10.6 Cable Conditional Access TV

This section presents two key issues that must be addressed to enable the cable subsection industry: the Host “Point of Deployment (POD) interface and copy protection technologies [HOSTPOD]. The Host-POD interface is concerned with enabling a large Multiple System Owners (MSO) to work with a number of 3rd party set-top box manufacturers without releasing control over critical Conditional Access (CA) and encryption components . In contrast, copy protection technologies ensure that content delivered to consumers through set-top boxes is not reproduced without authorization.

Although seemingly unrelated, the business environment today requires both technologies to be integrated. And while it is possible to have a Host-POD interface which does not support a copy-protection system, as well as a copy-protection system which does not support the Host-POD interface, virtually all cable set-top boxes today deploy implementations in which the two are well integrated.

10.6.1 Cable Host-POD Interface

The cable industry relies on fees paid by subscribers to gain access to content. To prevent subscribers from accessing content they did not pay for, one needs to control the access to each individual program broadcast on channels carried by a cable feed. Such control requires ownership of a component of the set-top box called the POD component. The POD component is added to set-top boxes by cable system owners, not by the manufacturers. Therefore, a critical aspect of a digital set-top box is the provision of an interface to a POD called the Host-POD interface [HOSTPOD] (see Figure 10.8). To ensure interoperability of PODs with commercially available receivers and set-top boxes (Hosts) produced by numerous vendors , a Host-POD interface was specified and standardized by SCTE 28, which is based on EIA-679B Part B, the National Renewable Security Standard initially adopted in September 1998.

At the subscriber premises, a cable reception system includes a cable set-top box called Host, and a POD Module. This combination allows the isolation of cable operator hardware specifics into a renewable POD Module and therefore provides the architectural foundation for retail availability of cable navigation devices. The combination of a properly-authorized POD module and a Host device permits the unscrambled display of cable programming that is otherwise protected by a CA system. The SCTE 28 standard supports a variety of CA architectures, including the out-of- band carriage (i.e., separate from the MPEG program) of Entitlement Management Messages (EMM) used to control scrambling . With this interface, a cable operator is able to upgrade security in response to a breach by replacing the POD modules, without requiring any change in the host set-top box. The interface supports both one way and two way cable systems.

The Host has two different ways to recognize a POD Module: (a) at the application level, using the Application Information Resource (AIR), or (b) at the physical level as defined by Personal Computer Memory Card International Association (PCMCIA). For application level POD interaction, the Application Information Resource (AIR) resides in the Host, exposes to the POD the Host's configuration, and exposes the POD's application and data to the Host. In PCMCIA memory mode, the Host accesses the POD Modules Attribute Memory to read the Card Information Structure (CIS) which is readable whenever the POD module is powered or after the POD module has been reset by the Host.

10.6.1.1 Two-Way Cable Networks

For two-way networks, the QPSK receiver circuit in the Host tunes to between 70 and 130 MHz and demodulates the Forward Data Channel (FDC), where either 1.544/3.088 Mbps or 2.048 Mbps are used. The recovered serial bit-stream, and the clock, are both sent to the POD Module. This serial data is used primarily to send CA entitlement management messages from the cable system to the POD Module.

In the return path , the POD Module generates QPSK symbols and clock and transfers them to the QPSK transmitter circuit in the Host using either 1.544 Mbps, 3.088 Mbps or 0.256 Mbps Return Data Channel (RDC) bit rate. The QPSK transmitter circuit modulates the QPSK symbols onto a narrow band carrier to between 5 MHz and 42 MHz. In all cases, the tuning of the QPSK receiver and transmitter is under control of the POD Module.

10.6.1.2 One-Way Cable Networks

With one-way networks the architecture and details are the same, with the exception that the QPSK TX (transmit) module is missing or irrelevant. In addition, an optional telephone modem may be incorporated into the Host to allow limited interactive services. In this case, the standard telephone modem is incorporated into the Host.

10.6.2 Digital Rights Management

In the context of Digital Rights Management (DRM), security is a measure of the difficulty in bypassing or defeating the anticopy process. Ideally the system is completely undefeatable, but as a practical matter the copy protection system needs to be secure enough to thwart attempted breaches by typical consumers, including reasonably sophisticated consumers. Typically, a security system is considered successful if the vast majority of consumers (typically >90%) are prevented from taping Pay-Per-View (PPV) programs in the home.

