Manifest Technology Blog
| DVI Tech
| Site Map
HOME DIGITAL MEDIA ARTICLES
| PC Video
| Web Media
| DVD & CD
| Portable Media
| Digital Imaging
| Wireless Media
| Home Media
| Tech & Society
| Home Media Articles
| Home Networked Media Gallery
Content Protection Technology
for Consumer Electronics (4/2009)
by Douglas Dixon
We love our media -- images and music and video. And we like to share our
enthusiasms, from photo albums to audio mix tapes to video clips on YouTube. The
advent of digital media had made this much easier, so we can organize and enjoy
our growing collections, bring our favorite tunes and shows along on portable
devices, and share with friends.
But for content creators and owners (including movies, television, music),
this new digital age, along with our uninhibited enthusiasm for sharing our
passions, raises the frightening vision of uncontrolled sharing of exact digital
copies across the globe. The proverbial cat may be out the bag for music on CD,
and even somewhat for standard-definition video on tape and DVD, but the content
industry is still working to contain the damage. These concerns are further
heightened as the industry upgrades to high-definition content, when copying of
products like Blu-ray Disc and surround-sound audio could threaten the
theatrical entertainment experience.
This article describes the content protection technologies developed in
response to this threat, and implemented in a wide variety of consumer
electronics equipment. The content industry has worked with the consumer
electronics and computer industries to develop these technologies to protect
content as it is stored, transmitted, and played, and then control and manage
playback and sharing of the content in authorized ways.
The threat of consumers copying content has expanded with advances in
technology and the huge cost reductions in consumer equipment (like DVD
recorders) -- from simple analog copying onto videotape to capturing the digital
signal sent to a HD display, and from ripping songs from an audio CD to
extracting an entire movie from a DVD.
In response, the content industry has worked with the consumer electronics
and computer industries to develop a variety of content protection mechanisms to
restrict copying of licensed content. These technologies then are implemented in
CE devices (from DVD players to HDTVs) and in computers (from disc drives to the
operating system to player software). The content protection is enforced in new
products through the licensing terms for the patents required to play the
specific formats (i.e., DVD discs with MPEG video), and to authorize the use of
the associated logos on products (i.e., DVD-Video).
This article provides an overview of the different copy protection
technologies used in consumer electronics devices, especially as related to DVD.
These are a somewhat confusing collection of similar-sounding acronyms for
technical specifications (and associated licensing organizations), each of which
covers different types of media, devices, and formats. This information is
summarized from various public sources, comments and corrections are welcome.
the way, get used to these ad-hoc industry coalitions that create and administer
these standards -- There are so many that their organizers have given up trying
to create meaningful names, and just used names like 3C, 4C, and 6C for the
number of founding companies. These organizations define and administer
standards, and then pool and license the associated patents (some now with more
members than the original count in the name). There are so many such groups that
another organization, License Management International (LMI, www.lmicp.com)
serves as a meta-group providing license administration services for groups
including the 4C Entity and DVD CCA, the home of CSS encryption.)
The focus is on technologies that designed to protect broadcast and recorded
video content (e.g., TV and DVD) on consumer electronics devices. Of course,
this is only a part of a much larger universe of content / copy protection,
including music and CDs, Web streaming and downloads, and other media formats.
The purpose here is to explain the technologies, and avoids getting into issues
of morality, whether "piracy" or "fair use."
Even with these content protection mechanisms, the content industry
recognizes that these technology measures cannot stop all copying. Instead, the
goal is to serve at least as a "speed bump" -- to inhibit mass
consumer copying, so that casual consumers don't find it easy to make copies for
After all, unauthorized copies of new releases are often first available from
screener and review units that come from within the industry, and from
unauthorized recordings at music concerts and movie theatres -- often well
before any consumer can buy the same material on CD or DVD. And once one copy
gets on the Internet, it becomes available to all.
These measures also will not stop pirates manufacturing unauthorized content,
since they can access copies on the Internet, and often get DVDs of a new film
on the street days or even hours after the theatrical release based on video
shot in a movie theatre. And hacker enthusiasts will continue to enjoy the
challenge of breaking new copy protection technology, making tools available for
more sophisticated consumers to make copies at will.
As a result, the industry is using a two-part approach to counter these
threats -- the technological "speed bump" to inhibit casual consumer
copying, plus measures that allow consumers to access their content within the
home and on portable devices, but in controlled ways.
It's clear that consumers demand the flexibility to enjoy their entertainment
when and where and how they want it. And the industry has responded, with a
variety of options to time-shift and place-shift content, across multiple
devices -- within the home with networked cable set-top recorders and Internet
TV services, on PCs and the road with Internet music and video, bridging
computers and portable players with Apple iTunes, and even from DVD to computers
and portable players with approaches like Digital Copy.
A time out to try to be more precise about terminology:
"Content protection" is the general term used to encompass
mechanisms and technologies designed to protect content by controlling its use,
in order to give content providers control over access and redistribution of
protected material. This has two parts: copy protection technologies to inhibit
the direct copying of protected content, and rights management technologies to
mark content with information about what permissions the owner has granted for
"Copy protection" refers specifically to mechanisms and
technology designed to protect content from being copied. This typically
requires encryption of the content to prevent access except when authorized (as
with CSS for DVD).
