# Yet another interesting "integration ban" twist - Motorola Downloadable MediaCipher



## dt_dc (Jul 31, 2003)

Yet another interesting "integration ban" twist - Motorola Downloadable MediaCipher

http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518913659

File this in the "should have seen it coming" category ... but anyway.

Fresh on the heels of the FCC stating that BBT's downloadable security solution meets the requirements of the integration ban:
http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-07-51A1.pdf

Here comes Motorola with a very similar "Downloadable MediaCipher (DM)" seperable conditional access solution:
http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518913659

A "downloadable" / "seperable" solution (like BBT's). Licensable and available to third party STB / CE manufacturers (like BBT's). Allows for "common reliance" between leased and retail products (perhaps even more so than BBT's) ... hey, what's not to love?

Also, like BBT's solution, depends on proprietary (in this case Motorola MediaCipher) head-end equipment. But hey, fully compatible with already-deployed Motorola MediaCipher equipment (ie, Motorola head-ends ... lots of those around) ... hey, what's not to love?

POOF, there go the DCH (DCH-3416, etc) boxes and multistream cablecards and whatnot. We hardly knew ye. Looked good at the CES booths and press releases though. Hello DC Downloadable MediaCipher boxes (DCDM-3416? DCD-3416?). Next comes Scientific Atlanta's "Downloadable PowerKey (DP)" and ... wait a couple years for DCAS.

Anyway, as always, we shall see. Back and forth ... round and round ...


----------



## davecramer74 (Mar 17, 2006)

interesting stuff.


----------



## Tim N. (Apr 28, 2003)

I don't understand the implications of this post? What does it mean to the average S3 user? Why is it ominous?


----------



## Narf54321 (Mar 30, 2005)

Tim N. said:


> I don't understand the implications of this post? What does it mean to the average S3 user? Why is it ominous?


If I am reading the release properly, I believe it means that they are trying to end-run around CableCARD support. Instead of a (so-called) standardized decoder card, this new Motorola MediaCipher thing is DRM software which can be downloaded to "compatible licensed" devices. Of course, this Motorola thingie can only talk to Motorola head-ends.

The worry is that after nearly 11 years waiting for CableCompanies to adhere to the 1996 set-top box "integration ban," the half-assed CableCARD hardware-based solution is now in danger of being bypassed with newer and incompitable software-based decoders. None of which will work on our S3 units.

I am a little shocked that the FCC seems willing to authorize these things, since I thought the idea of the 1996 law was to help CableCos avoid head-end lock-in as well as consumers.


----------



## Jazhuis (Aug 30, 2006)

If I understand (and I may be wrong)...

It's an end-around (or flat-out abandonment?) of CableCard, as (was currently) required by the FCC's integration ban. How?

How we *wish* things were:
Integration ban forces CO's to standardize on equipment (i.e. the CableCard spec they designed) in their boxes. This allows CE manufacturers to make devices to a standard, so that users can go buy a tuner (or TiVo) they like, and use it on the CO's system. If you move from town to town, you can still use your preferred tuner (rather than renting from the CO), because they all use the same DCAS infrastructure.

How this *seems* to make things:
These (proprietary) systems, while nominally licensable to CE manufacturers, will be picked and chosen individually by CO's for use. Comcast in NY, for instance, may not use the same system as Comcast in LA (or TW, or whatever). CE manufacturers will be unable to manufacture to a single specification, and it will likely be too expensive (or feasible) to license and integrate all the different systems into a consumer box. The cable infrastructure remains fragmented, and thus locked-in by region, company, and rollout. CE manufacturers will either have to make multiple versions of their devices (TiVo BBT, TiVo DM, TiVo SA, etc), which will mean confusion for customers and/or a reliance on the local CO helping them point people to the right devices (suuuure...), or just give up completely.

In other words, _plus ça change, plus c'est la meme chose_.


----------



## hornblowercat (Mar 4, 2007)

Narf54321 said:


> I am a little shocked that the FCC seems willing to authorize these things, since I thought the idea of the 1996 law was to help CableCos avoid head-end lock-in as well as consumers.


I'm not surprised by anything any government agency does that doesn't profit big business and screw the consumer. You shouldn't be either.