The Host-POD Interface standard includes limited DRM support as it requires the imp[lementation of a Copy Protection resource, as defined by SCTE DVS/301r2, Section 8.2.1.1 NRSS Copy Protection Framework Messages.

10.6.2.1 Analog Video Copy Protection

Analog video protection systems typically modify the video signal to be recorded (e.g, on tape) or to be broadcast (e.g, pay-per-view television programs) to make copying by ordinary VCRs difficult or impossible . The copy protection process does not interfere with viewing of a video tape on which the copy protected video signal is recorded. However, any attempt made to copy the video signal from the tape using a second VCR to record the output of the first (playback) VCR yields a picture degraded to some extent, depending on the efficacy of the particular copy protection system.

Macrovision Corporation [MVSN] is a leader in the development of techniques for modifying an analog and digital video signal to inhibit making of acceptable recordings. For protecting analog devices, the technique is based on adding information in the unused lines of a video signal Vertical Blanking Interval (VBI). The information added confuses the Automatic Gain Control (AGC) circuitry of a VCR when recording such a signal, so that the recorded signal is unviewable as it displays a dark picture when the recorded signal is played back. With this technique, over 95% of unauthorized copies are either unwatchable or have substantially reduced quality.

Another technique was introduced by Eidak Corp., increases or decreases the length of each video field from the standard length. This is achieved by changing the time duration of the horizontal line intervals in each field while keeping the number of lines per frame unchanged. Alternatively, the scrambling can be achieved by changing the number of horizontal line intervals that constitute a frame while maintaining the duration of each line interval unchanged.

10.6.2.2 Digital Video Copy Protection

With DTV (including HDTV and iTV) content, the DRM requirements are as follows : Set-top boxes must be copy protection capable, namely they must prevent users from making unauthorized copies. Broadcasters and cable system owners must be able to deliver programmable and customizable copy protection configurations based on viewer's selections. Emission systems must be able to deliver real-time mode change commands that enable turning on/off receivers' ability to view certain programs; as an example, selection of a program might be automatically redirected to a preview channel when the viewer has selected a PPV channel not yet purchased. Finally, DRM components are tightly coupled with transaction billing and reporting systems.

Copy Protection Process

With digital set-top boxes it is possible to either block viewing altogether or allow viewing but prevent making unauthorized copies. Typically, the digital video set-top box includes a digital color encoder and decoder which contains copy protection circuitry for applying the copy protection waveforms to the analog or digital video signal being protected. If the subscriber is not authorized for a particular protected program, the colors are modified so as to render the signal sent to the TV display adapter unviewable. If the subscriber is authorized to view the program, the color scrambling is reversed and signal sent to the TV display adapter is viewable. In this case, when a subscriber records the protected program using a VCR without authorization, the unauthorized copy is degraded to the degree that it is unwatchable using the analog copy protection techniques.

When the copy-protected compressed digital video signal is delivered, the video, audio, and copy protection portions are separated. The audio and video are forwarded to MPEG-2 decoders, the copy protection portion is forwarded to a CA component. Like any other PKI system, DRM relies on secret keys. Typically, these keys are stored in the set-top box's flash memory. Because flash memory is too slow to allow reading it every time these keys are needed, these keys are loaded into the set-top box's RAM on power-up (i.e., boot). The CA system refers to the RAM copy of these keys every time a signal is to be decoded; unauthorized access is blocked as a side effect of not being able to descramble the content and render it viewable.

Copy Protection Control Byte

It is important to distinguish between programs that need protection and those that do not need copy protection (e.g., free TV broadcast). Typically, the MPEG copyright header bits on their own are not sufficient to activate copy protection in the set-top box. This is because there is a need to differentiate between digital-to-digital and digital-to-analog copy protection conditions, yet provide sufficient control over by whom and how the copy protection information is set up. Therefore, DTV transmission standards allow the broadcaster or cable system owner to send an additional copy protection byte (or word) to the set-top box to activate or deactivate the copy protection process within receiving set-top boxes. One method to deliver this byte is the Entitlement Control Message (ECM); another method is to include that byte in a private data field in the MPEG transport data stream (ATSC's approach). Another method is to deliver the byte in a user defined section of the EPG; this requires an architecture which prevents access to that byte by all set-top box software modules except the CA module. In many cases, a combination of these methods is used.