"Rights management" (also copy management) is more
strictly the identification, protection, and tracking of the rights associated
with accessing protected content. The content owner can tag content with license
information controlling activities including playback, copying, and re-copying
(for some limited number of times). For example, Apple iTunes supports a limited
number of systems that to play and copy content from a user's library, and a
limited number of iPod players to which the content can be synced and
"Conditional access" pertains to verifying that only
authorized users can receive content, particularly for delivery of content over
open wired (and wireless) channels including broadcast, cable, Internet, and
"Digital Rights Management" (DRM) then is often used very
loosely as general term for content protection mechanisms, but also as a
short-hand for specific copy protection technologies. This may encompass
playback and copying / downloading / syncing across consumer electronic devices,
computers, portable devices, and networked devices in the home. For example, a
widely-used specific Microsoft copy protection technology is called
"Windows Media DRM."
Protecting digital content across personal computers and consumer electronic
devices is a horribly difficult problem for two reasons: Some of the formats
were already well-established before consideration of copy protection issues,
and the playback devices are in an open and uncontrolled environment in the
Older entertainment delivery formats like videotape and CD were designed
without consideration for copy protection, much less the rapid advance of
technology (and lowering of prices) that enable consumers to easily manipulate
digital media. For example, while the CD contains audio in digital form, its
designers did not envision its use with powerful digital playback devices, so
the disc does not even contain artist and track information about its contents
(while radio broadcasts now carry this type of information).
The personal computer also is wide open (although Windows Vista and the
upcoming Windows 7 are adding more built-in copy protection). Software
applications can intercept digital content in many ways. On input, software can
access a storage device directly to get at the raw digital data. During
playback, software can wait until the content is unencrypted and ready for
display, and access the audio samples or video frames. Or when the content is
output, software can hook the display process and recapture the data as music is
played or video is displayed.
In addition, the decoupling of storage, playback, and display on both
computers and CE devices has expanded the scope of content protection across the
cables in the digital home network.
help think about these issues, the Content Protection System Architecture
(CPSA) provides an overall framework or architecture for entertainment content
protection technologies (see Appendix). The CPSA was developed by the consumer
electronics and computer and content industries under the 4C Entity (PDF,
The CSPA is derived from the framework developed for DVD-Audio, in close
collaboration with the Secure Digital Music Initiative (SDMI) and Content
Protection Technology Working Group (CPTWG), based on the initial
experience with the Content Scramble System (CSS) for DVD-Video.
As described in the CSPA architecture document, "With consumers
increasingly eager to move content between devices such as PCs, DVD players and
recorders, set-top boxes, and digital TVs, a variety of content protection
technologies have been developed. These point solutions come together to form an
overall "chain" of content protection technologies."
Digital Content Protection
Chain from CPSA Architecture document
The CPSA framework helps define three basic requirements for protecting
- Protect content at its source storage medium (wherever it is stored,
and whenever it is copied)
- Protect content as it is transmitted (e.g., from player to recorder, or
player to display)
- Protect content from unauthorized copying or further re-distribution
(i.e., only as permitted by the specified rights)
These goals are then addressed through a combination of technologies:
- Copy management information in the form of digital tags and watermarks
to define the usage rules
- Encryption algorithms to protect digital content (and associated CMI)
- Transmission protocols to encrypt and protect content (and associated
information) when transferred between devices
- Output protection mechanisms for protecting unencrypted outputs, i.e.,
the "analog hole" when output to analog video displays
This framework is demonstrated by the technologies developed for DVD,
broadcast digital television, and into high-definition formats.
The DVD-Video format for movies (and other content) on DVD was designed with
multiple content protection features. But video can be placed on a disc in
several different ways. DVDs can be manufactured by "replication,"
mass-market manufacturing of movies on disc, or by "duplication,"
burning of movies to recordable blank discs. And consumers have the tools to
burn discs as well, with set-top DVD recorders and personal computers with DVD
Replication manufactures the DVD along with the content in one
operation: the factory takes in melted plastic and stamps out discs, and then
adds labeling and packaging for the final product. The manufacturer controls the
physical structure of the disc, and the content owner supplies the "disc
image" of the data to be stored on the disc. As a result, replicated DVDs
(and now Blu-ray Discs) can implement stronger content protection measures.
Duplication and consumer burning, however, expose the content owner to
unauthorized casual copying. So additional content protection mechanisms have
been developed for recording devices to respect access rights and re-protect
Replicated DVD discs use encryption to protect the digital content, and
support copy management technologies for marking and encrypting (see below for
- Source protection: CSS for DVD-Video, CPPM for DVD-Audio
- Copy management: CGMS, Verance watermarking for DVD-Audio
- Output protection: Macrovision ACP (plus HDCP, DTCP, etc.)
- Copy protection: CPRM for DVD-R/-RW, VCPS for DVD+R/+RW
For replicated discs, the DVD author has the option of enabling one or more
of the supported mechanisms in the disc image sent to the replication facility,
although this requires the appropriate licenses for both the individual disc
title and the manufacturing facility. When the disc is mastered (prepared for
manufacturing), the disc data then will be CSS encrypted and have the
appropriate flags set to enable ACS and CGMS.
Under the DVD-Video license agreement, DVD players and recorders that choose
to license CSS (in order to carry the logo and play back mass-market movies)
also must support Macrovision ACP and CGMS-A analog protection, HDCP for DVI or
HDMI digital outputs, and DTCP for IEEE 1394 and USB digital connections. These
requirements also apply to computer DVD drives and burners, as well as analog
and digital computer TV outputs.
