Monthly Archives: April 2005

A Business History of Conditional Access Switchouts

by Leslie Ellis // April 25 2005

We interrupt this unintended mini-series on “downloadable security” to stroll through Charter’s recharged arrangements with Sony Corp., which have everything to do with how to re-tool the locks anyway.

It’s easy to look at the new Charter/Sony deal and tag it, perhaps with a sigh, as another attempt to “break the duopoly.” As in: Opening the installed base of digital headends made by the two incumbent suppliers, Motorola Broadband and Scientific-Atlanta.

Making that logic leap is easy, but it overlooks the business triggers for all prior and ongoing attempts — which turn out to be different, one to the next.

The business triggers driving Charter’s new work with Sony, and its “Passage” system, are more about edging closer to “all digital.” Recall that Charter’s technology team led the industry with “digital simulcast,” in Long Beach, Calif., two years ago. In figuring out what comes next, Charter, like other MSOs, saw the need for a low-cost, digital-to-analog converter, to serve the TVs in peoples’ homes that aren’t digital.

That goal, in turn, revealed the conditional access (CA) portion as a ripe candidate for cost reduction. Why not make the headend portion of conditional access as removable as CableCards are in digital cable-ready devices, or future set-tops? Modularize the headend parts. Open conditional access to competitive bidding, but architect it so that it can be removed and replaced later, if necessary — without have to reconstruct the thick goo of maneuvers commonly handled by digital video headend controllers.

It follows that if Charter can modularize the headend part of conditional access, it can also attract better pricing on the CableCARDs themselves (or, the downloadable equivalent, in time). CableCards cost operators around $75 each, now. Logic: It’s kind of hard to get to that $50 converter, if $75 is sitting in the card that slides into it.

How is that different from prior efforts? This translation focuses on the business reasons for the many attempts to re-tool digital headend controllers.

Prior Passages
Since Sony is involved, the mind tends to flash cut to Cablevision Systems, which etched that $1 bil. set-top deal with Sony in 1999. The original business goal was to bring on innovation; Sony clearly qualifies in that department.

In order for those boxes to do any premium services, though, Cablevision needed to open its existing conditional access systems, to accept Sony’s boxes. Enter NDS, and later Scientific-Atlanta (for boxes.)

One difference between Cablevision’s and Charter’s work is this: Cablevision didn’t see a need to make the CA system removable; Charter does.

Today’s digital video headend controllers, made by the two incumbents, contain multiple interconnections to other systems — not just conditional access, but billing, provisioning, session management, inventory, guide data, and on-demand servers, too. (And that’s a partial list.)

To install a new CA system, prior to the new Charter/Sony quest, is to re-link all those sub-systems, to the new CA provider. It’s profoundly complicated. (Imagine replacing your own heart.)

Charter’s version of Passage will re-build those linkages, using open, off-the-shelf components. Conditional access is but one of them. By not forging all business links directly to the new CA provider, Charter avoids the risk of what it calls a “tri-opoly.”

It Started with Harmony
But let’s go a little farther back. Eight years ago, there was “the Harmony agreement.” It emerged from CableLabs as a way for cable providers to use either one CA system, or the other. The goal was to prevent vendor lock-in, and to give operators a negotiating lever (“do this or I’ll use the other guy.”)

Alas, headend costs escalated enough that nobody went too far with “harmony.”

Then there’s “the way the Europeans do it,” sometimes called “simulcrypt.” The big business difference over there is, European conditional access providers tend not to also sell digital boxes. That’s why you hear of more feature and price competition in European cable boxes. Service providers are still locked to the CA providers they’re using, but they’re locked in on one end (headend), not the other (set-top).

Two years ago, Sony emerged with “Passage.” Technologists lauded it as an inspired approach to a tricky problem; Charter and Comcast signed on for tests. At the time, Passage wasn’t tooled to make a conditional access system “replaceable,” but it did offer a clever method to add new CA systems into the mix.

More recently, Scientific-Atlanta came out with its “overlay” technique, which is similar in intent to Harmony: It gives operators a way to use digital set-tops from both incumbent suppliers. If an operator’s service footprint contains a mix of S-A and Motorola systems, the Motorola systems could be “overlaid” to use S-A’s boxes.

And, while still formative, one can’t ignore the second of the two joint ventures Comcast crafted with Motorola in early March, which aim to re-tool Moto’s CA system to be more “open.”

Charter’s plan with Sony is undeniably ambitious, but its business goals go way beyond simply “breaking the duopoly.” In addition to building a replaceable CA system — a goal it sees as a gap not covered by existing industrial efforts, including NGNA (Next Generation Network Architecture) — Charter intends to cleave to other, ongoing efforts, especially downloadable security.

