CONFIDENTIAL FILMBANK (UK) Hotel PTV/VOD System Overview Survey HD Content for Otrum interactive system For SD and HD content resolution Written by Per Ivar Pedersen Revision B8 OTRUM R&D Arendal Friday, 28 July 2017 CONFIDENTIAL General Information 1. Date: 9 November 2010 2. Company Name: OTRUM GmbH, Borsigstrasse 2, D-47574 Goch, Germany 3. Headquarters/Address: OTRUM ASA, Nedre Vollgate 11, N-0158 Oslo, Norway 4. Service Name: Otrum HD Content 5. Media License: Hotel PPV & VOD 6. Sales Contact Name(s)/Telephone/Email: Elke Kaiser, OTRUM GmbH, phone +49 28 23 97 65 10, [email protected] 7. Term of Deal: Not Applicable 8. Technical/Technology Contact Name(s)/Telephone/Email: Per Ivar Pedersen, OTRUM ASA, phone +47 97587109, [email protected] 9. Content Security/Encryption Contact Name(s)/Telephone/Email: Per Ivar Pedersen, OTRUM ASA, phone +47 97587109, [email protected] 10. Is your request for approval of an SD or HD system? Request is for HD system (SD is already approved) 11. Business Proposition Overview: Main change from present system is to expand offering with HD content. 12. System Block Diagram(s) and Architecture Description: (detailed specification in Appendix A) Verimatrix encrypted content is transferred via Broadband Internet link to assigned sites (hotels) as a Unicast IP stream over Internet lines including AES 128 encryption. Only sites that are entitled to a given content are able to receive this content: this is handled by some region indicators and specific decrypting keys. On reception, the content is decrypted and stored scrambled on a video server. Digital video is played out from server by digital steaming video. 13. What is your Content delivery Requirement? The files from Filmbank are Digidelivered to OTRUM true Internet FTP. 14. What line standard is ordered, NTSC or PAL? -PAL 15. What aspect ratio is ordered (4:3 or 16:9)? -16:9 16. How many video or data output file copies are created (i.e. head-end, distribution center)? Under what conditions files are created? Please be specific: Received content from Filmbank is processed at our Otrum content office in Germany (Goch). One copy is stored at this location. Content is distributed to the hotel through a Internet based IP network. One copy is stored in each hotel that is entitled to a specific content. This copy is deleted from a content hard-disk, as soon as content viewing period is over. 17. Is content streamed or downloaded to end-user? -Content is streamed to end-user inside hotel network. 18. How is content delivered to the end-user? E.g. over fiber, coaxial, XDSL or other: -Coax, CAT 5/6 of fiber networks. Page 2 of 18 CONFIDENTIAL 19. What range of screen sizes and resolutions are available for consumer presentation? -22, 26, 32, 37, 42, 47 inches LCD’s screens. -HD ready or Full HD. Page 3 of 18 CONFIDENTIAL Detailed Information 1. Transmission Scheme: To Your Central Site/NOC: Transmission over a broadband IP internet access to the hotel servers. All movies are pre encrypted at OTRUMs Content Operation Department with Verimatrix encryption. The Movie is encrypted utilizing an inner / outer encryption scheme. The inner encryption is provided by Verimatrix and is only decrypted in realtime in the STB in memory before forwarding the stream to TV screen utilizing HDCP encryption over HDMI. The outer encryption is AES128 and is used for additional security when transporting the movie from OTRUMs Content Distribution server system centrally and over the Internet to the hotels streaming video servers. The technique for distribution of the inner / outer encrypted movie is based on our flavor of a private closed torrent communication control system (over SSL). After inner / outer encryption movies is sliced into thousands of pieces at distribution time. Each piece is then implicit in this scheme encrypted with Verimatrix + AES128 in the transport link so therefore additional PTP encryption tunneling between central and hotel as a third level of encryption is not added. Each piece is distributed as individual delivery. Pieces are delivered between central and hotels in random order. All hotels communicate torrent control communication over an SSL encrypted connection (not movie fragments). To strengthen the security even further all hotels identifies themselves over this SLL encrypted link with their individual GUID (128 bit random id) which on top of that may be changed at any point in time. (See appendix A and B) To The Consumer: -Streamed on Otrum digital system (see appendix D) 2. Where in the entire distribution chain are servers located? What are their sizes and expansion capabilities? Include library size capacities by location. What are deletion/degaussing procedures? -Distribution Servers are located centrally in OTRUM’s network and on hotels as head end equipment. Typical size is 1 TB storage at hotel and several TB centrally expandable by needs. Movies are deleted from the hotels when the agreement for the individual hotel regarding a movie is expired. Movies are deleted centrally when the agreement for the movie is generally expired. 