Replicated DVD Source Protection: CSS and CPPM
Replicated DVD-Video discs use the well-known CSS encryption, while DVD-Audio
uses a stronger technology called CPPM.
Scrambling System (CSS) is the encryption technology used to protect
DVD-Video discs. It is licensed by the DVD Copy Control Association (DVD
CCA, www.dvdcca.org/css), and
administered by License Management International (LMI, www.lmicp.com).
CSS was developed in 1996 by Matsushita and Toshiba.
Content Protection for Prerecorded Media (CPPM) is the
corresponding encryption technology used to protect DVD-Audio discs. It is
licensed by the 4C Entity (www.4centity.com/tech/cprm).
- CPPM Specification, Introduction and Common Cryptographic Elements
Revision 1.0, January 17, 2003 (since updated)
These technologies use a combination of keys as layered protection for
unlocking the content: Title Keys to encrypt the content, Disc Keys to encrypt
the title key on the disc, and Master Keys to decrypt the disc keys. CPPM (and
CPRM) also use a Media Key that uniquely identifies the physical disc. These
technologies also include a key-exchange protocol to encrypt and protect the
communication between the disc drive and playback device. The new AACS
technology further extends and strengthens these concepts, especially for
protecting high-definition discs.
Illustrative Example from
CPPM Specification document
Recordable DVD Content Protection: CPRM and VCPS
The access rights for protected content can permit making copies, or making
one copy -- but that copy needs to be protected so that it cannot then be
re-copied for successive generations. However, CSS was designed for use only for
replicated discs (although this has changed -- see below), so set-top DVD
recorders and computer DVD recordable drives implement different but related
copy protection schemes to protect content copied to recordable discs (for
duplication or consumer burning).
The DVD "dash" (DVD-R/RW) and "plus" (DVD+R/RW, www.dvdrw.com)
formats support different content protection technologies. Besides encrypting
the content, these tie the copy to the physical media to prevent bit-by-bit
copies by using a unique media ID stored in an inaccessible area of the disc
(i.e., etched in the lead-in area on the disc before the readable data area).
While these technologies could potentially be used by consumers to protect
home copies, they have not been very visible in CE products. VCPS is a recent
development for new equipment in response to the FCC broadcast flag mandate, and
while some DVD recorders support CPRM, it has not been required for DVD players.
But once a DVD has been encrypted with one of these technologies, the disc will
not be playable in legacy devices, even if copying is permitted.
Protection for Recordable Media (CPRM) is the copy protection
technology used for DVD-R/-RW and DVD-RAM discs. It is used for "copy
once" VR format recordings (not DVD-Video). The "RW Compatible"
logo found on many Japanese DVD recorders and players means that the device can
play VR recordings with CPRM encryption. CPRM also is licensed by the 4C
- CPRM Specification, Introduction and Common
Revision 1.0, January 17,2003 (since updated)
Content Protection System (VCPS) is the copy protection technology
used for DVD+R and DVD+RW recordable media. Developed by HP and Philips (www.licensing.philips.com),
it was designed to protect recordings of digital broadcast according to the FCC
Broadcast Flag rules, and also enables direct digital recording of
"copy-once" content from satellite and cable sources.
DVD Content Management Information: CGMS-A/D, Verance
DVD also uses several different technologies to associate content management
information with analog and digital content.
Copy Generation Management System - Analog (CGMS-A) embeds copy
management information in analog video, carried in the vertical blanking
interval. Unlike Macrovision ACP, CGMS-A is just a flag, and therefore depends
on downstream equipment such as camcorders to recognize the signal and refuse to
make copies. CGMS-A is required for use with CSS and DTCP. The CGMS-A+RC
(Redistribution Control) extension adds the requirement that the content may not
be redistributed over the Internet. Versions of CGMS-A are standardized as IEC
61880 / 61880-2 and EIA/CEA-608-B, available from Global Engineering
Copy Generation Management System - Digital (CGMS-D) defines
copy management information for digital connections. It is used as the basis for
technologies such as HDMI and DTCP. However, CGMS is something of an ad-hoc
standard, without an active licensing or certification entity, so its use has
been limited in current DVD devices.
/ Verance Audio Watermark embeds copy management information in digital
audio for DVD-Audio. It was also adopted by the Secure Digital Music
Initiative (SDMI, www.sdmi.org -
now inactive), in cooperation with the 4C entity. The Verance Copy Management
System for Audio content (VCMS/A, www.verance.com/solutions/music.php)
is licensed for DVD-Audio, SD-Audio, and SDMI Portable Device consumer product
DVD Output Protection: Macrovision ACP
as required by the CSS license, DVD players also must actively protect output to
displays. For digital outputs, these devices use HDCP and DTCP to encrypt the
signal. For analog video output, Macrovision ACP prevents analog copying to
devices such as VCRs and DVD recorders.
Macrovision ACP analog content protection applies two techniques to
the video signal, Automatic Gain Control (AGC) and Colorstripe, such that VCRs
can only make distorted copies (while televisions, with less strict tolerances,
can still display the signal). It is patented and licensed by Macrovision
Again, while the CSS copy protection used on DVDs has been broken, it still
has been very successful as a "speed bump" that inhibits mass casual
copying of discs by consumers. But CSS (Content Scramble System) was designed
and implemented to protect rights for only mass-market replicated discs -- It
was not available for recordable DVDs, including duplicated titles created by
corporate or independent filmmakers, and certainly not for consumers burning
personal discs on their home PCs.