Does anyone remember how when cable was deregulated how that was suppose to help consumers?


----------



## ah30k (Jan 9, 2006)

First off, I think getting approval for downloadable security does not relieve them from having to offer CableCARDs. The theory is that if they offer the CableCARD flavor of separable security and the Downloadable flavor of separable security they everyone wins! In theory.

In practice, if the cable companies get to choose a different flavor of dog-food than the consumer variety of dog food then are we really making them eat their own dog food?


----------



## pkscout (Jan 11, 2003)

Narf54321 said:


> The worry is that after nearly 11 years waiting for CableCompanies to adhere to the 1996 set-top box "integration ban," the half-assed CableCARD hardware-based solution is now in danger of being bypassed with newer and incompitable software-based decoders. None of which will work on our S3 units.


Why would you say none of these *will* work with the S3? If the encryption/decryption is software based, couldn't TiVo just license it and download it as an update? Shoot, that would be much better than needed new hardware. If everyone goes to software, TiVo could even include two or three or four security stacks that would get activated based on your cable provider.


----------



## Jazhuis (Aug 30, 2006)

pkscout said:


> Why would you say none of these *will* work with the S3? If the encryption/decryption is software based, couldn't TiVo just license it and download it as an update? Shoot, that would be much better than needed new hardware. If everyone goes to software, TiVo could even include two or three or four security stacks that would get activated based on your cable provider.


...again most likely requiring that TiVo (or any other CE manufacturer) directly interact (time + money) with each CO, and probably in many cases, down to the local franchise level, to make sure that they have the right stack activated. And on top of *that*, you'll run into all sorts of other problems (i.e. having to clear your entire system with somebody "official" to make sure that you aren't acidentally leaving decryption keys lying around in unprotected memory for someone to strip out, a la AACS, and all sorts of other hoops). That was part of the (mild) beauty of removable CableCards, in that it was a separate physical device that handled things; a CE manufacturer could incorporate the interface then throw their hands up and say, "It's up to the CO to protect their own encryption keys now!"

Also, BBT's letter at least claims to allow support for an open standard, i.e. DOCSIS (their example); CO's would, of course, need to change out head-end equipment to match. Motorola, on the other hand, says no head-end equipment needs to be changed out, but of course the CE manufacturers would have to license it. Let's see -- CO's spend money to change out their equipment, or make CE manufacturers spend money to license to the same spec?

Eh. In either case, the cost will be immediately passed on to us, anyway. 

(Note: This is still as I am reading these publications, and I may be off somewhat)


----------



## dt_dc (Jul 31, 2003)

pkscout said:


> Why would you say none of these *will* work with the S3? If the encryption/decryption is software based, couldn't TiVo just license it and download it as an update? Shoot, that would be much better than needed new hardware. If everyone goes to software, TiVo could even include two or three or four security stacks that would get activated based on your cable provider.


If the decryption is software based, _and can be downloaded and run on Tivo's hardware and does not depend on some sort of hardware root of trust or secure processor_, then yes Tivo could license it and download it as un update.

The CableLabs DCAS proposal / downloadable decryption software will not run on Tivo's hardware and can not be downloaded as an update. DCAS relies on a secure (hardware) microprocessor. No DCAS secure microporcessor ... no DCAS decryption software.

Motorola and BBT are rather light on the technical details of their 'downloadable' security systems ... but ...

Intel, CEA et al have repeatedly suggested that a pure software decryption solution that can be downloaded and run on 'general purpose' processors should be developed. Or ... at least ... on Intel processors. i'm a little fuzzy reading some of Intel's comments if 'general purpose processors' and 'Intel processors' are one-and-the-same and if there are any non-Intel 'general purpose processors' ...

But anyway ...

The NCTA, MPAA, and CableLabs have repeatedly, ad nauseum reiterated that a purely software-based conditional access sytem is not acceptable. That some sort of underlying hardware "root of trust" must be present for acceptable security. A purely software "root of trust" won't cut it (again, according to NCTA, MPAA, CableLabs).


> http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518709309
> 
> *NCTA*
> 
> ...