3. Describe overall Security Architecture: What are the security provisions in place for the servers and their environments listed above? Include both physical plant and logical systems used: All movies are encrypted with individual keys BEFORE they are moved to the distribution server. Servers are running Windows operating systems and is secured by user accounts. The first layer of movie encryption (Verimatrix) is for secured streaming at the hotel. The second level of movie encryption (AES128) is added for extra security when the movies are transported over the Internet to hotels. Movies are always stored centrally and at the hotel in an encrypted state. The encrypted state is kept all the way from preparation before the movies are added to distribution servers and all the way to the TV screen. All servers are located in locked technical rooms. Content is not stored in raw MPEG format in any of the servers, at any moment. 4. List key technology vendors for system. (Servers, Transport, Security, etc.): Hardware -Video server from Bull or IBM. -IPTV from AppearTV -IP communication over Coax from Kathrein. -Firewall from Portwell Page 4 of 18 CONFIDENTIAL Software -On main server Windows 7 operating system. (During 2011 we will move to Linux operating system) - Sun Microsystems utilizing Java, - Generic AES128, - Verimatrix VCAS 3 - On Firewall Linux operating system 5. Identify/describe throughout the entire distribution chain where content is in the Digital Form and where it is in the Analog Form: Content is not in analogue form in any point of distribution chain. 6. Identify/describe Content encryption scheme for the entire distribution chain. Include encryption and decryption points throughout the chain: Content is first scrambled (using a Verimatrix) then on top of that encrypted with a 128 bits key AES algorithm. This task is performed at our Movie Content Operation Department. Content is decrypted in the Hotel(s) server(s) after reception. Content is not descrambled and stored in the scrambled format. Content is first descrambled in real time at play time. Page 5 of 18 CONFIDENTIAL 7. Identify/describe key management scheme for entire distribution chain. The architecture and process are depicted and described further below. Figure: VOD Encryption Manager - Architecture and Process • Content encrypted and authorized at wholesale VCAS using VPP and VRUN (steps 1,2,3) • Apply specific encryption parameters (copy control) • Encrypted file moved to hotels (4) • VRUN ingest process runs on transfer completion (5) • RKE fetches keys for each file from wholesale VCAS (6) • Insert moviename, movieID and key in retail VCAS (7) • Re-write movieID in encrypted file (8) and authorize 8. Describe the user interface. (Proprietary Player or third party?): The user interface on both the TV and system computers are the OTRUM proprietary pay-TV and VOD interface. For users, films may be retrieved on demand (VOD) or distributed according to a schedule on a number of fixed channels. VOD movies are selected through a graphical interface that displays the film cover picture and a synopsis. Schedule movies are opened from a banner page when zapping to one of the fixed Pay-TV channels. In all cases, user has to enter a secret pin code or give his/hers room number; purpose of this procedure is to reduce the amount of complains at check-out. 9. Identify/describe Digital Rights Management scheme. Include features and information relating to links to clearinghouse functions through to the consumer: A region is a group of hotels that share the same play-list. Play-list information includes film reference, playing period, etc… Play-lists are sent encrypted and can only be received by the correct region with the correct Region Key. Play-lists contain also information about films decrypting keys for that region. This implies that a region can only receive and decrypt films that are allowed for that region. 