These trends are disrupting the traditional relationships existing between subscribers and service providers. This so-called disintermediation is being felt in the market, with cable operators offering video services to mobile subscribers and mobile operators offering video-on-demand to TV subscribers. Content owners and studios are also modifying their approach by offering services directly to consumers, circumventing the incumbent service providers.

These changes in the market have created new content service providers who must now “prove” their ability to securely deploy premium content in order to gain the approval of the major studios. Content protection – or Digital Rights Management (DRM) as it is more commonly known – is most effective when deployed in conjunction with hardware-based security elements. Principally, the objective of the hardware assets is to hinder scalable attacks, i.e., attacks that allow distribution in the form of exploit code, allowing the service provider to achieve a level of security similar to STBs.

In particular, the hardware-based embedded security is used to protect key elements in the DRM, as follows:

Permanent key material and other permanent sensitive data, including group private keys, device keys, security management keys, metering data
This type of data can be classified as long-term, sensitive data that must be stored permanently in the device. The solution takes the form of an encrypted, integrity-protected secure storage facility. A hardware-based secure storage mechanism is based on an embedded root key that is unique per each device. In order to obtain the Root Key and access the sensitive data, the attacker must physically probe the main processor chip which often results in its destruction. In addition, any information obtained by the attacker is relevant only for that specific device. Physical probing must be repeated to access the sensitive data of another device. This endeavor is both expensive and impractical, and certainly not scalable.

Title related and short term keys (content keys, session keys)
Mobile devices are open systems that run applications from many sources, some of them untrustworthy. The main processor in a mobile device must be deemed part of the threat model since it may be executing malicious code – malware – and attempting to access the content and session keys during run time. This threat is mitigated by running the security critical code that handles these keys in a secure execution environment – a secure subsystem that is inaccessible to the main processor. This hardware-based subsystem cannot be compromised by software-based attacks.

Compressed content (plaintext content before decoding)
Compressed content is output by the DRM client that runs in a secure execution environment and is sent to a codec for decoding and rendering on the output display and audio devices. As noted above, the main processor is deemed part of the threat model, so the compressed content cannot simply be copied from the secure execution environment to the main memory to the codec. In order to secure this interface, the DRM client must be tightly integrated with the codec. The hardware-based solution is to send the compressed content in an encrypted form to the codec. The codec decrypts and then decodes the content.

Thus the combination of hardware-based security working in tandem with a software client creates a robust and effective content protection solution.

http://gizmodo.com/5365676/irex-dr800sg-ebook-reader-verizon-3g-bn-books-stylus-touchscreen
http://www.engadget.com/2009/10/29/asus-to-launch-3g-wimax-equipped-e-book-readers-by-march-2010/

OMA DRM is the most common content protection and access system in use today by mobile carriers. All forms of digital content including multimedia, ringtones, music, video and games are secured using the OMA DRM solution.

By expanding OMA DRM to protect E-book content mobile carriers can leverage their existing back end infrastructure and qualified workforce. Moreover as an open standard DRM scheme it enjoys the support of content owners and service provides alike. The scheme is robust and widely deployed, and supports all the required business models including:

• Subscription
• Time limited rental
• Buy to own without sharing (forward lock)
• Sharing with other users (super distribution)
• Preview
• Right to read on multiple devices (domains)
• Usage metering and advertising funded models
• Backup and recovery