Actually, I believe Motorola and Scientific have made similar comments ... but I could be wrong on that. Intersting to dig back through and see what they've said about "pure software" vs. "software + hardware root of trust".

Like I said, BBT and Motorola are light on details. But, I would be shocked (for a variety of reasons) if their 'solutions' weren't similar. Yes, a downloadable 'software' decryption element. But ... it's only (likely) to download and run if you've also got the right hardware.


----------



## sommerfeld (Feb 26, 2006)

dt_dc said:


> If the decryption is software based, _and can be downloaded and run on Tivo's hardware and does not depend on some sort of hardware root of trust or secure processor_, then yes Tivo could license it and download it as un update.


my understanding is that recent model tivos do in fact have a "hardware root of trust" in that the system firmware refuses to boot code which doesn't pass some sort of integrity check.

But a "hardware root of trust" doesn't magically make DRM possible, either.


----------



## mattack (Apr 9, 2001)

hornblowercat said:


> Does anyone remember how when cable was deregulated how that was suppose to help consumers?


but it did, didn't it? They used to charge for extra outlets even if you just had a splitter and a cable-ready TV in the other room... right?


----------



## Tim N. (Apr 28, 2003)

dt_dc said:


> If the decryption is software based, _and can be downloaded and run on Tivo's hardware and does not depend on some sort of hardware root of trust or secure processor_, then yes Tivo could license it and download it as un update.
> 
> The CableLabs DCAS proposal / downloadable decryption software will not run on Tivo's hardware and can not be downloaded as an update. DCAS relies on a secure (hardware) microprocessor. No DCAS secure microporcessor ... no DCAS decryption software.
> 
> ...


I'm not a true expert on this, but I know the TIVO has a sophisticated hardware encryption device on the board. I also know the Moto boxes use a version from the same family. They both have the same crypto library to implement as they choose. These are top level, banking level, secure devices. Therefore, the Series 3 probably can implement any encryption scheme the Moto can implement.


----------



## classicsat (Feb 18, 2004)

sommerfeld said:


> my understanding is that recent model tivos do in fact have a "hardware root of trust" in that the system firmware refuses to boot code which doesn't pass some sort of integrity check.
> 
> But a "hardware root of trust" doesn't magically make DRM possible, either.


Its not a root of trust suitable for the decryption of cable programming. though. If it were my choice, I'd demand a sepearate secure security processor also.


----------



## dt_dc (Jul 31, 2003)

Tim N. said:


> I don't understand the implications of this post? What does it mean to the average S3 user? Why is it ominous?


Some of the posts above have addressed the "big picture" / "long term" issues. But to go back to the more specific / S3 users (and potential users).

_If_ cable companies use CableCard hosts, like the CableCard models Motorola and Scientific Atlanta have been showing, in order to meet the FCC's 7/07 'integration ban', there is the potential for several possible benefits for S3 users. Lots of 'ifs' and 'possibles' and 'potentials' in there. But, in a nutshell, the cable companies would be using CableCards for their conditional access for their boxes ... just like the S3 ... it's reasonable to expect some benefits from that 'common reliance' such as:
- Better support
- Less problems / technical glitches
- Better pricing / more competitive pricing with the cable company's own equipment (elimination of multiple 'digital tier' charges and the like)
- Availability of MultiStream Cards (which could also lead to more of the above)
- Better CableCard installation procedures and / or pricing and / or even more widespread self-install options
- Etc.

Just one example, there's some people that currently can't rent a CableCard from their cable company ... they gotta buy two of them at $150 a pop. If their cable company has to start using CableCards themselves are they going to still force customers to buy the CableCard?

Note: I will say it's sometimes easy to overstate / overestimate the potential benefit of cable companies using CableCards themselves too. For example, going back to those 'technical glitches' ... it's very possible that a Third Party box with Third Party firmware with a Motorola CableCard on a Motorola head-end with people trained by Motorola to support and install equipment may still have a few more technical glitches than a Motorola box with Motorola firmware with a Motorola CableCard on a Motorola head-end with people trained by Motorola to support and install equipment.

Anyway, if you're perfectly pleased with your cable company's CableCard support ... not such a big deal. But, if you think that maybe, if your cable company started using CableCards themselves in their own equipment ... just maybe you might see better support and pricing as an S3 user (or potential user) ...

