VOD-SVOD-EST-PayTV Content Protection Schedule V1.3.13, c-b.doc

Schedule C [VOD-EST-PayTV]

Content Protection Requirements And Obligations

This Schedule C is attached to and a part of that certain [______Agreement, dated ______(the “Agreement”), between/among ______]. All defined terms used but not otherwise defined herein shall have the meanings given them in the Agreement.

General Content Security & Service Implementation

  1. Content Protection System. All content delivered to, output from or stored on a device must be protected by a contentprotection system that includes a digital rights management or conditional access system, encryption and digital output protection (such system, the “Content Protection System”).
  1. The Content Protection System shall:

(i)be approved in writingby Licensor (including any significant upgrades or new versions, which Licensee shall submit to Licensor for approval upon such upgrades or new versions becoming available, or any upgrades or new versions which decrease the level of security of the Content Protection System), and

(ii)be fully compliant with all the compliance and robustness rules associated therewith, and

(iii)use rights settings that are in accordance with the requirements in the Usage Rules, this Content Protection Schedule and this Agreement, and

(iv)be an implementation of one the content protection systems approved for UltraViolet services download by the Digital Entertainment Content Ecosystem (DECE), and said implementation meets the compliance and robustness rules associated with the chosen UltraViolet approved content protection system, or

(v)in the case of steraming only, and not for downlaoad, be an implementation of one the UltraViolet Approved Stream Protected Technologies, as specified by the Digital Entertainment Content Ecosystem (DECE), and said implementation meets the compliance and robustness rules associated with the chosen UltraViolet Approved Stream Protected Technology, or

(v)(vi)be an implementation of Microsoft WMDRM10 and said implementation meets the associated compliance and robustness rules, or

(vi)(vii)if a conditional access system, be a compliant implementation of a Licensor-approved, industry standard conditional access system, or

(vii)(viii)be a compliant implementation of other Content Protection System approved in writing by Licensor.

The UltraViolet approved content protection systems and Approved Stream Protected Technologies are:

  1. Marlin Broadband
  2. Microsoft Playready
  3. CMLA Open Mobile Alliance (OMA) DRM Version 2 or 2.1
  4. Adobe Flash Access 2.0 (not Adobe’s Flash streaming product)
  5. Widevine Cypher ®
  1. Cisco PowerKe
  2. Marlin MS3 (Marlin Simple Secure Streaming)
  3. Microsoft Mediarooms
  4. Motorola MediaCipher
  5. Motorola Encryptonite (also known as SecureMedia Encryptonite)
  6. Nagra (Media ACCESS CLK, ELK and PRM-ELK)
  7. NDS Videoguard
  8. Verimatrix VCAS and PRM
  1. If Licensee supports or facilitates any content sharing or upload service for its Users, the Licenseed Service shall use appropriate technology (e.g. digital fingerprint and filtering techniques) to prevent the unauthorized delivery and distribution of Licensor’s content across such content sharing or upload services.

YouView (UK only)

  1. Licensor content streamed to YouView clients shall:
  2. be protected using “Device authentication and encrypted content delivery” using Marlin Simple Secure Streaming (MS3) as specified in section 3.5, “Device authentication and encrypted content delivery” of Chapter X of the YouView Core Technical Specifications, Version 1.0,or
  3. be protected using Marlin Broadband as specified in “Device authentication and encrypted content delivery”, as specified in section 3.6 of Chapter X of the YouView Core Technical Specifications, Version 1.0.
  4. NOT be streamed by any other YouView method.
  5. Download of Licensor content to YouView clients shall use Marlin Broadband as specified in “Device authentication and encrypted content delivery” as specified in section 3.6 of Chapter X of the YouView Core Technical Specifications, Version 1.0,only. Download of Sony Pictures Entertainment content over any other YouView method is not permitted.
  6. In all cases, outputs shall be as protected as specified in section 3.9 “Output controls” of Chapter X of the YouView Core Technical Specifications, and Licensee shall in all cases signal that HDCP shall be applied.

CI Plus

  1. AnyConditional Access implemented via the CI Plus standard used to protect Licensed Content must support the following:
  2. Have signed the CI Plus Content Distributor Agreement (CDA), or commit in good faith to sign it as soon as reasonably possible after the Effective Date, so that Licensee can request and receive Service Operator Certificate Revocation Lists (SOCRLs). The Content Distributor Agreement is available at .
  3. ensure that their CI Plus Conditional Access Modules (CICAMs) support the processing and execution of SOCRLs, liaising with their CICAM supplier where necessary
  4. ensure that their SOCRL contains the most up-to-date CRL available from CI Plus LLP.
  5. Not put any entries in the Service Operator Certificate White List (SOCWL, which is used to undo device revocations in the SOCRL) unless such entries have been approved in writing by Licensor.
  6. Set CI Plus parameters so as to meet the requirements in the section “Outputs” of this schedule:

Streaming

  1. Generic Internet Streaming Requirements

The requirements in this section 5 apply in all cases where Internet streaming is supported.

8.1.Streams shall be encrypted using AES 128 (as specified in NIST FIPS-197) or other robust, industry-accepted algorithm with a cryptographic strength and key length such that it is generally considered computationally infeasible to break.

8.2.Encryption keys shall not be delivered to clients in a cleartext (un-encrypted) state.

8.3.The integrity of the streaming client shall be verified before commencing delivery of the stream to the client.

8.4.Licensee shall use a robust and effective method (for example, short-lived and individualized URLs for the location of streams) to ensure that streams cannot be obtained by unauthorized users.

8.5.The streaming client shall NOT cache streamed media for later replay but shall delete content once it has been rendered.

  1. Microsoft Silverlight

The requirements in this section “Microsoft Silverlight” only apply if the Microsoft Silverlight product is used to provide the Content Protection System.

9.1.Microsoft Silverlight is approved for streaming if using Silverlight 4 or later version.

  1. Apple http live streaming

The requirements in this section “Apple http live streaming” only apply if Apple http live streaming is used to provide the Content Protection System.

10.1.Licensee shall migrate from use of the Apple-provisioned key management and storage for http live streaming (“HLS”) (implementations of which are not governed by any compliance and robustness rules nor any legal framework ensuring implementations meet these rules) to use (for the protection of keys used to encrypt HLS streams) of an industry accepted DRM or secure streaming method which is governed by compliance and robustness rules and an associated legal framework, within a mutually agreed timeframe.

10.2.Http live streaming on iOS devices may be implemented either using applications or using the provisioned Safari browser.

10.3.iOS applications shall, during the display of Licensor content, disable and disallow Airplay and mirroring , for both audio and video.

10.3.10.4.The URL from which the m3u8 manifest file is requested shall be unique to each requesting client.

10.4.10.5.The m3u8 manifest file shall only be delivered to requesting clients/applications that have been authenticated in some way as being an authorized client/application.

10.5.10.6.The streams shall be encrypted using AES-128 encryption (that is, the METHOD for EXT-X-KEY shall be ‘AES-128’).

10.6.10.7.The content encryption key shall be delivered via SSL (i.e. the URI for EXT-X-KEY, the URL used to request the content encryption key, shall be a https URL).

10.7.10.8.Output of the stream from the receiving device shall not be permitted unless this is explicitly allowed elsewhere in the schedule. No APIs that permit stream output shall be used in applications (where applications are used).

10.8.10.9.The client shall NOT cache streamed media for later replay (i.e. EXT-X-ALLOW-CACHE shall be set to ‘NO’).

10.9.10.10.iOS implementations (either applications or implementations using Safari and Quicktime) of http live streaming shall use APIs within Safari or Quicktime for delivery and display of content to the greatest possible extent. That is, implementations shall NOT contain implementations of http live streaming, decryption, de-compression etc but shall use the provisioned iOS APIs to perform these functions.

10.10.10.11.iOS applications, where used, shall follow all relevant Apple developer best practices and shall by this method or otherwise ensure the applications are as secure and robust as possible.

10.11.10.12.iOS applications shall include functionality which detects if the iOS device on which they execute has been “jailbroken” and shall disable all access to protected content and keys if the device has been jailbroken.

REVOCATION AND RENEWAL

  1. The Licensee shall have a policy which ensures that clients and servers of the Content Protection System are promptly and securely updated, and where necessary, revoked, in the event of a security breach (that can be rectified using a remote update) being found in the Content Protection System and/or its implementations in clients and servers. Licensee shall have a policy which ensures that patches including System Renewability Messages received from content protection technology providers (e.g. DRM providers) and content providers are promptly applied to clients and servers.

ACCOUNT AUTHORIZATION

  1. Content Delivery. Content, licenses, control words and ECM’s shall only be delivered from a network service to registered devices associated with an account with verified credentials. Account credentials must be transmitted securely to ensure privacy and protection against attacks.
  2. Services requiring user authentication:

The credentials shall consist of at least a User ID and password of sufficient length to prevent brute force attacks, or other mechanism of equivalent or greater security (e.g. an authenticated device identity).

Licensee shall take steps to prevent users from sharing account credentials. In order to prevent unwanted sharing of such credentials, account credentials may provide access to any of the following (by way of example):

­purchasing capability (e.g. access to the user’s active credit card or other financially sensitive information)

­administrator rights over the user’s account including control over user and device access to the account along with access to personal information.

