BBC R&D

Posted by Chris Needham on , last updated

At the BBC we are increasingly interested in delivering personalised services and content across different kinds of device. Example services include recommendations for TV programmes based on your previous viewing history, bookmarking programmes for later viewing, following your favourite series, pausing and resuming content between devices, and sharing interesting programmes with your online friends and family.

Delivering these kinds of services requires the ability to access an authenticated online user account from the connected TV. This raises the problem of how the user signs in through their TV device. Existing methods for doing this typically require entering a user name (or e-mail address) and password into the TV using an on-screen keyboard that the user has to navigate with their remote control. This makes signing-in cumbersome, and so we wanted to see if we could make the process easier for users.

We investigated this problem by looking at two existing technologies: RadioTAG and OAuth2. We built a prototype system that allows users to sign in through their connected TV and bookmark TV programmes. The user controls the TV using either an infra-red remote control or using their smart-phone.

Infra-red remote control

Following our work on RadioTAG, which offers a way to pair a radio device to an online user account, we wanted to see how well this method would apply to connected TVs in addition to radios.

Because the RadioTAG protocol was designed with the tagging application in mind, and we want to be able to authenticate for other kinds of applications, we made a small change to the protocol to allow the user to initiate the authentication process without having to first tag a programme.

Using this method, the interaction sequence for the user is:

1. The user accesses the TV's on-screen display and selects the “sign in” option by pressing a button on their remote control
2. The TV requests permission to register and obtains a registration code from the Web server, and displays this to the user with instructions to visit the TV Tag website
3. On another device, e.g., a PC or smartphone, the user browses to the TV Tag website, and signs in
4. The user enters the registration code displayed on their TV
5. The website then displays a PIN number with instructions to enter this into their TV
6. The user inputs the PIN number to the TV with the remote control
7. The TV exchanges the registration code and PIN number for an access token that allows access to the user's account. The TV is now registered with the user account, and the user is able to bookmark programmes

Smartphone remote control

Next, we looked at how users might be able to sign in via a smartphone or tablet computer that is paired with the connected TV and acts as the TV remote control.

We developed a proof-of-concept sign in system for the smartphone remote control, based on the OAuth2 Authorization Code flow. The smartphone runs a native application that uses mDNS to discover the connected TV on the local area network, and then launches a Web browser to open the remote control UI. The UI is a Web application served by the connected TV that allows users to change channel, adjust the volume, etc.

The interaction sequence in this case is illustrated below:

1. The user selects ”Sign in“ on their smartphone remote control
2. The smartphone is redirected to the TV Tag sign in page, where the user enters their username and password
3. After signing in, the user selects “Allow” to grant access to their TV Tag account
4. The smartphone is redirected back to the TV remote control UI. The connected TV obtains an access token that allows access to the user's account. The TV is now registered with the user account, and the user is able to bookmark programmes

Although we haven't fully developed the protocol to support this interaction sequence, we did determine that the OAuth2 Authorization Code flow isn't applicable to this use case as is. For example, OAuth2 requires the clients redirect URI to be pre-registered with the TV Tag website. In our case the redirect URI is a URL provided by the connected TV on the local network, e.g., https://10.0.0.2/oauth/callback, so is very likely to be different for each individual connected TV. This means that the server cannot fully verify the redirect URI, which introduces a security vulnerability. This is something we'll be looking at more closely in future development.

Conclusions

The RadioTAG-based authentication protocol we have developed is suitable for the limited input capability of infra-red remote control devices and inputting a PIN number is more straightforward than entering a user name and password with the remote control. The smartphone-based authentication method requires more work  to make it ready for use. We are planning to conduct some trials to test these methods with users to get feedback and help guide future development.

Future research will also explore other aspects of authentication. For example, the TV is typically a device shared by several people in the family living room at home. This raises the question of whose identity should be used when signing in, a single user or a group identity, perhaps determined automatically based on who is present in the room.

Topics