This becomes 'ominous' becuase alot of those (potential) benefits now seem like they (potentially) won't happen. If cable companies use boxes that use Motorola's "Downloadable MediaCipher" to meet the integration ban instead of CableCard boxes ... well ... it would seem to just perpetuate the current status quo for S3 users (and potential users).

Now ... cable companies may still choose to use the CableCard boxes (I can think of some reasons why they would). Then again ... they may not (I can think of lots of reasons why they wouldn't). I dunno ... have to wait and see.

The next thing I'd expect to see would be some small / mid-size cable company applying for a 'temporary waiver' (until these boxes are available) of the integration ban along with a purchase order for a batch of the "Downloadable MediaCipher" boxes and an affidavit that they'll be deploying them when available.


----------



## sfhub (Jan 6, 2007)

ah30k said:


> First off, I think getting approval for downloadable security does not relieve them from having to offer CableCARDs. The theory is that if they offer the CableCARD flavor of separable security and the Downloadable flavor of separable security they everyone wins! In theory.
> 
> In practice, if the cable companies get to choose a different flavor of dog-food than the consumer variety of dog food then are we really making them eat their own dog food?


I agree, in theory yes, and also agree in practice it is most likely a whole different story.

When they cable company doesn't eat their own dog food various dog food poisons are more likely to slip into production. Various things like loss of authorization, guide problems, tuning issues, pairing problems, etc. etc.

These will of course never be blamed on the actual causes (probably some misconfiguration or head-end upgrade) They will be blamed on this archaic crappy technology the cable company was forced to support and if you use "their" PVR, this won't happen.


----------



## sfhub (Jan 6, 2007)

dt_dc said:


> Note: I will say it's sometimes easy to overstate / overestimate the potential benefit of cable companies using CableCards themselves too. For example, going back to those 'technical glitches' ... it's very possible that a Third Party box with Third Party firmware with a Motorola CableCard on a Motorola head-end with people trained by Motorola to support and install equipment may still have a few more technical glitches than a Motorola box with Motorola firmware with a Motorola CableCard on a Motorola head-end with people trained by Motorola to support and install equipment.


That is absolutely true and a good point, but in that scenario, the 3rd party vendor at least has some control over their own destiny because with enough "tweaks" to their firmware or design, they should be able the reach comparable levels of plug and play as the Motorola equipment.


----------



## dt_dc (Jul 31, 2003)

Multichannel News article:
http://www.multichannel.com/article/CA6427152.html

One interesting blurb:


> The letters language indicated that the product was ready to go, but a cable-industry source said Motorola's DM wouldnt become viable until late 2007.


----------



## dt_dc (Jul 31, 2003)

sfhub said:


> That is absolutely true and a good point, but in that scenario, the 3rd party vendor at least has some control over their own destiny because with enough "tweaks" to their firmware or design, they should be able the reach comparable levels of plug and play as the Motorola equipment.


Yes ... but then there's the Scientific Atlanta box with Scientific Atlanta firmware with a Scientific Atlanta CableCard on a Scientific Atlanta head-end with people trained by Scientific Atlanta to support and install equipment ...

Motorola of course, doesn't have to deal with those and any equivalent "tweaks" that need to be made to accomodate both ... while third parties would ...


----------



## sfhub (Jan 6, 2007)

How about we say it this way, a big reason people want CableCARD to be used to satisfy the integration ban is because they feel there is safety in numbers.

If the goal of a particularly entity is to, either consciously or subconsciously, "break" things then it is basically a cat&mouse game and there are many ways to play.


----------



## sfhub (Jan 6, 2007)

dt_dc said:


> Fresh on the heels of the FCC stating that BBT's downloadable security solution meets the requirements of the integration ban:
> http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-07-51A1.pdf





> Details regarding the initial production designs are still being finalized. The first one-way low-cost BBT "boxes" are not actually designed as "set-top" devices, but appear similar to the "brick" transformers used on the power cords of many portable computers, and will be either wall or set mounted out of view. *They will be in prototype testing in the first quarter of 2007, and manufactured product, in quantity, is scheduled for the third quarter.* Associated headend equipment costing less than one-quarter current equipment prices has already been tested and is ready to go into production immediately.


