Farncombe Consulting Group has launched a security validation programme designed to facilitate new conditional access (CA) and DRM products reaching the market. At the same time the process makes it easier for an operator or content provider to select or confirm the use of a new system.
The two-step programme involves first filling in a self-administered questionnaire to gauge compliance with certain objective minimum security requirements (MSRs) – which if satisfactorily completed then opens the door to a comprehensive review and validation process.
“At the moment, CA and DRM system vendors with untested security systems will often be asked to pay for a full audit – without any idea whether they are likely to pass or not,” points out Andrew Glasspool, Farncombe co-founder and the partner leading the development of the new programme. “Using our custom pre-review process, they can now obtain an accurate picture of whether their new product is ready for an assessment. When they’ve completed that first step, they can then proceed to a full review.”
If a CA system fails to comply with the Farncombe MSRs, the vendor receives a full report explaining which measures it failed on and which aspects need to be rectified before it can be re-submitted or taken to a full review at a later date.
US studio HBO acknowledged the benefit of having a third-party security auditor provide a summary review of security system details. “Validation of expectations (or expected performance) of security systems by expert organisations is essential for content companies to have comfort with systems used to securely distribute our valuable content,” it said.