DVB Content Protection & Copy Management often abbreviated to DVB-CPCM or CPCM is a digital rights management
standard being developed by the DVB Project. Its main application is interoperable rights management of European
digital television, though other countries may also adopt the standard.
CPCM specifies a way of adding information to digital content, such as television programs, to describe how and
if content may be used and shared among other CPCM-enabled devices.
Content providers can use a range of flags stored with the content to describe how it may be used.
All CPCM-enabled devices should obey these flags. These flags can allow or deny content to be either moved or
copied to other CPCM devices. Content may also be provided for a set time limit, or forbid content to be played
concurrently on separate devices.
CPCM can distinguish between devices inside and outside an "authorized domain" of devices. The authorized domain
can include devices both in the home or in remote locations such as cars or vacation homes. It also specifies
whether content should remain inside the home (the "local environment") or inside a physical region, such as a
country (the "geographic area").
CPCM (as do all content protection mechanisms used for Pay TV) contains a "robustness requirement" that demands
that manufacturers design their technologies to resist end-user modification, which makes it impossible to
implement a fully trusted CPCM in user-modifiable software like Linux.
Unlike most DRM systems, CPCM (in theory) supports a choice of robustness regimes rather than tying everyone
to a single set of conditions. It is possible that different regimes may emerge e.g. distinct trust models for
PayTV, Free TV, or even Public Domain type content. Each of these could have appropriate levels of robustness
requirement. It would even be possible to define a CPCM C&R Regime that permits implementation in user-modifiable
software, though this would probably not be trusted to receive content from most commercial services.
That said, at this time no regime has been announced, so any restrictions have yet to be identified.
CPCM is sometimes erroneously compared to the failed U.S. broadcast flag.
CPCM is only applied in the home after the broadcast has been received, never added to a broadcast signal.
The DVB has now defined signals within the DVB Service Information (DVB-SI) which allow a free-to-air broadcaster
to signal correct behaviour for content protection systems such as CPCM. These signals are not specific to use
with CPCM, and can also be used to control HDCP or similar systems. However, CPCM does defined an exact mapping
of these SI signals to the CPCM usage state information.
It is worth noting that Europe does not have a single regulating authority like the FCC, so an exact parallel to
the enforcement rules of the failed US approach is unlikely.
HDCP & DTCP-IP
HDCP protects a single wire connection, typically DVI or HDMI. CPCM is network independent and can be used on LAN,
WiFi, and in theory even on IEEE 1394 Firewire links.
DTCP-IP is a link protection system similar to HDCP, but operates over a LAN or WLAN connection.
Both HDCP and DTCP-IP are link protection "render and toss" technologies that generally prohibit the receiving
device from recording or redistributing the content. Also, both are designed to prevent connection of devices
that are not in close proximity to one another. CPCM by contrast can allow for recording and/or remote access
depending on the specific rights granted with the content.
The full technical specification of DVB-CPCM is now published by the DVB Project and can be freely downloaded
from this location.
The normative sections have now all been approved for publication by the DVB Steering Board, and will be
published by ETSI as a formal European Standard as ETSI TS 102 825-X where X refers to the Part number of
Nobody has yet stepped forward to provide a Compliance and Robustness regime for the standard
(though several are rumoured to be in development), so it is not presently possible to fully implement a system,
as there is nowhere to obtain the necessary device certificates.