 | This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)
|
Conditional access (CA) is a term commonly used in relation to software and to digital television systems. Conditional access is an evaluation to ensure the person who is seeking access to content is authorized to access the content. Access is managed by requiring certain criteria to be met before granting access to the content.
Conditional access is a function that lets you manage people's access to the software in question, such as email, applications, and documents. It is usually offered as SaaS (Software-as-a-Service) and deployed in organizations to keep company data safe. By setting conditions on the access to this data, the organization has more control over who accesses the data and where and in what way the information is accessed.
When setting up conditional access, access can be limited to or prevented based on the policy defined by the system administrator. For example, a policy might require access is available from certain networks, or access is blocked when a specific web browser is requesting the access.
Under the Digital Video Broadcasting (DVB) standard, conditional access system (CAS) standards are defined in the specification documents for DVB-CA (conditional access), DVB-CSA (the common scrambling algorithm) and DVB-CI (the Common Interface). [1] These standards define a method by which one can obfuscate a digital-television stream, with access provided only to those with valid decryption smart-cards. The DVB specifications for conditional access are available from the standards page on the DVB website.
This is achieved by a combination of scrambling and encryption. The data stream is scrambled with a 48-bit secret key, called the control word. Knowing the value of the control word at a given moment is of relatively little value, as under normal conditions, content providers will change the control word several times per minute. The control word is generated automatically in such a way that successive values are not usually predictable; the DVB specification recommends using a physical process for that.
In order for the receiver to unscramble the data stream, it must be permanently informed about the current value of the control word. In practice, it must be informed slightly in advance, so that no viewing interruption occurs. Encryption is used to protect the control word during transmission to the receiver: the control word is encrypted as an entitlement control message (ECM). The CA subsystem in the receiver will decrypt the control word only when authorised to do so; that authority is sent to the receiver in the form of an entitlement management message (EMM). The EMMs are specific to each subscriber, as identified by the smart card in his receiver, or to groups of subscribers, and are issued much less frequently than ECMs, usually at monthly intervals. This being apparently not sufficient to prevent unauthorized viewing, TPS has lowered this interval down to about 12 minutes. This can be different for every provider, BSkyB uses a term of 6 weeks. When Nagravision 2 was hacked, Digital+ started sending a new EMM every three days to make unauthorized viewing more cumbersome.
The contents of ECMs and EMMs are not standardized and as such they depend on the conditional access system being used. [2]
The control word can be transmitted through different ECMs at once. This allows the use of several conditional access systems at the same time, a DVB feature called simulcrypt, which saves bandwidth and encourages multiplex operators to cooperate. DVB Simulcrypt is widespread in Europe; some channels, like the CNN International Europe from the Hot Bird satellites, can use 7 different CA systems in parallel.
The decryption cards are read, and sometimes updated with specific access rights, either through a conditional-access module (CAM), a PC card-format card reader meeting DVB-CI standards, or through a built-in ISO/IEC 7816 card reader, such as that in the Sky Digibox.
Several companies provide competing CA systems; ABV, VideoGuard, Irdeto, Nagravision, Conax, Viaccess, Synamedia, Mediaguard (a.k.a. SECA) are among the most commonly used CA systems.
Due to the common usage of CA in DVB systems, many tools to aid in or even directly circumvent encryption exist. CAM emulators and multiple-format CAMs exist which can either read several card formats or even directly decrypt a compromised encryption scheme. Most multiple format CAMs and all CAMs that directly decrypt a signal are based on reverse engineering of the CA systems. A large proportion of the systems currently in use for DVB encryption have been opened to full decryption at some point, including Nagravision, Conax, Viaccess, Mediaguard (v1) as well as the first version of VideoGuard.
In Canada and United States, the standard for conditional access is provided with CableCARDs whose specification was developed by the cable company consortium CableLabs.
Cable companies in the United States are required by the Federal Communications Commission to support CableCARDs. Standards exist for two-way communication (M-card), but satellite television has separate standards. Next-generation approaches in the United States eschew such physical cards and employ schemes using downloadable software for conditional access such as DCAS.
The main appeal of such approaches is that the access control may be upgraded dynamically in response to security breaches without requiring expensive exchanges of physical conditional-access modules. Another appeal is that it may be inexpensively incorporated into non-traditional media display devices such as portable media players.
