TiVo Awarded Patent For Password That Is So Hard To Guess It Will Outlive Your Hard Drive
May 10th, 2007 Davis Posted in Technology, TV, VOD, Disclosure - I own stock in co. mentioned, TiVo |
TiVo’s dust up with Dish may get all of the ink love, but in reality, it represents a very small part of their patent portfolio. Between their trademark filings, their patent applications and their aggressive open market acquisitions, TiVo has managed to build a very impressive intellectual property portfolio around their technology. They haven’t always had the cash to defend this moat, but with damages from TiVo’s potential patent award against Dish, now up to $130 million 
it could free up a lot of cash to go after other infringers, if Dish loses their appeal.
Some of TiVo’s patents have obvious applications and some of them are really held more for defensive purposes, but it’s the bizarre ones that I find most interesting and on Tuesday, TiVo was issued a patent for a method of locking down hard drives, that involves creating a password, that is so hard to guess, it would take longer than the expected life of your hard drive for someone to crack. According to the patent document, the method is described as the following.
“An authentication system for securing information within a disk drive to be read and written to only by a specific host computer such that it is difficult or impossible to access the drive by any system other than a designated host is disclosed. While the invention is similar in intent to a password scheme, it significantly more secure. The invention thus provides a secure environment for important information stored within a disk drive. The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host’s responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself.”
At first the whole thing seems pretty silly to me, but when I think about it, I see two ways that TiVo could take this technology.
The Glass Half Empty - It’s pretty clear that the studios don’t like consumers having control over their our content. When TiVo first introduced TiVo to Go, there were rumblings that Hollywood would sue them over it. Since than, this rhetoric has turned out to be nothing but empty threats. Nonetheless, TiVo was forced to make compromises. When it comes to HDTV, the studios have drawn a line in the sand and consider it sacred. They will not allow consumers to take HDTV content to go (even though we have fair use rights to what we’ve paid for 
) Is it that TiVo is in a shakedown with the studios and has implemented these protections to make sure you can’t just unplug your external drive and give it to your friends or is this the secret sauce behind the DRM that prevents you from taking Amazon movies and watching it on an iPod? When it comes to these issues, TiVo has been forced to walk a fine line between pleasing their customers and keeping the studios off their backs and while there are certaininly a wide variety of ways that you could use this technology, it could also be abused in the wrong hands.
The Glass Half Full - From the very start, security has been a big focus for TiVo. They want their customers to be safe. From the get go, they knew that they had to build a network where people didn’t have to worry about pop up viruses. You hear a lot about different hacks on TiVo, but you never hear about anyone actually being able to hack into TiVo’s internal systems, so that they can take control of other people’s DMRs. A secure connection between a consumer and TiVo is not just essential for their customer’s privacy, but it’s a requirement for allowing TiVo to utilize transaction related advertising. There will always be mischief makers who want to wreck havoc on a system, but if you can lockdown the content, it will go a long way towards preventing people from doing damage.
I think that this is a very creative patent, but in all honesty, I don’t know enough about the Technology behind this patent, to have any idea of what this could really be used for. The real answer probably lies in a grey area that exists outside either explanation. Given TiVo’s history of standing up for consumer rights, I’m willing to give them the benefit of the doubt. Security on a DMR is just as important as security on a computer and my non-technical guesstimate is, that this patent represents technology that was implemented a long time ago. It’s kind of a quirky idea, but I’ve come to expect nothing less from the people who reinvented television.
May 12th, 2007 at 5:08 pm
This really has nothing to do with security, at least the kind of security that benefits TiVo owners. The only conceivable attack it might prevent is someone breaking into your home, opening up your DVR, and stealing the hard drive while leaving the rest of the $600 machine behind.
If you prevent me from accessing the hard drive I paid for, inside a box I own, that doesn’t benefit me. It might benefit TiVo, who wants me to buy new features from them instead of installing them myself. Or it might benefit Big Content, who wants me to buy shows on DVD instead of archiving my own recordings. But it sure doesn’t do anything for me.
May 12th, 2007 at 6:54 pm
Ok, what happens if the host that currently works with this drive takes a dive? Since no other host can authenticate to the drive to unlock it, and get *YOUR CONTENT BACK*, a host that takes a dive takes *YOUR DATA* with it.
Think about it.
May 12th, 2007 at 6:55 pm
it prevents you from plugging the drive into your own PC and copying the movie, that’s all. if the encryption is only for the authentication process, then the actual data on the drive (and passed between drive and host) is unencrypted. this leaves open a gaping hole for someone to construct a piece of hardware to plug in between drive and host to catch the data during transfer. no decryption required.
May 12th, 2007 at 6:58 pm
I’d just like to point out that anyone who decided to open their tivo with such a scheme in use could very quickly decrypt this security method with the proper know how. I think the main thing is you would no longer be able to install your own hd’s into a tivo nemore, just like the xbox360 prevents you from getting your own hd. Very rarely does media security benefit consumers.
