Table of Contents
1 Executive Summary
2 Network Environments and Threat Assessments
2.1 CABLE TV SYSTEMS
2.2 SATELLITE DTH SYSTEMS
2.3 DSL AND FTTP NETWORK ARCHITECTURE
2.4 THREAT ASSESSMENT
3 Content Protection
3.1 TECHNIQUES USED IN CABLE AND SATELLITE DTH NETWORKS
3.2 CONDITIONAL ACCESS IN DSL AND FTTP NETWORKS
3.3 CONTENT PROTECTION IN DSL AND FTTP NETWORKS
3.4 DIGITAL RIGHTS MANAGEMENT IN DSL AND FTTP NETWORKS
3.5 CONTENT PROTECTION IN VIDEO ON DEMAND NETWORKS
3.6 STATUS OF IP TV CONTENT PROTECTION DEPLOYMENTS
3.7 CONTENT PROTECTION TECHNOLOGIES IN MOBILE NETWORKS
4 Opportunities, Risks, and Recommendations
4.1 OPPORTUNITIES
4.2 RISKS
4.3 RECOMMENDATIONS
5 Appendices
5.1 COMPANIES OFFERING IP TV CONTENT PROTECTION SYSTEM
5.1.1 Conax
5.1.2 Irdeto Access
5.1.3 Latens
5.1.4 Microsoft Corp
5.1.5 NDS
5.1.6 SecureMedia
5.1.7 Verimatrix
5 1 8 Widevine Technologies, Inc
5 2 OTHER COMPANIES
5 2 1 Kasenna, Inc
5 2 2 Myrio Corporation
5 2 3 SureWest Communications
Table of Figures
Figure 2-1: Cable Network HFC Architecture
Figure 2-2: Satellite DTH Network Architecture
Figure 2-3: DSL and FTTP Network Architecture
Figure 2-4: Integrated Gateway Architecture
Figure 2-5: Distributed Set-Top Box Architecture
Figure 5-1: Conax CAstream Architecture
Figure 5-2: Irdeto Access’ &Mac185;right Architecture
Figure 5-3: Latens Architecture
Figure 5-4: Windows Media Rights Manager Flow
Figure 5-5: Windows Media 9 Key Management
Figure 5-6: NDS System Architecture
Figure 5-7: Encryptonite Architecture
Figure 5-8: Verimatrix Security System for VOD
Figure 5-9: Verimatrix Security System for Multicasting
Figure 5-10: Current Video Distribution Architecture
Figure 5-11: The New Kasenna/ViewNow Architecture
Table of Tables
Table 1-1: TV Distribution Network Threat Assessment 6
Table 2-1: TV Distribution Network Threat Assessment
Table 5-1: Content Protection Systems and Architectures
Table 5-2: Conax’s IP TV Products
Table 5-3: Conax’s IP TV Deployments
Table 5-4: Irdeto Access’ Fiscal 2003 Financial Results
Table 5-5: Irdeto Access’ Broadband Video Products
Table 5-6: Irdeto Access’ Broadband Video Deployments
Table 5-7: Irdeto Access’ Broadband Video Technology
Partners
Table 5-8: Latens’ IP TV Products
Table 5-9: Latens’ IP TV Deployments
Table 5-10: Latens’ IP TV Technology Partners
Table 5-11: Microsoft’s Fiscal 2003 Financial Results
Table 5-12: Microsoft’s IP TV Products
Table 5-13: Microsoft’s IP TV Deployments
Table 5-14: Microsoft’s IP TV Technology Partners
Table 5-15: NDS’s Fiscal 2003 Financial Results
Table 5-16: NDS’s IP TV Products
Table 5-17: NDS’s IP TV Deployments
Table 5-18: NDS’s IP TV Technology Partners
Table 5-19: SecureMedia’s IP TV Products
Table 5-20: SecureMedia’s IP TV Deployments
Table 5-21: SecureMedia’s IP TV Technology Partners
Table 5-22: Verimatrix’s IP TV Products
Table 5-23: Verimatrix’s IP TV Technology Partners
Table 5-24: Widevine’s IP TV Products
Table 5-25: Widevine’s IP TV Deployments
Table 5-26: Widevine’s IP TV Technology Partners
Table 5-27: SureWest’s Fiscal 2003 Financial Results
Executive Summary
The experience of the music industry with Napster has raised
the level of concern over Content Protection. Napster facilitated
the free distribution of music across the Internet. The
media owners, the record companies, lost control of their
content and apparently experienced significant revenue loss
as a result.
