Blowing it up...
Blowing it up
Three major cable initiatives could unlock a new era of conditional access
This coming tectonic shift centers on the CA duopoly long enjoyed by Scientific-Atlanta (S-A) and Motorola Inc. Many projects have tried to break or alter that duopoly, but have varied in their level of success (see sidebar p. 42).
Instead of using CA systems hardwired into the set-top, the cable industry is exploring the concept of downloadable security—a technique that will support Motorola's and S-A's technology, as well those from competing CA vendors that have been stymied in their attempts to enter the North American cable market.
Downloadable security, a key part of the original Next Generation Network Architecture LLC (NGNA) project, was placed on the front burner in March when the Federal Communications Commission (FCC) agreed to a 12-month extension for a ban on cable set-tops with integrated security. The new target is July 2007. The cable industry must use this time to investigate and develop a downloadable—and therefore removable—CA platform that performs the same security functions as the existing CableCARD, and convince the FCC that downloadable is the cheaper/better way to go.
The FCC, which has granted multiple extensions on this subject, expects the cable industry and the CE industry to file a batch of joint reports by Dec. 1 that detail the feasibility of a downloadable CA, provide deployment timelines, and list draft licensing terms.
In addition to appeasing the FCC and to effect a possible change in set-top encryption rules, downloadable security could also serve as cable's ticket for inexpensive digital set-tops—a key piece of the industry's migration to an all-digital (or, at least, mostly-digital) platform.
As it stands today, three major initiatives are well underway that aim to achieve these goals: a far-reaching CA deal between Comcast Corp. and Motorola Inc., an industry-led downloadable CA project, and Charter Communications' new take on Sony Passage.
EMM = entitlement management message. The EMM serves as the electronic “vocabulary” for how the video headend and premise equipment communicate. Charter and Sony are developing an EMM set geared to Charter’s new headend architecture. ECM = entitlement control message. The ECM is the message that rides alongside the encrypted digital video and provides the set-top keys to decode real-time video. The set-top uses the ECMs and EMMs together in
Charter’s end-to-end, Passage-enabled digital video system
order to decode digital video. Source: Charter Communications The Comcast-Motorola hookup
Earlier this year, Comcast and Motorola inked a groundbreaking $1 billion set-top deal that spawned two joint ventures tied to conditional access technologies. The first, split 50–50, calls for them to build next-generation conditional access systems based on Motorola's MediaCipher technology. The collaboration is expected to yield a downloadable system as well as a multistream CableCARD. The second venture, managed by Comcast, will enable the operator to license MediaCipher to other U.S. cable operators and third parties (set-top makers, TV manufacturers, etc.).
Historically, Motorola has been tightfisted with MediaCipher/Digicipher II licenses, though recently it has been more willing to mete them out. But companies that have obtained the coveted license have had a bear of a time implementing it. With Comcast now in the mix, those past barriers should all but vanish.
"We recognized about a year ago that the MSOs were going to move to a broader supplier model than has been the historic situation in this industry," says Geoff Roman, chief strategy officer for Motorola's Connected Home division. "We tried to find a way to maximize the value of our technology to make it part of their (Comcast's) future evolution and give them the comfort they needed to be able to move with multiple suppliers with set-tops or parts of the headend network without us having to sit in the middle of those contracts."
"It demonstrates our commitment to the retail world and to the downloadable NGNA process," adds David Fellows, Comcast Corp.'s executive vice president and chief technology officer.
But it also gives Comcast some valuable CA alternatives.
Short-term, the agreement ensures that the MediaCipher option is available to Comcast. Longer-term, Comcast could go to another CA supplier if it so chooses because its deal with Motorola is non-exclusive.Cable and the security processor
Of even more significance is a broader undertaking that could affect others.
Following some early work, NGNA has since been transferred to CableLabs and elements of the project have found homes in projects such as DOCSIS 3.0, the modular cable modem termination system, CableHome, OpenCable and PacketCable. However, Fellows and Mike Hayashi, Time Warner Cable's senior vice president for subscriber technology and advanced engineering, have been appointed to oversee the conditional access portion of the NGNA project and to report back to the CableLabs Executive Committee.
