Latest In Encryption, Guarding Little Joey

Once upon a time, about a year ago, it was a true (if hush-hush) possibility that the hypothetical owner of a digital television could tune into the VOD stream of a hypothetical neighbor, and watch it, free and clear.

This wasn’t such a great possibility, particularly if the hypothetical owner of the digital TV had a child, and the hypothetical neighbor was watching the naughty stuff.

How could this be? The answer, perhaps not surprisingly, contains a few zigs and zags.

Recall that TV manufacturers are required, by law, to include tuners that can interpret and display digital, off-air (broadcast) signals. The rule phases in over four years, starting this year, as part of “the digital transition.”


If you were to think like a TV manufacturer, you’d be thinking along these lines: If we’re going to build in an off-air digital tuner, we might as well include a CableCARD slot. (Zig.) The CableCARD interface itself requires a quadrature amplitude modulation demodulator/tuner. (Zag.)

Suddenly, devices were poised to enter the market that knew how to “tune the network,” which had previously been closed off to anything but cable-provided gear.

Cable’s technologists saw the gravity of the situation. They knew that their own networks were built so that the above scenario just wouldn’t happen.

They also knew they had a small wedge of time: There weren’t that many digital TVs with CableCARD slots in consumer homes last winter.

(Aside: As of last month, less than 1,000 CableCARD devices had shown up in systems, by my envelope scratchings.)

Still, big projections about digital devices (mostly TVs and HDTVs) with built-in CableCARD slots continue to radiate from the consumer electronics industry. Specifically, 1 million units are projected to enter the retail pipeline by year-end. “In the pipeline” almost certainly doesn’t mean “in homes” — but 1 million is slightly more daunting than 1,000.

Something had to be done, not only to keep little Joey from accidentally channel-surfing into an adult title, ordered by somebody a few blocks over. Copyright-holders also needed reassurances that their premium titles weren’t zipping around in the clear — particularly if they’d been tagged as “copy never,” from a copy-protection standpoint.


Fast forward to now. As with anything involving encryption and security, resolving the problem meant working closely with incumbent suppliers — Motorola Inc. and Scientific-Atlanta Inc., specifically — to apply corrective action.

The result is the basis of this week’s translation: Session-based encryption, in the case of S-A, and a mixture of pre-encryption and bulk encryption, in the case of Motorola.

Because this topic involves VOD titles, it necessarily involves network gear. Pulling a title off of a remote server is different than pulling a title off of a local digital video recorder (DVR). The distance between Customer Jane and the server that holds what she wants to watch is measured in miles.

The linkage between a set-top, its headend controller and a VOD server is known as a session. A session happens anytime someone begins, ends, fast forwards, rewinds or pauses a remotely stored video stream.

Session-based encryption, then, is the scrambling of a session — in this case, a stored title — sometime after it leaves the server, but before it enters the house. In S-A’s case, it happens inside the QAM modulators, at the edge of the network.

Here’s how it works: Customer Jane orders a title. The request travels upstream, to a headend controller — in S-A’s case, the “DNCS,” for “Digital Network Control System.” The DNCS offs it to its “session resource manager,” which goes about the business of locating the title, making sure the server is holding enough copies to play it out to Jane, and mapping a route (including QAMs) for transmission.


The session manager also initiates some rather elaborate cryptographic maneuvers with the QAM in Jane’s path, and with Jane’s set-top. Control words (the keys) are generated roughly every four seconds, inside QAM units; a different key, inside Jane’s set-top, unlocks them. Cryptographic people know this technique as “public/private key exchange.” The short version: every session is tightly scrambled.

Back at Jane’s house, of course, all of this is happening in the background. Making it work so that Jane didn’t see any performance hits meant upgrading DNCS units with more processing power. That way, things wouldn’t get bogged down with the extra load of encryption and key exchanges.

In Motorola’s case, video streams are scrambled in a separate device, before the QAMs. Some call this a “bulk encryptor” (although Motorola calls it a “smart stream encryption manager.”)

Most MSOs and VOD suppliers say they’re working with Motorola’s “SEMs” in the labs now, with launches to follow shortly.

In the interim, some Motorola customers are using a technique called “pre-encryption,” meaning that titles are scrambled before they enter the VOD server. Most of Motorola’s customers are taking the pre-encryption route, particularly for adult content.

Regardless of the technique — session-based encryption, bulk encryption, or pre-encryption — the good news is, technological answers exist to squelch the “little Joey” situation before it becomes just that: A situation.

Stumped by gibberish? Visit Leslie Ellis’s Web site (