Manifest Technology
        Making Sense of Digital Media Technology
        By Douglas Dixon


 
  BLOG
  ARTICLES
 - PC Video
 - Web Media
 - DVD & CD
 - Portable Media
 - Digital
     Imaging
 - Wireless
     Media
 - Home Media
 - Technology
     & Society
  GALLERIES
 - Video - DVD
 - Portable
  TECHNICAL
     RESOURCES
  ABOUT
 - What's New
<< HOME 

 

  HOME DIGITAL MEDIA ARTICLES

  Manifest Technology Blog -- Site: | Articles | Galleries | Resources | DVI Tech | About | Site Map |
    Articles: | PC Video | Web Media | DVD & CD | Portable Media | Digital Imaging | Wireless Media | Home Media | Tech & Society |
    Home Media: | Home Media Articles | Home Networked Media Gallery |

Content Protection Technology
    for Consumer Electronics  (4/2009)

    by Douglas Dixon


We love our media -- images and music and video. And we like to share our enthusiasms, from photo albums to audio mix tapes to video clips on YouTube. The advent of digital media had made this much easier, so we can organize and enjoy our growing collections, bring our favorite tunes and shows along on portable devices, and share with friends.

But for content creators and owners (including movies, television, music), this new digital age, along with our uninhibited enthusiasm for sharing our passions, raises the frightening vision of uncontrolled sharing of exact digital copies across the globe. The proverbial cat may be out the bag for music on CD, and even somewhat for standard-definition video on tape and DVD, but the content industry is still working to contain the damage. These concerns are further heightened as the industry upgrades to high-definition content, when copying of products like Blu-ray Disc and surround-sound audio could threaten the theatrical entertainment experience.

This article describes the content protection technologies developed in response to this threat, and implemented in a wide variety of consumer electronics equipment. The content industry has worked with the consumer electronics and computer industries to develop these technologies to protect content as it is stored, transmitted, and played, and then control and manage playback and sharing of the content in authorized ways.

Contents


Protecting Content

The threat of consumers copying content has expanded with advances in technology and the huge cost reductions in consumer equipment (like DVD recorders) -- from simple analog copying onto videotape to capturing the digital signal sent to a HD display, and from ripping songs from an audio CD to extracting an entire movie from a DVD.

In response, the content industry has worked with the consumer electronics and computer industries to develop a variety of content protection mechanisms to restrict copying of licensed content. These technologies then are implemented in CE devices (from DVD players to HDTVs) and in computers (from disc drives to the operating system to player software). The content protection is enforced in new products through the licensing terms for the patents required to play the specific formats (i.e., DVD discs with MPEG video), and to authorize the use of the associated logos on products (i.e., DVD-Video).

This article provides an overview of the different copy protection technologies used in consumer electronics devices, especially as related to DVD. These are a somewhat confusing collection of similar-sounding acronyms for technical specifications (and associated licensing organizations), each of which covers different types of media, devices, and formats. This information is summarized from various public sources, comments and corrections are welcome.

(By the way, get used to these ad-hoc industry coalitions that create and administer these standards -- There are so many that their organizers have given up trying to create meaningful names, and just used names like 3C, 4C, and 6C for the number of founding companies. These organizations define and administer standards, and then pool and license the associated patents (some now with more members than the original count in the name). There are so many such groups that another organization, License Management International (LMI, www.lmicp.com) serves as a meta-group providing license administration services for groups including the 4C Entity and DVD CCA, the home of CSS encryption.)

The focus is on technologies that designed to protect broadcast and recorded video content (e.g., TV and DVD) on consumer electronics devices. Of course, this is only a part of a much larger universe of content / copy protection, including music and CDs, Web streaming and downloads, and other media formats. The purpose here is to explain the technologies, and avoids getting into issues of morality, whether "piracy" or "fair use."

Speed Bumps for Casual Copying

Even with these content protection mechanisms, the content industry recognizes that these technology measures cannot stop all copying. Instead, the goal is to serve at least as a "speed bump" -- to inhibit mass consumer copying, so that casual consumers don't find it easy to make copies for friends.

After all, unauthorized copies of new releases are often first available from screener and review units that come from within the industry, and from unauthorized recordings at music concerts and movie theatres -- often well before any consumer can buy the same material on CD or DVD. And once one copy gets on the Internet, it becomes available to all.

These measures also will not stop pirates manufacturing unauthorized content, since they can access copies on the Internet, and often get DVDs of a new film on the street days or even hours after the theatrical release based on video shot in a movie theatre. And hacker enthusiasts will continue to enjoy the challenge of breaking new copy protection technology, making tools available for more sophisticated consumers to make copies at will.

As a result, the industry is using a two-part approach to counter these threats -- the technological "speed bump" to inhibit casual consumer copying, plus measures that allow consumers to access their content within the home and on portable devices, but in controlled ways.

It's clear that consumers demand the flexibility to enjoy their entertainment when and where and how they want it. And the industry has responded, with a variety of options to time-shift and place-shift content, across multiple devices -- within the home with networked cable set-top recorders and Internet TV services, on PCs and the road with Internet music and video, bridging computers and portable players with Apple iTunes, and even from DVD to computers and portable players with approaches like Digital Copy.

Top


Terminology: Content Protection and DRM

A time out to try to be more precise about terminology:

"Content protection" is the general term used to encompass mechanisms and technologies designed to protect content by controlling its use, in order to give content providers control over access and redistribution of protected material. This has two parts: copy protection technologies to inhibit the direct copying of protected content, and rights management technologies to mark content with information about what permissions the owner has granted for its use.

