In a technical facility somewhere in Maryland, digital codes that are likely to be central to the future of cable-TV signal security are being burned into a batch of microchips.
The code is supposed to be unhackable, preventing would-be cable thieves from stealing pay TV signals they haven’t purchased. It also promises a standard means for authorized devices to access the network, through a simple software download. The tight-lipped, cable-backed outfit developing this technology calls itself PolyCipher.
At some point next year, those secure PolyCipher-based chips, each with a unique hardware ID, will be shipped to Motorola and Scientific Atlanta, to embed in the set-top boxes they sell to cable operators. The chips will also be sold to consumer-electronics firms such as Panasonic and Samsung, who can build them directly into “cable-ready” TV sets.
Once operators have installed the necessary headend components to deliver the downloadable-security code, subscribers should be able to plug those set-tops or TVs into their coaxial cable at home. And then, without needing a truck roll, a phone call or an insertable CableCard, they’ll get their entire channel lineup and other interactive services from their cable operator almost instantly.
That’s the plan, anyway.
But getting the Downloadable Conditional Access System, or DCAS, actually deployed has been a more complex task than the cable industry anticipated when the concept was sketched out more than two years ago.
PolyCipher is said to be looking at conducting a system-test phase into the first quarter of next year, prior to having test units ready for operator field trials by mid-2008.
In short, there’s still plenty of work left to be done. “It’s a very complete design, shall I say,” Scientific Atlanta chief scientist Tony Wasilewski said. “DCAS is really very well designed, and because of that there were things that needed to be put into place” — like the Maryland facility for “keying” the secure microchips with individual IDs — “that took longer than we thought.”
Next Generation Network Architecture (NGNA) joint venture is formed by Comcast, Time Warner Cable and Cox Communications. The downloadable conditional access project eventually becomes NGNA’s focus.
Cable demonstrates downloadable security for FCC staff with Scientific Atlanta, Motorola and Nagravision.
NCTA in an FCC filing says DCAS is a “feasible” approach and projects a national rollout by July 2008.
NCTA requests an industrywide waiver to FCC separable set-top security mandate until Dec. 31, 2009, or until DCAS is widely deployed, whichever is sooner. It also discloses that the industry has invested $30 million in PolyCipher (a.k.a. NGNA LLC).
FCC rejects NCTA’s waiver request.
Early to mid-2008
PolyCipher DCAS, downloadable versions of Motorola MediaCipher and SA PowerKEY, and BBT to be available for field trials.
Verizon required to comply with FCC separable-security mandate for high-end set-tops.
DCAS potentially ready for commercial deployments.
$100 MILLION SOLUTION
The National Cable & Telecommunications Association says it has committed $100 million over three years to develop a means for the entire industry of delivering security instructions to set-top boxes, TVs and other devices through software downloads.
The chief investment has been in PolyCipher, the Denver-based joint venture first formed in 2004 by Comcast, Cox Communications and Time Warner Cable. PolyCipher (whose official name is NGNA LLC, for “Next Generation Network Architecture”) is developing the downloadable security technology, while CableLabs handles licensing.
Now, PolyCipher is purportedly moving forward with a greater sense of urgency under the stewardship of the two set-top box giants. The JV, which has about a dozen full-time employees, has received the full participation of Motorola and SA, according to executives involved in the project. “They’re ultimately designing a lot of the infrastructure” for the downloadable security technology, a cable-technology engineer familiar with PolyCipher said.
Initially wary of the joint venture, the two companies are said to have recently begun contributing additional resources to bring the solution to fruition as quickly as possible. Motorola in particular has provided significant architectural improvements to make DCAS easier to integrate with multiple vendors’ products.
Wasilewski declined to comment on whether Scientific Atlanta has taken an increased role in the development of the download technology. Motorola did not provide comment by press time, nor did PolyCipher or the three cable operators that own it.
In any event, Scientific Atlanta is six to eight months from delivering pieces of the access code to operators for large-scale testing, Wasilewski said.
For cable operators, downloadable security can’t arrive soon enough. Every CableCard-based set-top they have shipped out the door since July 1 — required for most operators under the Federal Communications Commission’s ban on boxes with embedded security functions — represents around $50 or more of incremental cost they would largely avoid by downloading instructions directly to set-tops.
In February, Time Warner Cable estimated it will spend $50 million this year on CableCards, capital “we would not have had to spend last year,” chief financial officer John Martin said on a conference call with financial analysts.
DCAS (say it “DEE-caz”) was originally conceived of as a way to give operators more flexibility in picking conditional-access systems. It now has one primary purpose: to rid the industry of the CableCard blight.
“Now that CableCards have sort of been forced down [cable operators’] throats, it’s a paramount cost savings to move to downloadable security,” SNL Kagan senior analyst Ian Olgeirson said.
But the delays surrounding DCAS were cited by the FCC’s Media Bureau as one of the main reasons the agency refused to give the NCTA another industry-wide extension on complying with the integrated set-top ban. Two years ago, the FCC deferred the ban from July 2006 to July 2007, because the NCTA said downloadable security was expected to roll out by July 2008.
Then last year the NCTA petitioned for another deferral — asking that the industry have until the end of 2009, at the latest, to deploy DCAS. The FCC saw this as cable dragging its heels.
“We do not believe … NCTA should be able to shield itself from the clear directives in the commission’s rules … by continuing to assert that a better approach is on the ever-expanding horizon,” the agency’s Media Bureau said in its June 29 ruling.
So why is it taking so long to develop a downloading process that works? Not only is it a complex system that requires changes in set-tops, headends and process, but “it has to be bulletproof,” said Chris Dinallo, vice president of technology for set-top manufacturer Pace Micro Technology Americas. “Cable has to be certain there’s not a rogue way to break into it.”
And such thorough testing takes time. “With anything that happens in the set-top box, there are always going to be moving parts — so when you bundle in security, that adds a new layer of complexity and an additional layer of importance,” Olgeirson said.
The slow going on the PolyCipher project has prompted at least two competing schemes to come forward in the hopes of gaining traction with the FCC as alternatives to the DCAS path blessed by Big Cable.
One self-styled competitor is Beyond Broadband Technology, which earlier this year garnered some unexpected attention from the FCC. BBT was formed by three small cable operators in 2002 to develop a low-cost digital set-top box. As part of its design, the set-top is to include downloadable conditional access.
The FCC, in a Jan. 10 notice, held up the three-operator consortium as an example the rest of the industry should emulate.
BBT “has already developed a downloadable security solution which provides for common reliance … and reports that its open standard, low-cost solution for separated security will be available in time to comply with our July 1, 2007, ban,” the agency announced.
But as of mid-September, BBT had yet to produce anything except a few prototypes. The FCC had assumed the BBT solution was “available today,” and used that mistaken assumption as part of the rationale for turning down Comcast’s and NCTA’s waiver petitions.
Originally BBT was hoping to have boxes shipping in quantity in September. Now, “we expect to have 250 beta units for testing in the next two months,” said Steve Effros, a cable consultant working with the BBT project, who acknowledged there has been some “slippage” from previous goals.
The BBT episode, though, spurred Motorola and SA to suggest that software-downloadable versions of their proprietary systems could also be kosher with the FCC. (The agency hasn’t said whether that’s the case.) At the same time, both vendors indicated their support for the PolyCipher approach to DCAS.
Meanwhile, Widevine Technologies, a provider of conditional-access and digital-rights-management software, last month presented a software-only solution for downloadable security to staff members of the FCC’s Media Bureau.
Whereas PolyCipher’s technology requires proprietary security chips from specific vendors, Widevine’s proposed solution for downloadable security works with “off-the-shelf hardware,” according to CEO Brian Baker. That would result in a download system that could work across all multichannel-video providers — cable, satellite and telco — instead of being a specification controlled by the major cable operators.
“CableLabs has the ultimate authority to dictate which vendors get to play in the cable sandbox,” Baker said. “We’re taking a very different approach. We’re leveling the playing field.”
Cable-industry executives, though, say a hardware-based conditional-access system was a prerequisite for content owners to sign off on the use of DCAS to protect access to programming. “PolyCipher and the [cable operators] feel strongly that a solution at least partly needs to be based on hardware,” Wasilewski said.
With hardware-based security, said Dinallo, “maybe some scientists with an oscilloscope could crack it, but your average guy at home is not going to go through that trouble.”
Still, the competing proposals have created the impression that “there’s some hesitancy, some question marks about whether the PolyCipher version is the one or not,” said Dov Rubin, general manager and vice president of the Americas for conditional-access vendor NDS Group.
Rubin, in fact, takes issue with PolyCipher’s reliance on a single security chip. NDS, he said, believes the security hardware instead should put protection schemes in different regions, so that if an algorithm is broken in one area that doesn’t make the solution vulnerable everywhere.
That said, he added: “At the end of the day, it’s 'dissent and commit.’ If the cable industry says, 'It’s a single chip and it’s DCAS,’ we’ll live with whatever the customer decides.”
(SET) TOP SECRET
Some of the uncertainty about PolyCipher probably stems from the fact that, even for the cable industry, the venture is shrouded in secrecy.
For instance, key component suppliers have not been publicly disclosed. German chip maker Infineon Technologies is the single initial supplier of secure microprocessors for DCAS, according to vendors participating in the development process, but its name doesn’t appear in any PolyCipher or DCAS documentation. The expectation is that other suppliers of silicon will be certified at some point.
In addition, which vendors are working to implement elements of the system are mostly unknown outside of the inner sanctums of PolyCipher and CableLabs.
The NCTA has claimed the industry has negotiated 90 agreements to use DCAS and that 19 companies are full DCAS licensees. But CableLabs, when asked for the names of the 19 licensees, would only disclose four: LG Electronics, Panasonic, Samsung and set-top maker Advanced Digital Broadcast (ADB).
The DCAS project “remains a mystery to all but a small number of entities who have entered nondisclosure agreements with CableLabs,” the Consumer Electronics Association wrote in comments filed Sept. 14 with the FCC, opposing the NCTA’s appeal of its waiver denial. “The commission and the consumer-electronics industry have no way to evaluate whether the proposed [technology] is true separable security, and whether it is otherwise suitable for nationwide use.”
The FCC, while it has indicated downloadable security schemes like PolyCipher’s DCAS technology would meet its separable security mandate, may decide to impose a universal specification covering all multichannel video programming distributors.
This may not be a desirable outcome. “My only hope is the FCC doesn’t turn conditional access into something that’s generalized for everyone and specific to no one,” said Rubin.
For now, the biggest players in the cable industry remain “very committed to DCAS — there are absolutely zero signs indicating otherwise,” said Pace Micro’s Dinallo.
That’s not to say, he added, that cable won’t later consider another technology that may be better: “The cable industry has been good at backing many different horses.”
But only up to a point, said SA’s Wasilewski: “You always want to entertain new solutions, but at some point you have to cut bait because otherwise you could just go on forever.”