In addition to setting standards and common interfaces typically associated with CableLabs, the CA project is also tasked with producing a workable system with real chips, downloadable code, headend products and keying facilities.
Although a downloadable CA system is a primary goal of the project, there is a key difference in how it is being approached compared to many software-based systems in the market today. Instead of a soft CA that rides on a set-top's primary CPU, the initiative led by Hayashi and Fellows will define a security processor (costing $2 to $4, according to sources) and a conditional access loading system. The hardware "hooks" will provide the necessary authentication and validation for the host, whether it be a set-top or a digital television.
This part of the initiative, comprised of three phases, is based on the premise that "a pure software conditional access system cannot be made as secure as one that has a hardware component," Fellows says.
Robin Wilson, vice president of business development at Nagravision, agrees that any downloadable CA requires a hardware component because a system that resides on the set-top CPU is especially vulnerable to hacker probes.
"One bug is a compromise waiting to happen," he says of potential weaknesses of software-only CA platforms.
Phase I, already completed, uses an off-the-shelf secure microprocessor from an undisclosed provider (Germany-based Infineon Technologies, sources say) that receives the downloadable CA system. This is what the cable industry plans to employ for its upcoming demonstrations to the FCC.
Phase II will employ a custom secure microprocessor (from multiple vendors) with extensions designed to give the system the ability to live and evolve for a couple of decades.
In Phase III of the project, the hardware component will be integrated with larger chipsets (set-top-on-a-chip, TV-on-a chip, DVD player-on-a-chip, etc.).
In all phases, the system, to be licensed by CableLabs, will be specified to interoperate with a spate of CA platforms.Charter books CA 'Passage'
Different but related is Charter's plan to apply Sony Passage in a way that will enable the MSO to strip out the legacy CA system and replace it with one of its own choosing.
The strategy, which implements separable security in the headend, also aims to help Charter cultivate a forthcoming market for inexpensive all-digital set-tops that will be used to migrate analog customers to digital services and help Charter recapture valuable analog bandwidth.
The lingering challenge has been how to migrate those customers to digital en masse—and in a cost-effective manner. This new application of Sony Passage could give Charter the answer it has long been seeking.
Charter is eyeing two classes of low-cost boxes for the Passage system: one that supports OpenCable Application Platform (OCAP)-based apps, and a simpler model used just for channel tuning.
Charter expects the Passage project to complement the MSO's digital simultrans strategy. To date, Charter has turned up digital simultrans deployments in Long Beach, Calif., and in several Wisconsin properties. Charter presently is testing its application of the Passage system in the lab, but hopes to roll it out sometime in 2006.
Charter believes the system will also drive down the cost of conditional access licenses, which have been said to run a tad higher than $20 per box for Motorola MediaCipher, in particular. Those licenses have also been said to inflate the price of the removable CableCARD to about $80 in low volumes.
"The primary fixed cost of the digital box is really conditional access. Everything else is commodity components and parts," says Wayne Davis, Charter's executive vice president of engineering and chief technology offer.
The new application of Sony Passage will also enable Charter to bid for and deploy multiple CA systems without making wholesale changes at the headend. That's because the newly-tailored version allows Charter to couple new CA systems with commodity headend controllers. That's much different than the initial application of Passage, which required separate integrations for the operator's billing, video-on-demand, customer care and provisioning systems.
Charter is also quick to point out that the project is in line with cable industry-wide efforts such as OpenCable, the CableCARD, downloadable security, and OCAP. In fact, Charter aims to improve the economics of supporting digital cable-ready televisions by seeking out competitive CableCARD providers.What the CA vendors are doing
Cable's shift toward downloadable encryption could mark a boon for vendors that specialize in such technology, including Widevine Technologies, Latens, Verimatrix and SecureMedia. Most vendors in this group, however, have had more success with the telcos than with cable operators. The big players, meanwhile, are moving ahead with efforts of their own.
The downloadable CA/security processor architecture underway at CableLabs shares similarities to S-A's PowerKEY system, according to Bill Wall, technical director of the company's subscriber networks division. Though PowerKEY's current iteration does not employ a downloadable CA, it does use a separate security processor, with the software already burned in. "But there are configurable parts to it that are downloadable," Wall says. "Moving to a fully downloadable version of PowerKEY is not a stretch for us."
NDS, meanwhile, is working on a "closed loop" system that handles two-way services without a smartcard. The company's VideoGuard System (VGS) contains a small number of gates that handle secure processing and a secure, unique identifier at the chip level. The system, which would live inside a range of consumer electronics devices, is supported by the NDS Secure Video Processor (SVP). Together, they are designed to take a step beyond conditional access and provide digital rights management (DRM) protection for content ported from one device to another. Under the VGS model, the content owner would determine the copyright policies.
"I would hope SVP is part and parcel of NGNA and the video processors that come out," says Dov Ruben, vice president and general manager of NDS Americas.
Irdeto Access, another CA supplier, has created a smartcard coupled with a renewable software layer. The chip inside its fifth-generation "Epsilon" smartcard can also reside on a set-top motherboard.
"It's basically goodbye to smartcard replacements," says Bo Ferm, general manager, Americas, for Irdeto Access. Irdeto Access is also set to debut a fully downloadable CA called "SoftClient" by the end of June.
Conax, a Norway-based CA supplier that recently entered the North American market, makes a smartcard-based system, but is also starting to look at downloadable platforms, with product showing up as early as Fall 2005, according to Vice President of Sales and Marketing Geir Bjorndal.
A CA implementation Nagravision uses for DBS, meanwhile, looks very similar to the scheme CableLabs is presently noodling.The CE challenge
Moving toward a downloadable CA model will require buy-in from the consumer electronics industry, which has gone out of its way to argue in favor of the CableCARD, claiming that only uniform support by the cable industry will drive costs lower and ensure the overall success of the platform
Some observers also believe that CE vendors will balk at fronting the cost of a security processor plus any intellectual property that might be involved. Still others counter that the cost of that chip will pale, even at the get-go, in comparison to the costs they are paying for the CableCARD interface, which requires a PCMCIA socket and, in the case of a multistream version, two processors—one for general purposes, the second for security.
"Our belief is that it will be lower cost for [the CE suppliers] with the secure processor versus having the circuitry to support a CableCARD," Wall says.Indemnification issues
Another possible cause of friction relates to who, contractually, will carry the burden of indemnification. Because the security processor and the software loader (in the CableLabs effort) will not be entirely under the control of the CA vendor, there is some concern about which party would be on the hook should hackers breach the system.
"Since they are managing it, they are in control of the secure loader. But from a security point-of-view, that therefore becomes the core security secret, and [a secret] more important than the CA," argues one observer.
Those pieces have to be kept a well-guarded secret, of course. Although operators would like to see the costs of conditional access licenses come down, CA vendors note that their licenses also cover service and support—and those costs are not trivial. They cover enforcement on hackers who get caught trying to breach the system as well as the perpetual monitoring of potential compromises on Web sites and other sources.
But the beauty of a CA system renewable in software is that it can be changed out, should a hacker break it.
"But what if the downloader gets hacked? Do you have another downloader for the downloader?," asks one industry observer.
In the Comcast-Motorola agreement, however, the CA licenses will be sold through Motorola. Therefore, contractual arrangements and clauses, including indemnification issues, will be negotiated with Motorola. "Comcast is not a distribution chain," Fellows says.
With Comcast having control of this piece of the joint venture, they will have control of those terms, though Motorola will provide input, Motorola's Roman says.
Roman also acknowledges that third parties will be required to protect the assets of the system, but notes that companies that repair Motorola boxes have adhered to such agreements for years without trouble.