Shouldn't there be some reality check in the FCCs approval process for something to satisfy the integration ban? Like the technology needs to have been field tested for at least a year before it can be considered for approval. It really feels like (based on their description) this is a solution pieced together at the last minute and held together by glue.



> The significance of this new technology should be clear. It can provide a viable low-cost substitute for expensive CableCARD devices to achieve non-integrated security. Any truly downloadable conditional access system can be accommodated by the BBT approach. *Moreover, consistent with the Commission's goal of "common reliance," BBT is offering its technlogy on an "open standard" basic (similar to DOCSIS modems) to all CE and set-top box manufacturers.*


This part does sound nice, but as they say, the proof is in the pudding.



> BBT was *formed a little more than a year ago following 3 1/2 years of quiet research and development by three independent cable television operators* seeking a solution to the need for low-cost set-top boxes.


I guess that shows you how quickly the cable guys can come up with solutions if they are forced to rather than allowed to drag their feet.

I'm still trying to figure out if these are really credible solutions or just amount to a backdoor extension of the integration ban due to "deployment" issues.

It would have been nice if this type of solution was offered instead of CableCARD, all those years ago, rather than allow the industry to chase what now seems to be a red-herring.


----------



## Jazhuis (Aug 30, 2006)

mattack said:


> but it did, didn't it? They used to charge for extra outlets even if you just had a splitter and a cable-ready TV in the other room... right?


For what it's worth, they still DO, if you aren't careful. 

Comcast, for instance, is more than happy to have their contractor show up and do nothing more than plug already-existing cables into a splitter in their box, then try to charge you $19 for each additional "port activation". The difference is that you can tell them to only hook up one TV, and then do the work yourself after the fact with analog.

</off-topic>

As much as we would wish that CableCard being forced on the CO's would help us on the other side with increased installation support and other support, the integration ban is only a technological compliance, correct? After all, the CO can always just have a small, skilled team that pre-installs cards in boxes and tests them, then gives them to the installers to deploy, leaving CSR's and installers about as half-clueless as they were before.



> BBT was formed a little more than a year ago following 3 1/2 years of *quiet research and development* by three independent cable television operators seeking a solution to the need for low-cost set-top boxes.


I love how the R&D is specified as "quiet". I wonder why?


----------



## kido (Aug 17, 2006)

Jazhuis said:


> As much as we would wish that CableCard being forced on the CO's would help us on the other side with increased installation support and other support, the integration ban is only a technological compliance, correct? After all, the CO can always just have a small, skilled team that pre-installs cards in boxes and tests them, then gives them to the installers to deploy, leaving CSR's and installers about as half-clueless as they were before.


even if they did do this, at least CO's would have to have working head-ends with properly set up accounts for the users who end up receiving these boxes. the current situation benefits the CO if they cannot get cablecards to work or if it is difficult as the consumer will just opt for the more expensive leased equipment that the CO offers.


----------



## Justin Thyme (Mar 29, 2005)

dt_dc said:


> Allows for "common reliance" between leased and retail products (perhaps even more so than BBT's)..


I don't see why you say so. It seems to me that Cisco, Sony, IBM, Microsoft would have much less problem with a BBT than stepping into a Motorolla dependency.

If there is no common reliance on a scheme, then there is no retail market for third party devices, since vendors will not be able to make profits from devices that work on a narrow range of networks. No common reliance by cable companies on BBT or the Moto scheme, and no FCC approval as a substitute for cablecards- or have I read them wrong?


----------



## sommerfeld (Feb 26, 2006)

classicsat said:


> Its not a root of trust suitable for the decryption of cable programming. though.


Depends on what you mean by "suitable". I suspect it's as good as can be expected on a mass-market equipment cost budget.

The tivo's trust root is evidently considered good enough to protect amazon unbox downloads over the internet. Given that any PC with an ethernet card can be pressed into service to wiretap the protocol, unbox uses a much more readily attacked path than the relatively captive environment between the cable head-end and your home.

tivo and the cableco's would clearly need to work out a "link your tivo account to your cable tv subscription" mechanism similar to the "link your tivo account to your unbox account" setup they built for unbox, allowing keying material to be exchanged to allow encrypted content to be deciphered by authorized boxes.


