and STB allows the operator to match subscriber revenue potential with suitable STBs.
  • Mobile phone and web-based self-provisioning, including pre-paid vouchers, reduces cost of call centers and staffing.
  • Middleware-independent DVB SI Server for STB electronic program guide.
  • On-screen messages and chat rooms, parental control, client STB pairing, fingerprinting.
  • Very efficient form factor: Supports cryptographic operations for up to 1M STBs in only 2RU (3.5”) rack space, and 4RU when 1:1 redundant.

In contrast to the legacy client security approach, Verimatrix offers a choice of:

  • Software clients for lower ARPU deployments.
  • Cardless system-on-chip (SOC) clients for hardware-level security without card logistics.
  • Smart card-based security for operators preferring removable security, including DVB-CI (Common Interface) and CI+ modules.

Verimatrix offers a more cost-effective approach that is ideal for:

  • Card-less security in client devices providing secure System-on-a-Chip (SOC) facilities.
  • Greenfield deployments, whether B2C or B2B
  • Pay-TV operators transitioning from analog to digital video broadcasting.
  • Operators wishing to complement or replace legacy DVB CA systems.
  • Operators planning advanced broadcast and IP/OTT hybrid services.

DVB-Hybrid Architecture

While early incarnations of hybrid architectures were concerned with combining managed IP networks (telco TV grade) with DVB cable and satellite delivery, there is now a shift towards combinations of services over managed DVB networks with unmanaged OTT ditto, fueled by the broad advancement and adoption of adaptive bitrate streaming protocols such as HLS. This shift enables an efficient network upgrade strategy for traditional broadcast operators:

  • RF broadcast linear content
  • Zapper and advanced hybrid STB clients featuring ViewRight ONE
  • Adaptive streaming linear and VOD services
  • Broadest range of CE device support through ViewRight Web clients

Future-Proofing the Platform

As the video distribution industry is undergoing rapid changes, Verimatrix is focused on providing future proof – investment proof – solutions. VCAS for DVB is designed to be future proof in many aspects that should be taken into account when selecting a content and revenue security system for broadcast (one-way) networks.

VCAS for DVB is part of the multi-network VCAS platform that addresses, among else, the following aspects:

  • Extension of operation to support video delivery over IP, either as IPTV or OTT, and hybrid DVB-IP/OTT
  • Video watermarking, a requirement for licensing of premium content in the “early release window.” The Verimatrix VideoMark® solution enables watermarking at the STB level.  Since content re-distribution is likely to be the main form of piracy form in the future, this kind of technology should be considered early.

SOC hardening and increased security and countermeasures in card-less solutions. Verimatrix STB chipset partners have included new security technology in their latest products, which Verimatrix makes use of in its ViewRight STB client when operators choose these latest SOCs.


Protect Against Piracy

The rapid growth of IPTV during the past several years has expanded the world of entertainment and programming choices coupled with innovative interactive capabilities. However, the very technologies that have made IPTV possible also pose a continuing threat to the business model underpinning such services. The threats of service theft and content piracy are legitimate concerns to rights owners and operators alike. It is of the utmost importance to the continued success of the IPTV industry that increasingly robust security technology can be developed and deployed in order to eliminate potential theft of service and content misuse.

Traditional conditional access systems were designed to combat security threats in one-way broadcast networks. However, the legacy CA design approach has been proven unsuitable for two-way, IP-based networks. Hence a different mindset and fresh approach was required for IPTV, as proven by Verimatrix while enabling many IPTV success stories around the world.

VCAS for IPTV incorporates pioneering and proven features that provide the widest revenue security perimeter, thus enabling complete transparency for legitimate content consumption while significantly raising the level of protection against piracy. The card-less solution is built on proven cryptographic and secure electronic transaction concepts used in e-commerce applications, accomplishing the highest levels of digital TV security as confirmed by several independent technology audits. Verimatrix is the recognized global market leader with 500+ IPTV deployments and winner of several technology awards.