"Copy protection" refers specifically to mechanisms and technology designed to protect content from being copied. This typically requires encryption of the content to prevent access except when authorized (as with CSS for DVD).

"Rights management" (also copy management) is more strictly the identification, protection, and tracking of the rights associated with accessing protected content. The content owner can tag content with license information controlling activities including playback, copying, and re-copying (for some limited number of times). For example, Apple iTunes supports a limited number of systems that to play and copy content from a user's library, and a limited number of iPod players to which the content can be synced and downloaded.

"Conditional access" pertains to verifying that only authorized users can receive content, particularly for delivery of content over open wired (and wireless) channels including broadcast, cable, Internet, and mobile.

"Digital Rights Management" (DRM) then is often used very loosely as general term for content protection mechanisms, but also as a short-hand for specific copy protection technologies. This may encompass playback and copying / downloading / syncing across consumer electronic devices, computers, portable devices, and networked devices in the home. For example, a widely-used specific Microsoft copy protection technology is called "Windows Media DRM."

Top


Content Protection Issues: CSPA

Protecting digital content across personal computers and consumer electronic devices is a horribly difficult problem for two reasons: Some of the formats were already well-established before consideration of copy protection issues, and the playback devices are in an open and uncontrolled environment in the consumer's home.

Older entertainment delivery formats like videotape and CD were designed without consideration for copy protection, much less the rapid advance of technology (and lowering of prices) that enable consumers to easily manipulate digital media. For example, while the CD contains audio in digital form, its designers did not envision its use with powerful digital playback devices, so the disc does not even contain artist and track information about its contents (while radio broadcasts now carry this type of information).

The personal computer also is wide open (although Windows Vista and the upcoming Windows 7 are adding more built-in copy protection). Software applications can intercept digital content in many ways. On input, software can access a storage device directly to get at the raw digital data. During playback, software can wait until the content is unencrypted and ready for display, and access the audio samples or video frames. Or when the content is output, software can hook the display process and recapture the data as music is played or video is displayed.

In addition, the decoupling of storage, playback, and display on both computers and CE devices has expanded the scope of content protection across the cables in the digital home network.

To help think about these issues, the Content Protection System Architecture (CPSA) provides an overall framework or architecture for entertainment content protection technologies (see Appendix). The CPSA was developed by the consumer electronics and computer and content industries under the 4C Entity (PDF, www.4centity.com/docs/CPSA_081.pdf).

The CSPA is derived from the framework developed for DVD-Audio, in close collaboration with the Secure Digital Music Initiative (SDMI) and Content Protection Technology Working Group (CPTWG), based on the initial experience with the Content Scramble System (CSS) for DVD-Video.

As described in the CSPA architecture document, "With consumers increasingly eager to move content between devices such as PCs, DVD players and recorders, set-top boxes, and digital TVs, a variety of content protection technologies have been developed. These point solutions come together to form an overall "chain" of content protection technologies."

   
        Digital Content Protection Chain from CPSA Architecture document

The CPSA framework helps define three basic requirements for protecting content:
- Protect content at its source storage medium (wherever it is stored, and whenever it is copied)
- Protect content as it is transmitted (e.g., from player to recorder, or player to display)
- Protect content from unauthorized copying or further re-distribution (i.e., only as permitted by the specified rights)

These goals are then addressed through a combination of technologies:
- Copy management information in the form of digital tags and watermarks to define the usage rules
- Encryption algorithms to protect digital content (and associated CMI)
- Transmission protocols to encrypt and protect content (and associated information) when transferred between devices
- Output protection mechanisms for protecting unencrypted outputs, i.e., the "analog hole" when output to analog video displays

This framework is demonstrated by the technologies developed for DVD, broadcast digital television, and into high-definition formats.

Top


DVD-Video Content Protection: Playback and Recording

The DVD-Video format for movies (and other content) on DVD was designed with multiple content protection features. But video can be placed on a disc in several different ways. DVDs can be manufactured by "replication," mass-market manufacturing of movies on disc, or by "duplication," burning of movies to recordable blank discs. And consumers have the tools to burn discs as well, with set-top DVD recorders and personal computers with DVD recordable drives.

Replication manufactures the DVD along with the content in one operation: the factory takes in melted plastic and stamps out discs, and then adds labeling and packaging for the final product. The manufacturer controls the physical structure of the disc, and the content owner supplies the "disc image" of the data to be stored on the disc. As a result, replicated DVDs (and now Blu-ray Discs) can implement stronger content protection measures.

Duplication and consumer burning, however, expose the content owner to unauthorized casual copying. So additional content protection mechanisms have been developed for recording devices to respect access rights and re-protect discs.

Replicated DVD discs use encryption to protect the digital content, and support copy management technologies for marking and encrypting (see below for details):

- Source protection: CSS for DVD-Video, CPPM for DVD-Audio
- Copy management: CGMS, Verance watermarking for DVD-Audio
- Output protection: Macrovision ACP (plus HDCP, DTCP, etc.)
- Copy protection: CPRM for DVD-R/-RW, VCPS for DVD+R/+RW

For replicated discs, the DVD author has the option of enabling one or more of the supported mechanisms in the disc image sent to the replication facility, although this requires the appropriate licenses for both the individual disc title and the manufacturing facility. When the disc is mastered (prepared for manufacturing), the disc data then will be CSS encrypted and have the appropriate flags set to enable ACS and CGMS.

