throbber
-.
`f
`
`.
`
`.
`.
`.
`
`f ...
`
`>
`f
`~ .
`
`ENCRYPTION: A CABLE TV PRIMER
`
`.·
`
`Anthony Wechselberger
`·Director, Advanced Engineering
`Oak Communications Inc..
`
`The use of encf)'ption technology in the dell vel)' of premium
`television is the center of much attention loday. II is also an
`area of misinformation where misunderstood terminology and
`technology are being discussed. This paper defines the prin."
`cipal requirements, characterislics and br;meflts of encryption
`technology as it can be applied to pay TV. Particular attention
`is paid to...cll1fa"entlatlng the essentials of what constitutes
`"cryptographic security" from less complex techniques
`employing simple time varying characteristics or multiple
`scrambling modes .. The fundamentals of encryption, principal
`· approaches to its utilizallory and some associated technical
`jargon will be explained. The concept of the cryptographic
`"key" and the importance of secure key distribution will also
`be defined.


`One major area of confusion lies In the technical differ(cid:173)
`ences between encryption and scrambling and, particularly,
`hybrid utilizations of the two. In understanding some basics
`about of)'ptography, one can better appreciate these differ(cid:173)
`ences, and differentiate buzz words from substance In the ex(cid:173)
`panding selection of products utilizing encrypUon.
`
`· tJA I( .Communications Inc.
`
`APPLE EX. 1027
`Page 1
`
`

`
`ITS TIME HAS COME
`CATV SYSTEM SECURITY -
`Whenever there's a need in the marketplace, any market(cid:173)
`place, responses to that need vyill be garnered from the market
`suppliers. The attribute approach to product demand theory
`tells us that demand can be·influenced by need, price, com(cid:173)
`petition and budget, as well as a whole set of attributes con(cid:173)
`nected to the products perceived value or need. This can be
`hypeq one way or another by advertising, the "bandw~gon
`effect" and the !ike, which affects the consumer's perception~
`and tastes.
`And so It is In our marketplace, the CATV market, where
`specmanship and buzzwords·change each year in the scram-·
`ble for market share. This is not a negative thing. Consu~er
`features in converters and decoders, for example, is an area
`where much innovation has taken place. When the consumer
`gives up the remote control for his $800 console TV, system
`suppliers are n.ow able to glv_e back some of those remote con·
`veniences with newer CATV equipment.
`'
`The demands we cable equipment suppliers react to must
`be responsive to both the end user and our immediate con(cid:173)
`sumer the MSO. The MSO in turn creates needs, but also
`respo~ds to th~ palpitations of his own market, for which he
`purchases equipment, runs a busine~s. and distributes pro(cid:173)
`gramming. He must control the consumption of his product
`(programming) for both short term and long term gains and
`market stability.

`The process of controlling that product brings us to security
`and the newest contemporary market response: encryption
`. technology.' The Industry h.as responded to a O!:!ed for better
`security already, although not directly. The evolution of prod·
`ucts into the baseband arena is being aided primarily by two
`attributes, one real, one perceived. The "real" attribute is in·
`.. creased utility as a result of baseband processing. Examples
`l are user features (such as Yolume control), 81"\d the freedom
`' to do novel kinds of signal processing. The "perce[ved" attri(cid:173)
`bute Is security. In reality, being at baseband ha.s litlle to do
`with the ability of a system to resist compromise.
`
`An understanding ot the value ot encryption when prop(cid:173)
`erly applied is the goal of· this paper. It is intended that t.he
`skeptical reader be swayed by discussions and expl<!-natlons
`contained herein by looking at a system's security_from a
`global standpoint. By understanding some of the buzzwords,
`and asking a tew critical questions about how the system you
`are evaluating is put together, you can tear down the rhetoric
`and make the tradeoffs: We first look at the main facets of a
`contemporary cable system.
`
`THE ADDRESSABLE SYSTEM -