One side effect of this choice for the content industry was that it also
blocked them from exploring the market for download to DVD delivery. No CSS for
burners meant no protection for possibly interesting applications like DVD
burning kiosks. It also limited the value of electronic download services for
broadband Internet users -- you can download protected movies to play on your
PC, but then cannot generally save and enjoy them on DVD.
Even though CSS is "broken," it's still a good enough "speed
bump" that the content industry recently agreed to extend CSS for use on
DVD burners, in kiosks and eventually in homes. This also requires updating DVD
drive and recorder products to support this feature, and a new DVD recordable
disc format that supports the CSS mechanism. But the result should then be that
recorded discs can be protected as well as commercial titles, and still maintain
compatibility with the existing installed base of more than a hundred million
CSS was authorized in August 2006, the DVD Copy Control Association (DVD
CCA, www.dvdcca.org/css) announced
agreement on a rule change to permit the creation of CSS-protected DVDs on
burners, explicitly for use in applications including kiosks, small custom runs,
and in-home recording on personal computers via the Internet or on
network-enabled DVD recorders.
The CSS Managed Recording Amendment to the CSS Procedural Specifications
permits Manufacture-on-Demand ("MOD") and Electronic Sell Through ("EST")
applications for recordable DVD.
Solutions has championed this technology, and has developed its Qfix
DVD-on-Demand technology to enable a wide range of markets, including
on-demand manufacturing systems, Internet video-on-demand services, set-top
devices, retail kiosks, and third-party PC software application (www.sonic.com,
Enabling downloadable DVDs does require broad changes across the industry.
- The downloadable content needs to be higher quality, for example
increasing from around 500 to 700 KB/sec up to 2 MB/sec in order to provide
full DVD quality.
- The new recordable media format also needs to be productized, with a new
otherwise-unwritable area for the CSS control information.
- And new DVD drives and recorders need to be designed to support burning
CSS-compliant discs with the new media (which should be a relatively
straightforward firmware upgrade).
Content protection for DVD has arguably served its purpose of preventing
wholesale casual copying. However, sophisticated pirate rings still can produce
copies of first-run features within days of their release, captured from
videotapes shot in theatres or even the original prints, and released over the
Internet, or on DVD in surprisingly high quality, complete with packaging and
subtitles. In addition, motivated consumers can download DeCSS ripping tools to
copy their discs, optionally recompressing from dual-layer DVD-9 to single-layer
recordable DVDs, or even to CD.
Optical Media Content Protection: AACS
Given this history, content owners wanted stronger technologies to protect
new high-definition digital material, whether delivered by broadcast or on
physical media, but especially when defining the new high-definition blue-laser
disc formats, Blu-ray Disc (www.blu-raydisc.com)
and HD DVD (since withdrawn, www.hddvdprg.com).
The result, AACS, uses stronger technology than CSS to protect source content on
optical media, and also integrates content management for both replicated and
Access Content System (AACS) is designed to encompass content
protection, copy control, and key management and revocation (for compromised
keys). It is managed by the AACS Licensing Administrator (AACS LA,
http://aacsla.org), founded by companies
spanning the content, PC, and CE industries (IBM, Intel, Microsoft, Panasonic,
Sony, Toshiba, Disney, and Warner Bros.). The intent is to provide more flexible
copy management, to share and even move content across home networks and to
Beyond CSS, AACS uses stronger 128-bit AES (Advanced Encryption Standard)
encryption, which is a published standard that has been extensively vetted by
security researchers. The content is encrypted using a secret Title Key selected
by the replicator, and the physical disc is marked with a secret Volume
Identifier that cannot be read by consumer devices in order to prevent
bit-by-bit copying. Each protected title (or group of titles) is assigned a
Media Key Block and associated Media Key by the licensing authority.
Playback devices then use licensed Device Keys to calculate the Media Key,
and the Volume Identifier to decrypt the Title Key, which is then used to
decrypt the audiovisual content. AACS also uses a new renewable form of drive
authentication that is not compatible with the CSS protocol used by current
AACS Encryption and Decryption
Blu-ray Content Protection Technologies
Disc (www.blu-raydisc.com) was
designed with a range of digital content protection and rights management
technologies, beyond the base AACS copy protection mechanisms for encryption and
unlocking the disc contents. However, these measures raise the risk of disabling
working equipment in ways that can seriously frustrate consumers.
- Two mechanisms that can disable playback of working players and discs
if they have been deemed to be hacked (Media Key Block and Content
Revocation List), triggered by updates to lists of revoked equipment
distributed with new content. Any new disc could cause your existing personal
property to stop working.
- A renewal requirement that can disable working discs and players
(for both hardware devices and software players) if they are not
"renewed" after a period of time or a required upgrade -- assuming the
original vendor is still in business and offering the service.
- A playback control audio watermark technology (Verance) which
can shut down playback of consumer recordings if the system decides they
originated from a protected source. This could interfere with your personal
videotape of your daughter's birthday party if a protected movie happened to be
playing in the background.
- Two optional flags that constrain analog output -- the ICT (Image
Constraint Token) to limit image resolution, and the Digital Output Only
Token to totally disable all analog video output. Early adaptors will need
to replace their expensive home theatre systems if they lack the now-required
- Three approved mechanisms for protecting digital content as it is
transmitted to a display or over a network -- DTCP (Digital
Transmission Content Protection), HDCP (High-bandwidth Digital Content
Protection), and WM DRM-ND (Windows Media Digital Rights Management for
Networked Devices). They will not display on legacy equipment (including
expensive HD displays, and your working PC or TV display can go black if there
is a glitch in the hardware interconnect.
