The Yahoo Connected TV Platform architecture has three distinct layers. The top layer (in blue) is the set of apps designed to run on connected TV devices. The middle layers (in green and aqua) are the application framework layer (KONtx) and the application engine layer (Engine). Included in the Engine are two modules to support Device Communication (in red). The Discovery Service module, which is based on the mDNSResponder software library, allows Internet-enabled devices to discover Yahoo Connected TV services. The Device Communication module securely connects the mobile app to the Engine on the TV through an SSL-enabled port (in black) and a line-of-sight security code. The bottom layer (in orange) represents the TV device's middleware and hardware.
Multicast DNS and DNS Service Discovery are implemented using the mDNSResponder server library provided by Apple, Inc. Upon startup, the Device Communication module binds itself to a specific SSL-enabled port. Then the Discovery Service module multicasts the IP address and port number on the local network, making it available to Internet-enabled devices seeking to initiate a connection. Each device must first search for the Yahoo Device Communication service, and once found, save the service IP address and port number for future sessions. The device should not need to resolve the IP address with each new connection. If the TV’s IP address changes, or if the IP address does not resolve correctly, another discovery attempt may be needed.
Authentication and Authorization
Yahoo Connected TV issues and authenticates all device applications that connect to the Engine by requiring developers to obtain application developer keys from Yahoo. Each time a new mobile app requests access to the Engine, a check is made to Yahoo's authorization service. This step allows Yahoo to revoke access from malicious applications. Before initiating communication, the mobile app must be authorized and all messages must be encrypted using SSL.
Messages and keystrokes are passed between the mobile app and the Engine encrypted end-to-end. First, the Engine creates and exchanges SSL certificates on the fly. Then the Engine displays a four digit security code on the connected TV. The consumer enters this code directly into the mobile app to secure the SSL connection. A consumer can revoke a mobile app’s authorization at any time by removing the named remote device from the authorized list in the settings sidebar of the Profile app.
All communication occurs over SSL sockets with text-only payloads which must conform to the Device Interface. All navigation and keyboard functionality is pass bi-directionally between the device and the connected TV. An interface for bi-directional keyboard input is provided by Yahoo. Consumers can create input text by using either the onscreen keyboard (OSK) on the device or the OSK on the TV. The keyboard being used is transparent to all apps. No app needs to know if the keyboard events are coming from the device's or TV’s OSK.