Under the DVD-Video license agreement, DVD players and recorders that choose to license CSS (in order to carry the logo and play back mass-market movies) also must support Macrovision ACP and CGMS-A analog protection, HDCP for DVI or HDMI digital outputs, and DTCP for IEEE 1394 and USB digital connections. These requirements also apply to computer DVD drives and burners, as well as analog and digital computer TV outputs.

Replicated DVD Source Protection: CSS and CPPM

Replicated DVD-Video discs use the well-known CSS encryption, while DVD-Audio uses a stronger technology called CPPM.

Content Scrambling System (CSS) is the encryption technology used to protect DVD-Video discs. It is licensed by the DVD Copy Control Association (DVD CCA, www.dvdcca.org/css), and administered by License Management International (LMI, www.lmicp.com). CSS was developed in 1996 by Matsushita and Toshiba.

Content Protection for Prerecorded Media (CPPM) is the corresponding encryption technology used to protect DVD-Audio discs. It is licensed by the 4C Entity (www.4centity.com/tech/cprm).

  • CPPM Specification, Introduction and Common Cryptographic Elements
        Revision 1.0, January 17, 2003 (since updated)

These technologies use a combination of keys as layered protection for unlocking the content: Title Keys to encrypt the content, Disc Keys to encrypt the title key on the disc, and Master Keys to decrypt the disc keys. CPPM (and CPRM) also use a Media Key that uniquely identifies the physical disc. These technologies also include a key-exchange protocol to encrypt and protect the communication between the disc drive and playback device. The new AACS technology further extends and strengthens these concepts, especially for protecting high-definition discs.

   
        Illustrative Example from CPPM Specification document

Recordable DVD Content Protection: CPRM and VCPS

The access rights for protected content can permit making copies, or making one copy -- but that copy needs to be protected so that it cannot then be re-copied for successive generations. However, CSS was designed for use only for replicated discs (although this has changed -- see below), so set-top DVD recorders and computer DVD recordable drives implement different but related copy protection schemes to protect content copied to recordable discs (for duplication or consumer burning).

The DVD "dash" (DVD-R/RW) and "plus" (DVD+R/RW, www.dvdrw.com) formats support different content protection technologies. Besides encrypting the content, these tie the copy to the physical media to prevent bit-by-bit copies by using a unique media ID stored in an inaccessible area of the disc (i.e., etched in the lead-in area on the disc before the readable data area).

While these technologies could potentially be used by consumers to protect home copies, they have not been very visible in CE products. VCPS is a recent development for new equipment in response to the FCC broadcast flag mandate, and while some DVD recorders support CPRM, it has not been required for DVD players. But once a DVD has been encrypted with one of these technologies, the disc will not be playable in legacy devices, even if copying is permitted.

Content Protection for Recordable Media (CPRM) is the copy protection technology used for DVD-R/-RW and DVD-RAM discs. It is used for "copy once" VR format recordings (not DVD-Video). The "RW Compatible" logo found on many Japanese DVD recorders and players means that the device can play VR recordings with CPRM encryption. CPRM also is licensed by the 4C Entity.

  • CPRM Specification, Introduction and Common Cryptographic Elements
        Revision 1.0, January 17,2003 (since updated)

Video Content Protection System (VCPS) is the copy protection technology used for DVD+R and DVD+RW recordable media. Developed by HP and Philips (www.licensing.philips.com), it was designed to protect recordings of digital broadcast according to the FCC Broadcast Flag rules, and also enables direct digital recording of "copy-once" content from satellite and cable sources.

DVD Content Management Information: CGMS-A/D, Verance

DVD also uses several different technologies to associate content management information with analog and digital content.

Copy Generation Management System - Analog (CGMS-A) embeds copy management information in analog video, carried in the vertical blanking interval. Unlike Macrovision ACP, CGMS-A is just a flag, and therefore depends on downstream equipment such as camcorders to recognize the signal and refuse to make copies. CGMS-A is required for use with CSS and DTCP. The CGMS-A+RC (Redistribution Control) extension adds the requirement that the content may not be redistributed over the Internet. Versions of CGMS-A are standardized as IEC 61880 / 61880-2 and EIA/CEA-608-B, available from Global Engineering Documents (http://global.ihs.com).

Copy Generation Management System - Digital (CGMS-D) defines copy management information for digital connections. It is used as the basis for technologies such as HDMI and DTCP. However, CGMS is something of an ad-hoc standard, without an active licensing or certification entity, so its use has been limited in current DVD devices.

4C / Verance Audio Watermark embeds copy management information in digital audio for DVD-Audio. It was also adopted by the Secure Digital Music Initiative (SDMI, www.sdmi.org - now inactive), in cooperation with the 4C entity. The Verance Copy Management System for Audio content (VCMS/A, www.verance.com/solutions/music.php) is licensed for DVD-Audio, SD-Audio, and SDMI Portable Device consumer product formats.

DVD Output Protection: Macrovision ACP

Finally, as required by the CSS license, DVD players also must actively protect output to displays. For digital outputs, these devices use HDCP and DTCP to encrypt the signal. For analog video output, Macrovision ACP prevents analog copying to devices such as VCRs and DVD recorders.

Macrovision ACP analog content protection applies two techniques to the video signal, Automatic Gain Control (AGC) and Colorstripe, such that VCRs can only make distorted copies (while televisions, with less strict tolerances, can still display the signal). It is patented and licensed by Macrovision (www.macrovision.com/products/content_publishers/acp.htm)

Top


Downloadable DVD: Recordable CSS

Again, while the CSS copy protection used on DVDs has been broken, it still has been very successful as a "speed bump" that inhibits mass casual copying of discs by consumers. But CSS (Content Scramble System) was designed and implemented to protect rights for only mass-market replicated discs -- It was not available for recordable DVDs, including duplicated titles created by corporate or independent filmmakers, and certainly not for consumers burning personal discs on their home PCs.