- Two sunset provisions to remove HD analog video output (Dec. 2011)
and even all analog output (Dec. 2013) from all future products. You will
not be permitted to watch your content as you currently watch DVDs, even
downsampled to lower resolution on analog standard-definition sets.
These are only the initial requirements of the AACS Interim Adopter License,
released in February 2006 in order to allow initial products to ship. Additional
requirements will be imposed in the final license, for Managed Copying, Digital
Output Only Token, and Audio Watermark detection.
Blu-ray products also include additional BD+ and BD-ROM
mechanisms that can prohibit playback if a disc is deemed improperly marked, or
While content owners would like to more strongly control access to their
content -- when and where and how it can be played -- consumers continue to
insist on regarding their purchased media as their property, to enjoy free of
constraints on time or location or device. Consumers merrily rip music from CDs
to enjoy on their computers and MP3 players, and enthusiasts rip movies from
DVDs to they can watch them on a computer on the plane or on a portable media
player on the train.
The CSS copy protection technology has been broken, and "DeCSS"
ripping programs are widely available for downloading, although these take some
initiative and technical know-how and patience to use. Even so, CSS remains as a
viable "speed bump" to inhibit casual copying by consumers.
Content owners still desire stronger protection, and have tried various
third-party products to add copy protection beyond what is available in the CD
or DVD specification.
These include "passive" techniques that modify a disc in ways that
are intended to inhibit copying on a personal computer, hopefully without
impacting compatibility with the mass market of existing players. And
"active" techniques than go further by running software directly on
the user's computer.
Replicated DVD Source Protection: RipGuard and ARccOS
The CD Audio format is rather simple, so there is not much room for
clever modifications to the format. However, a limited form of passive
protection can be implemented by exploiting a quirk in the way Windows handle
multisession CDs, and adding a fake data track to confuse Windows. However, this
is easily defeated by more robust software. (See, for example, Edward Felten's
discussion in www.freedom-to-tinker.com/blog/felten/cd-drm-attacks-installation).
For DVD, two of the most widely used products for passive protection
Macrovision RipGuard (www.macrovision.com/products/content_publishers/ripguard.htm)
Sony DADC ARccOS (www.sonydadc.com/opencms/opencms/sites/am/Digital_Services/ArccOS.html).
are designed to reduce the ripping of copyrighted content. According to
Macrovision, "between 85 to 95 percent of all consumers lack the patience
and the technical know-how to break through the extra layer of DVD copy
protection RipGuard provides, causing them to give up on making illegal copies.
Only 5 percent of users have the knowledge and determination required to break
through the RipGuard DVD copy protection and decrypt the underlying CSS."
According to published reports, these technologies deliberately create
corrupted sectors on DVD discs and shuffle their contents, causing copying
software to produce errors. Since DVD player devices (and computer software
players) should strictly follow the navigational paths authored on the disc,
they should never encounter these corrupted sectors.
Active Disc Copy Protection: Sony BMG DRM Scandal
The cat is out of the bag, the horse has left the gate, the barn door is
unlocked -- but content owners still seek clever ways to retrofit protection
onto their existing, hugely popular mass-market formats. Passive approaches like
Macrovision RipGuard and Sony DADC ARccOS modify the discs to attempt to confuse
ripping software, and then end up in an unending race between new clever tricks
added to these copy protection schemes and the legions of hackers who enjoy
breaking them. The personal computer just is such an open platform that passive
approaches can be defeated by the latest smarter software.
The solution to this dilemma of how to stop copying on computers without
impacting playback on set-top DVD devices, then, is an "active"
approach -- get your own copy protection software running on the computers. In
the long term, this can be done by influencing the computer and software vendors
-- Microsoft has reportedly added such technology to Microsoft Vista and now
Windows 7, and Apple has added content protection to the Macintosh for output
Intel has been working on a Trusted Computing technology to secure
computers in hardware, possibly even out of the control of the owner (Trusted
Computing Group / TCG, www.trustedcomputinggroup.org).
Until all PCs are locked down, an interim solution is to install
copy-checking software on consumer computers to monitor the use of the CD or DVD
drive, and prevent ripping software while still permitting playback. However,
consumers obviously are unlikely to voluntarily install such software.
Instead, in 2005 Sony BMG released audio CDs (over 90 titles and some
25 million CDs) with hidden copy protection software that automatically
installed on Windows computers when consumers inserted the CDs -- without
notification or consent. These used the software products First4Internet
(now Fortium) XCP and SunnComm MediaMax.
Even worse, the software used virus-like techniques to install as a "rootkit,"
deep in the operating system. As a bonus, when analyzed, the software appeared
to be poorly written and opened security holes that other viruses began to
exploit, and attempting to uninstall it broke all access to the system's optical
drives. Sony then released uninstaller software which was itself found to be
faulty. Sony eventually had to recall such discs from the market, and exchange
them for new unprotected disks and/or (unprotected) MP3 files (see http://cp.sonybmg.com/xcp/).
The result of this scandal was significant negative publicity and lawsuits,
which has cooled the content industry's interest in pursuing active content
protection. And, to some extent, it has educated consumers not to trust music on
CD, and made alternative digital music downloading more attractive.
