Post by dkennedy on Feb 14, 2006 6:55:11 GMT -5
CableCARD: a primer (Part 1)
February 6, 2006
By Nate Anderson, ARS Technica Magazine
Introduction
We know that you'd like nothing better than to get rid of that set-top box sitting on your DVD player. It's ugly, it's clunky, and it has its own remote. Extra cables snake about the back of your entertainment center, providing ideal conditions for some type of electrical fire, and the matte black box clashes with your brushed silver aesthetic. To top it all off, you have to pay for the privilege of using this thing—if you want digital cable, it's the only way to go.
The collective groans of anguish from cable box users across the country have at last reached the ears of the cable industry, which has a (federally mandated) plan to ease your pain. It's called CableCARD, and it promises to do away with set-top boxes forever. And though CableCARD has tremendous promise, it is still a mysterious technology even to most of the technorati. If you're a regular Ars reader, you've probably heard the term, you know what it means, but you're the tiniest bit confused about exactly how it works, how you can get one, and exactly why you might want one.
That's why we've prepared this handy guide to CableCARD. Once you're done reading it, you will know more about CableCARDs than anyone in the country, save the engineers who developed them.* You will learn what to tell your Uncle Wilbur when he asks if his new TV really needs to have a CableCARD slot, you'll know what new hardware to buy if you want to use a CableCARD with Vista, and you'll learn why your mother was right when she told you that patience is a virtue.
* Gross hyperbole. Still, you'll know a lot.
How we got here
CableCARDs have an intriguing pedigree. They come not from the cable industry, but from Congress, which in 1996 passed the massive Telecommunications Act and charged the FCC with (among other things) creating a more competitive market for third-party set-top boxes (STBs). Specifically, section 304 of the law directed the Commission to:
"assure the commercial availability to consumers of multichannel video programming and other services offered over multichannel video programming systems, of converter boxes, interactive communications equipment, and other equipment used by consumers to access multichannel video programming and other services offered over multichannel video programming systems, from manufacturers, retailers, and other vendors not affiliated with any multichannel video programming distributor." [emphasis added]
The question was, how exactly would this competitive market be created? The FCC's answer was to force the cable companies to separate the two key features of a STB: navigation and security. This meant that, in theory, any manufacturer's navigation system (which includes anything that tunes and displays a cable feed; think a traditional set-top box, but also a TiVo) could be used with any cable provider's security system and that peace, love, and plug-and-play interoperability would reign from sea to shining sea.
The cable industry settled on a "point-of-deployment module," or POD, that would incorporate all the necessary security functions needed to create a "conditional access" system. The device would therefore be responsible for detecting whether a user was authorized to view certain content and then to decrypt that content if he or she was entitled to do so. Development of the POD was turned over to the research arm of the cable industry, CableLabs, based in a campus out in Louisville, Colorado.
The device that CableLabs designed was straightforward enough: a PCMCIA type II card responsible for decrypting protected MPEG video streams. Because "point-of-deployment module" was unlikely to get consumers queued up at Best Buy, the device was christened a "CableCARD." To give added impetus to the deployment of these new security devices, the FCC then banned cable companies from offering the traditional, "integrated" STB to customers at some date in the future (currently July 1, 2007, though it has shifted several times already).
To get the new CableCARDs into consumers' television sets, and to have them do something once they got in there, a massive engineering operation began. Motorola and Scientific-Atlanta (just acquired by Cisco, pending regulatory approval) built the cards, the cable companies prepared to deploy them, and the consumer electronics companies built the necessary hardware into their highest-end TVs. By late 2004, it was possible for an adventurous customer to track down a CableCARD-enabled TV and to cajole the cable company into sending out a technician (oh yes, a technician is required) with one of the magical cards. The beauty of the CableCARDs system came from what it did not have: another box cluttering up the living room, another remote control to misplace, and a high rental fee (CableCARDs typically go for a couple of bucks a month).
The first generation
Unfortunately, the first generation of CableCARDs (v1.0) had issues. Obviously, as with any new technology, there were growing pains as all the companies involved learned the ropes and support staff were brought up to speed, but CableCARD had a bigger problem than mere technical glitches—one that many consumers did not learn about until they experienced it firsthand: CableCARDs were one-way devices.
This may not sound like a big deal until you realize what CableCARDs cannot do. They cannot display an interactive program guide (though they can display a basic, noninteractive guide to what's showing), they do not provide pay-per-view options, video on demand is out, and any interactive services (such as Time Warner's "eBay on TV" service currently in beta down in Texas) are a no go. Worse yet, hardware with a CableCARD v1.0 slot will not be compatible with CableCARD v2.0 devices, which will be two-way. Or, more exactly, it will be compatible, but only in unidirectional mode, which means that it will get no benefit from the newer card. (The 2.0 spec is set, but don't expect to see any shipping televisions that support it until 2007—and even that may be optimistic.)