One side effect of this choice for the content industry was that it also blocked them from exploring the market for download to DVD delivery. No CSS for burners meant no protection for possibly interesting applications like DVD burning kiosks. It also limited the value of electronic download services for broadband Internet users -- you can download protected movies to play on your PC, but then cannot generally save and enjoy them on DVD.

Even though CSS is "broken," it's still a good enough "speed bump" that the content industry recently agreed to extend CSS for use on DVD burners, in kiosks and eventually in homes. This also requires updating DVD drive and recorder products to support this feature, and a new DVD recordable disc format that supports the CSS mechanism. But the result should then be that recorded discs can be protected as well as commercial titles, and still maintain compatibility with the existing installed base of more than a hundred million DVD players.

Recordable CSS was authorized in August 2006, the DVD Copy Control Association (DVD CCA, www.dvdcca.org/css) announced agreement on a rule change to permit the creation of CSS-protected DVDs on burners, explicitly for use in applications including kiosks, small custom runs, and in-home recording on personal computers via the Internet or on network-enabled DVD recorders.

The CSS Managed Recording Amendment to the CSS Procedural Specifications permits Manufacture-on-Demand ("MOD") and Electronic Sell Through ("EST") applications for recordable DVD.

Sonic Solutions has championed this technology, and has developed its Qfix DVD-on-Demand technology to enable a wide range of markets, including on-demand manufacturing systems, Internet video-on-demand services, set-top devices, retail kiosks, and third-party PC software application (www.sonic.com, www.qflix.com).

Enabling downloadable DVDs does require broad changes across the industry.

  • The downloadable content needs to be higher quality, for example increasing from around 500 to 700 KB/sec up to 2 MB/sec in order to provide full DVD quality.
  • The new recordable media format also needs to be productized, with a new otherwise-unwritable area for the CSS control information.
  • And new DVD drives and recorders need to be designed to support burning CSS-compliant discs with the new media (which should be a relatively straightforward firmware upgrade).

Top


Content Protection for High-Definition Blu-ray Disc

Content protection for DVD has arguably served its purpose of preventing wholesale casual copying. However, sophisticated pirate rings still can produce copies of first-run features within days of their release, captured from videotapes shot in theatres or even the original prints, and released over the Internet, or on DVD in surprisingly high quality, complete with packaging and subtitles. In addition, motivated consumers can download DeCSS ripping tools to copy their discs, optionally recompressing from dual-layer DVD-9 to single-layer recordable DVDs, or even to CD.

Optical Media Content Protection: AACS

Given this history, content owners wanted stronger technologies to protect new high-definition digital material, whether delivered by broadcast or on physical media, but especially when defining the new high-definition blue-laser disc formats, Blu-ray Disc (www.blu-raydisc.com) and HD DVD (since withdrawn, www.hddvdprg.com). The result, AACS, uses stronger technology than CSS to protect source content on optical media, and also integrates content management for both replicated and recordable discs.

Advanced Access Content System (AACS) is designed to encompass content protection, copy control, and key management and revocation (for compromised keys). It is managed by the AACS Licensing Administrator (AACS LA, http://aacsla.org), founded by companies spanning the content, PC, and CE industries (IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, and Warner Bros.). The intent is to provide more flexible copy management, to share and even move content across home networks and to portable devices.

Beyond CSS, AACS uses stronger 128-bit AES (Advanced Encryption Standard) encryption, which is a published standard that has been extensively vetted by security researchers. The content is encrypted using a secret Title Key selected by the replicator, and the physical disc is marked with a secret Volume Identifier that cannot be read by consumer devices in order to prevent bit-by-bit copying. Each protected title (or group of titles) is assigned a Media Key Block and associated Media Key by the licensing authority. 

Playback devices then use licensed Device Keys to calculate the Media Key, and the Volume Identifier to decrypt the Title Key, which is then used to decrypt the audiovisual content. AACS also uses a new renewable form of drive authentication that is not compatible with the CSS protocol used by current drives.

   
        AACS Encryption and Decryption Overview

Blu-ray Content Protection Technologies

Blu-ray Disc (www.blu-raydisc.com) was designed with a range of digital content protection and rights management technologies, beyond the base AACS copy protection mechanisms for encryption and unlocking the disc contents. However, these measures raise the risk of disabling working equipment in ways that can seriously frustrate consumers.

- Two mechanisms that can disable playback of working players and discs if they have been deemed to be hacked (Media Key Block and Content Revocation List), triggered by updates to lists of revoked equipment distributed with new content. Any new disc could cause your existing personal property to stop working.

- A renewal requirement that can disable working discs and players (for both hardware devices and software players) if they are not "renewed" after a period of time or a required upgrade -- assuming the original vendor is still in business and offering the service.

- A playback control audio watermark technology (Verance) which can shut down playback of consumer recordings if the system decides they originated from a protected source. This could interfere with your personal videotape of your daughter's birthday party if a protected movie happened to be playing in the background.

- Two optional flags that constrain analog output -- the ICT (Image Constraint Token) to limit image resolution, and the Digital Output Only Token to totally disable all analog video output. Early adaptors will need to replace their expensive home theatre systems if they lack the now-required HDMI connector.

