Strong multi-platform device authentication

Authenticating devices prior to any operation is a well-known best practice. While managed devices such as STBs usually have hardware-protected secure elements helping the authentication process, there are plenty of other devices where authentication remains challenging, either because they don’t have any such unique element or because they do not providing anything unique due to consumer privacy protection (e.g., applications running on a Chromecast dongle). The latter case is often overcome by generating random unique IDs, but they are stored at the application level which can easily be tampered with.

Therefore, the use of NAGRA’s independent authentication service, which can help to strongly and consistently authenticate multiple device platforms, becomes an important part of the overall security platform. Once the devices are properly authenticated, the solution must securely store the resulting unique device secrets by leveraging hardware root of trust or trusted execution environment (TEE) or secure vault with software hardening. Such protected unique device IDs can then be used as the authentication element for any communication between device and server.