Furthermore, current CableCARDs are also single-stream, meaning they can only decrypt one channel at a time. Most DVR makers (like TiVo) want multistream capability so that they can display one show while recording another, and the single-stream limitation of CableCARD has been a particular thorn in TiVo's side for some time. (They have since signed a software-only deal with Comcast that will put their software on an "integrated" DVR, and they have also toyed with plans to release a two CableCARD DVR of their own that would overcome the single-stream limitation.) Picture-in-picture is also out.
To sum up then, CableCARDs have led to the introduction of the first television sets that are Digital Cable Ready (DCR). Much like STBs for analog cable mostly disappeared once televisions were cable ready (unless you wanted premium channels or pay-per-view, of course), digital STBs are likely to be swallowed by televisions in the same way. CableCARD provides the security, your TV provides the navigation interface. Pretty simple, really.
But come on—this is Ars, and this wouldn't be an Ars article unless we spent some time frolicking among the technical specifications and bounding through the protocols. We won't do anything too mentally taxing, but for those who want to get their learn on, keep reading. (Those of you who would rather jump straight to the big-picture analysis can skip to the next section.)
What it is and how it works
To understand exactly how a CableCARD works, let's start at the beginning. While self-provisioning could become a reality, all cable companies currently require a technician visit to install a CableCARD. You did know there was going to be a technician visit, right? (As Comcast, one of the largest cable companies, tells Ars, "This is consistent with our approach to many new products because it provides our employees with 'real-world,' hands-on experience that helps us offer the best customer experience as possible. Moving forward, we're evaluating self-install options for CableCARDs.")
Though some consumers believe that the purpose of such visits is simply to bill them US$40 for having someone shove a card in a slot, the reality is a bit more complicated. Both the CableCARD and the "host" device (TV, TiVo, PC, STB, etc.) have their own unique keys that are recorded by the technician, who then calls this information back to the main office, where it is entered into the computers at the "headend" of the cable line. These unique keys provide more security for the cable company but less freedom for the consumer, since encrypted channels can only be decoded by a registered CableCARD/host combination. Basically, this means that a CableCARD cannot be moved between televisions without a technician visit.
Once these keys are recorded, the CableCARD is "hit" by the cable company, which simply means that it is remotely programmed with information about what channels and services you have paid for and are entitled to watch. This is done by sending an Entitlement Management Message (EMM) from the headend to the CableCARD. An EMM is an out-of-band transmission (it sends data over low frequencies not reserved for cable channels) that authorizes a specific CableCARD to decode a specific set of services (HBO, etc.) to a specific host. Once this is done, the CableCARD is ready to go. To explain how it works, let's follow a typical cable signal from the headend to your screen.
The "headend" is a series of computers and equipment that compress, encrypt, and modulate the video signals, which are usually passed along a fiber optic line to your local node, at which point the signal is carried on coaxial cable. That cable eventually winds its way into your home, where it attaches to the back of your television set. There the signal is split into two parts, the in-band and out-of-band, and decoded by separate receivers. We've already touched on some out-of-band signals above, so now we'll follow the in-band signal, which is where most of the action is.
In-band signals contain the content you want to watch, such as HBO or Discovery HD. They are packaged as MPEG-2 streams, and most will come encrypted. Each channel is given a few megahertz of bandwidth between 54 MHz and (typically) 750 MHz or 864 MHz on the coax cable, and the television's internal tuner locks onto whichever stream you have selected to watch. The tuned stream is then passed to a demodulater and is then ready for decryption—and this is where the CableCARD comes into the picture.
The demodulated, encrypted signal passes from the TV into the CableCARD, which first checks the EMMs to see if the user is authorized to view that channel (basic channels may not require an EMM). If so, the card then pulls something called an "Entitlement Control Message" (ECM) out of the in-band signal. The ECM is the key needed to decrypt the channel, and it is sent along the line every 100 ms in order to eliminate the delay often found when switching channels on older systems. The ECM is also rotated every few seconds in order to discourage hacking. The ECM is itself encrypted by a proprietary mechanism built into both the headend and the CableCARD, so when a CableCARD attempts to descramble a channel, it first decrypts the ECM, which then allows it to decrypt the MPEG-2 stream. (Special thanks to The Diffusion Group and their report on digital cable for helping clarify some of this information.)
