Industry interview Spencer Stephens, Chief Technology Officer,
Sony Pictures Entertainment
Spencer Stephens is Chief Technology Officer at Sony Pictures
Entertainment (Sony Pictures). He oversees the technology requirements of the content creation
and distribution for the studio, steers the implementation of the
studio’s digital initiatives and expedites post production
workflows. In October 2013, Spencer delivered the keynote presentation at
GlobalPlatform’s inaugural Trusted Execution Environment (TEE)
conference. Here, he discusses the evolution of premium content
protection, the role of the TEE in protecting content and the importance
of events such as GlobalPlatform’s in advancing the TEE landscape.
- How has premium content protection evolved over recent years?
Premium content is complicated. The threat landscape is very different
now to when we first implemented AACS (the content protection system for
Blu-ray discs), ten years ago and it is evolving quickly.
In addition to this, we now have new avenues for releasing content to
consumers so the way we protect content on a mobile device or downloaded
application has to change to reflect this. I would argue that on some
platforms premium content protection is better than it used to be.
Today there are two key questions that we must consider when it comes
to premium content protection:
- How secure can you make it?
- If you get hacked, what do you do next?
The answer to both these questions has to become better over time.
- What are Sony Pictures’ premium content protection
Sony Pictures is working with its partners and industry consortiums to
create content protection that is appropriate for today’s market.
One of the key considerations for content protection is that a consumer
should never know it is there, unless they try to do something nefarious
with the premium content on their mobile device, such as copy and share
As new mobile devices are introduced to the market it is crucial that
the industry finds ways to protect its content on them. Technological
advances such as 4K are creating opportunities for the movie industry and
encouraging the market to re-analyze and enhance its content protection
Movielabs (a non-profit research and development joint venture started
by the six major motion picture studios) has already started creating new specifications
and practices to protect 4K and next generation content and is working
with advanced access content system partners and other content protection
schemes to expand the industry use cases and ensure these new
technological advancements stay secure.
- Why is the TEE important for premium content protection /
what value will the technology bring?
As technology evolves, the movie industry is attempting to find better
levels of content protection. To some extent, this is determined by what
the industry can build into devices. We need to ensure, however, that the
cost of hardware doesn’t increase as a result and impact the
consumer. The movie industry requires a solid platform on which content
protection requirements can be built, ensuring the content is protected
The TEE is the perfect foundation for this. It ensures that content can
be stored, processed and protected in a secure environment making it less
vulnerable to software attacks. The TEE can reduce the risk of varying
attacks, whether it is an end-user that unknowingly downloads malware onto
the device or a hacker trying to gain access to a device. The TEE also
provides an area for digital rights management (DRM) providers and content
security providers to undertake the execution of applications in a secure
- Your presentation focused on ‘securing premium content
with a TEE’. Why is TEE Standardization important to Sony
The TEE is an important technology for any connected device.
GlobalPlatform specifically focuses on mobile devices where the TEE plays
a crucial role. As more applications are downloaded onto the rich
operating system mobile devices become more vulnerable to software attacks.
The TEE is therefore becoming increasingly important in protecting the
sensitive applications and premium content that are also stored on mobile
One of the key points to consider for the TEE is the need for
standardization. I’m a strong believer in open standards and having
a standardized approach to TEE technology makes the whole process a lot
easier for all stakeholders.
When mobile devices first came to market, Sony Pictures’ content
protection schedules, which outline the criteria that needs to be met
before the content can be delivered on the device, listed every approved
model. In the beginning, as there were a limited number of smart devices
on the market that supported video content, this was workable. Today,
it’s not practical for Sony Pictures to undertake the due diligence
to evaluate the security for each and every device.
At this point therefore we have to start saying ‘if you are using
a particular DRM, we will approve your content protection system’.
But we want to ensure that when we do that, there is a trusted and solid
hardware environment running alongside it. Sony Pictures doesn’t
want to have to say a particular DRM is approved on one device but not on
another, or it’s ok on this one because it is a ‘trusted’
TEE but this one is an ‘untrusted’ TEE. That’s why
standardization coupled with an assurance program is the way forward.
- Within your presentation you discussed the secure video path,
should this be located within the TEE?
The secure video path aims to ensure that content is protected at every
stage of communication. The TEE is exactly what it says, it is a
‘trusted’ environment. When a video file travels onto a device
it is encrypted, the DRM then creates a content key that is used to decrypt
the AES-128 file and that’s the key part of the execution of content
that needs to be within the TEE.
- What is your long-term view of the TEE?
The TEE is an important part of the way content protection will evolve.
It is one tool in a toolbox for defending against existing and new
attacks, whether we are trying to protect content or a banking
- How important are events such as GlobalPlatform’s TEE
conference in supporting the growth of TEE technology?
Events like this are very important in advancing the industry. There
are three considerations I have gained from GlobalPlatform’s
- The TEE is becoming an industry buzzword. As with all
buzzwords, there are more definitions than people asking what it is.
Coming to a common, agreed understanding of what a TEE is, is a
- GlobalPlatform is undertaking a lot of work to advance its
specifications to standardize the TEE. Movielabs has recently joined
GlobalPlatform and it is beneficial to be able to attend events such as
these to explore other business models and understand the role of the TEE
in different sectors e.g. premium content, authentication, mobile
financial services, enterprise and government. It provides an opportunity
for us to feed into the work of the association and share our
- Understanding the actual implementation of the technology and
the specifications that are available is important. These types of
events make this information much more accessible to the industry.