`WHAT'S IMPORTANT, WHAT'S NOT
`A CATV system is a communications system In a modern
`addressable system there are four basic kinds of information .
`sent: Program video; Program audio; Control information;
`Data Services; (Figure 1).
`
`Onder data services is lumped a variety o1 additive types
`· of digital information such as teletext, videotext, down(cid:173)
`loaded software such as games or computer programs, and
`any Interactive communications. While the need lor security
`of these service will certainly become evident in time, the lack
`of standardization in· format or modulation/transmission
`techniques causes us to set this category aside for the
`moment.
`In securing premium television delivery, the methods of
`han'dlingthe first three iAiormation types are within the con(cid:173)
`fines of a specific addressable paylY·system. Program audio
`and video are generally, though not always, associated with
`each other. For simplicity we consider them two constituents
`of a premium broadcast;as Is usually the case. TheY. are
`counted separately above, however, for two reasons: their
`broadcast formats are different and independent (VSB AM
`versus FM), and the associated channel bandwidt!lsrequired
`for each are an order of T]lagnltude different. The relevance
`of these differences will be explained, but we note that pre(cid:173)
`mium programming has no entertainment value without both.
`
`. 1-- _....,
`
`0111:1
`
`-a:III'IQ.
`
`-{-=
`
`Of" : aMPn
`
`Figure 1. Contemporary CATV Network
`
`- .~
`
`APPLE EX. 1027
`Page 2
`
`

`
`.. ..
`
`The ttiird information type, "control" is whatever is us~d by
`the manufacturer (assuming an addressable system) for net·
`work control and authorization purposes. Note that the con·
`trol channel or channels have no direct relation to the enter(cid:173)
`tainment being purchased. One of the first questions to ask
`tjlen about a scrambling system Is what Is the function of the
`control/authorization channel? Secondly, how is it related to
`the scrambling approach If at all? In most systems the con·
`tro t channel(s) direct t he decoder to deCQde or not to decode
`as a function·ot channel tuned to, or the " tier" of a given pro(cid:173)
`gram. Critical to the Issue is whether any information can(cid:173)
`tal ned In the control-channel is used In the decoding process.
`If not, the control channel can be Ignored when attempting
`Illicit program access. Likewise, If the scrambling technique
`or. decoder circuitry easily succumbs t o one-time defeats, the
`.control channel content is of no interest. Such is the case
`when descrambling can be accomplished by observation of
`the scrambled signal alone.
`'
`What about "'time v~rylng scrambling"? Time varying
`scrambling adds a dimension of change to the scrambling pro(cid:173)
`cess such that the decoder will not property deeode at all
`times unless· it appropriately follows the change. Is this
`better security? To a degree, yes. But consider the pirate enter(cid:173)
`preneur who wishes to build the "universal decoder!' Most
`positive scrambling systems use one of several teChniques
`Of suppressing the horizontal synch pulse. ('Positive" sys(cid:173)
`tems are those wf:ilch actively scramble the premium signal,
`and thus require a decoder. " Negative" systems remove the
`si gnal from the unauthorized viewer througl) filters or signal
`path switching.) Whether the systems' scrambling is at AF or ·
`baseband the pirate's universal decdder, if built to operate
`at baseband, can quite easily re-construct t he synch pulse
`completely Ignoring all control channel information, tinie vary(cid:173)
`Ing or not .
`Figqre 2 illustrates several avenues where system attacks
`can take place. While simple wire changestclipping/sh,orts,
`etc. are the deadly fears of operators, In fact there are many
`ways to attempt piracy. Jamming tones can be fillered, notch
`filters which trap out pay channels can be removed, address(cid:173)
`ing dat a can be synthesized locally, and add.on hardware in
`the decoder can be employed.
`
`What is desired is a scrambling technique which 1) renders
`the entertainment value of scrambled programming useless,
`2) does not tend itself prey to one-time defeats (implies some
`sort of time-dependence), 3) cannot be undone by observation
`of the scrambled waveform, and 4) req uires information con·
`tinually downloaded from the headend, forcing contact
`through the cont rol channel between headend and decoder
`to be maintained.
`The last crit erion has an Important implication: in order to
`effect proper decoding, it's necessary for the decoder to be
`instructed how to decode, not just simply when to decode. In
`an addressable system, the control. channel is the link be·
`tweell headend and decoder over which decoding lnstruc·
`lions can be sent.
`The previous discussion is _gearing u:; toward the theme of
`this paper. Prif'Cipally that in CATV distribution "security'' Is.
`a systems issue. The simplest method of defeat will be the
`p.ath followed by the would be pirate. The system must there·
`tore be viewed from several angles and an adequate threshold
`against compromise developed for each. How much added
`security Is afforded by random video I nversion o f the picture,
`. for example, If a simple-to-detect " flag" exists in the vertical
`interval indicating polarity? Is any security afforded In an ad·
`dressable system simply because it's addressable? Not If it's
`easier io address (authorize) the box yoUrself than it is to open
`the box up and tamper with circuitry. At one time such argu(cid:173)
`ments would have been considered too far out to worry about
`But premium TV is big business these days and getting big·
`ger. The motivations for the program thief an.d the MSO de-
`mand attention to t hese details as never before.