----------



## dt_dc (Jul 31, 2003)

> The letters language indicated that the product was ready to go, but a cable-industry source said Motorola's DM wouldnt become viable until late 2007.


Woops ... make that first half 2008 ...
http://www.multichannel.com/article/CA6427446.html?display=Breaking+News

Oh, and yes indeed Scientific Atlanta is saying their own "Downloadable PowerKey" will also be ready then.


----------



## dt_dc (Jul 31, 2003)

Justin Thyme said:


> I don't see why you say so. It seems to me that Cisco, Sony, IBM, Microsoft would have much less problem with a BBT than stepping into a Motorolla dependency.
> 
> If there is no common reliance on a scheme, then there is no retail market for third party devices, since vendors will not be able to make profits from devices that work on a narrow range of networks. No common reliance by cable companies on BBT or the Moto scheme, and no FCC approval as a substitute for cablecards- or have I read them wrong?


"Common Reliance" vs. "Portability"

Common Reliance - A cable plant uses a seperable security mechanism for its own devices which allows a third party manufacturer to use the same seperable security mechanism to build competitive devices

Portability - Multiple (or preferably all) cable plants use the same seperable security mechanism which allows a third party manufacturer to use the same seperable security mechanism to build competitive devices that can be used on multiple (or preferably all) cable plants

Yes, yes, yes ... in the real world 'portability' and 'common reliance' are intertwined since a third party manufacturer isn't likely to (realistically) make products that only work on some (or a few or one) cable plants.

But anyway ...


dt_dc said:


> Allows for "common reliance" between leased and retail products (perhaps even more so than BBT's)


If you read a little between the lines of BBT's stuff and what they're trying to do (and JetBroadband's waiver application and how they're intending on using BBT's boxes) ...
http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518907934
There's the distinct _possibility_ that it's going to be used in a dual CA system way. They'll go 'mostly all-digital' and have a few channels using BBT's stuff ... and customers that don't wanna pay nuttin for no digital box (or VOD or premium channels or whatever) will get the BBT brick to place behind the TV. Those channels will be duplicated (Motorola MediaCipher) and available along with all their other channels (and VOD and everything else) for customer willing to pay for 'digital' cable and one of them dang expensive Motorola boxes (or using a CableCard ... I notice BBT says absolutely nothing about CableCards).

But ... that's just reading between the lines and just a possibility ... which is why I just said 'perhaps'.


----------



## MichaelK (Jan 10, 2002)

mattack said:


> but it did, didn't it? They used to charge for extra outlets even if you just had a splitter and a cable-ready TV in the other room... right?


and now they charge for extra outlets for every digital cable tuner- many company's even charge TWICE for the tivo becuase they consider each cablecard it's own outlet- big fat change.....

Give it 5 years and ever outlet will be getting charged again. We all hope that M-cards will at least mean Tivo's will only get chargesd as one. But for all we know cable will argue the addtional digital outlet IS really each tuner and soon they will start charging TWICE for cablecard tv's with PIp and m-cards....

Also- they are now allowed to chard PER outlet for content. Used to be you paid for HBO and it was for the whole house. Now some providers charge for the HD tier on EACH outlet that it is turned on (again twice for a series 3 tivo)

things might be better but the example of additonal outlet fees is not one of them.


----------



## Justin Thyme (Mar 29, 2005)

I was refering to the meaning of the term "Common Reliance" as is used in most public discussions of cablecards. For example, Gary Shapiro in this news release regarding the most recent court battle (lost) by the cableco's against the FCC.



> ...among the reasons that the agency has not changed its mind is the fact that the market Congress has twice urged to open to competition remains substantially closed, and that common reliance has been shown to be essential to opening it. Common reliance will benefit consumers by enabling manufacturers to provide a broad array of products that can connect to cable systems featuring innovative new features for competitive prices.


If there is no cableco agreement on common reliance on BBT or Moto scheme, then there will be no FCC approval of such a substitute to Cablecards.

I have seen little evidence that either alternative has much chance of averting the 707 integration ban deadline.


----------



## MichaelK (Jan 10, 2002)

If Moto and SA have downloadable system today with deployment today why does a standard for downloadable security from cablelabs seem so far away? 

Is it that you would need to get moto and sa to agree and that's a huge undertaking? Or is cablelabs just slow as molasses?


----------



## cramer (Aug 14, 2000)

sommerfeld said:


> my understanding is that recent model tivos do in fact have a "hardware root of trust" in that the system firmware refuses to boot code which doesn't pass some sort of integrity check.


Hah. That "integrity check" is laughable. It is easily disabled -- and has been for years on Tivo's other systems.



Tim N. said:


> I'm not a true expert on this, but I know the TIVO has a sophisticated hardware encryption device on the board.


Really? Where? The ATMel "smartcard" chip, commonly referred to as "the crypto chip"? That thing is effectively useless for anything but storing keys and serial numbers; it's just too slow. The strongest crypto system in the box is the _cableCARD(tm)_ itself. However, cable companies have hated the idea since they realized _they_ would have to use them themselves. That is where OCAP and DCAS originated. (It also was a convenient excuse to demand extentions to the integration ban.) Software is also cheaper than hardware. And software is easier to update or customize.

As for the requirements of dedicated crypto hardware vs. the host processor, they will never agree to run "CAM" elements on the host processor. To do so would open the system to immediate attack. In fact, I wouldn't give an OCAP (which is java, btw) crypto system 7 days in the wild before it was completely hacked. Code for a closed, proprietary processing system will take significantly longer to break. (There's a reason FIPS compliant SSL acceleration hardware is covered with x-ray absorbing epoxy -- if I wasn't worried about TSA confiscating the $4-8k card, I'd run one through airport security )


----------



## Tim N. (Apr 28, 2003)

cramer said:


> Really? Where? The ATMel "smartcard" chip, commonly referred to as "the crypto chip"? That thing is effectively useless for anything but storing keys and serial numbers; it's just too slow.


Yes, really. Name another device that is certified to EAL4+ levels. Certainly not a cablecard. The Atmel chip generates private 256 bit keys in under 1.2 sec. That is not slow. It runs any encrytion method required. That is why Mot just adopted it over the system in place for the last ten generations of STB's. The Atmel chip is more impervious to attack than any cable card could hope to be.

But, if you don't use it, then it cannot help you.


----------



## dt_dc (Jul 31, 2003)

Justin Thyme said:


> I was refering to the meaning of the term "Common Reliance" as is used in most public discussions of cablecards.


We've had this discussion before. But sorry, no, _all_ cable systems using the same seperable security for their own leased devices is not (currently) required to meet the regulatory "common reliance" obligations as is used in most industry / regulatory discussions of CableCards.

Including the CEA:


> http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518717081
> 
> Comments of the Consumer Electronics Association
> 
> In its June, 1998 Report and Order and the accompanying regulations, the Commission required that cable operators enable competitive navigation devices by offering conditional access functions in a physically separate module. The regulations also required that by January 1, 2005, cable operators must cease putting into service any devices that combine conditional access with other functions in the same physical unit. *This is known as the separable security requirement or the common reliance rule*. The Commission has thereafter twice extended the cable industrys period for compliance, most recently to July 1, 2007.


Seperate conditional access from navigation ... offer seperable conditional access ... stop using integrated security ... "common reliance". Nothing about all cable companies having to use the same seperable security mechanism.


Justin Thyme said:


> If there is no cableco agreement on common reliance on BBT or Moto scheme, then there will be no FCC approval of such a substitute to Cablecards.


They aren't a "substitute to CableCards". Cable companies must offer CableCard support no matter what they do and no matter what seperable security mechanism they choose for their own leased boxes. No one is "substituting" anything.

Anyway, the FCC has already said that downloadable security meets their "common reliance" requirements ... no strings attached about all cable companies having to use the same downloadable security mechanism. The FCC has already said that BBT's downloadable security meets their "common reliance" requirements ... no strings attached about all cable companies having to use BBT's solution or not using another solution.


