​Methods and practices for conditional access and content protection 
​​

​(Continuation of Question 2/9)

Motivation
Studies are currently under way in several countries, on ways to improve the security of conditional access systems used for television subscription, pay-per-view and similar services distributed to the home by cable television. The need for such studies immediately emerges when the security and viability of conditional access systems, currently used in Europe, the United States and elsewhere, is assessed.

Such an assessment shows the evident need to develop enhanced, better performing, piracy-resistant systems that would enable a cable television system to implement programme distribution to the home (be it a subscription or a pay-per-view service) with a security level adequate to make it commercially viable. Indeed, conditional access systems that were considered to be totally secure when they were developed only a few years ago for television distribution to the home, have been invariably "compromised" by pirates, who extract the conditional access enabling information and sell it at a fraction of the regular subscription fee.

Any conditional access system may eventually be compromised, irrespective of its sophistication, if the compromised enabling information can be sold to a sufficiently large base of customers.

It seems that a conditional access system will be more secure if the conditions below are met:

• the scrambling process is highly secure;
• the cryptographic algorithm is highly secure;
• the key and the entitlement information are changed at sufficiently frequent intervals;
• subscribers are divided into small sub-entities, each with its own key and entitlement.

The concurrence of these conditions makes it expensive to compromise the system, and it reduces the pirate's customer base, to the point where piracy is no longer economically viable.

Another very important aspect dealing with digital rights management that is related to conditional access is the provision of measures to prevent a distributed programme from being copied or redistributed, unless the owner of its intellectual property rights authorizes such copying or redistribution. Several approaches, which are not mutually exclusive, are being investigated to achieve this goal:

• The conditional access system could be designed in such a way as to separate viewing authorization from copying authorization. In other words it would provide a viewable output to those users that are authorized to view the programme, but it would provide a recordable output only to those users that are separately authorized to copy it. The issue is further complicated by the need of intellectual property holders to have various degrees of authorization, namely: no copy, one copy or any number of copies;
• The conditional access system could be designed to signal redistribution authorization with respect to the local environment (e.g. the home) in which the content was received;
• The conditional access system could be designed to signal redistribution authorization with respect to the personal authorized domain of the device that originally received the content (e.g. the devices belonging to a single individual or household);
• The conditional access system could be designed to selectively provide an output to a particular device that meets certain characteristics such as resolution or format of the reconstructed signal through a secure negotiation;
• The programme could be "watermarked" with a hidden coded information, which can neither be removed nor altered, and would identify the holder to the programme intellectual property rights, thus allowing to trace the history of unauthorized copies and take appropriate legal action against pirates;
• The programme could be "watermarked" with a hidden coded information, which can neither be removed nor altered, and would signal the usage rights associated with content.
  

• Specification of a highly secure scrambling system;
• Specification of a highly secure cryptographic system that can be implemented at a viable cost for programme distribution by cable television to the home, namely, in a mass-produced consumer premises equipment environment;
• Specification and generation of keys and an enabling information distribution system that has adequate protection, capacity and flexibility to serve the diversified requirements of various cable television systems and their various subscribers;
• Development of a set of guidelines on the optimal time interval at which the key and the enabling information should be updated, and on the optimal size of the subscriber population to which the same enabling information is assigned;
• Specifications for an application of the cryptographic system appropriate to implement protection against unauthorized copying at various levels of authorization (no copy, one copy only, any number of copies);
• Specifications for an application of the cryptographic system appropriate to implement "redistribution control" with respect to the local environment (e.g. the home) in which the content was received;
• Specifications for an application of the cryptographic system appropriate to implement "redistribution control" with respect to the personal authorized domain of the device that originally received the content (e.g. the devices belonging to a single individual or household);
• Specifications for an application of the cryptographic system to negotiate authorized transfer of content between devices within the authorized domain meeting signal format or resolution constraints;
• Specifications for a highly secure watermarking system that would not affect the perceptual quality of the distributed programme;
• Specifications for new advanced types of conditional access system that are applicable to emerging services (e.g. online content access service over HTTP, media protection service in HTML5, content protection service in DASH or MMT, hybrid broadcasting service, ultra high definition television service, 3DTV service, etc.) when they are serviced over cable television networks.

Question
Study items to be considered include, but are not limited to:

• What scrambling approaches can be recommended for digital cable television distribution to the home?
• What is the capacity required of a conditional access system for cable television distribution to the home, in terms of number of individually addressable subscribers or subscriber groups, etc.?
• What are the specifications for a (preferably unique) cryptographic approach appropriate to such conditional access system?
• What are the specifications for an application of the cryptographic system, appropriate to implement protection against unauthorized copying at various levels of authorization (no copy, one copy only, any number of copies)?
• What are the specifications for an application of the cryptographic system, appropriate to implement "redistribution control" with respect to the local environment (e.g. home) in which the content was received?
• What are the specifications for an application of the cryptographic system, appropriate to implement "redistribution control" with respect to the personal authorized domain of the device that originally received the content (e.g. the devices belonging to a single individual or household)?
• What are the specifications for an application of the cryptographic system, appropriate to implement "redistribution control" with respect to the signal output characteristics of the device that originally received the content (e.g. the devices supporting multiple output formats and resolutions)?
• What are the specifications for the (preferably unique) removable (e.g. ISO 7816, PCMCIA, USB2.0/3.0, USIM, Nano-SIM, etc.) or renewable (e.g. programmable secure microprocessor based) cryptographic device, if one is used in such a conditional access system?
• How often should the conditional access keys be updated?
• Which criteria should be used to time the replacement of the (removable or renewable) cryptographic device or of the enabling information in it?
• What is the optimal size of the subscriber population to which the same key and enabling information may be safely assigned?
• Can conditional access solutions developed for terrestrial and satellite broadcasting be used for cable television also?
• What are the specifications for a highly secure watermarking system that would not affect the perceptual quality of the distributed programme?
• What are the specifications for downloadable conditional access systems?
• What are the specifications for downloadable multi-CA/DRM systems?
• What are the specifications for software-only or software-friendly conditional access solutions?
• What are the specifications for exchangeable embedded CA/DRM solutions?
• What are the specifications for DRM/multi-DRM for cable television multiscreen services?
• What are the specifications for new advanced types of broadcasting content protection system that is applicable to emerging services (e.g. online content access service over HTTP, media protection service in hypertext mark-up language 5 (HTML5), content protection service in dynamic adaptive streaming over HTTP (DASH) or modern media transport (MMT), hybrid broadcasting service, ultra high definition television service, 3DTV service, internet of things (IoT), etc.) when they are serviced over cable television networks?
• What enhancements to existing Recommendations are required to provide energy savings directly or indirectly in information and communication technologies (ICTs) or in other industries? What enhancements to developing or new Recommendations are required to provide such energy savings?

Tasks
Tasks include, but are not limited to: