The conditional access system (CAS) is the core technology for developing pay TV. Understanding its operating mechanism and mastering its use and maintenance are critical to the success of the pay TV business.
1. Basic principles of conditional access
The composition of CAS includes: user management system SMS, business information generation system SIG, program management PMS / SI editing system, program scheduling processing EIS, user authorization management system SAS, conditional access CA and so on. There are two main blocks: one is the SMS for managing users, and the other is the CA for managing programs. CA is mainly divided into two parts: one is the signal scrambling part, which is to control the scrambling of the signal by the scrambler (called the control word CW) generated by a random code generator; the second is the encryption part To make the scrambled signal successfully descrambled at the receiving end, the receiving end must also have the same control word as the scrambling end to control the descrambler, so the front-end CW must be transmitted to the receiving end, if directly transmitted It will be easily intercepted by hackers and make CAS useless. To this end, CW must be encrypted and transmitted. This encryption is a multi-layer encryption mechanism, thereby increasing the security of CW transmission and directly encrypting the first layer of CW. The generated ciphertext is called authorization control information ECM, which is transmitted with the scrambled code stream through the multiplexer. The ECM also contains information such as time, program price, and program authorization control. Therefore, ECM is program-oriented management information. The key that encrypts the CW is called the work key SK. SK is usually called the monthly key. It is changed once a month. Every time the SK is changed, the system must reauthorize all users. The second layer of encryption is to encrypt the SK with the program key PDK. The generated cipher text and the authorization information obtained from the SMS through the authorization information generated by the SAS form the authorization management information EMM. The EMM also contains the smart card number, authorization time, User authorization information such as authorization level. This information is mainly to complete the authorization of the user, so EMM is user-oriented management information. EMM authorizes the user to watch at what time and what channel to watch. It is also transmitted with the scrambled code stream through the multiplexer. The above components CA's most basic encryption system.
In order to prevent the key from being intercepted by hackers during transmission, the double key method is generally adopted, and each user is assigned a pair of keys, one of which is the key held by the user himself is called a private key, which is only used for decryption. Usually this key is stored in the user's smart card. The other is the public key, which is only used for encryption. The two keys are formed into a one-to-one correspondence through the algorithm. Only the corresponding private key can unlock the encryption added by the public key. In this way, we don't need to directly transfer the key, so it has high security. This is an authentication process called digital signature. The general private key (PDK) is stored in the user's smart card, so at the receiving end, EMM decryption is unique, that is, a smart card can only decrypt EMM information related to it, after decryption, you can get all the ECM for decryption Information, and then obtain the CW by decrypting the ECM, and send the CW to the descrambler in the set-top box to complete the descrambling work. These decryption processes are all completed in the decryption system in the smart card. The authorization adopts the way of central addressing and smart card sharing, and the process is as follows:
The set-top box detects that if the DVB code stream is a scrambled code stream, it drives the card reader to work, transfers the smart card management program to the central processor to start operation, and reads the smart card number. Look for PSI in the transport stream, find the conditional access table CAT in the PSI, find the corresponding EMM information according to the EMM packet identification code (PID) given in the CAT table, and then match the smart card number with the authorization information in the EMM The card number is proofread, that is, the addressing comparison operation. If the proofreading is invalid, there will be relevant information on the screen that prompts you to watch it without authorization. If the proofreading is successful, the ECM and EMM are transferred to the smart card, and the decryption program is called in the smart card (to enhance the security of CAS, the entire decryption process is performed in the smart card), and the EMM and ECM are compared with the private key (PDK) in the smart card Perform layer-by-layer decryption to get SK and get CW, and send the CW back to the set-top box to complete the descrambling of the program stream (as shown in Figure 1 and Figure 2). At the same time, the key SK is stored in the smart card. In the future decryption and descrambling, it is sufficient to directly call the SK in the card. There is no need to repeat the authorization process. At this time, the system only needs to transmit the ECM (because generally 5- --CW is changed every 10 seconds, so ECM also needs to be sent every 5--10 seconds), only when the operator wants to update the SK before starting a new authorization process, usually every time the SK is updated, the operator has to use a few Time of day (specifically can be determined according to the number of users) continuously send EMM to the user for authorization, if some users do not turn on the phone during the authorization period for other reasons, they can contact by phone, after the front end confirms, send a dedicated EMM to the user .
