The proliferation of content and devices moves content security beyond
traditional set-top boxes, but the playing field is cluttered.

Content Security ConundrumContent is king for consumers of video, music and other Internet-based applications, with content security seated much farther down the table of royal subjects.

Compared with today's environment of multiple devices, delivery services and content security schemes, the days of hooking up a set-top box in a customer's home and calling it good seem almost quaint by comparison. But with over-the top providers beating a path through the Internet and into subscribers' homes, and with content owners fretting about how their videos are being moved from device to device, content security is taking on added importance.

The difference today is that subscribers are seeking out new forms of content on their own, and as the credo goes, they seek to "watch what they want to watch, when they want to watch it, and where they want to watch it," which sounds simple enough for the consumer.

Dallas Clement

"I think what has happened over the past two to four years is that the whole ecosystem, the consumer electronics industry, the PC industry, the studios, the distributors, are recognizing that the consumer isn't a bad person," said Dallas Clement, Cox Communications' senior vice president of strategy and development.

"The consumer isn't necessarily looking to steal the content, but what the consumer does want is an easy time playing the content on whatever device he or she owns in the home.

"In order to do that, you have to address the contracts (with content providers), the technology and, in some cases, regulatory issues."

While Clement doesn't see much of a concern with video content that is streamed instead of stored, once the latter takes place, there needs to be a workable framework in place between service providers and studios.

"We'll have to look at what the studios are comfortable with," Clement said. "Are they comfortable with a sort of low bit rate, low-quality [video] going to a handset with perhaps relatively less security? Obviously, they're going to want more security for something that is higher resolution that is going downstream from a set-top box. Our job will be to work with the studios and with other distributors to come up with something that works for all of us."

Widevine's Matt Cannard, vice president of marketing, said the proliferation of digital media that's now available in a wide range of formats was further underscored by the number of new delivery platforms at the Consumer Electronics Show earlier this year, including new Blu-ray players and Internet-connected TVs.

"The closed-network providers are seeing all of these devices coming onto the market, and they need to have some method of getting services to those devices, because if they don't they'll be shut out," Cannard said. "Their challenge is how do they get a DRM that works on all of those legacy platforms out there? And not only that, how do they support the wide range of video formats, including Windows Media, QuickTime and H.264, that are out there?"

Trevor Izsak

Currently, the content security landscape on the Internet is littered with various forms of DRM, including Microsoft's PlayReady, Marlin, the Open Mobile Alliance (OMA), Digital Transmission Content Protection over Internet Protocol (DTCP-IP) and Apple.

"The first big thing you need is interoperability between DRMs," said Trevor Izsak, director of business and market development for Cloakware, which was bought by the Irdeto Group in 2007. "If it was a perfect world where everyone joined hands, sang songs and picked one DRM, we wouldn't need that, but that's not the case. It's a very heterogeneous network, so there needs to be some translation between those DRMs."

Bill Wall, technical director for Cisco's service provider video technology group (formerly Scientific Atlanta), said part of the problem of creating a standardized DRM platform is that there are no standards in place, and that coming up with open standards would be difficult because each DRM vendor has its own intellectual technology.

Bill Wall

On the mobile front, Wall said standards developed several years ago by the OMA are starting to gain traction for handheld mobile devices. For home networking, he said the Digital Living Network Alliance (DLNA) is becoming a de facto standard of sorts.

"At least they've developed a copy protection mechanism for transferring content in the home, and to have the ability to signal whether content is allowed to be copied, copied multiple times, or not copied at all," Wall said.

There's also a need for business rules among the studios, content providers, consumer electronics vendors and service providers on how each of the entities will monetize moving the content to different applications and across wired and wireline technologies. In the cable industry's case, it doesn't want to be a dumb pipe for the over-the-top providers, and at the same time it needs to figure out the business case of having its data and video services complementing each other with video content.

"The general feeling is, if you compete with free, free tends to win unless you're doing something extraordinary," Verimatrix vice president of marketing Steve Christian said. "Free isn't easier these days, but it could become easier in the future. Legitimate monetization and content approaches need to be at least as good, if not better, in order to maintain the business stream that everyone feels they need."

From the regulatory side, place-shifting content can also be a gray area for service providers.

"With something like Slingbox, you're certainly getting around things like blackout rules that people were quite passionate about in the past," Christian said. "I think there's a recognition by operators, and more importantly content owners, that until we find legitimate ways to offer this content and these services, people will vote with their feet and work around the rules. When that happens, everyone will lose their slice of the revenue. It's a question of the politics and technology working hand-in-hand for the appropriate protections, but also to insure the transparency that people are starting to expect."

