Protection of communication between app and service provider’s portal

One area where many OTT solutions fail in terms of security is the communication between the client application and the business portal. All business-critical communications such as login, catalogue download, and content purchase are related to this area. Failure to correctly secure this flow might lead to piracy on authorisation elements such as login, token, etc…

As a logical add-on to strong device authentication, the system should be able to sign and/or encrypt all communication between the application and the business portal. This is achieved by applications using symmetric keys to encrypt/decrypt or sign/validate data sent or received to/from either a server in a client-server protocol or other devices in a peer-to-peer protocol.