See Wikipedia - http://en.wikipedia.org/wiki/Sony_rootkit
Edward Felten's team at Princeton helped explain the technology and issues
through this process, and published a final post-mortem, "Lessons from the
Sony CD DRM Episode" (http://itpolicy.princeton.edu/pub/sonydrm-ext.pdf).
The development of digital displays and networked devices introduced a new
dimension into content protection. Technologies like CSS and CPRM/VCPS can
protect source digital content when stored on DVD. And, as with VCRs before,
technologies like CGMS-A and Macrovision ACP can mark and protect the output
analog video signal. But if the consumer electronics and computer industries
wanted to promote direct digital connections between home devices, then the
content owners needed to see additional protection technologies to encrypt the
material across digital wires.
Thus, the Broadcast Flag was defined to mark content as requiring protection
as it enters the home, and technologies like HDCP and DTCP are used to protect
material on both high-bandwidth display connections and traditional computer
Digital Broadcast Content Management: Broadcast Flag
The Broadcast Flag is a digital broadcast content protection mechanism
that was mandated by the U.S. Federal Communications Commission (FCC) in 2003
for the purpose of preventing mass distribution of copies over the Internet (http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-03-273A1.pdf).
The intention was that the flag could be set at the discretion of the
broadcaster as a digital code embedded in ATSC digital TV (DTV) broadcasts. All
digital copies of flagged broadcasts must then be encrypted, and be playable
only on devices that do not permit redistribution. (This did not prevent analog
copying, or additional copying to authorized devices.)
In order to enforce this requirement, the FCC extended its mandate from
communications to encompass the consumer electronics and computer industries,
and ruled that after July 1, 2005, any DTV receiver could only pass on flagged
content to a digital output if that output is protected by an approved
technology. An initial list of 13 authorized protection technologies was
approved in August 2004, including CPRM and VCPS for DVD, HDCP for displays,
DTCP for communications, Microsoft Windows Media DRM and RealNetworks Helix DRM
for streaming and files, and Sony MagicGate for Memory Stick and Hi-MD media.
However, in May 2005 the U.S. Court of Appeals for the District of Columbia
ruled that the FCC had exceeded the scope of its regulatory authority, and
struck down the broadcast flag.
Meanwhile, the FCC mandate resulted in the deployment of new infrastructure
required to support the broadcast flag in CE and computer equipment, including
the addition of VCPS to DVD recorders, and support for the CPRM and VCPS
protocols in DVD player software like CyberLink PowerDVD in order to permit
consumers to play back their recorded discs.
The FCC's intent was that "all existing equipment will remain fully
functional." However, old equipment and software would not be able to even
play back encrypted discs, and, for example, if you were to swap out an existing
DTV demodulator connected to an old DVD recorder, you could find that the DVD
recorder suddenly cannot understand the encrypted signal that is passed to it
when the new demodulator recognizes the broadcast flag.
Digital Video Display Interfaces: DVI, HDMI, HDCP
All-digital home entertainment systems introduce a demanding problem:
supporting high-bandwidth uncompressed digital video connections at HDTV
resolutions. The creation of the DVI (Digital Visual Interface) and HDMI
(High-Definition Multimedia Interface) specifications allow digital devices to
generate full-quality outputs on digital displays, using consumer-friendly
cabling. Then HDCP (High-bandwidth Digital Content Protection) can be used to
encrypt and secure these interfaces.
DVI and HDMI are not copy protection technologies, they are just the digital
video interfaces that are related to HDCP.
Visual Interface (DVI) is a universal lossless display interface with plug
and play connections. With dual links, it can support up to HDTV resolutions at
fast refresh rates. DVI is based on the Silicon Image T.M.D.S. interface, and
was adopted by the Digital Display Working Group (DDWG, www.ddwg.org),
lead by Intel, Compaq, Fujitsu, Hewlett Packard, IBM, NEC and Silicon Image.
Multimedia Interface (HDMI) is a more general digital interface
specification for connecting consumer electronics products, designed for secure
distribution of uncompressed high-definition video plus multi-channel audio in a
single cable. HDMI supports interconnecting multiple sources and sinks (inputs
and outputs), using a packet protocol to transmit video, audio, and auxiliary
data such as configuration and status. HDMI also is designed to permit
connection with DVI devices through a converter cable.
HDMI was defined by the HDMI Founders (www.hdmi.org):
Hitachi, Matsushita (Panasonic), Philips, Silicon Image, Sony, Thomson, and
Digital Content Protection (HDCP) is based on these interfaces, and designed
for protecting audiovisual content from being copied over DVI and HDMI
high-bandwidth interfaces. HDCP provides content protection mechanisms for
authentication of HDCP-compliant transmitters and receivers, encryption of
content over the interface, and revocation of invalid receivers based on
assigned private Device Keys. While HDCP protects content, the mechanism used to
specify the copy management information is a separate issue, outside of its
scope. HDCP was developed by Intel and is licensed by Digital Content
Protection, LLC (www.digital-cp.com).
Digital Video Transmission Protection: DTCP
Beyond local display devices, the digital home also offers the opportunity to
distribute digital content to other devices, through local FireWire and USB
connections and even over a local home network. The solution for protecting
content within this larger scope is to bridge the PC and CE worlds by using a
digital rights management technology that is supported by both the PC and
attached devices (i.e., to download a purchased movie or song to a portable
device). The DTCP approach defines a general protocol that can be used to
protect content transmitted between authenticated devices.
