Cisco Service Provider Blog

Video Category Archives

January 16, 2008

Meanwhile Back at the Ranch – What about CableCARDs?

backattheranch.png
With all the talk about DCAS and secure download for cable and IPTV, let’s not forget CableCARDs

Until downloadable conditional access system (DCAS) and the IPTV Interoperability Forum’s (IIF) secure download become available for wide deployment, CableCARD and the ATIS (the Alliance for Telecommunications Industry Solutions) point of deployment (APOD) module (specs for which are currently near finalization) will provide present and near-term security solutions for both HFC cable and IPTV networks. It is very unlikely that CableCARDs will completely be displaced in the next two years by any downloadable solution and, even longer term, may be a coexisting technology.

Information from the NCTA that was disclosed in a recent FCC filing indicated the 10 largest U.S. cable operators had deployed more than 300,000 CableCARD units as of December 2007. The filing also reported that the NCTA has said that these U.S. MSOs have deployed more than 2.25 million CableCARD-capable set-tops since July 7, 2007, meaning for every CableCARD consumers have requested, cable operators have shipped over seven CableCARD-capable set-tops. (Need a refresher on CableCARDs? Visit the OpenCable site for more information.)

One of the well-known issues that CableCARDs present however is that they are a more expensive solution compared to previous “embedded” security implementations. They will also likely remain more expensive than any downloadable solution even in the long run. Over time, however, and with increased volume, it is possible that CableCard prices may decrease. If so, this would likely have the effect of extending the length of the CableCard (and APOD) era and prolong their role as coexisting security technologies.

Since consumer demand for CableCARDs has been relatively weak so far, the main effect of CableCARDs has been extra equipment expense for operators. Even so, as long as regulations are in place requiring the separation of security features from navigation features in receiving devices, CableCARDs will be around and APODs will likely become the solution du jour for the time being.

Posted by Tony Wasilewski at 10:28 AM Permalink | Comments (0) | TrackBacks (0)

November 26, 2007

Downloadable Security – Both Sides of the Fence

Security.jpg A lot has been written about a downloadable conditional access system (DCAS) in the cable industry (including a post I wrote a few weeks ago), but what’s going on over on the telecom side of the video marketplace?

In the IPTV arena, we’re working through the issues relevant to secure download within the IPTV Interoperability Forum (IIF). Our approach will use some similar technologies to what DCAS is delivering for cable, but it is not the same technical solution.

The target of the IIF (which is one of the committees of ATIS, the Alliance for Telecommunications Industry Solutions), is to deliver what is called “initial closure” of our first version of this secure, open-specification download stack by the end of 2007. The work is taking place within the Digital Rights Management Task Force which is one of 4 active IIF Task Forces.

Some current IPTV set-tops have a proprietary download mechanism that is not secured by hardware. This makes these set-tops less secure than the DCAS approach over on the cable side since DCAS calls for downloading into very secure hardware. The ATIS IIF downloadable solution under development will allow use of secure hardware but not mandate it.

Some IPTV providers take the approach of reloading new “software-only” conditional access (CA) once the previous version gets broken and use this reloading scheme as a way to fix the breach. But, even with re-loads, you still have the requirement to provide long-term key storage protection to safeguard the keys that provide device identity or allow you to do content decryption. This is a significant vulnerability in the software-only scenario. Since the deployment of IPTV devices is still relatively small, it’s not yet possible to know what level of piracy will exist against software-only IPTV CAS. Once the footprint of IPTV devices increases, there’s a bigger target and piracy activity will likely heat up.

From a regulatory point of view, the ‘TelCos’ must also meet FCC requirements for the ban on embedded security in navigation devices. Thus, similar to the CATV case, the IIF Secure Download solution will be an alternative to meet the separable security requirement.

In addition to all of the secure download specification work described above, the IPTV Separable Security Incubator (ISSI) at ATIS is working on a fast-track effort to standardize an “IPTV-friendly CableCARD” which can be deployed if downloadable security is not ready in a given network. Telecoms are basing this solution on the MCard standard that the cable industry is using and currently call it the “APOD”. The first draft of this specification is also expected at the end of 2007.

The parallel development efforts of IIF Secure Download and the APOD provide great options for IPTV security solutions and will continue to create an environment that is full of new challenges and opportunities as we move along in the standardization process.

Posted by Tony Wasilewski at 05:33 AM Permalink | Comments (0) | TrackBacks (0)

November 01, 2007

Service Provider Business Models Drive “The Connected Home”

connected_home.jpgThe connected home is closer than we think. Believe it or not, it's not a technology issue, in my opinion. I think that the bigger issue in terms of deploying home networking and connected home-type systems is the business model for service providers. You know the story. You can go out and buy a whole bunch of home networking gear from retail stores and install it in your home. Its point-to-point type technology, does some very handy, straightforward things, and it works very well at a good price

When you try to connect your home network to a trusted, secure network, like the ones where you find our digital set-tops, who's going to handle the set-up, connections and management for all these additional devices? If a service provider does it and you can't print your daughter's term paper because the printer in the basement doesn’t work, and the service provider has to then send a truck, well there go all the profits for a year.

That may be a bit of over-dramatization, but it's the business equation. The business model isn't there yet. However, we believe that controlling some of these things from the network will make it easier, and prevent some of those maintenance costs. Then Digital Rights Management (DRM), Bandwidth Availability, and Quality of Service can all be used to improve the consumer experience and protect the programmers’ rights.

I like to use my house as an example of today's technology. We have an Apple TV connected to our plasma HD set to use mostly for photographs. We have a half terabyte drive sitting behind the monitor on the desktop. My wife has an iPhone. All these things connect together. We move video back and forth, and it's pretty painless. Apple has simplified those interfaces. Unfortunately the only connection to the network for these devices is iTunes over the broadband pipe, which limits the breadth of video access that is provided by the set top, which we all know is a network edge router!

In the long-term, what the service providers want to do is simplify the transition of those interfaces, probably by controlling a lot of it from the network. And I'll remind you that the edge of the network is the digital set-top.

We have over 33 million Scientific Atlanta digital set-tops connected at the edge of the secure network. If you have enough smarts and enough CPU processing power at the edge, and you've got all the admission control and policy management in the trusted network, you can then reach out to these devices and you can start to control them in a much more efficient way.

And I think the best example of that being done today with a simple interface is what Apple's doing. We think that in the future, service providers are going to offer those kinds of services.

Posted by Bob McIntyre at 10:03 AM Permalink | Comments (0) | TrackBacks (0)

October 03, 2007

Drivers for the Service Provider Marketplace

world.jpgLet me start by saying service providers are in a great marketplace. And I'm talking about service providers worldwide. This includes the cable companies and wireline providers, and in many cases the programmers and broadcasters.

As we look at the overall market, there are a number of product and service advancements fueling service provider growth that stand out. The bundle is one of the most important drivers in the marketplace right now. The bundle is working. The common strategy is to lock in the customer who is buying more, while paying less for the bundle. Then you develop customer loyalty, reduce churn and use the devices that are in the home, and up-sell new applications.

Next, the goal is to protect the bundle. How do you do that? You keep the enhancements coming, and keep the applications coming in the bundle. And they don't necessarily have to be new applications that cost a lot of money.

Another driver is the DVR. DVR penetration is continuing to grow and is continuing to be a major driving force in the marketplace. Time shifting is something everybody wants. Remember the days of 500 channels and nothing to watch? Well now you can watch what you want to watch, when you want to watch it, at your convenience. In some cases you can even move it around and place shift it.

HDTV is a phenomenon. Across the U.S. we’re seeing flat panel TVs for less than $900. More and more programmers are shifting to full HD content. Our willingness to buy it and watch it is mostly driven by sporting events, but soon it will be expanded by movies and all other formats of television. And it's a major phenomenon.

So what does it do to the network? Video on the edges of the network demands more bandwidth, more router capacity and a better managed network, and the best way to do that is with an IP converged network. So this increased demand for HD is both a service and network expansion driver.