The movie studios, video networks, and broadcasters are
concerned about the same thing happening to them. They already
are experiencing a major problem with pirating, with bootleg
DVDs appearing on the market even before the studio releases
the DVD. The studios want to be sure that distributing their
content over IP TV or Cable Video On Demand (VOD) networks
does not compromise their content.
Systems that are used to protect content on networks have
three parts:
- Conditional Access Systems that insure that only authorized
subscribers have access to the content and protects against
the theft of the service.
- Content Protection Systems that insure that content
is transmitted across networks in an encrypted form that
cannot be interpreted and protects against the theft of
the content.
- Digital Rights Management Systems that manage how the
content is used, e.g., the number of times or the period
of time over which the content may be played and insure
that the content is used only in an authorized manner.
Conditional Access is the major concern of the Cable and
Satellite Direct To Home (DTH) networks. Cable and DTH networks,
in particular, are vulnerable to service theft, since they
are broadcast networks.
IP TV networks have much better control over Conditional
Access than either the Cable or Satellite DTH networks.
The IP TV networks have a point-to-point connection to each
subscriber, plus the IP TV network transmits only the channels
that the subscriber is actually watching. This makes it
difficult for an IP TV subscriber to steal service.
On the other hand, IP TV networks typically use an Ethernet
network to carry the content to the set-top box. Ethernet
networks are easy to monitor and to spoof . IP TV networks
can implement Digital Rights Management relatively easily.
Since the IP TV network controls that channels are transmitted
to the subscriber, it can enforce the Digital Rights Management
rules.
Table 1-1 summarizes the threats from each of the IP TV,
Cable, and Satellite DTH networks. It illustrates the points
made above.
Table 1-1: TV Distribution Network Threat Assessment
|
Network Type
|
Service Theft Threat
|
Content Theft Threat
|
|
Cable TV
|
Medium
|
Low
|
|
Satellite DTH
|
High
|
Low
|
|
IP TV
|
Low
|
Low or High
|
Source: MRG, Inc
While Conditional Access is easier in IP TV networks, current
implementations often rely on “identifiers”, such
as the Ethernet address of the set-top box, which can be
easily spoofed. IP TV Conditional Access systems are currently
moving to use the port address in the access systems in
the central office that connects to the subscriber as the
identifier. This will be very difficult to spoof and should
provide a high level of Conditional Access Security.
Some IP TV system suppliers use an Integrated Gateway that
combines the functions of the set-top box into a single
component. This approach keeps the IP TV video content off
the Ethernet network and eliminates that vulnerability.
An IP TV system with an Integrated Gateway has a low level
of threat of content theft.
Content Protection systems for IP TV networks use sophisticated
encryption systems that can change keys frequently, suppliers
use Integrated Gateways that combine the functions of the
DSL modem and the IP TV often only after a few seconds.
These systems will be hard to break and provide strong content
protection.
There are two kinds of Content Protection systems that
are offered for IP TV systems today. One uses a smart card
to identify the subscriber. The other uses software techniques.
The smart cards are widely used by Satellite DTH networks
and seem to give the network operator better control, but
at a price. The network operator must replace all of the
smart cards in its network if its security is seriously
breached. This can be quite expensive, since a smart card
typically costs about $20. It also can take weeks for all
of the smart cards to be replaced, which leaves the network
vulnerable.
A software approach requires that the software in the set-top
box be updated. This is relatively low cost and can be accomplished
in a few hours. It is still the early days in the deployment
of IP Content Protection systems. While few of the small
IP TV networks have implemented Content Protection, the
major IP TV networks, such as Softbank in Japan and Chunghwa
Telecom in Taiwan have. SureWest Communication and Sasktel
in North American have also implemented Content Protection.
Deploying Video On Demand appears to be a major driver
for implementing Content protection. The studios the content
that the IP TV networks would like to offer are requiring
Content Protection. Some of the premium broadcast channels
are starting to require Content Protection as well.
Content Protection is rapidly becoming a requirement. All
IP TV network operators should plan to include Content Protection.
However, any network operator implementing a Content Protection
system should continuously monitor this system and prepare
for the certainty that it will be breached. After all, Content
Protection is a business issue. It is implemented to protect
the revenue of the network operator or the content provider.
The cost for providing a specific level of protection should
be balanced against the potential revenue loss. The IP TV
network operator should spend only as much as they need
to bring the potential revenue loss down to an acceptable
level.
Press Release
Order Form