- Three approved mechanisms for protecting digital content as it is transmitted to a display or over a network -- DTCP (Digital Transmission Content Protection), HDCP (High-bandwidth Digital Content Protection), and WM DRM-ND (Windows Media Digital Rights Management for Networked Devices). They will not display on legacy equipment (including expensive HD displays, and your working PC or TV display can go black if there is a glitch in the hardware interconnect.

- Two sunset provisions to remove HD analog video output (Dec. 2011) and even all analog output (Dec. 2013) from all future products. You will not be permitted to watch your content as you currently watch DVDs, even downsampled to lower resolution on analog standard-definition sets.

These are only the initial requirements of the AACS Interim Adopter License, released in February 2006 in order to allow initial products to ship. Additional requirements will be imposed in the final license, for Managed Copying, Digital Output Only Token, and Audio Watermark detection.

Blu-ray products also include additional BD+ and BD-ROM mechanisms that can prohibit playback if a disc is deemed improperly marked, or hacked.

Top


Beyond the Standard: Additional Content Protection for CD and DVD

While content owners would like to more strongly control access to their content -- when and where and how it can be played -- consumers continue to insist on regarding their purchased media as their property, to enjoy free of constraints on time or location or device. Consumers merrily rip music from CDs to enjoy on their computers and MP3 players, and enthusiasts rip movies from DVDs to they can watch them on a computer on the plane or on a portable media player on the train.

The CSS copy protection technology has been broken, and "DeCSS" ripping programs are widely available for downloading, although these take some initiative and technical know-how and patience to use. Even so, CSS remains as a viable "speed bump" to inhibit casual copying by consumers.

Content owners still desire stronger protection, and have tried various third-party products to add copy protection beyond what is available in the CD or DVD specification.

These include "passive" techniques that modify a disc in ways that are intended to inhibit copying on a personal computer, hopefully without impacting compatibility with the mass market of existing players. And "active" techniques than go further by running software directly on the user's computer.

Replicated DVD Source Protection: RipGuard and ARccOS

The CD Audio format is rather simple, so there is not much room for clever modifications to the format. However, a limited form of passive protection can be implemented by exploiting a quirk in the way Windows handle multisession CDs, and adding a fake data track to confuse Windows. However, this is easily defeated by more robust software. (See, for example, Edward Felten's discussion in www.freedom-to-tinker.com/blog/felten/cd-drm-attacks-installation).

For DVD, two of the most widely used products for passive protection are 
Macrovision RipGuard
(www.macrovision.com/products/content_publishers/ripguard.htm) and
Sony DADC ARccOS (www.sonydadc.com/opencms/opencms/sites/am/Digital_Services/ArccOS.html).

These are designed to reduce the ripping of copyrighted content. According to Macrovision, "between 85 to 95 percent of all consumers lack the patience and the technical know-how to break through the extra layer of DVD copy protection RipGuard provides, causing them to give up on making illegal copies. Only 5 percent of users have the knowledge and determination required to break through the RipGuard DVD copy protection and decrypt the underlying CSS."

According to published reports, these technologies deliberately create corrupted sectors on DVD discs and shuffle their contents, causing copying software to produce errors. Since DVD player devices (and computer software players) should strictly follow the navigational paths authored on the disc, they should never encounter these corrupted sectors.

Active Disc Copy Protection: Sony BMG DRM Scandal

The cat is out of the bag, the horse has left the gate, the barn door is unlocked -- but content owners still seek clever ways to retrofit protection onto their existing, hugely popular mass-market formats. Passive approaches like Macrovision RipGuard and Sony DADC ARccOS modify the discs to attempt to confuse ripping software, and then end up in an unending race between new clever tricks added to these copy protection schemes and the legions of hackers who enjoy breaking them. The personal computer just is such an open platform that passive approaches can be defeated by the latest smarter software.

The solution to this dilemma of how to stop copying on computers without impacting playback on set-top DVD devices, then, is an "active" approach -- get your own copy protection software running on the computers. In the long term, this can be done by influencing the computer and software vendors -- Microsoft has reportedly added such technology to Microsoft Vista and now Windows 7, and Apple has added content protection to the Macintosh for output displays. 

And Intel has been working on a Trusted Computing technology to secure computers in hardware, possibly even out of the control of the owner (Trusted Computing Group / TCG, www.trustedcomputinggroup.org).

Until all PCs are locked down, an interim solution is to install copy-checking software on consumer computers to monitor the use of the CD or DVD drive, and prevent ripping software while still permitting playback. However, consumers obviously are unlikely to voluntarily install such software.

Instead, in 2005 Sony BMG released audio CDs (over 90 titles and some 25 million CDs) with hidden copy protection software that automatically installed on Windows computers when consumers inserted the CDs -- without notification or consent. These used the software products First4Internet (now Fortium) XCP and SunnComm MediaMax.

Even worse, the software used virus-like techniques to install as a "rootkit," deep in the operating system. As a bonus, when analyzed, the software appeared to be poorly written and opened security holes that other viruses began to exploit, and attempting to uninstall it broke all access to the system's optical drives. Sony then released uninstaller software which was itself found to be faulty. Sony eventually had to recall such discs from the market, and exchange them for new unprotected disks and/or (unprotected) MP3 files (see http://cp.sonybmg.com/xcp/).

The result of this scandal was significant negative publicity and lawsuits, which has cooled the content industry's interest in pursuing active content protection. And, to some extent, it has educated consumers not to trust music on CD, and made alternative digital music downloading more attractive.

See Wikipedia - http://en.wikipedia.org/wiki/Sony_rootkit

Edward Felten's team at Princeton helped explain the technology and issues through this process, and published a final post-mortem, "Lessons from the Sony CD DRM Episode" (http://itpolicy.princeton.edu/pub/sonydrm-ext.pdf).