VCAS for IPTV secures and enhances the revenue of IPTV networks as follows:

Standards-based, two-way Internet security protocols ensure a solid foundation.

  • ViewRight® downloadable, renewable security for IPTV clients, incl. connected TVs. It utilizes sophisticated security features of modern client device chip sets/SOCs.
  • A Public Key Infrastructure (PKI) public/private key pair system plus X.509 digital certificates, featuring VCAS key management methods already proven in large IPTV deployments globally.
  • Strong encryption using the robust AES-128 algorithm.
  • VideoMark™ user-specific forensic watermarking, with a unique and highly robust identifier that is traceable to the last authorized recipient.
  • Independently audited.

The Verimatrix approach to IPTV content and revenue security for managed networks is ideal for:

  • “Walled garden” IPTV services over managed networks with IP-based infrastructure: xDSL, FTTH, etc.
  • Multi-screen IPTV services to IP-STB/DVRs and connected TVs over managed networks.
  • Operators planning hybrid services, extending IPTV services with over-the-top (OTT) delivery and vice versa
  • Wholesale-retail content distribution, enabling a centralized, hosted service with local control options.
  • Hospitality applications, supported by an optimized VCAS for Hospitality Appliance and pricing.
  • Replacing legacy CA systems with card-less content security for IPTV and DVB hybrid networks.

Thanks to the system architecture and compact form factor, VCAS is inherently cost effective for the smallest hospitality deployment while field-proven to scale efficiently for tier 1 Pay-TV operations with millions of subscribers.

VCAS security has been approved by all major studios for protection of premium content as well as by all the major broadcasters. The VCAS security architecture has received very favorable results in independent audits and is the approved security choice in Pay-TV operator deployments on a worldwide basis. As the global leader in software-based security, VCAS offers flexibility in choice of client devices, broad middleware interoperability and proven scalability.


Internet TV

Proliferation of video services over the Internet and mobile networks presents both threats and opportunities, pushing Pay-TV operators to improve service offerings and operations to meet rapidly rising subscriber expectations. The Verimatrix VCAS architecture offers security convergence that addresses this new marketplace with a proactive revenue security and enhancement approach targeted at digital TV operators with IPTV, Hybrid, DVB or Mobile network architectures. VCAS integrates protection techniques for these managed networks with standards-based security for Internet TV delivery, using adaptive bitrate streaming protocols, to PCs and Macs, smart phones and tablets, and smart TVs/STBs.

VCAS for Internet TV, powered by the multi-network VCAS platform, provides a complete multi-screen security solution for OTT services over networks implementing the HTTP Live Streaming (HLS) protocol, including both live (broadcast) and video-on-demand content delivery. HLS, a form of adaptive bitrate streaming, provides automatic bitrate adaptation to allow a common video stream URL to be shared between devices that have different screen resolutions, processing power and available network bandwidth. This ensures the best possible viewing experience for any given combination of these parameters, even when devices roam between networks.

VCAS for Internet TV enhances the basic HLS security model with capabilities that support subscription and transaction based Pay-TV services. In particular, VCAS ensures that decryption keys are kept safe and distributed to authorized clients only. The software-based solution is built on proven cryptographic and secure electronic transaction concepts used in e-commerce applications, providing the same high level of digital TV security that Verimatrix is recognized for in 500+ IPTV deployments.

The Verimatrix ViewRight Web client supports mass-market CE devices enabled for HLS:

  • ViewRight Web for PC (Windows OS) and Mac OS
  • ViewRight Web for iOS (iPhone, iPad, iPad Mini, iPod Touch)
  • ViewRight Web for Android OS
  • ViewRight Web for Smart/Connected TV and STB

HLS is ideally suited to the challenges of mobile video and Internet TV:

  • Open standard allowing tight integration of the technology into VCAS head-end and client devices
  • Use of H.264 codecs and MPEG-2 Transport Stream format enables straightforward integration into existing digital TV head-ends
  • Adaptation to variable bandwidth and various display resolutions to ensure optimized user experience
  • Highly scalable with multiple network support: broadband, 3G/4G, Wi-Fi, etc.

