The telco’s sports broadcasting operation has chosen French encoder vendor ATEME to supply equipment running the protocol, which enables real-time entitlement management of content streams. Developed by the European Broadcasting Union (EBU) in collaboration with French compression technology vendor ATEME and Norwegian media infrastructure developer Nevion, BISS-CA is a protocol that enables real-time entitlement management of content streams. It was developed to complement forensic watermarking and enable end-end video protection from the field, including contribution.

BT Sport is using the encryption technology to protect satellite uplinked content, having first evaluated it for its transmission of the FA Community Shield football match at Wembley Stadium on Sunday August 4th, 2019. Since then BT Sport has continued to use BISS-CA to protect its English Premier League (EPL) live broadcasts, which are also shown under distribution agreements by other pay TV operators such as Comcast’s Sky and Liberty Global’s cable company Virgin Media.

“For BT it’s imperative that we protect broadcasters from the threat of illegal piracy and ensure that those watching the content legally are getting the best viewing experience possible, wherever they are in the world,” commented Dominik Wrona, Head of TV Outside Broadcast, BT.

BISS-CA is based on the long-proven symmetric AES and asymmetric RSA cryptography, with an important point being that it carries all entitlement credentials in-stream, which means it does not rely on an internet connection. This brings two primary benefits.

Firstly, it means that since cryptographic entitlements are transported in-stream together with the live video content, the rights holder or broadcaster is able to grant and revoke usage rights in real-time. Broadcasters can publish a list of public keys before or during the event, change them transparently and determine who can use them at any point during the transmission. Therefore they can revoke access to pirated streams and ensure only authorized users can access the live stream at that stage.

Secondly, it offers some protection against attacks on forensic watermarking systems, which pirates are increasingly carrying out in an attempt to prevent identification of infringing sources. Forensic watermarking has proved effective at tracing the source of unauthorized redistributions once they have been identified as being likely to be pirated. When BISS-CA is used alongside forensic watermarking solutions, broadcasters can insert relevant marks, detailing for example the serial number of the decoder, in-stream so that the process is invisible to pirates. Yet the provider then has the means to identify who or which organization is responsible for the leak and can revoke the rights of the decoder. While providers can then cut the stream if they want, they can also choose to negotiate with the organization that caused the leak in order to ensure it does not happen again, if that looks like a more productive route. Operators may be reluctant to cut off streams too indiscriminately in case mistakes have been made identifying infringing sources, which can mean that legitimate users are denied service.

BISS-CA also deters piracy at the contribution end by changing encryption keys dynamically every 10 seconds, which does not give pirates enough time to find the new key and enter it into their system. Pirates have been employing algorithms to discover keys but lack computational resources to do this in anywhere close to 10 seconds. In practice they end up being far too far behind live for the content to be of any value.