Content Distribution
Ofthe LiveTV
Ka Connectivity System
April 3rd, 2014
LiveTV, 700 South Babcock Street Melbourne, FL 32901 USA
Phone: (321) 308-3900, FAX: (321) 308-3939
Email:
Copyright 2013 LiveTV™
All rights reserved.
The information contained in this document is confidential and proprietary to LiveTV™. No part of this publication may be reproduced, copied, or the information contained herein disclosed without the expressed permission of LiveTV.
LiveTV™ - Proprietary & Confidential / Page 1 of 34LiveTV Content Distribution for Ka Connectivity Project / April 3rd,2013
Revision History
Date / Revision / Author – Comments09Jul2013 / IR / B. Still – Initial Revision
16Jul2013 / 1.0 / B. Still – Incorporate comments from LiveTV and JetBlue
03Apr2014 / 1.1 / B. Still – Remove Cash N’ Carry capabilities
Acronyms
Acronym / DefinitionAAC / Advanced Audio Coding
ABS / Aircraft Base Station
AES / Advanced Encryption Standard
ASU / Airborne Server Unit
ATSC / Advanced Television Standards Committee
AVC / Advanced Video Coding
CDN / Content Distribution Network
CMS / Content Management System
CPS / Content Packaging Service
CRU / Control & Routing Unit
CWIP / Certified WideVine Integration Partner
DRM / Digital Rights Management
DSS / Data Security Standard
DVB / Digital Video Broadcasting
DVD / Digital Versitale/Video Disc
DVR / Digital Video Recorder
FAA / Federal Aviation Administration
HLS / HTTP Live Streaming
HTTP / HyperText Transport Protocol
HTTPS / HyperText Transport Protocol Secure
ISDB / Integrated Services Digital Broadcasting
ISO / International Organization Standard
IT / Information Technology
ITIL / Information Technology Information Library
KAMU / Ka Modem Unit
KCS / Ka Connectivity System
LCD
LED / Light Emitting Diode
LTV / LiveTV
LTV1 / LiveTV Product Line #1
LTV2 / LiveTV Product Line #2
LTV3 / LiveTV Product Line #3
MAC / Media Access Control
MLKS / Master License Key Server
MPAA / Motion Picture Association of America
MPEG / Moving Pictures Expert Group
MPEG2-PS / Moving Pictures Expert Group – Program Stream
MSS / Media Support Services
OS / Operating System
PCI / Payment Card Industry
PED / Passenger Electronic Device
PFW / Portal FrameWork
RAM / Random Accessible Memory
RTMP / Real-Time Messaging Protocol
SELinux / Security Enabled Linux
sFTP / Secure File Transport Protocol
SSID / Service Set Identification
STB / Set Top Box
TV / Television
URL / Uniform Resource Locator
US
VLAN / Virtual Local Area Network
VPN / Virtual Private Network
WADL / Wireless Aircraft Data Link
WAP / Wireless Access Point
WDU / Wireless Data Unit
WLLS / WideVine Local License Server
WVM / WideVine Media
Table of Contents
Revision History
Acronyms
Table of Contents
Table of Figures
1.Scope
1.1Purpose
1.2Definitions
1.2.1Asset
1.2.2Content
2.Overview
2.1System Capabilities
2.2System Architecture
2.2.1Studios/Labs
2.2.2Ground Segment
2.2.2.1Asset Repository
2.2.2.2Content Management System (CMS)
2.2.2.3Content Packaging Server (CPS)
2.2.2.4Master License Key Server (MLKS)
2.2.2.5Content Release Area
2.2.2.6Airport Base Station (ABS)
2.2.3Aircraft Segment
2.2.3.1Ka Modem Unit (KAMU)
2.2.3.2Wireless Data Unit (WDU)
2.2.3.3Control & Routing Unit (CRU)
2.2.3.3.1Local License Key Server
2.2.3.4Airborne Server Unit (ASU)
2.2.3.4.1ASU Portal
2.2.3.4.2ASU Server
2.2.3.5Wireless Access Point (WAP)
2.2.4PEDs
2.3Security Overview
2.3.1WideVine Technology
2.3.2Content Always Encrypted
2.3.3Restrict Access to Content
3.Content Lifecycle
3.1LiveTV Credentials
3.2Studio/Lab Selection and Authorization
3.3Studio/Labs to Asset Repository
3.4Content Management System
3.5CMS Publish
3.6WideVine DRM Packaging
3.7Distribution to Aircraft
3.7.1Ka Satellite Distribution
3.7.2Cellular Backhaul
3.7.3Wireless Aircraft Data Link (WADL)
3.8Content Installation/Activation
3.9Distribution to Passenger
3.10Passenger Electronic Device
3.10.1Laptops
The browser client plugin integrates into a Flash player via the addition of a small amount of ActionScript in the flow that will be used to deliver video on the content website.
3.10.2Android
3.10.3iOS Devices
3.11Destruction of Content
3.11.1CMS
3.11.2Content Release Area
3.11.3Aircraft
3.11.4PED
3.12Aircraft Maintenance
3.12.1ASU Installation
3.12.2ASU Failure
4.Content Format & Specifications
4.1Movie File Format
4.2Encrypted Asset
4.3WideVine Media Content
5.Deployment Schedule
5.1Schedule
5.2Roadmap
Table of Figures
Figure 1 System Architecture
Figure 2 Ground Segment
Figure 3 Aircraft Segment
Figure 4 Airborne Server Unit
Figure 5 Laptop DRM Solution
Figure 6 Android DRM Solution
Figure 7 Android Sequence
Figure 8 iOS DRM Solution
Figure 9 iOS Sequence
Figure 10 WideVine Architecture
Figure 11 DRM Roadmap
1.Scope
This section describes the scope of this document, including its purpose, overview and common definitions used throughout this document.
1.1Purpose
The purpose of this document is to communicate the basic concepts for LiveTV’s design for receiving, processing and distributing DVD Ready content through its Ka Connectivity system. Its intent is to provide details regarding the protections used throughout the system to protect the content from unlawful access and/or copying (i.e., piracy).
This document is intended to be shared with commercial airlines that are seeking to utilize LiveTV’s Ka Connectivity System (KCS) to distribute Late Window (also known as DVD ready) content obtained from major studios to their in-flight passengers. In order to accomplish this, the airlines, in conjunction with LiveTV and its partners, must obtain necessary approvals from the content providers (namely, major studios or their agents). This whitepaper is intended to provide the necessary information and details regarding the security aspects throughout the KCS system.
1.2Definitions
Throughout this whitepaper, the following definitions are used. Within this domain, there are several terms that are often misused. This section provides clear definitions as used within this document.
1.2.1Asset
An asset is a physical instance (typically a file) that contains the data that is to be rendered. Often, there are variations of an asset, such as resolution or language options. Each variant is a different asset instance, unless it is bundled with other variations. Examples of assets are an audio/video file (i.e., movie, TV show), audio(i.e., song or podcast) or digital formatted data (e-book etc.).
1.2.2Content
Content is the high level accumulation of one or more assets that when bundled together, corresponds to a deliverable user experience. This often consists of assets along with metadata (such as thumbnails, descriptions and authors of an asset). For a movie, content typically consists of the actual audio/video file, textual descriptions regarding the movie (synopsis/description, release date, actors/directors, MPAA rating etc.) and thumbnail images used to represent the move (i.e., move “poster”).
2.Overview
This section describes a system overview, describing key aspects of the overall KCS system, with primary focus on content and content delivery. From there, system block diagrams and key functional aspects of the system will be described.
2.1System Capabilities
The KCS system was developed primarily to provide high speed “At Home in the Air” experience for passengers flying on commercial aircraft. However, as is common with all satellite service providers, the aircraft is not always flying over an area that is covered by the satellite. Airlines that frequently fly over areas where coverage is weak or non-existent would like to provide locally stored premium content to their passengers where they can continue to use their Personal Electronic Device (PED). In order to do so, it is necessary for content to be provided over a public WiFi network on-board the aircraft.
Since content is distributed over this public network, it is necessary to prevent distribution of this content beyond the intended recipient. Furthermore, once the content has been viewed by a passenger, it should not be possible to record, copy and/or distribute this content to others.
Another aspect of the system is that most airline flights average about 2 hours, which is slightly longer in duration than most content. Since the content is distributed over Wi-Fi and it is against FAA regulations to use electronic devices below 10,000 feet, the average actual “view time” may be closer to 1 to 1 ½ hours, which would render most passengers unable to watch the ending of a movie.
The following sections describe the technical details of how the system provides these capabilities while maintaining high levels of security and protection of the content throughout the system.
2.2System Architecture
Figure 1 shows a top level system architectural view of the KCS system. It consists primarily of four components that will each be discussed in detail throughout the rest of this document.
Figure 1 System Architecture
2.2.1Studios/Labs
The studio/labs are entities that format and distribute the studio’s content to the airlines in a format specific to their use. In the KCS, the studios are selected and have arrangements with the airline. However, LiveTV acts as a service provider for managing and deploying that content to their aircraft. This is accomplished through LiveTV’s KCS system that includes both ground segment and Aircraft segment components used to distribute this content to passengers’ PEDs.
2.2.2Ground Segment
The ground segment is primarily responsible for receiving, processing, protecting and managing content prior to being distributed to the aircraft. Figure 2 shows the top level architecture of the ground segment.
Figure 2 Ground Segment
2.2.2.1Asset Repository
The asset repository holds asset files that have been delivered by the studio/labs. These files, while in the asset repository are encrypted using Secret agent encryption. Files are delivered by the studios using secure file transport protocols (sFTP). Once delivered to this location, the content is not accessible to the labs or to airline users.
2.2.2.2Content Management System (CMS)
The Content Management System is the primary interface tools to airline personnel and to LiveTV media support specialists. This tool allows the creation of user interface setting in association with the content, such as pricing, defining time at which content will be available to passengers and miscellaneous data associated with the content.
As part of defining content, the metadata must ultimately be associated with the asset data. In doing this, the CMS users are provided a listing of assets, but are not provided direct access to the content. To easily support this, the LiveTV content specifications specify strict naming conventions to easily select assets based on the file name.
2.2.2.3Content Packaging Server (CPS)
The Content Packaging Server is responsible for taking an encrypted asset file and applying DRM policies as well as additional security aspects to the content. This process is an automated process that is initiated when the CMS is directed to “publish” a release of content.
During this process, the encryption that is on the asset is removed and the DRM encryption is applied. During this process, the decrypted asset is never stored on a physical storage device, preventing any party from having access to any part of the asset.
The CPS requires keys from the Master License Key Server (MLKS), as well as policies that were previously defined and associated with the content. When all assets within the release have been packaged, the MLKS is queried for its “exportable” dataset that is associated with all the content for subsequent transfer to the aircraft.
Portions of the CPS are components that are provided by WideVine’s DRM solution, specifically the packaging components and are integrally tied in with the Master License Key Server. Details of these interactions are proprietary to WideVine. LiveTV does not modify these components in any way.
LiveTV has subcontracted Morega Systems (in Toronto, Canada) as its partner to integrate the WideVine components into the LiveTV system. Morega is a Certified WideVine Integration Partner (CWIP) by Google.
2.2.2.4Master License Key Server (MLKS)
The Master License Key Server is provided by Google and is used in accordance with their specifications. The primary interfaces to the MLKS are the ability of LiveTV to manage DRM policies on behalf of the studios and the airlines. These policies, once defined, are not expected to change frequently.
2.2.2.5Content Release Area
The Content Release area is used as the final destination for “published” content. This location is accessible by aircraft through Ka Satellite and Cellular methods (content access by WADL is by ABS, as discussed in 2.2.2.6). This storage area is protected by firewalls preventing unauthorized access, even though the content in this area is strongly encrypted through the DRM process.
2.2.2.6Airport Base Station (ABS)
In order to deploy the encrypted content to the aircraft efficiently and cost effectively, the content is replicated from the content release area to local storage areas (i.e., Airport Base Station servers) at various airports. These servers are in highly secure areas of the airports and have dedicated communications paths to LiveTV. Access to these servers is available only through Wi-Fi access and the internal LiveTV private network is used by aircraft to access the content that should be loaded.
This process and the ABS functionality is the same process that is being used on other LiveTV products that are hosting early window content. This process is shown in Appendix C.