New technologies, such as MPEG-4 AVC encoding, can drive business opportunities by supporting upgrade cycles so that service providers can stay ahead of the power curve and continue to grow revenues.

And the last driver, but not the least, is the desire to attract new customers and keep existing ones, which loops us back to the importance of the bundle, plus HDTV and DVR services.

I don't think there has ever been a more dynamic, opportunity-filled time to be in the service provider business. New opportunities seem to appear every day, and we're excited about the ways service providers continue to use our end-to-end solution to drive innovation in the marketplace.

Posted by Bob McIntyre at 08:54 AM Permalink | Comments (0) | TrackBacks (0)

September 28, 2007

D-mystifying ‘DCAS’: Downloadable Conditional Access System

There is a lot of activity in the cable industry lately related to improving consumer choice. One of the most challenging activities in recent times was the “7/07” transition. For those that may need a refresher, ‘7/07’, the name that the cable industry gave to July 1, 2007, was the date that the FCC mandated that new cable set-top boxes that arrive and deploy in the field must be equipped with separable security. The technology that is inserted into the set-top boxes to meet the separable security requirement is a multi-stream CableCARD. A CableCARD is a temporary removable security mechanism that, when inserted into a certified television or other device enables delivery of digital video programming and also allows the cable service provider to authorize protected subscription features for a specific subscriber. By mandating that all set-top boxes include separable security, the FCC is allowing consumers to choose to obtain their set-top box hardware from alternate sources other than their local cable operator, (i.e. retail, etc.) while still being able to subscribe and access the digital video services offered by their cable operator. Consumers may also choose to forgo the set-top box and purchase a CableCARD-enabled television to receive their digital programming services.

While progress with 7/07 has been made and shipments of CableCARD set-top boxes are underway, the cable industry has been focused on a number of developments that could some day render the CableCARD obsolete. Scientific Atlanta is playing a leading role in the development and engineering of a technology called Downloadable Conditional Access System (DCAS).

Conditional Access Systems (CAS) are comprised of the system, software and components needed to provide consumers selective access or denial of specific content services in their cable operator’s network. Access to services is controlled by first encrypting the video, audio or data content before it is transmitted over the network. This transforms the data so that it can not be easily “snooped” while in transit or at rest in the network. Then, authorization is achieved through key distribution and entitlement messages sent to client devices. Until recently, the client portion of most CASs was embedded in predominantly fixed hardware such as secure microprocessors and encryption-handling ASICs.

With the convenience of the Web, CAS has been made available in a downloadable fashion which permits a more dynamic security solution. The download may be to relatively-generic host CPUs or to specialized hardware like a set-top box that provides a highly tamper-resistant perimeter for storage of CAS operating code and cryptographic parameters such as keys. Data carousel elements in the network store the CAS operating code images and can repetitively broadcast or multicast the common parts of the CAS. When personalized information is needed for a specific client device, this can be unicast to the device.

Of course, Downloadable CAS approaches bring new security challenges with them. In previous embedded CAS solutions, the CAS operating code and personalization parameters were usually put into the client device in secure factory settings. With DCAS, the operating code and other CAS elements must be secure as they travel across the network. Further, the client device must be able to trust the source of the downloaded CAS. These requirements for privacy and authentication can be met with cryptographic methods, some of which are found in the conditional access systems themselves. Thus, DCAS is really a security and networking framework for the private and authenticated downloading of CASs.

With downloadable security, sometime in mid-to late 2008, consumers could buy a digital-cable-ready TV, plug the cable connection to the back of the set and then call their cable operator, who could then send a software download to the TV to activate two-way digital video service. While our next generation set-top box family was designed to support the latest CableCARD technology, we have also integrated features into those set-top boxes that will enable the deployment of DCAS once it is available.

Posted by Tony Wasilewski at 11:20 AM Permalink | Comments (2) | TrackBacks (0)

 

Legal Disclaimer

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.

© 1992-2007 Cisco Systems, Inc. All rights reserved.