`
`CASU
`TA~,
`
`CATV _..,..
`CABlE
`
`SOIAM8LSI \l1t'EO
`
`SCRAMBLED AUOIO
`
`. COtmiOl OATA
`
`AlflhJAM )
`flll:li(S).
`nc
`
`(
`
`----------+
`------.. ( T=NG )
`
`-..--!I
`
`Figure 2. Network A ttack Scenarios
`
`oECriwl
`BOX
`
`TO
`TV
`
`AOO-oN
`HARDWARE
`
`APPLE EX. 1027
`Page 3
`
`

`
`.
`ENCRYPTION IMPLIES DIGITAL
`Now that we have defined what Is desired, the value of en(cid:173)
`cryption will be less mystifying. F(l( encryption simply enables
`a complex security problem, in which many variables (audio,
`video, control) must be secured, to be bottled up into just pro(cid:173)
`tecting a lew digital words. How this Is brought about requires
`an appreciation fC)( the difference between analog and digital
`transmission. ·
`Standard television transmission, including all current
`scrambled pay TV techniques, is analog. That is, irrespective
`of whatever pre-processing or post processing technique$ are.
`used, the signal is analog during its transmission phase. Even
`newer systems claiming to employ "digital video" are in fact
`transmitted analog. The fact that they are processed qlgital(cid:173)
`ly at the headend or receiver is purely an Implementation con(cid:173)
`venience (and as yet an expensive one). The reason true digital
`video transmission techniques are not ~sed In a matter of
`cost, both In terms of dollars and bandwidth. To digitize fi color
`video picture requires a data rate between approximately 20
`MBs and 80 MBs, depending on the coding technique and
`degree of compression applied. Efforts to reduce this bit
`stream appreciably arc pocoible, but at extreme penalties of
`cost or picture fidelity.
`The audio portion of a television program Is less prohibi(cid:173)
`tively handled digitally. A. bit rate between 200 KBs and 700
`KBs Is necessa.y for digital audio, end this data can be readily
`transmitted within the confines of a standard 6 MHz video
`channel (along with the video, of course). Digital audio pro(cid:173)
`cessing Is no easy trick, however, this sort of technology re(cid:173)
`quires a very sophisticated degree of systems engineering
`capability. ·
`Once we have prepared the information Itself for digital
`transmission, the door Is open for the application of encryp(cid:173)
`tion. The controtchannolla lnhe.-cnUy digital so it too oo.n be
`"cryptographically" protected.

