SEALING MORE THAN THE PERIMETER

Kelvin Black is a stereotypical industry road warrior, bouncing from city to city, selling bandwidth and voice-over-IP services for a small competitive carrier. With nighttime flights and client dinners part of his everyday routine, catching his favorite prime-time shows is virtually impossible.

To feed his appetite for “CSI” and other crime shows, though, Black (not his real name) admits he spends a few hours virtually every weekend downloading the latest episodes, using several different peer-to-peer services. While officially acting outside the law, breaking copyrights and technically stealing dollars out of the pockets of everyone from the production crew to the broadcast network, Black isn’t likely to stop any time soon. As long as the content is available for the taking, he’ll load up his laptop for the road.

And while some may view Black’s activities to be as harmless as someone taping a show for later viewing, the situation becomes decidedly more serious when a first-run movie is available at the same time as--or in some recent cases, before--hitting theaters. Feature-length movies on peer-to-peer networks have been around nearly as long as the more familiar music files, but it’s the former that is having an impact on telcos and the way they launch video services.

If broadcasters and movie studios had their way, video would be locked down from the time it enters the camera lens all the way until it hits the viewers’ eyeballs in the home. And to some extent, cable operators want the same. After all, every set-top box that is hacked represents another person stealing service.

In the IP video world, where most telcos will operate, every file that is removed from the secure environment represents a piece of content that can get on to peer-to-peer networks and be shared by anyone sans payment. In fact, the mere mention of transmitting video over an IP network just a few years ago was enough to cause content providers to flee content rights negotiations with telcos.

“Part of the challenge is the name IP. It’s a name that causes me a lot of heartburn with the attorneys because they think of IP as the Internet,” said Steven Newstat, senior video architect for Eagle Broadband, a fiber-to-the-home operator that uses Irdeto Access’ system for securing content.

And while a cynic might suggest that the likely entry of large carriers like Verizon and SBC Communications into IP video has changed the way Hollywood views telcos, vendors also have been pushing forward quickly with new security systems that are giving studios renewed confidence to sign off on shipping their content over IP networks. Those systems range from conditional access (CA) systems used by traditional cable operators to digital rights management (DRM) platforms that allow users access to content for specific purposes or times.

In the traditional cable world, security is handled by CA systems that match security codes between the headend and the set-top box in the home. Inside each set-top is a slot for a security card that contains the proper code. While susceptible to hacking--look in any consumer electronics magazine’s classified ads for evidence--the system has worked relatively well for the past two decades. The initial telco video deployments, which more often than not used Motorola’s (Next Level Communications’) access platform, used a similar process or more likely none at all since the network ran on proprietary technology and was difficult to hack into at the time of deployment. Recently, though, telcos that deployed the system have been getting letters from major studios requiring they adopt stronger security or lose access to content.

Not surprisingly, one of the marketing points for some access vendors selling IP-based video platforms is the ability to multicast content from the DSLAM and constantly control and monitor the IP address of each set-top.

“Some DSLAMs can do address filtering, and some telcos believe that’s good enough,” said Thierry Fautier, marketing director for emerging markets at Harmonic, one of the traditional CA vendors moving into the telco market. “The problem is studios don’t think it’s enough.”

In fact, much of the push for new security measures is coming from studios, which fear that peer-to-peer networks might have the same impact on movies as they’ve had on music.

“The content owners are scared to death,” said Bruce Gitlin, vice president of business development for DRM vendor ContentGuard.

For telcos, the emphasis is on securing server-stored content such as pay-per-view movies and even recorded broadcasts--or what most refer to as “high-value” content. Telcos looking to differentiate their video services from cable are focusing on that type of content, and most are beginning to realize the need for security. How they lock down content, though, depends on their business model and their ultimate intentions in the video market.

Verizon, which initially will transmit video over radio frequency in its fiber-to-the-premises networks like a traditional cable operator, has chosen to use a traditional CA system, implying that one of the reasons it chose not to delve into the IP video world yet was the cost of security. By using a traditional CA system with hardware cards, the carrier can take advantage of nearly two decades of declining costs. According to many observers, though, traditional CA systems won’t cut it in the IP video world. Instead, most believe encryption and security will fall to either a telco hardware version of CA, software-based virtual secure card schemes or DRM.

With the software-based virtual cards, content is secured either at the origination point, such as the content aggregator, or the headend. Because telco IP video networks are inherently two-way, set-top boxes are treated like network elements and can be monitored for security breaches and updated based on the latest encryption scheme.

That ability to constantly change is significant, said Brian Baker, CEO and founder of Widevine Technologies, which scored an important win last month when it was selected as the security element for Motorola’s platform.

“You’re essentially creating a stationary target for piracy [with hardware-based CA systems],” he said. “With our system, you’re not creating a physical component. The software system can be updated from the network, and that reduces the window of vulnerability.”

On a more practical level, Baker believes telco video providers will opt for virtual secure cards because studios are more comfortable with it than DRM right now.

“Widevine also has been audited [by the major studios], and many of the traditional DRM approaches have not because they were built for protecting files on the Internet,” Baker said. “The studios have definitely viewed the public Internet as the bastard child of their networks and don’t want to use it for high-value content.”

Traditional CA vendors would agree but see their hardware-based approach as providing a more secure option because it essentially can decouple content protection from access control in telco video networks.

“We see the flexibility of a software approach, but underlying that, we think you still need the supportive approach of hardware elements in the set-top,” said Ian Tapp, vice president of business development for NDS, which has partnered with Tandberg in the IP video market. “We have a software approach to encryption, but we’re basing it on a secure video processor in the set-top. There’s a lot of evidence to suggest that a software-only approach is going to have problems in terms of its hackability.”

DRM advocates, meanwhile, point to carrier business models that include streaming Internet-based content as a reason more players will adopt DRM. Like virtual smart cards, DRM exists entirely in code but goes beyond securing content.

“The conditional access technology that exists in the cable industry, which gives them a degree of technology, isn’t going to be enough. The protection has to migrate to DRM,” ContentGuard’s Gitlin said. “When we think of conditional access, that’s like perimeter security. It says, ‘If you have the password, you’re in.’ Once you’re in, you can do what you want. Our definition of DRM is the persistent management of a digital object under a set of rights and conditions during its life cycle.”

In layman’s terms, that gives users the right to watch video for a certain length of time or on a certain number of devices. Services such as MovieLink, where users can download movies onto hard drives for 30 days and watch them as many times as they want in a 24-hour period, are perhaps the best current example of DRM in the video world. And there has been some suggestion that telcos will move quickly to the on-demand environment, where users can pull content from vast libraries onto their TVs, necessitating some form of DRM. Ultimately, though, it’s the appeal of offering “whole-house” services to consumers that will push carriers to adopt DRM protection schemes, said Rajan Samtani, director of sales and marketing for ContentGuard.

“One of the interesting things about using DRM is that it allows multi-tier distribution,” he said. “One of the challenges for the consumer market today is how you move this content into the home and give the consumer the freedom to move that content to different devices. The technology, per se, is not the gating factor at this point. It’s really the business model and the revenue-sharing agreements between the telcos and the content owners.”