So far, so good, right? Now we have a clear MPEG-2 stream ready for viewing—which is why the CableCARD re-encrypts the signal using the keys that it has already exchanged with the host device. This is to prevent hackers from using the CableCARD to decrypt the signal and then outputting it in a clear and easy-to-capture format. The newly-encrypted signal is passed to the host, which (if it's a TV) decrypts the signal using the shared key it has generated with the CableCARD and displays the stream for your viewing pleasure.
"But what about a DVR?" you ask, and with good reason. The cable company did not build all this encryption into the product only to see it thwarted by a digital video recorder that outputs an unencrypted HDTV signal to the television. Therefore, if the host device is not a display device, it is required to encrypt the video stream yet again for transmission to another device. This last type of encryption is "link encryption" such as HDCP, which Vista will also require between the PC and the monitor in order to display protected content in its full high resolution glory. It is likely that other operating systems (e.g., Mac OS X) as well as consumer electronics will use HDCP too.
Holy encryption, Batman! If we're using a DVR, the stream has now been encrypted three separate times, providing almost true end-to-end encryption. It's not complete, of course, because at some point a signal must be unscrambled (so that you can watch it), and most TVs have a slate of outputs. How to plug the final hole? CableCARD does this by sending Copy Control Information from the card to the host, which is required to abide by it (unless the maker wants its CableCARD license pulled). The system handles both digital and analog content, in both cases using a two-bit code (00, 01, 10, or 11). The CableCARD communicates directly with the CPU of the host device and lets it know what restrictions are in place for the current content. The digital side of things can prevent content from being copied altogether, if this is what the cable company wants, or it can allow a single copy, or even unlimited copying. The analog system is similar, but can dictate what level of Macrovision "split burst" protection must be applied to analog outputs.
The CableCARD v2.0 spec complicates this situation somewhat by providing up to 200Mbps of bandwidth between the host and the CableCARD to allow for multiple MPEG-2 streams from multiple tuners (new CableCARDs will support at least four streams, but you'll need a tuner in the host device for each stream). It also provides for an out-of-band transmitter in the host that can send information upstream to the headend, thus allowing for pay-per-view services, video on demand, and truly interactive programming. Whether such devices will ever become commonplace remains to be seen—because what's on the horizon today could spell the death blow for CableCARD tomorrow.
February 6, 2006
By Nate Anderson, ARS Technica Magazine
Introduction
We know that you'd like nothing better than to get rid of that set-top box sitting on your DVD player. It's ugly, it's clunky, and it has its own remote. Extra cables snake about the back of your entertainment center, providing ideal conditions for some type of electrical fire, and the matte black box clashes with your brushed silver aesthetic. To top it all off, you have to pay for the privilege of using this thing—if you want digital cable, it's the only way to go.
The collective groans of anguish from cable box users across the country have at last reached the ears of the cable industry, which has a (federally mandated) plan to ease your pain. It's called CableCARD, and it promises to do away with set-top boxes forever. And though CableCARD has tremendous promise, it is still a mysterious technology even to most of the technorati. If you're a regular Ars reader, you've probably heard the term, you know what it means, but you're the tiniest bit confused about exactly how it works, how you can get one, and exactly why you might want one.
That's why we've prepared this handy guide to CableCARD. Once you're done reading it, you will know more about CableCARDs than anyone in the country, save the engineers who developed them.* You will learn what to tell your Uncle Wilbur when he asks if his new TV really needs to have a CableCARD slot, you'll know what new hardware to buy if you want to use a CableCARD with Vista, and you'll learn why your mother was right when she told you that patience is a virtue.
* Gross hyperbole. Still, you'll know a lot.
How we got here
CableCARDs have an intriguing pedigree. They come not from the cable industry, but from Congress, which in 1996 passed the massive Telecommunications Act and charged the FCC with (among other things) creating a more competitive market for third-party set-top boxes (STBs). Specifically, section 304 of the law directed the Commission to:
"assure the commercial availability to consumers of multichannel video programming and other services offered over multichannel video programming systems, of converter boxes, interactive communications equipment, and other equipment used by consumers to access multichannel video programming and other services offered over multichannel video programming systems, from manufacturers, retailers, and other vendors not affiliated with any multichannel video programming distributor." [emphasis added]
The question was, how exactly would this competitive market be created? The FCC's answer was to force the cable companies to separate the two key features of a STB: navigation and security. This meant that, in theory, any manufacturer's navigation system (which includes anything that tunes and displays a cable feed; think a traditional set-top box, but also a TiVo) could be used with any cable provider's security system and that peace, love, and plug-and-play interoperability would reign from sea to shining sea.