Conditional access systems include:
| CA ID | Name | Developed by | Introduced (year) | Security | Notes |
|---|---|---|---|---|---|
| 0x4AEB | Abel Quintic | Abel DRM Systems | 2009 | Secure | |
| 0x4A64, 0x4AF0, 0x4AF2, 0x4B4B, 0x4B4C | ABV CAS | ABV International Pte. Ltd | 2006 | Secure (Farncombe Certified) | CA, DRM, Middleware & Turnkey Solution Provider For DTH, DVBT/T2, DVBC, OTT, IPTV, VOD, Catchup TV, Audience Measurement System, EAD etc. |
| 0x4AFC | Panaccess | Panaccess Systems GmbH | 2010 | Secure (Farncombe Certified) | CA for DVB-S/S2, DVB-T/T2, DVB-C, DVB-IP, OTT, VOD, Catchup etc. |
| 0x4B19 | RCAS or RIDSYS cas | RIDSYS, INDIA | 2012 | Secure | CA for DVB-C, IPTV, OTT, VOD, Catchup etc. |
| 0x4B30, 0x4B31 | ViCAS | Vietnam Multimedia Corporation (VTC) | Unknown | Secure (Farncombe Certified) | |
| 0x4800 | Accessgate | Telemann | Unknown | ||
| 0x4A20 | AlphaCrypt | AlphaCrypt | Unknown | ||
| N/A | B-CAS ARIB STD-B25 (Multi-2) | Association of Radio Industries and Businesses (ARIB) | 2000 | CA for ISDB. Used in Japan only | |
| 0x1702, 0x1722, 0x1762 | reserved for various non-BetaResearch CA systems | Formally owned by BetaTechnik/Beta Research (subsidiary of KirchMedia). Handed over to TV operators to handle with their CA systems. | Unknown | ||
| 0x1700 – 0x1701, 0x1703 – 0x1721, 0x1723 – 0x1761, 0x1763 – 0x17ff, 0x5601 – 0x5604 | VCAS DVB | Verimatrix Inc. | 2010 | ||
| 0x2600 0x2610 | BISS BISS-E | European Broadcasting Union | 2002 2018 | Compromised, BISS-E secure | |
| 0x27A0-0x27A4 | ICAS (Indian CAS) | ByDesign India Private Limited | 2015 | Advanced Embedded Secure | |
| 0x4900 | China Crypt | CrytoWorks (China) (Irdeto) | Unknown | ||
| 0x22F0 | Codicrypt | Scopus Network Technologies (now part of Harmonic) | Unknown | Secure | |
| 0x4AEA | Cryptoguard | Cryptoguard AB | 2008 | Secure | |
| 0x0B00 | Conax Contego | Conax AS | Unknown | Secure | |
| 0x0B00 | Conax CAS 5 | Conax AS | Unknown | Compromised | Pirate cards has existed |
| 0x0B00 | Conax CAS 7.5 | Conax AS | Unknown | Secure | |
| 0x0B00, 0x0B01, 0x0B02, 0x0BAA | Conax CAS 7 | Conax AS | Unknown | Compromised | Cardsharing |
| 0x0B01, 0x0B02, 0x0B03, 0x0B04, 0x0B05, 0x0B06, 0x0B07 | Conax CAS 3 | Conax AS | Unknown | Compromised | Pirate cards has existed |
| 0x4AE4 | CoreCrypt | CoreTrust(Korea) | 2000 | S/W & H/W Security | CA for IPTV, Satellite, Cable TV and Mobile TV |
| 0x4347 | CryptOn | CryptOn | Unknown | ||
| 0x0D00, 0x0D02, 0x0D03, 0x0D05, 0x0D07, 0x0D20 | Cryptoworks | Philips CryptoTec | Unknown | Partly compromised (older smartcards) | |
| 0x4ABF | CTI-CAS | Beijing Compunicate Technology Inc. | Unknown | ||
| 0x0700 | DigiCipher and DigiCipher II | Jerrold/GI/Motorola 4DTV | 1997 | Compromised | DVB-S2 compatible, used for retail BUD dish service and for commercial operations as source programming for cable operators. Despite the Programming Center shut down its consumer usage of DigiCipher 2 (as 4DTV) on August 24, 2016, it is still being used for cable headends across the United States, as well as on Shaw Direct in Canada. |
| 0x4A70 | DreamCrypt | Dream Multimedia | 2004 | Proposed conditional access system used for Dreambox receivers. | |
| 0x4A10 | EasyCas | Easycas | Unknown | ||
| 0x2719,0xEAD0 | InCrypt Cas | S-Curious Research & Technology Pvt. Ltd., Equality Consultancy Services | Unknown | ||
| 0x0464 | EuroDec | Eurodec | Unknown | ||
