A conditional access (CA) system
A conditional access (CA) system comprises a combination of scrambling and encryption to prevent unauthorised reception. Scrambling is the process of rendering the sound, pictures and data unintelligible. Encryption is the process of protecting the secret keys that have to be transmitted with the scrambled signal in order for the descrambler to work. After descrambling, any defects on the sound and pictures should be imperceptible, i.e. the CA system should be transparent. The primary purpose of a CA system for broadcasting is to determine which individual receivers/ set-top decoders shall be able to deliver particular program services, or individual programs to the viewers. The reasons why access may need to be restricted include:
EBU Project Group B/CA has developed a functional model of a conditional access system for use with digital television broadcasts. It should be of benefit to EBU Members who intend to introduce encrypted digital broadcasts; by using this reference model, Members will be able to evaluate the different conditional access systems that are available.
The model is not intended as a specification for a particular system. Rather, it provides a framework for defining the terms and operating principles of conditional access systems and it illustrates some of the conflicts and trade-offs that occur when designing such systems.
- to enforce payments by viewers who want access to particular programs or program services;
- to restrict access to a particular geographical area because of program-rights considerations
2. Transactional models
Transactional models can be used to illustrate the underlying commercial transactions that take place in a conditional access broadcasting system, in a way which is independent of the technology employed. A similar analogy is sometimes used for the sale of goods to the public through retail and wholesale chains: in that situation, there is a flow of goods and services in one direction – from the manufacturers to the end customers – and a flow of money in the reverse direction.
A model of a vertically-integrated CA system is shown in Fig. 1. Here, the service provider is also the network operator and the CA system operator. Historically, CA systems originated in this form and the model remains true for many cable systems today: the cable operator acts as the service provider (usually by purchasing the rights to show programmes made by third parties) and also as the carrier and the CA system operator. In such circumstances, and especially where – as in most cable systems – the cable operator supplies and owns the decoders, a single proprietary system is acceptable, because there is no requirement to share any part of the system with competitors. A model of a devolved CA system is shown in Fig. 2. In this case, the functions of the service provider, network operator and CA system operator are split. Indeed, there are two separate service providers, A and B, who share a common delivery system (owned and operated by a third party) and a common CA system which is owned and operated by a different third party. Thus all billing and collection of money is carried out by the CA system operator who then passes on payments in respect of program rights back to the appropriate service providers. This model is true for many analogue satellite systems today and also applies to a retail market in which there is only one retailer. Note how the CA system operator has information about the names, addresses and entitlement status of all viewers; program providers, on the other hand, have access only to 2. This is generally a Service Information (SI) function. However, regulators might specify that programmes should be scrambled where parental control is required. In current analogue systems, parental control often uses the CA system. the names, addresses and entitlement status of viewers to their own services.
An alternative model of a devolved CA system is shown in Fig. 3. Here, there are two independent CA Subscriber Authorization System (SAS) operators, I and J (see Section 5.3.). System J is used by service provider C only, whereas system I is used by all three service providers. Conversely, service providers A and B use system I only, whereas service provider C uses systems I and J. Thus, viewers to the services provided by C can use a decoder which is appropriate for either system I or J. A further feature of this model is that the billing and the money flow is directly between the viewers and the Subscriber Management System (SMS) operators (see Section 5.3.); it does not pass via the SAS operators or the transmission system operators. Consequently, sensitive information about the names and addresses of subscribers is known only to the appropriate service provider.
- Functional model of a CA reference system
A functional model of a hypothetical CA reference system is now described. The model is loosely based on the Euro crypt conditional access system but its principles of operation are expected to apply to CA systems generally.
3.1. Conditional Access Sub-System
A Conditional Access Sub-System (CASS) is a detachable security module which is used as part of the CA system in a receiver. It is also possible to embed the security module in the receiver itself, in which case each receiver will typically have its own secret individual address. Replacement of the CASS is one means of recovering from a piracy attack. Replacement of the CASS also enables new features to be added to the system as and when they are developed.
For analogue systems and some digital systems, the CASS is typically a smart card . For digital systems which use the Common Interface (see Section 3.6.), the CASS will be a PCMCIA3 module and this may have an associated smart card.
- Personal Computer Manufacturers Computer Interface
68 EBU Technical Review Winter 1995
EBU Project Group B/CA
3.2. Scrambling and descrambling
The basic process of scrambling and descrambling the broadcast MPEG-2 transport stream  is shown in Fig. 4. The European DVB Project has defined a suitable, highly-secure, Common Scrambling Algorithm.
3.3. Entitlement Control Messages
The generation, transmission and application of Entitlement Control Messages (ECMs) – which are used to recover the descrambling control word in the decoder – is illustrated in Fig. 5. The ECMs are combined with a service key and the result is decrypted to produce a control word. At present, the control word is typically 60 bits long and is updated every 2-10 seconds.
If the access conditions are to be changed at a program boundary, it may be necessary to update the access conditions every frame, which is much more frequently than is required for security reasons. Alternatively, a change in access conditions could be made frame-specific by sending out a change in entitlements in advance and then instigating the change with a flag. A third method would be to change the control word itself at a program boundary. However, the second and third approaches would not allow a program producer to change the access conditions instantaneously.
PAY TO DOWNLOAD FULL SEMINAR