The cable industry settled on a "point-of-deployment module," or POD, that would incorporate all the necessary security functions needed to create a "conditional access" system. The device would therefore be responsible for detecting whether a user was authorized to view certain content and then to decrypt that content if he or she was entitled to do so. Development of the POD was turned over to the research arm of the cable industry, CableLabs, based in a campus out in Louisville, Colorado.
The device that CableLabs designed was straightforward enough: a PCMCIA type II card responsible for decrypting protected MPEG video streams. Because "point-of-deployment module" was unlikely to get consumers queued up at Best Buy, the device was christened a "CableCARD." To give added impetus to the deployment of these new security devices, the FCC then banned cable companies from offering the traditional, "integrated" STB to customers at some date in the future (currently July 1, 2007, though it has shifted several times already).
To get the new CableCARDs into consumers' television sets, and to have them do something once they got in there, a massive engineering operation began. Motorola and Scientific-Atlanta (just acquired by Cisco, pending regulatory approval) built the cards, the cable companies prepared to deploy them, and the consumer electronics companies built the necessary hardware into their highest-end TVs. By late 2004, it was possible for an adventurous customer to track down a CableCARD-enabled TV and to cajole the cable company into sending out a technician (oh yes, a technician is required) with one of the magical cards. The beauty of the CableCARDs system came from what it did not have: another box cluttering up the living room, another remote control to misplace, and a high rental fee (CableCARDs typically go for a couple of bucks a month).
The first generation
Unfortunately, the first generation of CableCARDs (v1.0) had issues. Obviously, as with any new technology, there were growing pains as all the companies involved learned the ropes and support staff were brought up to speed, but CableCARD had a bigger problem than mere technical glitches—one that many consumers did not learn about until they experienced it firsthand: CableCARDs were one-way devices.
This may not sound like a big deal until you realize what CableCARDs cannot do. They cannot display an interactive program guide (though they can display a basic, noninteractive guide to what's showing), they do not provide pay-per-view options, video on demand is out, and any interactive services (such as Time Warner's "eBay on TV" service currently in beta down in Texas) are a no go. Worse yet, hardware with a CableCARD v1.0 slot will not be compatible with CableCARD v2.0 devices, which will be two-way. Or, more exactly, it will be compatible, but only in unidirectional mode, which means that it will get no benefit from the newer card. (The 2.0 spec is set, but don't expect to see any shipping televisions that support it until 2007—and even that may be optimistic.)
Furthermore, current CableCARDs are also single-stream, meaning they can only decrypt one channel at a time. Most DVR makers (like TiVo) want multistream capability so that they can display one show while recording another, and the single-stream limitation of CableCARD has been a particular thorn in TiVo's side for some time. (They have since signed a software-only deal with Comcast that will put their software on an "integrated" DVR, and they have also toyed with plans to release a two CableCARD DVR of their own that would overcome the single-stream limitation.) Picture-in-picture is also out.
To sum up then, CableCARDs have led to the introduction of the first television sets that are Digital Cable Ready (DCR). Much like STBs for analog cable mostly disappeared once televisions were cable ready (unless you wanted premium channels or pay-per-view, of course), digital STBs are likely to be swallowed by televisions in the same way. CableCARD provides the security, your TV provides the navigation interface. Pretty simple, really.
But come on—this is Ars, and this wouldn't be an Ars article unless we spent some time frolicking among the technical specifications and bounding through the protocols. We won't do anything too mentally taxing, but for those who want to get their learn on, keep reading. (Those of you who would rather jump straight to the big-picture analysis can skip to the next section.)
What it is and how it works
To understand exactly how a CableCARD works, let's start at the beginning. While self-provisioning could become a reality, all cable companies currently require a technician visit to install a CableCARD. You did know there was going to be a technician visit, right? (As Comcast, one of the largest cable companies, tells Ars, "This is consistent with our approach to many new products because it provides our employees with 'real-world,' hands-on experience that helps us offer the best customer experience as possible. Moving forward, we're evaluating self-install options for CableCARDs.")
Though some consumers believe that the purpose of such visits is simply to bill them US$40 for having someone shove a card in a slot, the reality is a bit more complicated. Both the CableCARD and the "host" device (TV, TiVo, PC, STB, etc.) have their own unique keys that are recorded by the technician, who then calls this information back to the main office, where it is entered into the computers at the "headend" of the cable line. These unique keys provide more security for the cable company but less freedom for the consumer, since encrypted channels can only be decoded by a registered CableCARD/host combination. Basically, this means that a CableCARD cannot be moved between televisions without a technician visit.