As far as providing non-linear content to a broader spectrum of users, on the plus side the cable industry does have the advantage of its existing relationships with studios and content providers, as well as large subscriber bases. As for disadvantages, Clement said one was the large number of legacy set-top boxes and TVs in customers' homes that have analog-only inputs.

"I think now, versus in the past, everyone has come to a better understanding of what the customer wants, and I hope that over the course of this year we'll see more progress in defining a set of solutions that will meet customer desires," Clement said.

Cable companies' existing relationships with subscribers can also be a mixed blessing.

"Cable operators' existing relationships with customers are important assets that must be carefully managed," Clement said. "As the service provider, the cable operator will often receive customer trouble calls, regardless of the device involved; we just need to make sure that there are tools in place to help subscribers when they call for help."

Cloakware's Izsak said one way to help cable operators troubleshoot problems on devices such as PCs, set-top boxes and portable devices is to make sure that error codes are included that show the level of where a problem is occurring.

Cisco's Wall said a set of standards developed a few years ago might also help cable operators manage problems in the home networking cloud.

"There are emerging standards in that area," Wall said. "The DSL Forum developed a set of standards a couple of years ago that we're seeing adopted in large parts of the world, mostly in IP networks today, but I think they may move into other networks, as well. They allow for basic management of home network devices and home routers and home gateway devices and let an operator sort of manage that network by being able to do remote diagnostics.

"I think those standards, as they become more prevalent in the devices, will allow managed services to be available to operators."

The paradox for service providers has shifted now that customers are actively engaged in seeking out, downloading and moving their own content instead of having it sent directly to their living room TVs. While the pieces of content security are out there, the service providers that put them in place with the most transparency to the end users will reap the financial rewards.

Silicon Security

One of the new players in the content security field of play is Silicon Image, which won "Best New Product Idea" at CableLabs' Summer Conference 2008.

Silicon Image has designed its own silicon chipset to connect TVs, consumer electronics devices, computers, mobile devices and home theaters. While some studios and service providers are comfortable with the content security abilities of Digital Transmission Content Protection over Internet Protocol (DTCP-IP), Rob Tobias, Silicon Image's director of product marketing, said it's not enough.

"DTCP-IP just protects the content; it doesn't protect all of the other transactions that are going over the home network," Tobias said. "DTCP-IP was designed to be link protection. It protects the content as it goes from device A to device B.

"The rules behind DTCP say that once a device receives the content and wants to store it, it can't use DTCP, and only Windows [Media] DRM, is authorized to store DTCP content. That's OK for devices that implement Windows DRM, but there are many mobile and networked attached devices that don't have Windows DRM. Those devices are not able to store content that was sent to them via DTCP."

SiI6100 HD LiquidHD Display Processor (Click Image to Enlarge)
(Click Image to Enlarge) 
Silicon Image's SiI6100 HD LiquidHD Display Processor is an SoC solution for low-cost, networked micro client STBs. It enables MSOs to deploy cost-effective, multi-room DVR and VOD services. It can also be designed into digital TVs, enabling the TVs to be connected to devices on a LiquidHD network, potentially eliminating the need for STBs, DVD players and other home entertainment equipment.

Silicon Image's LiquidHD is a suite of protocols that run over other IP-based connections, such as Ethernet, MoCA, HomePlug and Wi-Fi 802.11n. The LiquidPlay architecture is based on advanced encryption technology, including AES and Elliptic Curve, to provide another layer of content protection. All of the content entering a LiquidHD-enabled domain is encrypted with 128-bit AES encryption, and keys are securely kept in hardware, preventing software access that has compromised content protection technologies in the past.

LiquidPlay works with legacy set-top boxes as long as they have AES encryption and Elliptic Curve, and Tobias said it's currently being integrated with set-top box and TV manufacturers.

"Things like Wi-Fi and MoCA work fine as long as you're in their physical layer, but they don't offer a comprehensive security solution that can go from one physical layer to another, and then go to storage devices and/or disconnected devices," Tobias said. "So the things that the Wi-Fi guys do are fine if you're just contained in the Wi-Fi network and the security is turned on, which in many cases it's not, but you're going to have these hybrid networks in the home where the cable operator or satellite guy might put in MoCA and then layer wireless on top of it. It's important that you then layer this other type of protection on top of that."