2.2.3Aircraft Segment
The aircraft segment contains all the equipment that LiveTV provides to the airlines for providing access to the internet, as well as providing local storage and streaming capabilities to the passenger devices.Figure 3 shows a top level architecture of the aircraft segment components of the system.
Figure 3 Aircraft Segment
2.2.3.1Ka Modem Unit (KAMU)
The Ka Modem is the primary communications interface to the internet via the Ka band satellite. This element is not involved in the processing of content other than it provides some firewall protections, as externally generated internet requests are not allowed to the aircraft.
The CRU server ultimately manages all communications through the KAMU. Passenger traffic,when provided access to the internet, is routed through the KAMU.
2.2.3.2Wireless Data Unit (WDU)
The Wireless Data Unit is the primary communications interface to the internet over cellular networks. This element is not involved in the processing of content other than it provides some firewall protections, as externally generated internet requests are not allowed to the aircraft.
The CRU server ultimately manages all communications through the WDU. Passenger access to the internet is not allowed through the WDU.
2.2.3.3Control & Routing Unit (CRU)
The CRU is the primary management and control center for the aircraft. It manages the internal aircraft network, enabling and disabling network routes as conditions dictate. The CRU provides only minimal support for the distribution of content.
The CRU’s primary function as it relates to content is primarily administrative in nature. As passengers are authorized to receive content, the CRU maintains that information for several reasons. First, the CRU logs which user was authorized for which piece of content for logging and auditing purposes. Second, in the event that the system is rebooted (due to power loss or manual override during flight), the system can restore passengers to their previously authorized content.
When a passenger is provided access to view a movie, the local WideVine license server (located on the aircraft) is queried by the WideVine component on the client application on the PED using WideVine’s proprietary protocols and security measures. In this role, the CRU only contributes by providing a secure environment and hosting the local license server.
2.2.3.3.1Local License Key Server
The Local License Key Server is provided by Google/WideVine as part of our agreements. This application simply provides the local keys for content.
2.2.3.4Airborne Server Unit (ASU)
The ASU has two primary functions on the aircraft. The first function is that it provides the user interface for the system in the form of a portal. The second component provides basic functions in which the portal can securely interface with other parts of the system, primarily the CRU. These functions are discussed in the sections below. Figure 4 shows an overview of the ASU.
Figure 4 Airborne Server Unit
2.2.3.4.1ASU Portal
The portal is executed in a virtual environment separated from the rest of the system, primarily for security reasons. The portal interacts with the rest of the systems through a set of web services that are collectively called the Portal Framework (PFW). The PFW communicates to the CRU over a proprietary protocol over a dedicated VPN making it impossible for unauthorized devices from communicating with core functions. Passenger devices do not have direct access to this the PFW, and as such do not have access to services that control the authorization of content or to the local license key server on the CRU.
2.2.3.4.2ASU Server
The ASU server provides basic functions for managing the ASU “subsystem”, including aspects such as initialization, establishing network security measures and providing the bulk storage for all content. The ASU runs under SELinux (a secure version of standard Linux) with strict permissions.
The ASU hosts the content in a “content partition”, which is not accessible directly by passengers. Instead, this area must be “given” access, as a request by the portal after the content has been purchased. This content is “enabled” for each specific user, even though the content is stored in the WideVine DRM encrypted format.
Another key function is that it hosts the WideVine Local License Server (WLLS). This server receives the various asset encryption keys from the Master License Key Server (see 2.2.2.4), and provides them to the WLLS so that the content ultimately be decrypted at the appropriate time.
2.2.3.5Wireless Access Point (WAP)
The WAP is a simple access point controller that is configured to provide SSIDs for various user groups, one of which is a PASSENGER group. By associating SSIDs to VLANs, the CRU router can prevent unauthorized routing and/or access to the CRU and/or the ASU.
While content flows through the WAP, the content is still in WideVine DRM encrypted format. Even though the WideVine keys are communicated to the PED via the WAPs, those keys are encrypted utilizing WideVine specific encryption. As such, a man in the middle does not have the capability to intercept the content and/or keys and decode the content.
2.2.4PEDs
The PEDs are personal mobile devices that are brought onto the aircraft by passengers. These devices are used to access both local networking services as well as the internet through the components provided within the aircraft segment.