RECORDING

  1. PVR Requirements. Any device receiving protected content must not implement any personal video recorder capabilities thatallow recording, copying, or playback of any protected content except as explicitly allowed elsewhere in this agreement and except for a single, non-transferrable encrypted copy on STBs and PVRs, recorded for time-shifted viewing only, and which is deleted or rendered unviewable at the earlier of the end of the content license period or the termination of any subscription that was required to access the protected content that was recorded.
  2. Copying. The Content Protection System shall prohibit recording of protected content onto recordable or removable media, except as such recording is explicitly allowed elsewhere in this agreement.

Embedded Information

  1. The Content Protection System or playback device must not intentionally remove or interfere with any embedded watermarks or embedded copy control information in licensed content.
  2. Notwithstanding the above, anyalteration, modification or degradation of such copy control information and or watermarking during the ordinary course of Licensee’s distribution of licensed content shall not be a breach of this Embedded Information Section.

Outputs

  1. Analogue and digital outputs of protected content are allowed if they meet the requirements in this section and if they are not forbidden elsewhere in this Agreement..
  2. Digital Outputs. If the licensed content can be delivered to a device which has digital outputs, the Content Protection System shall prohibit digital output of decrypted protected content. Notwithstanding the foregoing, a digital signal may be output if it is protected and encrypted by High-BandwidthDigital Copy Protection (“HDCP”) or Digital Transmission Copy Protection (“DTCP”).
  3. A device that outputs decrypted protected content provided pursuant to the Agreement using DTCP shall:
  4. Map the copy control information associated with the program; the copy control information shall be set to “copy never” in the corresponding encryption mode indicator and copy control information field of the descriptor;
  5. At such time as DTCP supports remote access set the remote access field of the descriptor to indicate that remote access is not permitted.
  6. Exception Clause for Standard Definition (only), Uncompressed Digital Outputs on Windows-based PCs, Macs running OS X or higher, IOS and Android devices). HDCP must be enabled on all uncompressed digital outputs (e.g. HDMI, Display Port), unless the customer’s system cannot support HDCP (e.g., the content would not be viewable on such customer’s system if HDCP were to be applied).
  7. Upscaling: Device may scale Included Programs in order to fill the screen of the applicable display; provided that Licensee’s marketing of the Device shall not state or imply to consumers that the quality of the display of any such upscaled content is substantially similar to a higher resolution to the Included Program’s original source profile (i.e. SD content cannot be represented as HD content).

]Geofiltering

  1. Licensee must utilize an industry standard geolocation service to verify that a User is located in the Territory that must:
  2. provide geographic location information based on DNS registrations, WHOIS databases and Internet subnet mapping.
  3. provide geolocation bypass detection technology designed to detect IP addresses located in the Territory, but being used by Users outside the Territory.
  4. use such geolocation bypass detection technology to detect known web proxies, DNS based proxies, anonymizing services and VPNs which have been created for the primary intent of bypassing geo-restrictions.
  5. Licensee shall use such information about User IP addresses as provided by the industry standard geolocation service to, prevent access to Included Programs, via the SVOD Service, from Users outside the Territory.
  6. Both geolocation data and geolocation bypass data must be updated no less frequently than every two (2) weeks.
  7. Licensee agrees to periodically review geofiltering tactics during the Term of this Agreement.

23.Licensee shall take affirmative, reasonable measures to restrict access to Licensor’s content to within the territory in which the content has been licensed.

24.Licensee shall periodically review the effectiveness of its geofiltering measures (or those of its provider of geofiltering services) and perform upgrades so as to maintain “state of the art” geofiltering capabilities. This shall include, for IP-based systems, the blocking of known proxies.

  1. Without limiting the foregoing, Licensee shall utilize geofiltering technology in connection with each Customer Transaction that is designed to limit distribution of Included Programs to Customers in the Territory, and which consists of (i) for IP-based delivery systems, IP address look-up to check for IP address within the Territory and (ii) either (A) with respect to any Customer who has a credit card or other payment instrument (e.g. mobile phone bill or e-payment system) on file with the Licensed Service, Licensee shall confirm that the payment instrument was set up for a user within the Territory or (B) with respect to any Customer who does not have a credit card or other payment instrument (e.g. mobile phone bill or e-payment system) on file with the Licensed Service, Licensee will require such Customer to enter his or her home address (as part of the Customer Transaction) and will only permit the Customer Transaction if the address that the Customer supplies is within the Territory.

Network Service Protection Requirements.