`
`BQ)ONG IT UP - THE ENCRYPTION OVERLAY
`There are two main categories of modem encryption ap(cid:173)
`proaches: the "classical" or "conventional" approach and the
`"public-key" approach. The public key crypto system is, In
`theory, capable of performing all o f the functions of the clas(cid:173)
`sical technique, but has a few special qualities in tha~ fewer
`secret variables need to be passed around in the system. II
`also has implementatlonal difficulties which make it less than
`; attractive for many applications. For purposes of this paper,
`we consider only the classical system.
`. .

`In the convent ional encryption pfocess (Figure 3) a d1g1tal
`bit s tream (the Information) Is passed through an algorithm
`which tr;lhsforms the Input into a seemingly unrelated output
`bit stream. The transformation which Is performed Is a func(cid:173)
`tion of the "key variable!' and In a conventional system the
`same key Is used at both the transmit side where enc:;ryption
`is performed, and the receiVe side where decryption Is per(cid:173)
`formed. Since tho key ic a digital word of many bits, many dif(cid:173)
`ferent transformations are possible by varying the koy.ln a
`"good" algorithm, all keys are equally stro!lg o.e.: resistant
`to " cracking'1, and no detectable relaUonsh1p exists between
`the input data, output data, or key variable.
`
`The process of encryption muSt, of course, be.reversible.
`That is, applying the same key at the receiver must yield back
`the original message. The origi nal, non-encrypted data is
`called clear or plain text, the encl)'pted !fata is called cypher
`text. So during transmission, I.e., between headend and de(cid:173)
`code.-, only non-intelligible cypher text is available to the
`would be tamperet".lf the decoder doesn't have the proper key,
`no message or clear text will be obtainable, even if the pirate
`has the harc;Jware. Further, In a properly designed s_rstem
`based on cryptographic security principles, we can g1\le the
`pirate Just about anything he desires: hardware, access to,
`and kn<;>wlcdge about the control channel, schematics, any
`lirrJ)ware, even tho crypto algorithm itself. The only doorway
`to Information access, or in our case programming, Is through
`the key variable. Controlling access to the key variables Is thus
`essential. This is called "key distribution;• and Is the basis for
`what ultimately makes or breaks the security o f a crypto(cid:173)
`graphically-based system. The cryptographic or encryption
`algorith m, therefore, can be lhought of as a lockbox. The
`message is encrypted or locked by the algorithm, and can only
`be unlocked by the same algorithm, which means the lden·
`tical digital key must be used for decryption (we have yet to
`define ex!lctly what is being encl)'ptecl).
`KEY DISTRIBUTION
`hi a broadcast scenario, the problem$ of key variable dJs.
`tributlon are not easy to solve. It p robably has occurred to
`the reader by now that If access to working har~ware Is given
`to the pirate, It Is little trOl!ble to determine what digital key
`is being u~ed for decryption. RecaU, we said earlier that o_ne(cid:173)
`tlme deleals will not be allowed. Therefore, tlie message
`encryption/decryption keys (referred to as ''service keys:' since
`they are used in encrypting the service which in our case Is
`programming) must be changed from time to Ume.lhe inter(cid:173)
`val depends on tne key 1engt11, the ability or the encryption·
`algorithm to resist Mnlysls by computer, the expected &e·
`cesslblllty of the key, and the motivation of the system's
`enemy. Changing the key itself, ir performed as part of the
`communications system network control protocol, is really
`very easy once tho methOd is derived. (Alternate methods
`might be by courier, mall, etc.)
`.
`In an addressable system the CATV control channel is the
`obviOus choice for a key distribution path. But one can't 1\ISt
`go broadcasting the new keys throughout the network. Thoy
`must remain secret to all but authorized decoders. The solu(cid:173)
`tion for controlling key access Is to encrypt the keys for
`transmission. In fact, several types of information passing
`through the control channel .are candidates for encryption.
`Authorization-or tiering d ata, for example should also be con(cid:173)
`sidered "sensitive" Information as, as po_lnted out earlier, It
`can easily be synthesized and fed to the decoder by simple
`digital hardware or any hor:ne computer. Such control chan·
`nel manipulation by other than the legitimate network con·
`troller Is callea tampering. Attempts to subvert the system by
`tampering is called "spoofing~·
`So, we see that encryption alone-will not secure the Infor(cid:173)
`mation exchange .. Integrated within the system must be a
`totally planned oul methodology for key distribution anO.-pro(cid:173)
`tection against spoofing.
`
`--('=')
`
`Figura 3. Classical Cryptographic System
`
`APPLE EX. 1027
`Page 4
`
`