There are the following ways to change the authorization:
1. The SMS at the front end finds that a user's time is up, and issues an instruction to the CA to close the authorization, update the SK by sending EMM, and re-authorize.
2. Use the authorization time stored in the smart card to compare with the time in the downstream signal (this time information is in the ECM). If the time of the downstream signal is not within the authorized time interval, the authorization is revoked.
3. Use the authorization information stored in the smart card to compare with the additional parameters in the ECM. If the program access conditions are not met, the authorization is revoked.
In order to provide users with more choices in program ordering, CAS provides in addition to the most basic program regular subscription (SubscripTIon), it also provides PPV (Pay-per-View), IPPV (Impulse PPV) Various authorization methods, such as time payment, are attached to the program and are described by additional parameters (reservation type, PPV fee, preview time, etc.). Generally, they are carried in the ECM information like control words. There are multiple private keys stored in the smart card, each key corresponds to an authorization method, and each authorization method corresponds to an EMM.
Looking at the entire authorization process, the security of CAS depends on the confidentiality of the smart card. The smart card must have reliable anti-copying performance.
For different program product packages (one or more TS streams composed of a single or multiple programs), there are different ECM and EMM corresponding to each program product package corresponds to one ECM and multiple EMM Depending on the user, for each product package, there are as many EMMs as there are subscribers, which can be divided into unicast and multicast forms.
Unicast is a single program as a product package, users can choose one or more product packages, so for users to choose is very flexible and diverse, but its authorization information is large. Assume that the data volume of each EMM is 100 bytes, and the existing users are 600,000, and there are 60 programs in total, that is, there are 60 program product packages, and every 6 product packages occupy a transmission channel (modulated on a QAM modulator ), If each user purchases all product packages (this is an extreme case), then the number of ECMs generated is 60, and the smart card must be able to store 60 different SKs, which are enabled by different program IDs during decryption. SK. The total amount of EMM data is: 600,000 * 100 * 8 * 60 = 28800Mb, huge data will make the authorization time longer, thus affecting the normal viewing of users.
Multicasting is to bundle multiple programs together to form a product package, which is available for users to choose to purchase in the form of packages. This method is mostly used in the early stage of digital TV development, providing users with preferential policies like "buy one get two free". In this way, the data volume of ECM and EMM will be reduced. Similarly, suppose that the data volume of each EMM is 100 bytes, the number of users is 600,000, and there are 60 sets of programs. Each 6 sets of programs form a product package, and there are 10 product packages. Each product package occupies a transmission channel (modulated in A QAM modulator), if each user also purchases all product packages, then the ECMs generated are still 60, and the total EMM data volume is: 60000 * 100 * 8 * 10 = 4800Mb, which shows that the data volume is more than unicast Much less.
In order to reduce the time of each authorization, we can solve it by reasonably allocating channel bandwidth or adopting some scheduling algorithms. For example, under the modulation method of 64QAM and 6.875Mb / s symbol rate, each channel can get (6.875 * 6 * 188) / 204 = 38Mb / s (64QAM theoretical spectral efficiency is 6bits / s / hz, 188, 204 is RS coding The structure, 188 effective data in 204 bytes, 16 redundant bytes, used for error correction coding) data bandwidth. We can reserve about 5Mb / s bandwidth for EMM, SI and other information. The remaining 33Mb / s bandwidth should not exceed 6 TV programs. At this time, the video bit rate maintains an average of about 5Mb / s, and at this bit rate, the naked eye does not perceive a decrease in image quality.
15W Wall Mounted Power Adapter
5V 2A Power Adapter, 9V Ac Adapter, 12V 1A Power Adapter, 6V 1A Power Adapter
Guangdong Mingxin Power Technologies Co.,Ltd. , https://www.mxpowersupply.com