May 12th, 2007 at 7:19 pm
I don’t see the problem here. If you have a problem, build your own DVR system. The specs are available online. If you buy a product, you must abide by the company. If you do not like their policy, switch to a TiVo competitor or like I mentioned, make your own.
May 12th, 2007 at 8:11 pm
I have to agree with WTF. I mean I hate DRM as much as the next person, but TiVo is not a necessary product. Sure it is handy and all, but in truth if you wanted to record shows to your computer, all you would seriously need is a video capture card and a satellite/cable connection.
Plus, if you want to add your own harddrive, you could add your own harddrive.
May 12th, 2007 at 8:44 pm
This is most likely based off of ATA security. Microsoft tried to enforce this type of security on the first Xbox. The easiest way to get around it, boot the drive in the TiVo, unplug the IDE or SATA, leave the power on. Plug drive into computer, turn on computer…
May 12th, 2007 at 9:12 pm
Another win for MythTV!
May 12th, 2007 at 9:51 pm
You can back up content from your Tivo anyway. The only thing they care about is keeping the watermarking on the content so that if you post it online, BigContent comes after you and leaves Tivo out of it.
It’s Tivo’s way of walking the fence. Gotta give them credit.
May 13th, 2007 at 4:06 am
“You can back up content from your Tivo anyway” … since when? I thought TivoToGo was disabled on Series3 units.
May 13th, 2007 at 4:10 am
dudes…Torrent…i mean…i’ve seen torrents for everything in every encoded format…from regular to HRHD, to true HD, 720p, 1080p…and i mean…i’ve only ‘Seen’ them.
May 13th, 2007 at 5:07 am
“mischief makers who want to WRECK havoc on a system”
Do0d, havoc is something you WREAK, rhymes with FREAK.
Getting simple 5-letter words wrong seriously undermines your credibility.
May 13th, 2007 at 6:38 am
i agree
May 13th, 2007 at 6:46 am
Plum: You reek. Seriously, dude why not add something useful to the conversation?
May 13th, 2007 at 7:07 am
Easy to bypass
May 13th, 2007 at 7:19 am
“Do0d, havoc is something you WREAK”
Dude, Do0d isn’t a word.
Spelling simple 4-letter words with zeroes instead of real letters seriously makes you look 14.
May 13th, 2007 at 9:45 am
Where’s the novalty? Any good cryptographer will tell you that encrypted data is safe as long as the cost required to break the encryption is greater than the value of the encrypted data, or the time the encrypted data must remain secret is shorter than the time it takes to break the encryption. This is just a re-hash on an old adage. WTF?
May 13th, 2007 at 11:09 am
Just take a movie of the screen.
May 13th, 2007 at 11:12 am
I give it like, a week, until some 10 year-old norweigian kid hacks the point between the data and password.
Foolish password patents. Tesla is scoffing in the afterlife.
May 13th, 2007 at 11:29 am
if any of the above mentioned ideas don’t work, then there’s always distributed computing.
May 13th, 2007 at 1:52 pm
Distributed computing won’t save you unless you unsolder the encryption firmware and extract some kind of one-way hash. Assuming the hard drive is a black box (you can hook wires to it but you can’t look inside), the only thing you can do is respond to its challenges.
May 13th, 2007 at 2:40 pm
You guys seriously need to get a life, instead of flaming each other in replies to a article. Also, I must say that what Superdave Osborne said - “if the encryption is only for the authentication process, then the actual data on the drive (and passed between drive and host) is unencrypted. this leaves open a gaping hole for someone to construct a piece of hardware to plug in between drive and host to catch the data during transfer. no decryption required.” A simple hardware “packet sniffer” would do the job perfectly.
May 13th, 2007 at 2:57 pm
Are companies still this stupid? Unbreakable? I give it a week. There is going to be 10 times the people wanting to break this now just because of the name. Companies really need to realize there is not a lot they can do to lock there products down. It’s just a delay that is about it.
May 13th, 2007 at 3:17 pm
Actually, it’s “their content”, not “our content” (beginning of “the glass half empty” section).
You pay for a license to see that content, you can’t buy the content.
May 13th, 2007 at 3:39 pm
Just like vista. MS said it was soo secure and unhackable so it pissed off so many hackers that by release day there were already hundreds of exploits and hacks out.