`
`I. 1 .
`
`s'AcK TO'BASJCS
`Armed with some encryption fundamentals, we loo~ ~t
`the CATV distribution problem. Emphasized earlier was the
`notion that encrypHon is a digital process, that digital video
`transmission is not yet feasible, but that digital ~udio is. By
`recognizing that a time varying analog s?rambhng p~ocess
`can be developed in which the descrambhng proc~ss 1s con(cid:173)
`trolled digitally, we have a solid basis for an accepttbly secure
`entertainment delivery system. The other component s are
`digital, encrypted audio, and an encrypted contr~l channel for
`network control, key distribution and authorization of all pro:
`gram distrib!Jtion and user features from the headend. In this
`system the Information in the control channel must be Elm·
`played to gain access to the services, because the services
`themselves are locked by the encryption overlay.
`Time for another definition: VIdeo " scrambling" refers to
`processes.that are inherently analog. Une swapping, segment
`swap'ping, or other such time shuffling techniques operate·to.
`destroy the picture, and are quite effective. But they do not
`represent examples of encrypted video~ for encryption re(cid:173)
`quires a digital information source.· Rather, these examples
`represent time varying analog scrambling controlled by an en·
`cryptlon process. Essentially any analog scram~ling approach
`can be used with digital encryption of the audt~ and control
`channels provided it adequately destroys the p1cture and Is
`tied Into the decryption process. This tie-in must be such that
`Information necessary tor p_roper descrambllng Is secured
`{and not self-evident by observatiOf! of the video).by the re· ·.
`qulrement for proper decryption.
`In such a system "medium" security of the vldeo exis~s and
`"hard" security on the audio Is achieved. These phrases relate
`to the relative difficulty of pi~tlng tfle resulting ~ystem. While
`anCjlog scrambling is known to be less secure than encryption·
`based protection, with hard audi o the entortainmc~t vo.luo of
`the programming is, In fact, secured .. In almost all current
`CATV systems, the audio channel is in the 'clear, o r at pest
`located on an easily defeated aural subcarrler. This leaves the
`only barrier to piracy the video scrambling. In the system
`described above, the video scrambling is very difficult to
`defeat and the audio is unrecoverable to the extent that the
`encryption cannot be broken.
`Additional remarks are due in the area of key distribution.
`By transmitting service keys in an encrypted 'fashion through· ·
`out the system, we have not really solved the key distribution
`problem because to encrypt the service keys requires yet
`another key. Such is the notion of mul~llevel key distribution
`. (Figum 4). Various information el<change networks (local area
`networks electronic funds transfer, military communications,
`etc.) req~lre different implementations of a multilevel ap(cid:173)
`proacn. In !he CATV environment tho requirements dictate
`that =t) when the service keys are updated {changed), all de·
`coders (and the encoder) must do so at the same time, 2) the
`system qperation must insure that all decoders have had t~e
`new keys property delivered, decrypted and prepared pnor
`engaging them, and 3) only authorized decoders are able to
`perform (1) and (2).
`
`Additional ·problems having to do with error controlleJTOr
`propagation. must be addressed whe~ dealing with encryp·
`tion. Encryption algorithms generally have the characteristic
`that bit errors occurring in the receiving/detection·,process
`avalanche during decryption. Poor.attenllon to detail in the
`systems design phase ot a networi< employing encryption can·
`have catastrophic results.
`
`nie ADVERTISEMENT
`Having given the reader enough background in the mean(cid:173)
`ing of "cryptographically" protected CATV delivery system,
`the following Is a brief description of Oak's new Cable Sigma
`system.