  1. All licensed content must be received and stored at content processing and storage facilities in a protected and encrypted format using an industry standard protection systems.
  2. Document security policies and procedures shall be in place. Documentation of policy enforcement and compliance shall be continuously maintained.
  3. Access to content in unprotected format must be limited to authorized personnel and auditable records of actual access shall be maintained.
  4. Physical access to servers must be limited and controlled and must be monitored by a logging system.
  5. Auditable records of access, copying, movement, transmission, backups, or modification of content must be securely stored for a period of at least one year.
  6. Content servers must be protected from general internet traffic by “stateoftheart” protection systems including, without limitation, firewalls, virtual private networks, and intrusion detection systems. All systems must be regularly updated to incorporate the latest security patches and upgrades.
  7. All facilities which process and store content must be available for Motion Picture Association of America and Licensor audits upon the request of Licensor.
  8. Content must be returned to Licensor or securely destroyed pursuant to the Agreement at the end of such content’s license period including, without limitation, all electronic and physical copies thereof.

High-Definition Restrictions & Requirements

In addition to the foregoing requirements, all HD content (and all Stereoscopic 3D content) is subject to the following set of restrictions & requirements:

  1. General Purpose ComputerPlatforms.HD content is expressly prohibited from being delivered to and playable on General Purpose Computer Platforms (e.g. PCs, Tablets, Mobile Phones) unless explicitly approved by Licensor. If approved by Licensor, the additional requirements for HD playback on General Purpose Computer Platforms will be:
  2. Allowed Platforms
  3. HD content for General Purpose Computer Platforms is only allowed on the device platforms (operating system, Content Protection System, and device hardware, where appropriate) specified elsewhere in this Agreement.
  4. Robust Implementation
  5. Implementations of Content Protection Systems on General Purpose Computer Platforms shall use hardware-enforced security mechanisms, including secure boot and trusted execution environments, where possible.
  6. Implementation of Content Protection Systems on General Purpose Computer Platforms shall, in all cases, use state of the art obfuscation mechanisms for the security sensitive parts of the software implementing the Content Protection System.
  7. All General Purpose Computer Platforms (devices) deployed by Licensee after end December 31st, 2013, SHALL support hardware-enforced security mechanisms, including trusted execution environments and secure boot.
  8. All implementations of Content Protection Systems on General Purpose Computer Platforms deployed by Licensee (e.g. in the form of an application) after end December 31st, 2013, SHALL use hardware-enforced security mechanisms (including trusted execution environments) where supported, and SHALL NOT allow the display of HD content where the General Purpose Computer Platforms on which the implementation resides does not support hardware-enforced security mechanisms.
  9. Digital Outputs:
  10. For avoidance of doubt, HD content may only be output in accordance with section “Digital Outputs” above unless stated explicitly otherwise below.
  11. If an HDCP connection cannot be established, as required by section “Digital Outputs” above, the playback of Current Films over an output on a General Purpose Computing Platform (either digital or analogue) must be limited to a resolution no greater than Standard Definition (SD).
  12. An HDCP connection does not need to be established in order to playback in HD over a DVI output on any General Purpose Computer Platformthat was registered for service by Licensee on or before 31st December, 2011. Note that this exception does NOT apply to HDMI outputs on any General Purpose Computing Platform
  13. With respect to playback in HD over analog outputs on General Purpose Computer Platformsthat wereregistered for service by Licensee after 31st December, 2011, Licensee shall either (i) prohibit the playback of such HD content over all analogue outputs on all such General Purpose Computing Platforms or (ii) ensure that the playback of such content over analogue outputs on all such General Purpose Computing Platforms is limited to a resolution no greater than SD.
  14. Notwithstanding anything in this Agreement, if Licensee is not in compliance with this Section, then, upon Licensor’s written request, Licensee will temporarily disable the availability of Current Films in HD via the Licensee service within thirty (30) days following Licensee becoming aware of such non-compliance or Licensee’s receipt of written notice of such non-compliance from Licensor until such time as Licensee is in compliance with this section “General Purpose Computing Platforms”; provided that:
  15. if Licenseecan robustly distinguish between General Purpose Computing Platforms that are in compliance with this section “General Purpose Computing Platforms”, and General Purpose Computing Platforms which are not in compliance, Licensee may continue the availability of Current Films in HD for General Purpose Computing Platforms that it reliably and justifiably knows are in compliance but is required to disable the availability of Current Films in HD via the Licensee service for all other General Purpose Computing Platforms,and
  16. in the event that Licensee becomes aware of non-compliance with this Section, Licensee shall promptly notify Licensor thereof; provided that Licensee shall not be required to provide Licensor notice of any third party hacks to HDCP.
  17. Secure Video Paths:

The video portion of unencrypted content shall not be present on any user-accessible bus in any analog or unencrypted, compressed form. In the event such unencrypted, uncompressed content is transmitted over a user-accessible bus in digital form, such content shall be either limited to standard definition (720 X 480 or 720 X 576), or made reasonably secure from unauthorized interception.