10. Patent (IP) Information (filings, patents issued): None. Page 6 of 18 CONFIDENTIAL 11. Deployment Schedule (By date/location/volume or attach schedule): Our digital service is operative today through the distribution of film update thru Internet lines or by USB disks that are sent (by post) to the respective hotels. Page 7 of 18 CONFIDENTIAL Client Device Information (Set-Top-Box, PC, or other peripheral): 1. Client Device(s): Manufacturer(s), Model(s) -Client device is any screen capable of handling the PAL standard and 16:9 pictures. -Added requirement on Otrum digital system is that screen must have HDMI input. -Otrum STB has its own enclosure. 2. Device Specifications: Open Standards or Proprietary? I/O Configuration. Local Storage? Smart Card? PVR Functionality? Tamper Resistance? 3. I/O Copy Protection? I/O Interface to Other Devices? Open Standards (DVB-C, Docsis, MPEG2, MPEG4, , HDMI, HDCP) Proprietary (Verimatrix encryption, Control data between client device and Otrum server) 2 * Ethernet HDMI RS 232 (RJ 11) USB Power 2 * F connector for Coax (RF in / RF out) Analogue Audio out (for bathroom speaker) On card Flash / RAM Not Applicable Not Applicable Cable connectors on interactive card side are inside enclosure. Cable connectors on other end are accessible for end user. HDMI we use HDCP RS 232 communication to screen IP over Ethernet and coax communication to Otrum server USB communication to media hub Plans/Design goals for next generation client device development? When? -No current development ongoing Page 8 of 18 CONFIDENTIAL Server Information 1. 2. Server: Manufacturer(s), Model(s): Video servers are BULL video servers or equivalent platform (using same hardware platform). Main feature are: • Bull Streaming Video Server (with OTRUM Evolution / Enterprise) 25 to 200 streams out • Raid 1 disk system (mirroring), 2 * 1TB HDD • 2 x 1Gb/s channels Ethernet cards • Windows 7 Operating System (During 2011 Linux OS) • Dual Core 3040 (1,86GHz), 3060 (2,4GHz) or Quad Core X3210 (2,13GHz), X3220 (2,4GHz) processors • One PCIe slot 3. Server Storage (capacity): At Central Site (if applicable)? At edge/head end (if applicable)? Central Site: 2 TBytes, Head-end: 1 TBytes. 4. Back channel reporting capability. What are reporting capabilities of the system? (Please attach copies of sample reports.): reporting is done through a log file (Appendix C) that is retrieved through an IP backbone. Key Questions 1. Will the program be encrypted using AES (Advanced Encryption Standard) with 128-bit key length. Yes__X_ No___ Explain variance: AES128 Will is used for transport of movies over the Internet. Verimatrix will be used for movie playback encryption. 2. Will video be encoded using MPEG 2 (ISO/IEC 13818-2)? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 3. Will video be encoded with a resolution of 352 X 480 MPEG –2? Yes___ No_X__ Explain variance: 720 X 576 - SD (PAL) MPEG-2. 720 P- HD (PAL) MPEG-2 Page 9 of 18 CONFIDENTIAL 4. Will the encoded bit rate be no less that 3.5 Mbps Constant Bit Rate (CBR)? Note: Provisions for VBR encoding may be included in a future release of this specification based on availability of technology to support VBR. VBR streams shall also provide the capability to process CBR streams in order to be considered compliant with this specification. Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 5. Content may be encoded at either 4:3 or 16:9 aspect ratios. Utilizing single source mastering to derive a 4:3 aspect ratio from material encoded at 16:9 is strictly prohibited. PEL Aspect Ratio must be in accordance with ITU Recommendation ITU REC-R BT.601.4 (1:1.095). Will proposed system and process fully comply with the above-mentioned requirement? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 6. Will intellectual property be protected at all times from unauthorized access? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 7. Will content be encrypted whenever it is being transferred between secure processing or storage facilities? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ Page 10 of 18 CONFIDENTIAL 8. System shall offer no provisions to electronically off-load the decrypted content stored on VOD server other than for the delivery of content within the system itself. Will proposed system and process fully comply with the above-mentioned requirement? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 9. In all distribution equipment located on Hotel premises, is the content stored in encrypted format using 128 bit AES ? Yes___ No__X_ Explain variance: In the distribution chain the movie files is encrypted with Verimatrix inner encryption and AES128 outer encryption. On the Digital Streaming Server at the hotel the Verimatrix encryption is kept for streaming. 10. Is all digital content streaming and/or transfer of video content from Hotel distribution equipment encrypted with 128 bit AES ? Yes__X No___ Explain variance: 11. Are all analog outputs of Set Top Boxes protected with Macrovision? NA Explain variance: No analogue video outputs available on card 12. Does the system prohibit content streaming or transfer to computers ? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ Page 11 of 18 CONFIDENTIAL 13. Are all digital outputs of Set Top Boxes protected with HDCP or DTCP ? Yes_X__ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 14. Does the system ensure either that the analogue outputs are disabled or that no content of greater resolution than Standard Definition is transmitted from the analogue outputs? Yes X__ No___ Explain variance: No analogue video outputs available on card 15. Does the system cryptographically authenticate end user device using keys securely provisioned into and stored in the end user device before delivering either content or keys to end user devices? Yes X_ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 16. Do the system’s end user devices support cryptographic verification of all end user device software before execution? Yes X_ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ 17. Does the system support secure remote update of the end user device software, with all software updates being cryptographic verified by the end user device before being applied? Yes X_ No___ Explain variance: _____________________________________________________________________ ___________________________________________________________ Page 12 of 18 CONFIDENTIAL 18. Does the system support use of digital watermarking of streams delivered to room with a watermark individualized to each hotel room and session? If so, please state the supplier of the watermark technology. Yes X_ No___ Explain variance: Supplier of watermarking solution is Civolution and solution name is NexGuard 19. Are all content encryption keys securely delivered to the end user device or securely generated in the end user device? If so, please state how this is done. Yes X_ No___ Explain variance: 20. Please list type (PC, STB, other device), make and model number of all authorized end user devices. -Otrum STB model number HD-IBOX2 Page 13 of 18 CONFIDENTIAL APPENDIX A: System Architecture Page 14 of 18 CONFIDENTIAL APPENDIX B: Distribution System block diagram System management and Communication from NOC to hotel Communication NOC (main seeder) to hotel and hotel to hotel Page 15 of 18 CONFIDENTIAL Page 16 of 18 CONFIDENTIAL APPENDIX C: PayTV/VOD report log Testrack QA1, Færvik 19 Pay Per Day Date 03.03/04 Time 11:58:54 Room 101 InternetOnTv S0 Type 0 Date 12.03/04 Time 13:16:15 Room 203 InternetOnTv S0 Type 0 Date 15.03/04 Time 12:24:26 Room 1001 LapTop Connection L0 Type 0 Date 15.03/04 Time 13:16:50 Room 854 LapTop Connection L0 Type 0 Date 24.03/04 Time 09:20:31 Room 103 Film V2 Type 3 Date 24.03/04 Time 09:36:37 Room 201 Film V2 Type 3 Date 24.03/04 Time 09:57:22 Room 101 Film V1 Type 3 Date 24.03/04 Time 10:18:07 Room 1001 Film V1 Type 3 Date 30.03/04 Time 12:16:58 Room 65 Film E10 Type 1 Date 30.03/04 Time 12:38:39 Room 167 Film E10 Type 1 Date 31.03/04 Time 10:00:27 Room 345 Film E7 Type 1 Date 31.03/04 Time 10:00:27 Room 99 Film E8 Type 1 Date 31.03/04 Time 10:00:27 Room 101 Film E10 Type 1 Date 31.03/04 Time 10:00:27 Room 234 Film E11 Type 1 Date 31.03/04 Time 11:13:28 Room 456 Film E7 Type 1 Date 31.03/04 Time 11:13:28 Room 67 Film E8 Type 1 Date 31.03/04 Time 11:13:28 Room 123 Film E10 Type 1 Date 31.03/04 Time 11:13:28 Room 101 Film E11 Type 1 Date 31.03/04 Time 11:47:54 Room 345 Film E7 Type 1 Date 31.03/04 Time 11:47:54 Room 156 Film E8 Type 1 Date 31.03/04 Time 11:47:54 Room 456 Film E10 Type 1 Date 31.03/04 Time 11:47:54 Room 346 Film E11 Type 1 Date 31.03/04 Time 12:25:15 Room 102 InternetOnTv S0 Type 0 Date 31.03/04 Time 13:31:10 Room 877 Film E7 Type 1 Date 31.03/04 Time 13:31:10 Room 128 Film E8 Type 1 Date 31.03/04 Time 13:31:10 Room 156 Film E10 Type 1 Date 31.03/04 Time 13:31:10 Room 321 Film E11 Type 1 <-- VOD <-- PayTV Page 17 of 18 CONFIDENTIAL APPENDIX D: System block diagram (Otrum Digital system) Ethernet network based system Coax network based system Page 18 of 18
© Copyright 2026 Paperzz