Top


Digital Video Content Protection

The development of digital displays and networked devices introduced a new dimension into content protection. Technologies like CSS and CPRM/VCPS can protect source digital content when stored on DVD. And, as with VCRs before, technologies like CGMS-A and Macrovision ACP can mark and protect the output analog video signal. But if the consumer electronics and computer industries wanted to promote direct digital connections between home devices, then the content owners needed to see additional protection technologies to encrypt the material across digital wires.

Thus, the Broadcast Flag was defined to mark content as requiring protection as it enters the home, and technologies like HDCP and DTCP are used to protect material on both high-bandwidth display connections and traditional computer digital interfaces.

Digital Broadcast Content Management: Broadcast Flag

The Broadcast Flag is a digital broadcast content protection mechanism that was mandated by the U.S. Federal Communications Commission (FCC) in 2003 for the purpose of preventing mass distribution of copies over the Internet (http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-03-273A1.pdf). The intention was that the flag could be set at the discretion of the broadcaster as a digital code embedded in ATSC digital TV (DTV) broadcasts. All digital copies of flagged broadcasts must then be encrypted, and be playable only on devices that do not permit redistribution. (This did not prevent analog copying, or additional copying to authorized devices.)

In order to enforce this requirement, the FCC extended its mandate from communications to encompass the consumer electronics and computer industries, and ruled that after July 1, 2005, any DTV receiver could only pass on flagged content to a digital output if that output is protected by an approved technology. An initial list of 13 authorized protection technologies was approved in August 2004, including CPRM and VCPS for DVD, HDCP for displays, DTCP for communications, Microsoft Windows Media DRM and RealNetworks Helix DRM for streaming and files, and Sony MagicGate for Memory Stick and Hi-MD media.

However, in May 2005 the U.S. Court of Appeals for the District of Columbia ruled that the FCC had exceeded the scope of its regulatory authority, and struck down the broadcast flag.

Meanwhile, the FCC mandate resulted in the deployment of new infrastructure required to support the broadcast flag in CE and computer equipment, including the addition of VCPS to DVD recorders, and support for the CPRM and VCPS protocols in DVD player software like CyberLink PowerDVD in order to permit consumers to play back their recorded discs.

The FCC's intent was that "all existing equipment will remain fully functional." However, old equipment and software would not be able to even play back encrypted discs, and, for example, if you were to swap out an existing DTV demodulator connected to an old DVD recorder, you could find that the DVD recorder suddenly cannot understand the encrypted signal that is passed to it when the new demodulator recognizes the broadcast flag.

Digital Video Display Interfaces: DVI, HDMI, HDCP

All-digital home entertainment systems introduce a demanding problem: supporting high-bandwidth uncompressed digital video connections at HDTV resolutions. The creation of the DVI (Digital Visual Interface) and HDMI (High-Definition Multimedia Interface) specifications allow digital devices to generate full-quality outputs on digital displays, using consumer-friendly cabling. Then HDCP (High-bandwidth Digital Content Protection) can be used to encrypt and secure these interfaces.

DVI and HDMI are not copy protection technologies, they are just the digital video interfaces that are related to HDCP.

Digital Visual Interface (DVI) is a universal lossless display interface with plug and play connections. With dual links, it can support up to HDTV resolutions at fast refresh rates. DVI is based on the Silicon Image T.M.D.S. interface, and was adopted by the Digital Display Working Group (DDWG, www.ddwg.org), lead by Intel, Compaq, Fujitsu, Hewlett Packard, IBM, NEC and Silicon Image.

High-Definition Multimedia Interface (HDMI) is a more general digital interface specification for connecting consumer electronics products, designed for secure distribution of uncompressed high-definition video plus multi-channel audio in a single cable. HDMI supports interconnecting multiple sources and sinks (inputs and outputs), using a packet protocol to transmit video, audio, and auxiliary data such as configuration and status. HDMI also is designed to permit connection with DVI devices through a converter cable. 

HDMI was defined by the HDMI Founders (www.hdmi.org): Hitachi, Matsushita (Panasonic), Philips, Silicon Image, Sony, Thomson, and Toshiba.

High-bandwidth Digital Content Protection (HDCP) is based on these interfaces, and designed for protecting audiovisual content from being copied over DVI and HDMI high-bandwidth interfaces. HDCP provides content protection mechanisms for authentication of HDCP-compliant transmitters and receivers, encryption of content over the interface, and revocation of invalid receivers based on assigned private Device Keys. While HDCP protects content, the mechanism used to specify the copy management information is a separate issue, outside of its scope. HDCP was developed by Intel and is licensed by Digital Content Protection, LLC (www.digital-cp.com).

Digital Video Transmission Protection: DTCP

Beyond local display devices, the digital home also offers the opportunity to distribute digital content to other devices, through local FireWire and USB connections and even over a local home network. The solution for protecting content within this larger scope is to bridge the PC and CE worlds by using a digital rights management technology that is supported by both the PC and attached devices (i.e., to download a purchased movie or song to a portable device). The DTCP approach defines a general protocol that can be used to protect content transmitted between authenticated devices.

Digital Transmission Content Protection (DTCP) defines a cryptographic protocol for protecting digital A/V content on high-performance digital interfaces, such as IEEE 1394 (FireWire). It includes a device authentication and key exchange (AKE) protocol to verify connections, copy control information (CCI) based on CGMS, and content encryption with optional stronger ciphers. DTCP also supports revocation of unauthorized devices through system renewability messages (SRMs) delivered with new content.

DTCP was defined by the "5C" group, Hitachi, Intel, Matsushita (Panasonic), Sony and Toshiba, and is administered by the 5C / Digital Transmission Licensing Administrator, LLC (DTLA, www.dtcp.com).

DTCP over Internet Protocol (DTCP-IP) extends DTCP to protect content transmitted across IP network connections using 128-bit AES encryption. It is intended for use within local home networks, including wireless connections.

Top


Content Protection in the Digital Home

Consumers (and professionals) first experienced copy protection with scrambled video from VCR tapes and later with CSS encryption of DVDs. But even content owners do not want to just lock down physical media. The popularity of online services like iTunes has demonstrated the importance of selling content as digital bits, both as purchased downloads, and as licensed streaming.

The explosion of portable media players such as the iPod then has extended content files from the desktop to local devices in the home. Even more, digital video recorders and their extension within the digital home opens up the possibility of storing and sharing content among a family of computer and consumer electronics devices throughout the home.

This has brought together a broad coalition of industries to develop content protection technologies that provide strong enough protection to satisfy content owners while also allowing controlled copying among computer and CE devices.

The goal is to allow consumers to be able to legitimately access premium entertainment content when, where, and how they want to. Consumers shouldn't have to care where the content came from, nor how it is managed; they only want to be able to enjoy it when and where they want.

Consumers do not want to be caught in the cross-fire between open "fair use" and attacking "piracy." And content owners want to robustly communicate the authorized usages of a particular piece of content. The idea behind these content management systems, then, is to ensure that customary use is preserved for individual consumers, while enabling content owners to use new and flexible usage models to get more content in the hands of consumers.

However, the introduction of these technologies in new CE and computer devices can lead to collateral damage, as some material can inexplicitly become uncopyable or even inaccessible. When applied to consumer electronics equipment, these technologies can restrict the customary uses of CE devices and computer equipment in ways that can seem inexplicable and random, depending on the source of the material (i.e., standard or premium content) and the interactions between old and newer equipment. For example, a DVD recorder may mark a recorded disc as protected, so that it cannot be copied further. Or an upgraded software player may require a protected connection to the display screen, and refuse to play on older equipment. These products will need much more transparent mechanisms to view and understand authorization information associated with pieces of content.

So there can be unpleasant surprises as digital content flows between new content technologies and legacy devices, and when computer-based DRM systems interface with consumer electronics equipment. For example, another industry group,.the Coral Consortium, is addressing these usability issues of "interoperability between DRM technologies used in the consumer media market" (www.coral-interop.org). Its voting members are HP, Intertrust, Philips, Matsushita (Panasonic), NBC Universal, Samsung, Sony, and Fox. The Coral Consortium's goal is to "develop a set of specifications to bridge gaps between disparate DRM systems and safeguard against impedance mismatches that are common when communicating between them."

Top


For More Information


Jim Taylor's DVD FAQ has extensive information on DVD formats, technical details, and associated content protection technologies:
    www.dvddemystified.com/dvdfaq.html

Don Labriola's Digital Content Protection series provides background on content protection laws and technologies 
    (ExtremeTech, 3 parts - May, 2002 - Aug. 2003):
    www.extremetech.com/article2/0,2845,13923,00.asp

DEG: the Digital Entertainment Group's Content Protection & DRM, A Glossary is handy summary of content protection and DRM technologies (Oct. 2004):
    www.dvdinformation.com/TechResources/images/DEG%20DRM%20Glossary.pdf

Top


Appendix: The Content Protection System Architecture (CPSA)


While content protection can seem a morass of similar-sounding technical acronyms and obscure licensing organizations, the consumer electronics (CE) and computer and content industries have developed a fundamental architectural strategy that underlies these approaches. The Content Protection System Architecture (CPSA) was developed by the 4C Entity (www.4centity.com), named after the four founding companies: Intel, IBM, Matsushita and Toshiba.

The CPSA is an overall framework or architecture designed to encompass major existing and upcoming entertainment content protection technologies. While it's not an official standard or binding requirement, the CPSA is useful to understand as providing the philosophy behind the technologies that are being developed and deployed.

CPSA's scope crosses between personal computing and consumer electronics devices, protecting audio and video content in both analog and digital formats, and supporting both physical and electronic content distribution methods.

The architecture describes how compliant devices handle copy control information (also known as Content Management Information, CMI), protect content during playback and output, and manage usage rights for recording.

The CPSA architecture is defined in 11 axioms, or fundamental principals, that describe how compliant devices handle copy control information, playback and output, and recording. The axioms are divided into several groups, reflecting the major issues that these various content protection technologies are intended to address:

Content Management Information

If content is to be protected, the usage rules associated with each individual chunk of content must be maintained in association with the content (e.g., copy-freely, copy-never, copy-one-generation, or copy-no-more). These are called the Content Management Information (CMI) or Copy Control Information (CCI). This can be done by encrypting the information along with digital content, or, especially for analog formats, by embedding the information as a watermark within the content.

1. The content owner is the party that defines the content management information (CMI) for the content, from the available options provided by the protection technology. This information then must remain with the content and control its use.

2. In particular, for content stored digitally, the integrity of the content management information must be preserved while the content is stored in an encrypted form. For example, while the CMI may be carried in an unencrypted form for inspection, it still must be verified by checking a second encrypted copy.

3. And especially for analog content, the content may also be watermarked, at the discretion of the content owner, to embed CMI information that will be independent of its digital or analog representation.

Content Protection: Copying

The source content must be protected from unauthorized access. It can be digital encrypted to allow access only by authorized devices, or, if unencrypted, compliant devices must be designed to respect the CMI restrictions defined in the embedded watermark.

4. All prerecorded content must be encrypted (more strictly, all digital content that has usage restrictions). Examples of such digital content protection for recorded media include CSS for DVD-Video and AACS for future high-definition DVDs (see below).

5. Furthermore, any authorized copies made of protected content also must be protected by encryption, whether the original content was digital or is being converted from analog. (An exception is DVD-Audio, which allows unencrypted copies on legacy media including CD, as long as the sound quality of copies are no better than CD-Audio.)

6. As an additional check for proper usage of content protection technology, when playing back unencrypted digital content, the playback device must refuse to play any content that contains a watermark CMI, since all digital copies of material with associated usage rights should be encrypted.

Content Protection: Transmission

So far so good -- our content is protected at the source, any copies are protected, and the associated usage rights are kept protected with it. But now we want to actually play the content, which typically involves displaying it on an external device (or, more generally for digital data, transmission to a display device). The connection to a display is a weak point in the content protection system, especially if the content is displayed in the clear.

7. For encrypted content, source and playback devices must apply an approved protection scheme to all outputs, as specified by the CMI. This can take the form of an encrypted transport protocol for digital connections (i.e., DCTP), or a mechanism such as Macrovision APS for analog outputs. (Again, DVD-Audio allows unprotected analog output and digital output at no better than CD-Audio quality.)

8. In addition, for unencrypted content (i.e., when converting from analog to digital), a source device must check the watermark CMI before forwarding the content, and set the digital CMI of the protected output accordingly (to be tested by downstream copy devices).

Recording Control

Finally, even if content can be played, its usage rules may not permit it to be recorded, or may permit only one generation of copying.

9. Compliant recording devices can only copy content after checking for CMI and verifying the usage rules, whether for encrypted digital or unencrypted watermarked content.

10. In addition, when making an authorized copy, the recording device must update the CMI, for example to update Copy-Once to Copy-None. And even for unmarked content, the device can still support making an encrypted copy with CMI (which can lead to personal material unexpectedly becoming copy protected).

11. However, even with fully-implemented copy protection, an exception is provided for "temporary and localized" uses such as time-shifting: in these cases recording devices are permitted to work independently of any CMI restrictions. Such devices can capture and store copy-protected broadcast material, as long as the content is retained only for a limited time and then played back from the same device.

Top


Content Protection -- Glossary


Content Protection Architecture
  • CPWG -- Copy Protect Working Group
  • CPSA -- Content Protection System Architecture [4C Entity] - formal architecture
Content Protection on Media - Encryption
  • CSS - Content Scrambling System [DVD CCA - LMI] - Encrypted pre-recorded DVD-Video
  • CPPM - Content Protection for Prerecorded Media - DVD-Audio [4C Entity]
  • Macrovision - RipGuard DVD
  • Sony DADC - ARccOS - DVD-Video Copy Control
  • AACS - Advanced Access Content System - HD DVD [AACS LA]
        Manage content stored on the next-generation high-def prerecorded and recorded
        optical media for consumer use with PCs and CE devices
Copy Protection / Content Management
  • CPRM - Content Protection for Recordable Media - DVD record [4C Entity]
        Prevent writable DVD drives from indiscriminately copying protected content
  • VCPS - Video Content Protection System - DVD+RW [Philips, HP]
        Protect recordings of digital broadcast according to FCC Broadcast Flag
        Enable direct recording of 'copy-once' content from satellite and cable sources
  • CGMS-A - Copy Generation Management System - Analog [IEC, EIA/CEA]
        Basic copy protection information over analog video interface through VBI data
  • CGMS-D - Copy Generation Management System - Digital
        Copy management information for digital connections (HDMI, DTCP)
  • Verance Watermarking - DVD-Audio [4C Entity]
        Marks analog output to prohibit capture by analog and digital recorders
Transmission Protection
  • Macrovision ACP / (APS) - Analog Protection System - DVD [Macrovision]
        Distort video signal (AGC, Colorstripe / colorburst) to prevent VCR copying
        NTSC only, composite and s-video outputs. Required w/ CSS
Transmission Protection / HD
  • Broadcast Flag [ FCC ]
        Digital code embedded in ATSC broadcast signal, tells digital video equipment
        capable of receiving over-the-air digital TV (DTV) broadcasts to encrypt
        any digital recording of content marked with the Flag
  • DVI - Digital Visual Interface (PC) [ DDWG ]
        Display digital video to TV, baseband to HD display - like VGA
        Very fast - 4.95 Gbps, can support 1600×1200 (UXGA), all HDTV resolutions
  • HDMI - High-Definition [Digital] Multimedia Interface (CE, w/ audio)
        Secure distribution of uncompressed high-definition video & multi-channel audio
        Single cable, single digital interface, bandwidth up to 5 Gigabits/second
  • HDCP - High-bandwidth Digital Content Protection - DVI / HDMI [ Intel ]
        DVI connections to digital monitors
  • DTCP - Digital Transmission Content Protection (1394, IP) [ 5C/DTLA ]
        Cryptographic protocol for protecting audio/video entertainment content
        as traverse digital interfaces such as IEEE 1394, USB, IP-based home networks
  • DTCP-IP - DTCP over IP [ 5C/DTLA ]

Top

Portions of this article are derived from "Content Protection for Consumer Electronics," DV Magazine, Aug. 2005 (no longer available online, www.dv.com).