In the end, though, it’s all about removing the obstacles from the path to “all digital.” Trimming CA costs from the headend and the cards moves Charter one step closer to a low-cost gizmo for analog TVs and VCRs, which moves one step closer to reclaiming analog spectrum.

This column originally appeared in the Broadband Week section of Multichannel News.

The Origins of Conditional Access: How We Got Here

by Leslie Ellis // April 11 2005

Last time, this column summarized the high points (and there are plenty) of the Federal Communications Commission’s St. Patrick’s Day rules about “navigational devices” — meaning digital cable set-tops, or other devices, like TVs, that contain them.

The big surprise was the optimism, albeit guarded, over a new way to protect video programming. It was surprising because it hadn’t really been discussed outside of small, very brainy technical circles — until the FCC’s new rules came out.

The new thing: Downloadable security, which also appeared in the ruling as “downloadable conditional access,” “downloadable CA,” “software-based conditional access,” “a software-oriented conditional access solution,” and “a software downloadable security system.”

Two things climb out of that jumble of terms. One, it’s about making sure that certain video programming is contained to customers who pay extra for it. Two, it’s a software thing, electronically delivered to devices.

Which seems to beg the question: How did we get here? What is so devilish about current implementations that a do-over is in the works?

This translation will focus on the origins and rudiments of conditional access and encryption.

How We Got Here
Once upon a time, in the early 90s, cable technologists started noodling how to go digital with video. In my memory, the early work on digital video roughly coincided with that moment in time when music stores moved all the cassette tapes into the corner, because everything was CDs.

Video started to go digital partly because it was the next logical progression, after audio. Then there were the obvious quality drivers — pristine digital. No squiggles, no snow. Plus, the satellite guys were gearing up to do it. And, most importantly, digital brought the ability to compress, which meant “more more more.”

My notes from a technical event in 1992 contain plenty of remarks about the “more more more” part. Technologists pointed out that most Americans, given a choice of whether to use their VCRs to record more material, or to record the same material at better quality, usually picked “more” over “better.” Digital gave both: More and better.

In those days, as now, cable providers offered scrambled services. The unscrambling, for premium customers who paid extra, was handled in an equipment duo: The “addressable” set-top box, and the headend part.

Going digital mapped that same path. Traditional set-top suppliers cooked up digital headend devices — the “DNCS,” or “Digital Network Control System,” in the case of Scientific-Atlanta, and the “DAC,” or (Digital Addressable Controller), in the case of Motorola.

At the time, nobody was thinking, gee, if we do it this way, we’re going to be locked into these vendors for the rest of our lives. Or, if they were, the excitement of getting a digital package to market won out.

It is that tight coupling, between digital video headends and digital boxes, which thumped a big headache onto anyone else wanting to come into the market with a box. In order for new boxes to do anything other than provide “basic” services, they needed a latch into the headends of the incumbents. (And the latches are considerably different, from one to the next.)

There are roughly ten thousand headends in the United States, and 70-some million cable customers, most of whom own more than one TV. If you’re in the business of making the gear that provides digital cable, the math is pretty easy: The business is in the boxes, and the headend keeps that business yours.

That’s a simplified version of how we got here, in terms of the two incumbent box suppliers, and the tight coupling between headends and devices; the blessing and the curse.

What’s In a Conditional Access System
If you were to take apart a digital conditional access system and peer into its constituent parts, you’d be looking at four chunks of stuff.

The first is the “authentication.” That’s the initial conversation between a set-top box and a headend controller. If it were done in words, not bits, and if you could hear it, you’d hear something like this.

Headend to box: Are you who you say you are?
Box: Yes.
Headend: Prove it.
Box: Are you who you say you are?
Headend: Yes.
Box: Prove it.

The second chunk is the authorization: The headend resolving what services a customer is set-up to see or hear. If you’ve ever overhead engineers talking about “ECMs” and “EMMs” — tech-speak for “entitlement control messages” and “entitlement management messages” — you’ve landed in the conversational zone of authorization mechanisms.

The third chunk is the encryption itself — the scrambling of the digits that comprise the pictures and sound, in a way that can only be sorted out by the box. It’s the secret sauce.

Lastly, there’s a signal path — usually “out of band,” meaning that it isn’t associated with any particular 6 MHz channel. These days, technologists tend to equate the signal path for conditional access with “DSG,” which is shorthand for “DOCSIS Set-top Gateway.” It’s an embedded cable modem that’s fundamentally used for “command and control” mechanisms, like conditional access.

That’s how we got here, and how the rudiments of a conditional access system fit together. Next time, more on how that set of tasks morphs into “downloadable security.”

This column originally appeared in the Broadband Week section of Multichannel News.