Transmission Content Protection (DTCP) defines a cryptographic protocol for
protecting digital A/V content on high-performance digital interfaces, such as
IEEE 1394 (FireWire). It includes a device authentication and key exchange (AKE)
protocol to verify connections, copy control information (CCI) based on CGMS,
and content encryption with optional stronger ciphers. DTCP also supports
revocation of unauthorized devices through system renewability messages (SRMs)
delivered with new content.
DTCP was defined by the "5C" group, Hitachi, Intel,
Matsushita (Panasonic), Sony and Toshiba, and is administered by the 5C /
Digital Transmission Licensing Administrator, LLC (DTLA, www.dtcp.com).
DTCP over Internet Protocol (DTCP-IP) extends DTCP to protect content
transmitted across IP network connections using 128-bit AES encryption. It is
intended for use within local home networks, including wireless connections.
Consumers (and professionals) first experienced copy protection with
scrambled video from VCR tapes and later with CSS encryption of DVDs. But even
content owners do not want to just lock down physical media. The popularity of
online services like iTunes has demonstrated the importance of selling content
as digital bits, both as purchased downloads, and as licensed streaming.
The explosion of portable media players such as the iPod then has extended
content files from the desktop to local devices in the home. Even more, digital
video recorders and their extension within the digital home opens up the
possibility of storing and sharing content among a family of computer and
consumer electronics devices throughout the home.
This has brought together a broad coalition of industries to develop content
protection technologies that provide strong enough protection to satisfy content
owners while also allowing controlled copying among computer and CE devices.
The goal is to allow consumers to be able to legitimately access premium
entertainment content when, where, and how they want to. Consumers shouldn't
have to care where the content came from, nor how it is managed; they only want
to be able to enjoy it when and where they want.
Consumers do not want to be caught in the cross-fire between open "fair
use" and attacking "piracy." And content owners want to robustly
communicate the authorized usages of a particular piece of content. The idea
behind these content management systems, then, is to ensure that customary use
is preserved for individual consumers, while enabling content owners to use new
and flexible usage models to get more content in the hands of consumers.
However, the introduction of these technologies in new CE and computer
devices can lead to collateral damage, as some material can inexplicitly become
uncopyable or even inaccessible. When applied to consumer electronics equipment,
these technologies can restrict the customary uses of CE devices and computer
equipment in ways that can seem inexplicable and random, depending on the source
of the material (i.e., standard or premium content) and the interactions between
old and newer equipment. For example, a DVD recorder may mark a recorded disc as
protected, so that it cannot be copied further. Or an upgraded software player
may require a protected connection to the display screen, and refuse to play on
older equipment. These products will need much more transparent mechanisms to
view and understand authorization information associated with pieces of content.
there can be unpleasant surprises as digital content flows between new content
technologies and legacy devices, and when computer-based DRM systems interface
with consumer electronics equipment. For example, another industry group,.the Coral
Consortium, is addressing these usability issues of "interoperability
between DRM technologies used in the consumer media market" (www.coral-interop.org).
Its voting members are HP, Intertrust, Philips, Matsushita (Panasonic), NBC
Universal, Samsung, Sony, and Fox. The Coral Consortium's goal is to
"develop a set of specifications to bridge gaps between disparate DRM
systems and safeguard against impedance mismatches that are common when
communicating between them."
Jim Taylor's DVD FAQ has extensive information on DVD formats,
technical details, and associated content protection technologies:
Don Labriola's Digital Content Protection series provides background
on content protection laws and technologies
(ExtremeTech, 3 parts - May, 2002 - Aug. 2003):
DEG: the Digital Entertainment Group's Content Protection & DRM, A
Glossary is handy summary of content protection and DRM technologies (Oct.
While content protection can seem a morass of similar-sounding technical
acronyms and obscure licensing organizations, the consumer electronics (CE) and
computer and content industries have developed a fundamental architectural
strategy that underlies these approaches. The Content Protection System
Architecture (CPSA) was developed by the 4C Entity (www.4centity.com),
named after the four founding companies: Intel, IBM, Matsushita and Toshiba.
The CPSA is an overall framework or architecture designed to encompass major
existing and upcoming entertainment content protection technologies. While it's
not an official standard or binding requirement, the CPSA is useful to understand as
providing the philosophy behind the technologies that are being developed and
CPSA's scope crosses between personal computing and consumer electronics
devices, protecting audio and video content in both analog and digital formats,
and supporting both physical and electronic content distribution methods.
The architecture describes how compliant devices handle copy control
information (also known as Content Management Information, CMI), protect content
during playback and output, and manage usage rights for recording.
The CPSA architecture is defined in 11 axioms, or fundamental principals,
that describe how compliant devices handle copy control information, playback
and output, and recording. The axioms are divided into several groups,
reflecting the major issues that these various content protection technologies
are intended to address:
Content Management Information
If content is to be protected, the usage rules associated with each
individual chunk of content must be maintained in association with the content
(e.g., copy-freely, copy-never, copy-one-generation, or copy-no-more). These are
called the Content Management Information (CMI) or Copy Control Information (CCI).
This can be done by encrypting the information along with digital content, or,
especially for analog formats, by embedding the information as a watermark
within the content.
1. The content owner is the party that defines the content management
information (CMI) for the content, from the available options provided by the
protection technology. This information then must remain with the content and
control its use.
2. In particular, for content stored digitally, the integrity of the content
management information must be preserved while the content is stored in an
encrypted form. For example, while the CMI may be carried in an unencrypted form
for inspection, it still must be verified by checking a second encrypted copy.
3. And especially for analog content, the content may also be watermarked, at
the discretion of the content owner, to embed CMI information that will be
independent of its digital or analog representation.
Content Protection: Copying
The source content must be protected from unauthorized access. It can be
digital encrypted to allow access only by authorized devices, or, if
unencrypted, compliant devices must be designed to respect the CMI restrictions
defined in the embedded watermark.
4. All prerecorded content must be encrypted (more strictly, all digital
content that has usage restrictions). Examples of such digital content
protection for recorded media include CSS for DVD-Video and AACS for future
high-definition DVDs (see below).
5. Furthermore, any authorized copies made of protected content also must be
protected by encryption, whether the original content was digital or is being
converted from analog. (An exception is DVD-Audio, which allows unencrypted
copies on legacy media including CD, as long as the sound quality of copies are
no better than CD-Audio.)
6. As an additional check for proper usage of content protection technology,
when playing back unencrypted digital content, the playback device must refuse
to play any content that contains a watermark CMI, since all digital copies of
material with associated usage rights should be encrypted.
Content Protection: Transmission
So far so good -- our content is protected at the source, any copies are
protected, and the associated usage rights are kept protected with it. But now
we want to actually play the content, which typically involves displaying it on
an external device (or, more generally for digital data, transmission to a
display device). The connection to a display is a weak point in the content
protection system, especially if the content is displayed in the clear.
7. For encrypted content, source and playback devices must apply an approved
protection scheme to all outputs, as specified by the CMI. This can take the
form of an encrypted transport protocol for digital connections (i.e., DCTP), or
a mechanism such as Macrovision APS for analog outputs. (Again, DVD-Audio allows
unprotected analog output and digital output at no better than CD-Audio
8. In addition, for unencrypted content (i.e., when converting from analog to
digital), a source device must check the watermark CMI before forwarding the
content, and set the digital CMI of the protected output accordingly (to be
tested by downstream copy devices).
Finally, even if content can be played, its usage rules may not permit it to
be recorded, or may permit only one generation of copying.
9. Compliant recording devices can only copy content after checking for CMI
and verifying the usage rules, whether for encrypted digital or unencrypted
10. In addition, when making an authorized copy, the recording device must
update the CMI, for example to update Copy-Once to Copy-None. And even for
unmarked content, the device can still support making an encrypted copy with CMI
(which can lead to personal material unexpectedly becoming copy protected).
11. However, even with fully-implemented copy protection, an exception is
provided for "temporary and localized" uses such as time-shifting: in
these cases recording devices are permitted to work independently of any CMI
restrictions. Such devices can capture and store copy-protected broadcast
material, as long as the content is retained only for a limited time and then
played back from the same device.
Content Protection Architecture
- CPWG -- Copy Protect Working Group
- CPSA -- Content Protection System Architecture [4C Entity] - formal
Content Protection on Media - Encryption
- CSS - Content Scrambling System [DVD CCA - LMI] - Encrypted
- CPPM - Content Protection for Prerecorded Media - DVD-Audio [4C
- Macrovision - RipGuard DVD
- Sony DADC - ARccOS - DVD-Video Copy Control
- AACS - Advanced Access Content System - HD DVD [AACS LA]
Manage content stored on the next-generation high-def
prerecorded and recorded
optical media for consumer use with PCs and CE devices
Copy Protection / Content Management
- CPRM - Content Protection for Recordable Media - DVD record [4C
Prevent writable DVD drives from indiscriminately copying
- VCPS - Video Content Protection System - DVD+RW [Philips, HP]
Protect recordings of digital broadcast according to FCC
Enable direct recording of 'copy-once' content from
satellite and cable sources
- CGMS-A - Copy Generation Management System - Analog [IEC, EIA/CEA]
Basic copy protection information over analog video
interface through VBI data
- CGMS-D - Copy Generation Management System - Digital
Copy management information for digital connections (HDMI,
- Verance Watermarking - DVD-Audio [4C Entity]
Marks analog output to prohibit capture by analog and
- Macrovision ACP / (APS) - Analog Protection System - DVD [Macrovision]
Distort video signal (AGC, Colorstripe / colorburst) to
prevent VCR copying
NTSC only, composite and s-video outputs. Required w/ CSS
Transmission Protection / HD
- Broadcast Flag [ FCC ]
Digital code embedded in ATSC broadcast signal, tells
digital video equipment
capable of receiving over-the-air digital TV (DTV)
broadcasts to encrypt
any digital recording of content marked with the Flag
- DVI - Digital Visual Interface (PC) [ DDWG ]
Display digital video to TV, baseband to HD display -
Very fast - 4.95 Gbps, can support 1600×1200 (UXGA), all
- HDMI - High-Definition [Digital] Multimedia Interface (CE, w/
Secure distribution of uncompressed high-definition video
& multi-channel audio
Single cable, single digital interface, bandwidth up to 5
- HDCP - High-bandwidth Digital Content Protection - DVI / HDMI [
DVI connections to digital monitors
- DTCP - Digital Transmission Content Protection (1394, IP) [ 5C/DTLA
Cryptographic protocol for protecting audio/video
as traverse digital interfaces such as IEEE 1394, USB,
IP-based home networks
- DTCP-IP - DTCP over IP [ 5C/DTLA ]
Portions of this article are derived from "Content Protection for
Consumer Electronics," DV Magazine, Aug. 2005 (no longer available online, www.dv.com).