Conditional access (CA) is a technology used to control access to digital television (DTV) services to authorized users by encrypting the transmitted programming. CA has been used for years for pay-TV services. There are numerous ATSC and DVB-compliant CA systems available for a broadcaster to choose from. The CA system provider provides the equipment and software to the broadcaster who then integrates the CA system into his equipment. CA is not designed solely for DTV. It can be used for digital radio broadcasts, digital data broadcasts, and non-broadcast information and interactive services. A CA system consists of several basic components:
- Subscriber Management System (SMS): The SMS is a subsystem of the CA system that manages the subscriber's information and requests entitlement management messages (EMM) from the Subscriber Authorization System (SAS). An EMM provides general information about the subscriber and the status of the subscription. The EMM is sent with the ECM. The ECM is a data unit that contains the key for decrypting the transmitted programs.
- Subscriber Authorization System (SAS): The SAS is a subsystem of the CA system that translates the information about the subscriber into an EMM at the request of the SMS. The SAS also ensures that the subscriber's security module receives the authorization needed to view the programs, and the SAS acts as a backup system in case of failure.
- Security module: The security module, usually in the form of a smart card, extracts the EMM and ECM necessary for decrypting the transmitted programs. The security module is either embedded within the set-top box or in a PC card that plugs into the set-top box.
- Set-top box: The set-top box houses the security module that gives authorization for decrypting the transmitted programs. The set-top box also converts the digital signal to an analogue signal so an older television can display the programs.
There are two DVB protocols used by CA systems: SimulCrypt and MultiCrypt. SimulCrypt uses multiple set-top boxes, each using a different CA system, to authorize the programs for display. The different ECMs and EMMs required by each CA system are transmitted simultaneously. Each set-top box recognizes and uses the appropriate ECM and EMM needed for authorization. The ATSC standard uses SimulCrypt. MultiCrypt allows multiple CA systems to be used with one set-top box by using a PC card with an embedded smart card for each CA system used. Each card is then plugged into a slot in the set-top box. Each card recognizes the ECM and EMM needed for authorization.
A typical CA process involves three basic elements: the broadcast equipment, the set-top box, and the security module. The broadcast equipment generates the encrypted programs that are transmitted to the subscriber. When these are transmitted, the set-top box filters out the signals and passes them to the security module. The security module then authorizes these programs for decryption. The programs are then decrypted in real time and sent back to the set-top box for display.
Continue Reading About conditional access (CA)
Dig Deeper on PKI and digital certificates