Verimatrix offers a rapidly growing ecosystem including pre-integrations with leading encoding and streaming server vendors, and CE platforms.

VCAS for Internet TV can be deployed either as a standalone solution for dedicated OTT services, or as part of a multi-network solution including IPTV, DVB, Hybrid, and other network topologies under a unified VCAS security head-end. Furthermore, the VCAS MultiRights™ framework enables secure content distribution to off-the-shelf CE and mobile devices with native media players and non-Verimatrix DRM clients (e.g. Silverlight/PlayReady).

VCAS for Broadcast-Hybrid

Broadcast-Hybrid Solution

VCAS for Broadcast-Hybrid is a multi-network revenue security solution that draws on the strengths of the global number one VCAS for IPTV, and the highly successful VCAS for Internet TV, to better enable combinations of RF and multicast linear delivery with advanced adaptive bitrate streaming video services, while ensuring harmonized rights management for subscribers both at home and while on the go.

VCAS for Broadcast-Hybrid combines efficient and secure linear service delivery over RF networks with modern server-side, two-way key management, and fully  leverages enhanced HTTP Live Streaming (HLS) security for catch-up/on-demand and unicast linear services to hybrid STBs, mobile devices and smart TVs.

The solution is ideal for cable operators delivering a mix of RF and IP video services while wishing to migrate towards an all-IP delivery paradigm.

In addition, VCAS for Broadcast-Hybrid includes an integrated VideoMark forensic watermarking option, one of the many architectural features positioning this solution as fully anticipating new security regimes required for 4K/Ultra HD (UHD) service deployments:

  • Broadcast-Hybrid networks enable higher ARPU with unicast VOD and interactivity, supported through a Simulcrypt compliant ECM Generator for the broadcast network delivery
  • Standards-based, two-way Internet security protocols ensure a solid foundation
  • ViewRight® ONE client security architecture featuring downloadable, renewable security for hybrid devices and OTT clients
  • Same PKI and X.509 digital certificate principles as VCAS for IPTV, proven in Tier 1 deployments
  • Strong encryption using the robust AES-128 algorithm for IP and DVB-CSA for RF networks
  • Support for adaptive bitrate streaming protocols such as HLS and MPEG-DASH enables OTT delivery to hybrid STBs equipped with broadcast front-ends for DVB or ISDB-T
  • VideoMark™ user-specific forensic watermarking

The Broadcast-Hybrid approach combines efficient linear one-to-many content distribution with individual on-demand services. In the example below, managed broadcast network are combined with Internet TV services using HLS adaptive bitrate streaming:

  • RF broadcasting and/or IP multicasting of linear content
  • Adaptive bitrate streaming content, live and on-demand (unmanaged IP network)
  • [Optional] RTSP VOD content (managed IP network)
  • Key and entitlement management over IP network(s) only – no wasted broadcast bandwidth
  • Advanced hybrid STB clients based on ViewRight ONE

Broadest range of CE device support through ViewRight Web clients.

Verimatrix Multi-Rights

Multi-Network Multi-Screen Delivery

As video content becomes more diverse and ubiquitous, pay-TV operators must adapt their services to rising subscriber expectations. Operators are therefore increasingly targeting multiple screens, i.e. TVs, PCs and various mobile devices, in their attempts to offer competitive services and reach the widest possible audience, anywhere and anytime. Service convergence has become a market-driven imperative representing an upside opportunity for innovative service providers to expand revenues and differentiate service offerings.

