ProvenRun and Cinemo to show first Secure Media Path DRM implementation

ProvenRun, a global leader in embedded security, and Cinemo, a global leader in high performance and automotive grade multimedia playback, streaming, media management, connectivity, and cloud middleware, have announced the availability of World’s first Secure Media Path Protection Profile implementation based on ProvenCore (ProvenRun’s flagship ultra-secure OS) compliant with the Trusted Execution Environment (TEE) Protection Profile and Cinemo’s Widevine L1 Trusted Application (TA).

The combination of Cinemo in-vehicle multimedia software with ProvenRun ProvenCore, will be presented at the CES in Las Vegas 2022 as a world first.

Over the last years, movie studios have called out the need to protect premium multimedia content (such as 4K, Ultra-HD, HDR and “early window” digital movie releases). Two of the main challenges have been the fragmentation of devices from which this content could be played (such as set-top boxes, smartphones/tablets, HDMI sticks) and the lack of an industry-adopted security baseline for these devices.

The TEE, widely available in today’s media devices, has become the essential digital content protection component. It is used as a hardware-protected “root of trust” inside a consumer device, safeguarding cryptographic keys and media content rights/entitlements.

In 2021 a GlobalPlatform Premium Content working group released a Secure Media Path Protection Profile (SMP PP), which leverages the generic TEE Protection Profile and captures the industry-specific security needs and reference architecture for premium content protection. This architecture supports virtually any Digital Rights Management (DRM) solution. To conform to the SMP PP, a Vendor of a premium device DRM solution will have to rely on a TEE and fulfil the SMP PP Security functional and Security assurance requirements, including the preparation of documentation and tests to be used as evidence by the security evaluation laboratory.

With the SMP PP, the movie industry can now reach its objective of a homogeneous security baseline for premium content protection across devices.

Within this SMP PP framework, ProvenRun has a DRM solution ready to be certified on any chip or ECU. The secure protected media path is entirely protected by ProvenCore itself. Additionally, ProvenRun has prepared a set of documentation and tests aimed at security evaluation following GlobalPlatform or Common Criteria scheme based on the SMP PP. For this work, ProvenRun leverages on its expertise in the preparation of security evaluation and on its EAL 7 security evaluation of ProvenCore, the highest level of Security achievable with Common Criteria.

Cinemo automotive solutions are being deployed in millions of cars worldwide and adopted by world’s leading car manufacturers. The combined reference implementation to be demonstrated leverages Cinemo’s award-winning media streaming and playback engine using ProvenRun SMP PP compliant TEE and Cinemo’s Widevine DRM implementation, raising the bar for embedded digital content security and paving the path for the latest premium content to be available in high-resolution video and spatial audio in the car.

For a complex use-case such as premium Video-on-Demand streaming in the car, having pre-tested and complete solutions brings numerous advantages to the automotive maker or Tier-1’s: reduced risk and time-to-market, better playability and robust security. Digital TV News