Once these keys are recorded, the CableCARD is "hit" by the cable company, which simply means that it is remotely programmed with information about what channels and services you have paid for and are entitled to watch. This is done by sending an Entitlement Management Message (EMM) from the headend to the CableCARD. An EMM is an out-of-band transmission (it sends data over low frequencies not reserved for cable channels) that authorizes a specific CableCARD to decode a specific set of services (HBO, etc.) to a specific host. Once this is done, the CableCARD is ready to go. To explain how it works, let's follow a typical cable signal from the headend to your screen.
The "headend" is a series of computers and equipment that compress, encrypt, and modulate the video signals, which are usually passed along a fiber optic line to your local node, at which point the signal is carried on coaxial cable. That cable eventually winds its way into your home, where it attaches to the back of your television set. There the signal is split into two parts, the in-band and out-of-band, and decoded by separate receivers. We've already touched on some out-of-band signals above, so now we'll follow the in-band signal, which is where most of the action is.
In-band signals contain the content you want to watch, such as HBO or Discovery HD. They are packaged as MPEG-2 streams, and most will come encrypted. Each channel is given a few megahertz of bandwidth between 54 MHz and (typically) 750 MHz or 864 MHz on the coax cable, and the television's internal tuner locks onto whichever stream you have selected to watch. The tuned stream is then passed to a demodulater and is then ready for decryption—and this is where the CableCARD comes into the picture.
The demodulated, encrypted signal passes from the TV into the CableCARD, which first checks the EMMs to see if the user is authorized to view that channel (basic channels may not require an EMM). If so, the card then pulls something called an "Entitlement Control Message" (ECM) out of the in-band signal. The ECM is the key needed to decrypt the channel, and it is sent along the line every 100 ms in order to eliminate the delay often found when switching channels on older systems. The ECM is also rotated every few seconds in order to discourage hacking. The ECM is itself encrypted by a proprietary mechanism built into both the headend and the CableCARD, so when a CableCARD attempts to descramble a channel, it first decrypts the ECM, which then allows it to decrypt the MPEG-2 stream. (Special thanks to The Diffusion Group and their report on digital cable for helping clarify some of this information.)
So far, so good, right? Now we have a clear MPEG-2 stream ready for viewing—which is why the CableCARD re-encrypts the signal using the keys that it has already exchanged with the host device. This is to prevent hackers from using the CableCARD to decrypt the signal and then outputting it in a clear and easy-to-capture format. The newly-encrypted signal is passed to the host, which (if it's a TV) decrypts the signal using the shared key it has generated with the CableCARD and displays the stream for your viewing pleasure.
"But what about a DVR?" you ask, and with good reason. The cable company did not build all this encryption into the product only to see it thwarted by a digital video recorder that outputs an unencrypted HDTV signal to the television. Therefore, if the host device is not a display device, it is required to encrypt the video stream yet again for transmission to another device. This last type of encryption is "link encryption" such as HDCP, which Vista will also require between the PC and the monitor in order to display protected content in its full high resolution glory. It is likely that other operating systems (e.g., Mac OS X) as well as consumer electronics will use HDCP too.
Holy encryption, Batman! If we're using a DVR, the stream has now been encrypted three separate times, providing almost true end-to-end encryption. It's not complete, of course, because at some point a signal must be unscrambled (so that you can watch it), and most TVs have a slate of outputs. How to plug the final hole? CableCARD does this by sending Copy Control Information from the card to the host, which is required to abide by it (unless the maker wants its CableCARD license pulled). The system handles both digital and analog content, in both cases using a two-bit code (00, 01, 10, or 11). The CableCARD communicates directly with the CPU of the host device and lets it know what restrictions are in place for the current content. The digital side of things can prevent content from being copied altogether, if this is what the cable company wants, or it can allow a single copy, or even unlimited copying. The analog system is similar, but can dictate what level of Macrovision "split burst" protection must be applied to analog outputs.
The CableCARD v2.0 spec complicates this situation somewhat by providing up to 200Mbps of bandwidth between the host and the CableCARD to allow for multiple MPEG-2 streams from multiple tuners (new CableCARDs will support at least four streams, but you'll need a tuner in the host device for each stream). It also provides for an out-of-band transmitter in the host that can send information upstream to the headend, thus allowing for pay-per-view services, video on demand, and truly interactive programming. Whether such devices will ever become commonplace remains to be seen—because what's on the horizon today could spell the death blow for CableCARD tomorrow.