Security Spec Readied For Home Networks

A hardware-based specification that could help paid-for content flow securely between devices in the digital living room is getting its finishing touches.

January 16, 2006

5 Min Read
Network Computing logo

Las Vegas — A hardware-based specification that could help paid-for content flow securely between devices in the digital living room is getting its finishing touches. The Secure Video Processor Alliance — a group of satellite-TV operators and their technology providers — is completing work on the content-protection approach, though it is only one piece of a larger quilt of efforts the industry needs to stitch together.

"I think SVPA is ahead of the pack," said Brian Sprague, director of marketing in Broadcom Corp.'s broadband group, which designs chips for set-top boxes and TVs.

Broadcom launched an early SVP chip for set-tops, the BCM 7401, in July and followed up with a second chip at the Consumer Electronics Show here earlier this month. However, the industry will need to hammer out a wide range of deals between consumer systems makers and content companies to deliver a broad range of interoperable products that can share paid-for content securely, Sprague said. "OEMs and studios "are the two ingredients to a recipe for success," he added.

"There are many other [approaches to content security] out there — the market has a lot of shaking out to do," said Beth Erez, chairwoman of the SVP Alliance.

The SVPA scheme provides a way to encrypt, transmit and receive both content and rules for how that content can be used over a secure channel using a hardware-based authentication technology. While it is defined in a way independent of any particular transport, the scheme is initially being implemented to work with existing conditional-access systems of satellite-TV set-top boxes.Suitably equipped, a set-top can act as a media server to map rules from a conditional-access system into the SVP format. The encrypted content and rules are then available to be played or copied — as the rules allow — on SVP-equipped client systems such as personal video recorders, DVD recorders or portable media players. Rules, determined by the content provider, could include no copying, limited or unlimited copying, or limited-time use.

The SVP approach defines both a hardware kernel requiring less than 200,000 gates and a secure software stack running on it. Sprague said other techniques, like Digital Transmission Content Protection, define the underlying hardware but require OEMs or carriers to define the software.

NDS Group plc (Middlesex, England), a development arm of media giant News Corp., developed a netlist version of the initial hardware block. The SVPA will provide separate chip- and system-level specifications and license agreements for using them.

Chip makers will need to send their devices to independent test labs. Systems makers can self-certify their devices. The group will also define an accreditation process to let other companies develop and provide the hardware block.

SVPA is in the third and final round of formal reviews of its specifications and license agreements. "We think the comments we are getting back indicate we can have a finished spec and signed license within two weeks," said SVPA member Rob Davis, who oversees documentation.Besides Broadcom, STMicroelectronics also has working SVP chips. The companies have low-level driver software ready, but systems software is still in development. "We were hoping to have a working model on display, instead we have simulations," Davis said at the group's CES booth.

Other SVPA members include chip makers Advanced Micro Devices and Conexant; set-top makers Humax, Pace, Philips, Samsung and Thomson; and satellite-TV carriers DirecTV, Star and BSkyB, which are all part of the News Corp. group of companies. News Corp.'s Fox studio is also a member.

And though it is not working directly with the SVPA, the Motion Picture Association of America (MPAA) has generally endorsed the group's approach, opening the door for other studios to consider the technology. In addition, SVPA has submitted its approach to Cable Labs for consideration as an approved secure output method on cable-TV networks.

Just how broadly the SVP technology will be used and what its road map will be are the big questions before the group in 2006. The spec now supports in software the MPAA concepts of proximity and domains to define an approved set of end-user devices. Support for those features will move into hardware in a next iteration of SVP, Erez said.

Others suggest the group should consider a spec that allows any client device to work directly with a carrier's network, without using a set-top as a gateway or media server. That would involve a version of SVP that includes conditional-access or digital rights management capabilities.As for deployments, so far only DirecTV said it will use the SVP technology. "A large number of content suppliers want to use this to move content beyond the set-top to PVRs, DVRs and media players," Davis said.

An executive from set-top giant Motorola Broadband, which is not a member of the alliance, suggested the group is limited to carriers and suppliers associated with News Corp. Both Motorola and its archrival Scientific-Atlanta — also not an SVPA member — have their own end-to-end security technologies.

Competing approaches

Other carriers are said to be in talks with technology vendors to create their own security schemes for the home network, suggesting a variety of competing, proprietary approaches may emerge in the next couple of years. At the same time, some carriers not associated with News Corp. have been participating in the SVPA review process, although they have not gone public with plans to support it.

"I believe [SVP] will become a requirement for many operators," said Broadcom's Sprague. "If it were only a News Corp. development it would be a very big opportunity, but I believe it will involve more than News Corp."

NDS Group — which developed the hardware concept two years ago and reached out to chip makers Broadcom and ST to form the SVPA — has big ambitions for the technology. "The costs of implementing this are deliberately low so we can getit into millions of devices," said Erez, who is also vice president of strategic alliances for NDS. Licensees pay a one-time fee of $20,000 to help cover the SVPA's legal expenses. OEMs then pay 5 to 10 cents per box for a device certificate to identify systems as a trusted SVP channel.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights