ATTACHMENT I

Content Protection Requirements And Obligations

This Attachment I is attached to and a part of that certain Affiliation Agreement, dated October __, 2010 (the “Agreement”), by and between CPE US Networks Inc. (to be referred to as “Licensor” for purposes of this Attachment I) and DIRECTV, Inc. (to be referred to as “Licensee” for purposes of this Attachment). Capitalized terms that are used in this Attachment I and not otherwise defined herein shall have the meanings set forth in the Agreement, including the Exhibits thereto, as applicable. The VOD Programs and the Authenticated Content shall be referred to as “Licensed Content” for purposes of this Attachment.

General Content Security & Service Implementation

Content Protection System. All Licensed Contentdelivered to, output from or stored on a device must be protected by a contentprotection system that includes digital rights management,conditional access systems and digital output protection (such system, the “Content Protection System”).

Any approval required in Attachment I may not be unreasonably withheld, conditioned or delayed by Licensor.

Licensor hereby approves NDS Videoguard Conditional Access DRM for all Licensed Content. In addition, Licensor approves any Content Protection System that it allows any other licensee in the Territory to use (so long as the use of such Content Protection System is not on a limited test or other short-term basis (i.e., an “Interim Basis”)) or that meets the requirements that follow.

The Content Protection System shall:

(i)be approved by Licensor (including approval of any new versions thereof but only if, in Licensee’s reasonable opinion, such new versions will substantially reduce the security of the System), and Licensor hereby acknowledges approval of the Content Protection System as of the date hereof;

(ii)be fully compliant with all the compliance and robustness rules associated therewith,

(iii)use only thoserights settings, if applicable, that areset forth herein, and

(iv)be considered to meet sections entitled “Encryption”, “Protection against hacking”, “Secure Remote Update”, and “Recording” of this Schedule if the Content Protection System is an implementation of one of the content protection systems approved currently and in the future for UltraViolet services ( and said implementation meets the compliance and robustness rules associated with the chosen UltraViolet-approved content protection system. The UltraViolet-approved content protection systems are currently:

  1. Marlin Broadband
  2. Microsoft Playready
  3. CMLA Open Mobile Alliance (OMA) DRM Version 2 or 2.1
  4. Adobe Flash Access 2.0 (not Adobe’s Flash streaming product)
  5. Widevine Cypher ®

In addition, if Licensor grants or allows any less restrictive security, DRM and/or content protection methods, then Licensor shall promptly make such method available to Licensee in the same manner.

  1. Encryption.
  2. The Content Protection System shall use cryptographic algorithms for encryption, decryption, signatures, hashing, random number generation, and key generation and utilize time-tested cryptographic protocols and algorithms, and offer effective security equivalent to or better than DES 56 or AES 128 (as specified in NIST FIPS-197) or ETSI DVB CSA3. Notwithstanding the above, Licensee agrees that it shall not use DES 56 by the third anniversary of Service Commencement Date for Licensed Content.
  3. The Content Protection System shall only decrypt streamed Licensed Content into memory temporarily for the purpose of decoding and rendering the Licensed Content and shall never write decrypted Licensed Content (including, without limitation, portions of the decrypted Licensed Content) or streamed encrypted Licensed Content into permanent storage.
  4. Keys, passwords, and any other information that are critical to the cryptographic strength of theContent Protection System (“critical security parameters” or “CSPs”) may never be transmitted or permanently or semi-permanently stored in unencrypted form. Memory locations used to temporarily hold CSPs must be securely deleted and overwritten as soon as possible after the CSP has been used.

Conditional Access Systems

  1. AnyConditional Access System used to protect Licensed Content must support the following:
  2. Licensed Content shall be protected by a robust approved scrambling or encryption algorithm in accordance with section 1 above.
  3. Entitlement control messages (“ECMs”) shall be required for playback of Licensed Content, and can only be decrypted by those smart cards or other entities that are authorized to receive the Licensed Content. Control words must be updated and re-issued as ECMs at a rate that reasonably prevents the use of unauthorized ECM distribution
  4. The control word must be protected from unauthorized access.

Streaming

  1. Streaming Requirements

Licensor hereby approves the Content Protection Systems approved currently and in the future for UltraViolet services ( for streaming of all Licensed Content. In addition, Licensor approves any Content Protection System that it allows any other licensee in the Territory to use (so long as the use of such Content Protection System is not on an Interim Basis) or that meets the requirements that follow. The requirements in this section 3 apply in all cases where streaming is supported.

3.1.Streams shall be encrypted using AES 128 (as specified in NIST FIPS-197) or other robust, industry-accepted algorithm with a cryptographic strength and key length such that it is generally considered computationally infeasible to break.

3.2.Encryption keys shall not be delivered to clients in a cleartext (un-encrypted) state.

3.3.The integrity of the streaming client shall be verified by the streaming server before commencing delivery of the stream to the client.

3.4.Commercially reasonable efforts shall be used (for example, short-lived and individualized URLs for the location of streams) to ensurethat streams cannot be obtained by unauthorized users.

Protection Against Hacking

  1. Any system used to protect Licensed Content must support the following:
  2. Playback licenses, revocation certificates, and security-critical data shall be cryptographically protected against tampering, forging, and spoofing.
  3. The Content Protection System shall employ industry accepted tamper-resistant technology on hardware and software components (e.g., technology to prevent such hacks as a clock rollback, spoofing, use of common debugging tools, and intercepting unencrypted Licensed Content in memory buffers).

REVOCATION AND RENEWAL

  1. Secure remote update. The Content Protection System shall be renewable and securely updateable in the event of a breach of security or improvement to the Content Protection System.
  2. Licensee shall have a policy which shall use commercially reasonable efforts to ensure that clients and servers of the Content Protection System are promptly and securely updated in the event of a security breach (that can be rectified using a remote update) being found in the Content Protection System and/or its implementations in clients and servers.

RECORDING

  1. PVR Requirements. Any device receiving playback licenses must not implement any personal video recorder capabilities thatallow recording, copying, or playback of any protected Licensed Content except for the purposes of time-shifted viewing and except as explicitly allowed elsewhere in the Agreement; provided that, to the extent that Licensor permits, or does not enforce with respect to, any other licensee the foregoing restriction on recording, copying, or playback of Licensed Content (except for time-shifted viewing and except for on an Interim Basis), then Affiliate shall, at its election and subject to Affiliate’s acceptance of the applicable Related Terms, be relieved of such restriction hereunder to the same extent.
  2. Copying. The Content Protection System shall prohibit recording of protected Licensed Content onto recordable or removable media, except as such recording is explicitly allowed elsewhere in the Agreement; provided that, to the extent that Licensor permits, or does not enforce with respect to, any other licensee the foregoing restriction on recording onto recordable or removable media (except on an Interim Basis), then Affiliate shall, at its election and subject to Affiliate’s acceptance of the applicable Related Terms, be relieved of such restriction hereunder to the same extent. For the avoidance of doubt, a hard drive internal to a set-top-box or an external hard drive added to a set-top-box shall not be deemed “recordable or removable media” for purposes of this Section 8, so long as the Licensed Content stored on such hard drive remains protected and can be played back only by set-top-boxes that are then-authorized by Licensee to receive the Licensed Content.

Outputs

  1. Analogue Outputs.

If the Licensed Content can be delivered to a device which has analog outputs, the Content Protection System must ensure that the devices meet the analogue output requirements listed in this section.

9.1.When inserted into the Licensed Content in accordance with the CEA-608 standard prior to delivery to Licensee, the Content Protection System shall enable CEA-608 or CGMS-A content protection technology on all standard definition analog outputs from end user devices. Licensee shall pay all royalties and other fees payable in connection with the implementation and/or activation of such content protection. Licensor shall pay all expenses associated with the insertion of CGMS-A settings that Licensor inserts into the Licensed Content.

