HiSilicon Technologies Co., Ltd. on TEE and Premium Content
Andrew Dellow, Security Architect at HiSilicon Technologies Co.,
Ltd. discusses the security and flexibility offered by the Trusted
Execution Environment (TEE) for premium content protection, citing a
real-world example of how it is deployed in the marketplace
Can you tell us a little bit about HiSilicon and how you
participate in the premium content protection space?
HiSilicon, a subsidiary of Huawei, is a leading chipset solution
provider for telecom networks, wireless terminals and digital media.
With more than 200 million set top box devices deployed by more than 100
operators across over 50 countries, working closely with leading Pay TV,
DRM and forensic watermarking companies, HiSilicon is playing a leading
role in secure delivery of premium content.
How has premium content protection evolved in recent years?
The major paradigm shift came with the introduction of Ultra High
Definition (UltraHD). This saw a move away from pure service protection
towards content protection and the secure media path. The old assumption
that a secure pipe into the home was all that was required is no longer
good enough. The ease with which content can be shared, either casually,
or maliciously, for profit, means it is now essential to protect content
delivery all the way to the point of consumption. Additionally, the
level of robustness required has been increasing year on year, thanks to
ever more sophisticated threats. All this has happened at the same time
to facilitate consumers’ expectations: ‘any content - any
What challenges do you see in the content protection / DRM
marketplace and how is your organization working to overcome them?
There are many challenges as the evolution of content protection has
introduced competing requirements. The consumer expectation that I
spoke about effectively means that content protection requirements are
relevant to anything with a display. New business models and delivery
services mean a more flexible, updatable solution is required. And, the
pirates are becoming ever more sophisticated. Our challenge is how
to square the circle and offer secure yet flexible platforms for our
What are the characteristics of the TEE that make it so
valuable to DRM implementations?
This need for both for flexibility and security can be met with a
TEE. While flexibility requirements can be met with advanced processors,
such solutions have traditionally relied heavily on renewability to
provide security. This leads to the classic arms race of attack-patch-
attack. The TEE offers a safer place, where the secure code is better
protected and isolated, and therefore needs to be updated much less
How is HiSilicon applying GlobalPlatform technology today in
One good example of using GlobalPlatform technology is in support of
ChinaDRM, which is the emerging standard for premium content delivery
and protection in China. In order to accelerate the porting of content
we used GlobalPlatform TEE APIs, as they were already implemented and
stable on all our platforms. This reduced our time to market and
improved portability across our existing products.
What are your predictions for the DRM market over the next
From a security perspective, I believe DRM will follow a similar path
to traditional conditional access. Put simply the security requirements
will increase, resulting in the need for greater functionality in the TEE
– necessary to keep the ‘trusted’ in the name meaningful.
It will be interesting to see if DRM or DRM-like systems extend into
the connected home space – managing access and control robustly requires
many of the same key technologies as content protection.
For more information on the work of the Premium Content Task Force,