May 13th, 2007 at 10:31 pm
Wow, clearly pretty strong content protection in that patent. How about going one step further and actually encrypting what shows up on the screen: A patent for a high-security mechanism that scrambles the picture that appears on the screen to such an extent that that to the naked eye it appears like random white noise. Only if you wear special goggles with built-in monitors, similar to military nightvision goggles can you enter a personal license viewing code which enables you see the picture on the TV screen. This protects the movie being watched by any bystanders in the room who has not been individually licensed for that movie with his Personal Goggle Viewing Device (PGVD). Furthermore the patent also covers a tripod that stands on the ground by gravity and upholds the PGVD so that the human face will NOT have to bear the heavy weight oft he Goggle viewing device. The personalized license viewing code can be revoked during the movie if the Personal Goggle Viewing device detects that the viewer is falling asleep. Let’s get THAT patent filed for right away…
May 14th, 2007 at 8:00 am
Hey WTF, how about this one? You buy a car, and you must sign a document that says “I promise not to mod out this vehicle to make it look better than the other, similar models made by this manufacturer”.
Oh, or this! The next screwdriver you buy says “You may not, even in an emergency, turn this screwdriver around and use the butt handle as a hammer”. And then there you are, stuck in the desert with your screwdriver and you need to hammer the top off a water bottle and some clown pops up out of nowhere and says “Tsk, tsk, if you wanted to use that as a hammer, you should have built your own or bought a competing product”.
Seriously, get a clue.
Peter Yellman
May 14th, 2007 at 8:24 am
Tivo has been off my “must have” list for a while now. Looks like it will stay that way. Big content is out of control. The more they push the less I watch/buy. I don’t need people like that in my life. There is lots of entertainment available.
May 14th, 2007 at 1:34 pm
what is up with all this the company wasn’t thinking or just didn’t care what they did they just created something real easy for people to try and bypass over the years you think they would learn from all the stuff that has happen to all the other company’s people have gotten through they’ll learn from there mistake and hopefully come back with something much better P.S RUNESCAPE RULES iam only 14 add me on runescape if you play gr33n robin and i know all of you will start saying this is a place to comment about the subject but guess what i did so now u mostly have nothing else to say except what is a 14 year old doing on this site and doesn’t even know what he is talking about but guess what i do company’s make stuff real stupid some times but sooner or later they will learn hopefully and make products that are more protective and have a real good security system
May 14th, 2007 at 1:36 pm
yo i play runescape to ill add you
May 14th, 2007 at 1:38 pm
ill add you to i play wow didnt think i wold find people who play on this form
May 14th, 2007 at 4:48 pm
[[Actually, it’s “their contentâ€, not “our content†(beginning of “the glass half empty†section). You pay for a license to see that content, you can’t buy the content.]]
Er, yeh, but you OWN the LICENCE within the TERMS, and if you lose the content before gaining full access to the licence (it happens, as inevitable as death, taxes and password cracking) then you are denied your consumer rights. Therefore this does not protect the consumer.
May 15th, 2007 at 7:05 am
Eventually, you will be charged per minute of programming that you watch, each moment that you watch it. You’ll need a credit card to activate your television, or a little coin box so that you can feed change into the TV while you watch.
Seriously. The tighter that they squeeze, the more content will slip through their fingers.
Don’t get me wrong, I am a grown adult, and I am all for supporting (ie paying for) the programming that I like, but the hoops that they are making for me to actually use it is getting so annoying that I would almost consider downloading the illegal, DRM-free version to avoid the pain that they are causing.
May 15th, 2007 at 9:36 am
That’s crazy and kind of scary next stop drm that when you break it kills your pc.
May 15th, 2007 at 9:50 am
Alright, I am pretty new into the whole security realm; however, when setting up a VPN using device authentication, is it not pretty much the same thing as this, except that this seems to be using CHAP? So what I am getting at is that the content on the medium may still be encrypted (just because it is an authentication patent does not mean it is not using a form of VPN).
Since it is the harddrive that is sending out the challenge, why could you not put in another harddrive? The host machine will be the same machine using the same cryptographic chip, except there will be a new harddrive added, which (thinking logically here) would not intefere with the cryptographic chip. Also, if you really wanted to, could you not take the harddrive and the chip out of the original host and install them into another compatable host, thus bypassing the use of TiVo’s host and using your own, which would allow you to transfer files between drives?
-Security Apprentice
May 16th, 2007 at 6:11 am
gay
May 25th, 2007 at 11:03 pm
Whats the point of buying a TiVO DVR Unit if the user wont be able to burn DVD’s or VHS Copies of content the USER decided to record on the hard drive and ONLY let the user VIEW the content on their TV’s. If I buy a DVR is because I would like to record contents on the hard drives and only re-record content from the DVR’s hard drive to a DVD so I can take the content with me and play them on my portable DVD or my laptop when take the train for a LOOOONG trip. If I cant have that functionality from a TiVO based DVR system (which would force me to purchase the DVD for a movie I already have recorded on the TiVO’s DVR’s Hard drive), I just will buy a video capture card and record content to my PC for which I am not unreasonably unrestricted.
May 25th, 2007 at 11:18 pm
Just connect your TiVO DVR to your computer’s Video capture card and play back the content while you record on your computer. Then you will be able to “take the content on-the-go with you”