> http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-269446A1.pdf
> 
> FCC Press Release
> 
> The Bureau also released a public notice clarifying that cable operators preferring not to employ CableCARDs may use a downloadable conditional access solution to comply with our rules and noting that that Beyond Broadband Technology, LLC (BBT) has already developed such a solution.





> http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-07-51A1.pdf
> 
> FCC Public Notice
> 
> ...


If "common reliance" required all cable companies to agree to a single solution ... you wouldn't be able to say something provides "common reliance" untill you had that agreement would ya?

And heck ... more coming out of the woodwork (in addition to Motorola and probably Scientific Atlanta) ... Latens says their downloadable CA systems meets FCC requirements for the integration ban:
http://www.latens.com/_filestore/158_Latens DCAS for US Cable 17 Jan 2007.pdf
http://broadcastengineering.com/infrastructure/laten-cas-fcc-0122/


Justin Thyme said:


> I have seen little evidence that either alternative has much chance of averting the 707 integration ban deadline.


It's not about "averting" the integration ban ... it's about how it gets met.

Anyway, interesting to see what the FCC does with JetBroadband's application for a temporary waiver untill BBT's boxes are available:
http://gullfoss2.fcc.gov/prod/ecfs/retrieve.cgi?native_or_pdf=pdf&id_document=6518907934


----------



## classicsat (Feb 18, 2004)

MichaelK said:


> If Moto and SA have downloadable system today with deployment today why does a standard for downloadable security from cablelabs seem so far away?
> 
> Is it that you would need to get moto and sa to agree and that's a huge undertaking? Or is cablelabs just slow as molasses?


CableLabs and Cable is that slow, I think.

For such a scheme to totally work:


 The FCC would have to consider a combined SA/Motorola system meeting their needs for "Portability"
 It would have to be an all inclusive standard, including bi-directional and multi-tuner capabilities (to be practical, otherwise we might as well stick to Cablecards)
 The cablecos would need to be told to offer capabilites.
 CE manufacturers would need to be reasonable licenensed to the technology.


----------



## Justin Thyme (Mar 29, 2005)

Classic- agreed.

DT-Sorry, you yourself admit that third parties are unlikely to build cable access devices if there is not common reliance. (OK, ok, if you dislike Shapiro's and my use of the term- the conflation of the senses of "portability" and "common reliance" that you defined).

The FCC likewise is not unaware of this, and they have not forgotten their directive to enable a third party market for cable access devices. You don't see in the regulations how the FCC's goals and it's actions make sense. I suppose we could closely parse the meaning of the brief mentions made regarding the BBT schemes, but all this was very preliminary- there has been no formal proposal or process from the FCC, so it more seems like an effort at struggling via tea leaves to understand something which will never see the light of day.

I agree that it is probably too late for cableco's to "avert" the 7/07 deadline (but who knows, maybe Microsoft/Sony/Intel will sign a letter urging an 11th hour reprieve. The Cableco's are not going to cave, and MS/Sony/Intel will not be conned again. So the Cableco's have no more cards to play on the "Avert" strategies, the final major defeat probably last august when they took the FCC to court to block the ban. 

So yeah, we are back to "Subvert" as the operating mode.

Regulating monopolies doesn't seem like a lot of fun, but I sure am glad there is some check on their power.


----------



## cramer (Aug 14, 2000)

Tim N. said:


> Yes, really. Name another device that is certified to EAL4+ levels. Certainly not a cablecard. The Atmel chip generates private 256 bit keys in under 1.2 sec. That is not slow. It runs any encrytion method required. That is why Mot just adopted it over the system in place for the last ten generations of STB's. The Atmel chip is more impervious to attack than any cable card could hope to be.
> 
> But, if you don't use it, then it cannot help you.


Try using it as a stream cipher at 200Mbps. (which is what an M-Card does.) The issue is how fast data can be moved to/from the chip, not how fast it can generate an RSA master secret. (and btw, there are _substantially_ faster chips for doing that.) Anyone who's used the tivo "crypto" command knows first hand how slow the smartcard operations are -- it doesn't matter if the chip finished in 1ns when it takes whole seconds to move data across it.


----------