`Scrambled video Is employed, wherein complete horiz.on·
`tal and vertical synch pulse removal (a~ opposed to synch
`pulse suppression) is performed. Two channels of audio are
`digitized, encrypted and imbedded In the video. The standard
`aural carrier Is not used, but Is available. Two separate con·
`tre>l channels are employed; the first, a global, FSK·modulated
`channel which all decoders continuously monitOr; the other,
`an in..ohannel VBI {vertical blanking interval) data path which
`is channel-specific. The former contains general authori~tion
`and system oriented control data. The latter contains program·
`specific data relevant to a given channel and time. Separate
`serviCe keys are utilized for each cliannel and the keys are
`varied continuously. A muitl.Jevel key distribution system Is
`employed In which three key variables are used. These Include
`a. box-specific key which Is secret and un!que to each boX
`{unknown, even to the MSO), a variable second-level key cqm·
`mon to all legitimate subscribers, and the service keys. Solid
`s1ate non·volatlle memory Is used In the decqderto store ke)
`and authorization information {encrypted while stored). Each
`box also has a non-secret box address which Is its address·
`lng 10 used by the headend computer to communicate tc
`the box.
`.
`A 64 bit field structured data·packet-based communication~
`protocol has been designed around t he FSK dat~ chan'nel.
`These packets deliver a continuous stream of data to· de·
`coders both globally-and box·speclflc for purposes of encfYP'
`lion key delivery, special event programming, box installation.
`and downloading of system parameters and box features.
`Special provisions exist to guard against spoofing and 00)1
`swapping between systems. Protect~o~ for time-dependent
`variables and error control is also provtded.
`
`.
`CONCI:.US10N
`Oak Is proud to present Sigma. With the Information con·
`talned in this paper, It Is our hope that th(l reader Is bette•
`equipped to appreciate the security features available to hilT
`In this exciting new product line. The technology behlnc
`Sigma lias been In development at Oak for the past four years
`Extensive experience In digital audio and application of cryp
`tpgraphlc prfnciples has been accrued t hrough Oak's ORIOI\
`satellite security system and STV Sigma operations. Custorr
`LSI circuits developed and used on those programs have beer
`applied to Cable Sigma, and represent a maJor technology ad
`va'ntage toward reliability and manufacturabllity. W e Invite
`you to Inquire for more detailed Information, and encourage
`a comparison between Sigma and any CATV product on the
`m arket. With Sigma, program distribution is yours to control
`
`:;-.
`
`cocoa.....,..._.
`1---~---· _..,.ftlioollll
`
`-....
`
`Figure 4. Multilevel Key-Distribution
`(Decoder End)
`
`~ >>-----------IJ :E: L
`-
`l
`I -Q(M.E-.. ~
`~
`
`APPLE EX. 1027
`Page 5
`
`

`

`
`.
`
`; ,
`
`ttl~~ Communications Inc.
`
`16935 West Bernardo Drive, Rancho Bernardo, CA 92127
`
`About the Author:
`
`Mr. Wechelberger is director of advancefl engineering for Oak
`Communications Inc. His major areas of concentrat/on '8ra
`communfcatfons, computers, digital processing and control.
`He joined Oak in 1980 and spent 2 years In the corporate ad·
`vanced technology group workfng to devslop a technology
`baSfilin cryptographic area. Research centered on synthesis
`of hardware and software based proprietary cryptographic
`algorithms, cryptanalysis, aJld key distribution scenarios lot
`the broadcast environment. Before joining Oak, he spen·t 6
`· years with General Dynamics Electronfcs Division working
`with data communications hardware, digital control sys·
`tems, microprocessor systems and radar signal processing
`systems.
`
`Th• $)'stem and equJpt11en1 de$Cribea in 1hls papet 1re covt.n-d by pale-ntsl.s$ued a:.d
`ap,plled ror.
`
`APPLE EX. 1027
`Page 6

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket