Thursday, 11 July 2013

DVB-Simulcrypt Enabling multiple CAS on the same network

Simulcrypt is a DVB protocol published by ETSI for use in broadcast TV head-ends to enable multiple Conditional Access systems to co-exist in the same network at the same time. The standard also defines the interface between conditional access systems and head-end multiplexing components.
Advantages of Simulcrypt

There are three key advantages of DVB-Simulcrypt to operators: -
1.Interoperability between multiplexers / scramblers and Conditional Access Systems.
2.Enable dual CAS strategies
3.Enable CAS swap strategies

Interoperability between CAS and multiplexers has been accepted as the norm due to the widespread adoption of DVB-Simulcrypt but it should not be taken for granted. A CAS must be designed from the outset to optimise data for broadcast networks and to enable support for industry standard multiplexers. This is the approach taken by Latens from the earliest versions of Titanium Broadcast.

Dual CAS Strategies
A key driver behind the development of DVB-Simulcrypt was to enable Conditional Access Systems to co-exist on the same network. This is the Dual CAS strategy. Operators are starting to use the features of Simulcrypt which enable CAS to co-exist on the network to allow them to introduce newer more flexible conditional access systems such as Titanium Broadcast onto the network. Operators are recognising that the new generation of conditional access such as Titanium Broadcast from Latens provides support for more advanced and flexible business models while at the same time providing a lower cost of ownership. Support for dual CAS enables these operators to take advantage of these benefits without disruption of their legacy deployment.

CAS Swap Strategy
Simulcrypt also enables CAS swap strategies. A typical approach is for an operator to deploy next the new CAS at the same time as introducing new set-top boxes into the portfolio. Then the operator ceases new deployment with the existing CAS vendor and allows the population of legacy boxes to decrease through natural churn and replacement of old boxes with ones using Titanium Broadcast. At a certain point when it is commercially advantageous to do so, the operator swaps out the remaining legacy boxes and switches off the legacy CAS. This strategy is again enabled by features of DVB-Simulcrypt allowing conditional access systems to c0-exist.

The Implementation
It is a common misconception that a Conditional Access System encrypts / scrambles content. In reality a conditional access system secures and delivers the keys used in content scrambling.
The diagram shows the key components of DVB Simulcrypt, and how the functions are shared between the multiplexer and the conditional access system.
If we firstly consider the process of generating keys commonly referred to as Control Words (CW) with which to scramble the content, these keys are continually being generated to allow the scrambling to be changed frequently for each content stream. The Control Word Generator is essentially a random number generator which provides these CWs to the scrambling process when required.
However, considering the need to descramble content at the receiver, these CWs must be distributed over the broadcast network by some means. This obviously requires that the CWs themselves be protected otherwise descrambling of content becomes the trivial task of inserting the key and the video data into a publicly known descrambling algorithm to recover the content. Protecting CWs is a central part of Conditional Access.
CWs are passed to the Entitlement Control Message Generator using the DVBSimulcrypt protocol. Latens ECMG uses a highly secure means by which to protect the CWs and package them in a standard ECMG packet which is returned to the multiplexer and multiplexed into the transport stream with the encrypted content.
These processes are time sensitive. Control Words must be generated sufficiently in advance of a change of crypto period to allow the multiplexer to pass them to the CAS and the CAS to return the ECMG. ECMGs for a crypto period must be in the transport stream in advance of the crypto period to which they relate sufficiently in advance to enable the STB to receive, decrypt the ECM and load the descrambler. Managing the timing issues and coordinating the components involved in this exchange is the job of the Simulcrypt Synchroniser.
DVB-Simulcrypt also includes protocols enabling Entitlement Management Messages (EMMs) and Private Data to be provided to the multiplexer and for this data to be multiplexed into the transport stream.
Entitlement Management Messages (EMMs) are again a standardised package of data which can be exchanged with the multiplexer over DVB-Simulcrypt. The data contained in the EMM enables the ‘unlocking’ of ECMs on entitled set-top boxes. Without an EMM the ECM and hence the video data cannot be decrypted and recovered. As this is purely CAS generated data, i.e. data does not originate in the mux and get passed to the CAS as in the case of the ECMG, the synchronisation and timing of interactions is much less critical and is under the control of the Latens EMMG. The multiplexer simply receives the data in standardised EMMG packages and multiplexes it into the transport stream at a rate negotiated using the Simulcrypt protocol.
An almost identical protocol is defined by DVB-Simulcrypt for the insertion of Private Data which is used by Titanium Broadcast for various purposes such as distributing Latens Software Security Module which is the modern day replacement for legacy smart-cards. As the protocols are so similar, Titanium Broadcast also uses Latens EMMG component to implement the Private Data Generator (PDG) function.

Network Implications
Bandwidth Consumption
Every CAS requires a finite amount of bandwidth in the broadcast network in order to transmit proprietary EMMs, ECMs and Private Data as applicable.
Latens understands that bandwidth is at a premium for every operator and hence designed Titanium Broadcast such that it can be configured to operate within the allocated bandwidth calculated depending on the system requirements and network conditions. Uniquely Titanium Broadcast optimises bandwidth usage by adjusting play-out rates automatically depending on other system activity, playing messages more quickly during times of low activity and more slowly to maintain constraints at times of peak system activity.

In addition to the standard data, many digital Pay TV systems also transmit specific descriptors for the STBs to be able operate correctly. Some CA systems make particular demands of the SI / PSI configuration with the result that conflicting requirements may arise between CA systems.
Latens approach is to eliminate dependencies between CAS and SI data which may be required for other functions such as EPG or other CA systems. In a Simulcrypt environment Titanium Broadcast only requirement is that one of the multiple permitted entries in the CAT identifies Titanium Broadcast data. All other data requirements relate to ‘Private Data’ which will be transmitted in known PIDs not used by any other subsystem. As a result Titanium Broadcast eliminates the risk of conflicts between CA systems.

DVB-Simulcrypt is a widely accepted and core part of the modern digital broadcast system. Operators who understand the flexibility enabled by the adoption of this standard have used it to transform their business through the deployment of the next generation of CAS technology; Titanium Broadcast.
Latens have real-world experience of dual CAS and CAS swap strategies and can advise and help an operator to understand the possibilities available to them through the use of Latens technology.


No comments:

Post a Comment