Preventing Circumvention

All in all, the copy protection system relies on independent activation of, minimally , pulses within the VBI, horizontal sync reduction, pulses at end of fields, and color scrambling (e.g., colorburst) process modification. Nevertheless, it is still possible for copy protection to be circumvented in the set-top box, for example by changing its value of the copy protection control byte. To address this issue cable systems use the following technique: When a copy protected program is viewed , the content of the copy protection byte is periodically transmitted from the set-top box to the cable headend. This tracking enables both the copy protection module in the set-top box and the process running at the service's provider to detect when copy protection has been circumvented in the set-top box; such tracking is all but impossible with terrestrial broadcast.

Digital To Analog Copy Protection

In most cases, the DTV signal needs to be converted into analog signal to be viewed on a legacy analog TV (most TVs do not use MPEG as their native format). It is therefore critical to convert copy protection information from the digital domain to the analog domain. The MPEG-2 bit-stream may contain, in a private section, a copy guard bit that indicates whether the content may be copied or not. Dedicated copy guard bit detecting circuits or software are embedded in set-top boxes for the sole purpose of detecting this bit and using the results to impact the digital to analog signal conversion. As an example, the value of the copyright bit could be combined with the TSID specified in the MPEG-2 bit-stream and inserted into a horizontal interval of the VBI of an analog signal generated from the digital MPEG-2 bitstream. This modified ID could then used in various tracking, billing, and monitoring processes. The resulting analog signal includes an encoding of the copyright bit that could be manipulated in countless ways for retransmission and for viewing on a TV display.

Coordination with Set-top Box Manufacturers

Set-top boxes are typically shipped by the manufacturer with the copy protection capability installed, but functionally locked. This means that the set-top box does not respond to any copy protection control commands. However, the set-top box is unlocked (i.e., enabled) by a message initiated from the headend by a licensed video service provider. This message, which typically consists of at least 8 bytes, need only be acted on once by the set-top box during the lifetime of the box; typically, once a set-top box is set up, it cannot be connected to a different service provider. This code is provided by the set-top box manufacturer only to a copy protection licensor , the cable system owner, who in turn provides the code to licensed video service providers. The copy protection unlock message is different for each set-top box manufacturer, but is the same for all boxes made by that manufacturer.

Upgrade Issues

To ensure that, over the life of the set-top box, the copy protection process provides the maximum effectiveness with VCRs and compatibility with legacy TV sets, the copy protection system needs to be upgradable on a system-wide basis by the cable system owner, typically initiated by transmission of a new set-top box process configuration. In response, the set-top box is programmed to process the data and reconfigure the parameters of the copy protection process accordingly .

10.6.2.3 DVD Copy Protection

The DVD copy protection process is activated during DVD authoring, and is independent of the picture on original disc playback. To copy protect programs, licensed content authoring tools are able to set copy protection trigger bits to "on." When the disc is played back, these trigger bits activate a chip inside the player that prevents making digital copies and applies copy protection to the analog output of the DVD player. When an attempt is made to make a copy using a VCR, the techniques described earlier are applied to render the copied content unwatchable.

Macrovision [MVSN], the market leader and de-facto standard in the DVD copy-protection market, authorizes manufacturers of Integrated Circuits (IC) to include DVD copy protection capability that utilizes their technology (protected by intellectual property laws); there are currently 45 authorized manufacturers. DVD player manufacturers are in turn licensed by Macrovision to purchase copy-protection-capable ICs; there are about 50 integrators that include copy-protection-capable ICs in their design. Broadcasters and digital cable operators are also licensed by Macrovision to receive copy protection-capable set-top decoders and to activate copy protection on specific PPV and pay television programming. Licensees include Americast, Astro, BSkyB, DirecTV (U.S.), DirecTV (Japan), EchoStar, Galaxy Latin America, Hongkong Telecom, Kirch Group, PerfecTV!, and Sky Latin America. PerfecTV! currently applies copy protection to 13 channels and Hongkong Telecom and Singapore Telecom apply copy protection to 100% of their VOD programming. In all, Macrovision claims that there are over 20 million households worldwide that currently have copy protection-capable set-top decoders. Virtually all digital set-top boxes in North America have copy protection capability, as do the majority of digital set-top boxes in international markets.