Maximizing the monetization of content across a multi-network, multi-screen delivery environment comes with several challenges: when the operator wants to reach beyond its managed network to various types of mobile devices, including OTT video streaming delivery, the issue of incompatible Digital Rights Management (DRM) systems arises. Examples:

  • PlayReady DRM by Microsoft, and  Microsoft Silverlight DRM “powered by PlayReady”
  • Marlin DRM, adopted by Open IPTV Forum, UltraViolet (DECE) and YouView (UK)
  • AACS (Advanced Access Content System), supported by all Blu-ray players

The real business challenge is for operators to eliminate the distribution and consumption silos that often frustrate consumers and nudge them towards alternative sources. Therefore, the service provider needs to enable support for native DRM systems on the devices that they wish to provide services for, and to provide the user with a completely transparent consumption experience.

It is therefore only natural for digital TV operators to be looking to the content security community to solve the “transparency problem” that bedeviled the music industry in its transition to an online marketplace. Operators need to accommodate a diversity of receivers over broadcasting and IP networks, regardless of any embedded DRM, supporting fixed or mobile reception over both managed and unmanaged networks.

Verimatrix has devised a solution for these multi-platform challenges, called MultiRights™, providing DRM and content consumption transparency across networks and devices. MultiRights is a component within the multi-network Video Content Authority System (VCAS). MultiRights brings CE devices with embedded, non-Verimatrix clients under the VCAS unified revenue security umbrella together with other subscriber devices already incorporating Verimatrix ViewRight® clients. The goal is not “DRM unification” as much as user rights unification to enable transparent content consumption for the end-users.

The MultiRights framework allows for the inclusion of any third-party DRM scheme and client devices under the VCAS umbrella for complete end-to-end management of revenue security. MultiRights provides server-side support for secure content distribution to STBs, PCs, and off-the-shelf CE and mobile devices, when equipped with compatible media players and native DRM clients.

The MultiRights goal for the end-users is a completely transparent subscriber experience in a multi-DRM universe. The architecture enables MultiRights processed files to be transparently consumed on CE devices that include third-party DRM clients. MultiRights currently provides support for the following DRMs with others for consideration based on market demand:

  • Microsoft PlayReady DRM
  • Marlin DRM for Broadband

MultiRights can also integrate HLS-based video services through VCAS for Internet TV, which enables a complete IP-centric, multi-DRM delivery system for OTT networks:

  • Adaptive streaming linear and VOD services using HLS, Smooth Streaming and MPEG-DASH
  • Broadest range of CE device support through ViewRight Web and third-party DRM clients


Verimatrix, the leader in software-based security solutions, has created a 3-dimensional security approach that offers flexible layers of protection techniques. Their innovative solutions address evolving business needs and technology, trusted by premier service providers around the world. Because they specialize in securing and enhancing multi-network, multi-screen digital TV services on a global scale, we recommend them to anyone looking to improve their revenue and workflow in cable, satellite, terrestrial, IPTV, and OTT. The software is cost-effective and integrates seamlessly into hardware from our top manufacturers.

VCAS Solutions


ABS-CBN Cardless Security Case Study
ABS-CBN Cardless Security Case Study
Steve Christian, VP Marketing - Verimatrix
Steve Christian, VP Marketing - Verimatrix
Tom Munro, CEO, Verimatrix
Tom Munro, CEO, Verimatrix
Securing UHD / 4K Content
Securing UHD / 4K Content
How Com Hem Created Europe's Smartest TV Service
How Com Hem Created Europe's Smartest TV Service
Spencer Stevens, CTO, Sony Pictures Entertainment
Spencer Stevens, CTO, Sony Pictures Entertainment
Multi-network Solutions in the Real World, IBC 2013 -- Verimatrix
Multi-network Solutions in the Real World, IBC 2013 -- Verimatrix
Hybrid Network Solution Protection
Hybrid Network Solution Protection
Verimatrix - ANGA COM 2013
Verimatrix - ANGA COM 2013
Post SmartCard Era
Post SmartCard Era
Steve Oetegenn, Chief Sales and Marketing Officer - Verimatrix
Steve Oetegenn, Chief Sales and Marketing Officer - Verimatrix
OnTelecom Case Study Verimatrix
OnTelecom Case Study Verimatrix
Piracy in India
Piracy in India