  1. Digital Outputs. Licensee shall ensure that the digital outputs of all devices receiving protected Licensed Content are protected using High Definition Copy Protection (“HDCP”) or Digital Transmission Copy Protection (“DTCP”) or any Content Protection System approved herein by Licensor.
  2. Upscaling. Device may scale Licensed Content in order to fill the screen of the applicable display; provided that Licensee’s marketing of the device shall not state or imply to consumers that the quality of the display of any such upscaled Licensed Content is substantially similar to a higher resolution than the Licensed Content’s original source profile (i.e., SD Licensed Content cannot be represented as HD Licensed Content).

Geofiltering

  1. The Content Protection System shall take affirmative, commercially reasonable measures to restrict access to Licensed Content to within the Territory.
  2. Licensee shall periodically review the geofiltering tactics and perform commercially reasonable upgrades to the Content Protection System to maintain “state of the art” geofiltering capabilities.

Network Service Protection Requirements

  1. All Licensed Content must be protected according to industry standard practices at content processing and storage facilities.
  2. Access to Licensed Content in unprotected format must be limited to authorized personnel and auditable records of actual access shall be maintained.
  3. Intentionally Deleted.
  4. Licensed Content must be returned to Licensor or securely destroyed pursuant to the Agreement at the end of such Licensed Content’s license period including, without limitation, all electronic and physical copies thereof.

High-Definition Restrictions & Requirements

Licensor hereby approves NDS Videoguard Conditional Access DRM and the Content Protection Systems approved currently and in the future for UltraViolet services ( for HD Licensed Content on personal computers. In addition, Licensor approves for HD Licensed Content any Content Protection System that it allows any other licensee in the Territory to use on personal computers (so long as the use of such Content Protection System is not on an Interim Basis) or that meets the additional requirements for HD playback on PCs that follow:

  1. Personal Computers The additional requirements for HD playback on PCs will include the following:
  2. Secure Video Paths:

The video portion of unencrypted Licensed Content shall not be present on any user-accessible bus in any analog or unencrypted, compressed form. In the event such unencrypted, uncompressed Licensed Content is transmitted over a user-accessible bus in digital form, such Licensed Content shall be either limited to standard definition (720 X 480 or 720 X 576), or made reasonably secure from unauthorized interception.

18.2.Digital Outputs:

For avoidance of doubt, HD Licensed Content may only be output in accordance with section “Digital Outputs” above. Further, by downloading a script of other investigation method, Licensee shall determine unequivocally before offering HD Licensed Content to the user that the user’s PC supports digital output control in compliance with section “Digital Outputs” of this schedule. HD Licensed Content shall NOT be offered to the user or delivered to the user if this test determines the user’s PC does not support digital output control in compliance with section “Digital Outputs” of this Schedule.

18.3.Hardware Root of Trust Or State of the Art Software Tamper Resistant

The Content Protection System and/or the approved device on which the Content Protection System executes shall use a hardware means ("Hardware Root of Trust") which prevents compromise via software attacks, of the Content Protection System. For example, the Hardware Root of Trust may provide some or all of the following functions:

  • hardware defenses against reverse engineering of software
  • hardware assisted software tamper resistance
  • hardware secure key storage (and or key use)
  • hardware assisted verification of software

Alternatively, the Content Protection System and/or the approved device on which the Content Protection Systems executes shall use software obfuscation or other method of software tamper resistance from a recognized, state of the art provider that is approved by Licensor.

ACCOUNT AUTHORIZATION

  1. Content Delivery. LicensedContent, licenses, control words and ECMs shall only be delivered from a network service to registered devices associated with an account with verified credentials. Account credentials must be transmitted securely to ensure privacy and protection against attacks.
  2. Services requiring user authentication:

The credentials shall consist of at least a User ID and password of sufficient length to prevent brute force attacks.

Licensee shall take commercially reasonable steps to discourage users from sharing account credentials. In order to discourage unwanted sharing of such credentials, account credentials may be linked to any of the following (by way of example and subject to the caveat set forth in Section 1 of Exhibit D to the Agreement):

­purchasing capability (e.g., a link to the user’s active credit card or other financially sensitive information), or

­administrator rights over the user’s account including control over user and device access to the account along with access to personal information.

48259v5