Industry Interviews

    Media & Resource Center  > Industry Interviews 

> Back to Industry Interviews

Industry interview Spencer Stephens, Chief Technology Officer, Sony Pictures Entertainment

Spencer Stephens is Chief Technology Officer at Sony Pictures Entertainment (Sony Pictures). He oversees the technology requirements of the content creation and distribution for the studio, steers the implementation of the studio’s digital initiatives and expedites post production workflows. In October 2013, Spencer delivered the keynote presentation at GlobalPlatform’s inaugural Trusted Execution Environment (TEE) conference. Here, he discusses the evolution of premium content protection, the role of the TEE in protecting content and the importance of events such as GlobalPlatform’s in advancing the TEE landscape.

  1. How has premium content protection evolved over recent years?

Premium content is complicated. The threat landscape is very different now to when we first implemented AACS (the content protection system for Blu-ray discs), ten years ago and it is evolving quickly.

In addition to this, we now have new avenues for releasing content to consumers so the way we protect content on a mobile device or downloaded application has to change to reflect this. I would argue that on some platforms premium content protection is better than it used to be.

Today there are two key questions that we must consider when it comes to premium content protection:

  1. How secure can you make it?
  2. If you get hacked, what do you do next?

The answer to both these questions has to become better over time.

  1. What are Sony Pictures’ premium content protection efforts today?

Sony Pictures is working with its partners and industry consortiums to create content protection that is appropriate for today’s market. One of the key considerations for content protection is that a consumer should never know it is there, unless they try to do something nefarious with the premium content on their mobile device, such as copy and share it.

As new mobile devices are introduced to the market it is crucial that the industry finds ways to protect its content on them. Technological advances such as 4K are creating opportunities for the movie industry and encouraging the market to re-analyze and enhance its content protection efforts.

Movielabs (a non-profit research and development joint venture started by the six major motion picture studios) has already started creating new specifications and practices to protect 4K and next generation content and is working with advanced access content system partners and other content protection schemes to expand the industry use cases and ensure these new technological advancements stay secure.

  1. Why is the TEE important for premium content protection / what value will the technology bring?

As technology evolves, the movie industry is attempting to find better levels of content protection. To some extent, this is determined by what the industry can build into devices. We need to ensure, however, that the cost of hardware doesn’t increase as a result and impact the consumer. The movie industry requires a solid platform on which content protection requirements can be built, ensuring the content is protected from attacks.

The TEE is the perfect foundation for this. It ensures that content can be stored, processed and protected in a secure environment making it less vulnerable to software attacks. The TEE can reduce the risk of varying attacks, whether it is an end-user that unknowingly downloads malware onto the device or a hacker trying to gain access to a device. The TEE also provides an area for digital rights management (DRM) providers and content security providers to undertake the execution of applications in a secure manner.

  1. Your presentation focused on ‘securing premium content with a TEE’. Why is TEE Standardization important to Sony Pictures?

The TEE is an important technology for any connected device. GlobalPlatform specifically focuses on mobile devices where the TEE plays a crucial role. As more applications are downloaded onto the rich operating system mobile devices become more vulnerable to software attacks. The TEE is therefore becoming increasingly important in protecting the sensitive applications and premium content that are also stored on mobile devices.

One of the key points to consider for the TEE is the need for standardization. I’m a strong believer in open standards and having a standardized approach to TEE technology makes the whole process a lot easier for all stakeholders.

When mobile devices first came to market, Sony Pictures’ content protection schedules, which outline the criteria that needs to be met before the content can be delivered on the device, listed every approved model. In the beginning, as there were a limited number of smart devices on the market that supported video content, this was workable. Today, it’s not practical for Sony Pictures to undertake the due diligence to evaluate the security for each and every device.

At this point therefore we have to start saying ‘if you are using a particular DRM, we will approve your content protection system’. But we want to ensure that when we do that, there is a trusted and solid hardware environment running alongside it. Sony Pictures doesn’t want to have to say a particular DRM is approved on one device but not on another, or it’s ok on this one because it is a ‘trusted’ TEE but this one is an ‘untrusted’ TEE. That’s why standardization coupled with an assurance program is the way forward.


  1. Within your presentation you discussed the secure video path, should this be located within the TEE?

The secure video path aims to ensure that content is protected at every stage of communication. The TEE is exactly what it says, it is a ‘trusted’ environment. When a video file travels onto a device it is encrypted, the DRM then creates a content key that is used to decrypt the AES-128 file and that’s the key part of the execution of content that needs to be within the TEE.


  1. What is your long-term view of the TEE?

The TEE is an important part of the way content protection will evolve. It is one tool in a toolbox for defending against existing and new attacks, whether we are trying to protect content or a banking transaction.


  1. How important are events such as GlobalPlatform’s TEE conference in supporting the growth of TEE technology?

Events like this are very important in advancing the industry. There are three considerations I have gained from GlobalPlatform’s conference:

  1. The TEE is becoming an industry buzzword. As with all buzzwords, there are more definitions than people asking what it is. Coming to a common, agreed understanding of what a TEE is, is a crucial step.
  2. GlobalPlatform is undertaking a lot of work to advance its specifications to standardize the TEE. Movielabs has recently joined GlobalPlatform and it is beneficial to be able to attend events such as these to explore other business models and understand the role of the TEE in different sectors e.g. premium content, authentication, mobile financial services, enterprise and government. It provides an opportunity for us to feed into the work of the association and share our requirements.
  3. Understanding the actual implementation of the technology and the specifications that are available is important. These types of events make this information much more accessible to the industry.