| 0x5448,0x6448 | Gospell VisionCrypt | GOSPELL DIGITAL TECHNOLOGY CO., LTD. | Unknown | Secure | |
| 0x5501 | Griffin | Nucleus Systems, Ltd. | Unknown | ||
| 0x5581 | Bulcrypt | Bulcrypt | 2009 | Used in Bulgaria and Serbia | |
| 0x0606 | Irdeto 1 | Irdeto | 1995 | Compromised (Cardsharing and MOSC available) | |
| 0x0602, 0x0604, 0x0606, 0x0608, 0x0622, 0x0626, 0x0664, 0x0614 | Irdeto 2 | Irdeto | 2000 | ||
| 0x0624, 0x0648, 0x0650, 0x0639 | Irdeto 3 | Irdeto | 2010 | Compromised (Cardsharing available) | |
| 0x0692, 0x06A4, 0x06B6, 0x069F, 0x06AB, 0x06F1 | Irdeto Cloaked | Irdeto | Unknown | Secure | |
| 0x4AA1 | KeyFly | SIDSA | 2006 | Partly compromised (v. 1.0) | |
| 0x0100 | Seca Mediaguard 1 | SECA | 1995 | Compromised | |
| 0x0100 | Seca Mediaguard 2 (v1+) | SECA | 2002 | Partly compromised (MOSC available) | |
| 0x0100 | Seca Mediaguard 3 | SECA | 2008 | ||
| 0x1800, 0x1801, 0x1810, 0x1830 | Nagravision | Nagravision | 2003 | Compromised | |
| 0x1801 | Nagravision Carmageddon | Nagravision | Unknown | Combination of Nagravision with BetaCrypt | |
| 0x1702, 0x1722, 0x1762, 0x1801 | Nagravision Aladin | Nagravision | Unknown | ||
| 0x1801 | Nagravision 3 - Merlin | Nagravision | 2007 | Secure | |
| 0x1801 | Nagravision - ELK | Nagravision | Circa 2008 | IPTV | |
| 0x4A02 | Tongfang | Tsinghua Tongfang Company | 2007 | Secure | |
| 0x4AD4 | OmniCrypt | Widevine Technologies | 2004 | ||
| 0x0E00 | PowerVu | Scientific Atlanta | 1998 | Compromised | Professional system widely used by cable operators for source programming |
| 0x0E00 | PowerVu+ | Scientific Atlanta | 2009 | ||
| 0x1000 | RAS (Remote Authorisation System) | Tandberg Television | Unknown | Professional system, not intended for consumers. | |
| 0x4AC1 | Latens Systems | Latens | 2002 | ||
| 0xA101 | RosCrypt-M | NIIR | 2006 | ||
| 0x4A60, 0x4A61, 0x4A63 | SkyCrypt/Neotioncrypt/Neotion SHL | AtSky/Neotion [3] | 2003 | ||
| Unknown | T-crypt | Tecsys | Unknown | ||
| 0x4A80 | ThalesCrypt | Thales Broadcast & Multimedia [4] | Unknown | Viaccess modification. Was developed after TPS-Crypt was compromised. [5] | |
| 0x0500 | TPS-Crypt | France Telecom | Unknown | Compromised | Viaccess modification used with Viaccess 2.3 |
| 0x0500 | Viaccess PC2.3, or Viaccess 1 | France Telecom | 1996 | ||
| 0x0500 | Viaccess PC2.4, or Viaccess 2 | France Telecom | 2002 | ||
| 0x0500 | Viaccess PC2.5, or Viaccess 2 | France Telecom | 2003 | ||
| 0x0500 | Viaccess PC2.6, or Viaccess 3 | France Telecom | 2005 | ||
| 0x0500 | Viaccess PC3.0 | France Telecom | 2007 | ||
| 0x0500 | Viaccess PC4.0 | France Telecom | 2008 | ||
| Unknown | Viaccess PC5.0 | France Telecom | 2011 | Secure | |
| Unknown | Viaccess PC6.0 | France Telecom | 2015 | ||
| 0x0930, 0x0942 | Synamedia VideoGuard 1 | NDS (now part of Synamedia) | 1994 | Partly compromised (older smartcards) | |
| 0x0911, 0x0960 | Synamedia VideoGuard 2 | NDS (now part of Synamedia) | 1999 | Secure | |
| 0x0919, 0x0961, 0x09AC, 0x09C4, 0x091F, 0x0944, 0x09AA | Synamedia VideoGuard 3 | NDS (now part of Synamedia) | 2004 | Secure | |
| 0x0927, 0x09BF, 0x0910, 0x0913, 0x098C, 0x098D, 0x098E, 0x0911, 0x0950, 0x09BB, 0x0987, 0x0963, 0x093B, 0x09CD | Synamedia VideoGuard 4 | NDS (now part of Synamedia) | 2009 | Secure | |
| 0x56D0 | Onnet CA/DRM | Onnet Systems India Pvt. Ltd. | 2021 | Secure | CA/DRM, IPTV Middleware, OTT, Interactive Services, STB Middleware, AR/VR |
| 0x4AD0, 0x4AD1 | X-Crypt | XCrypt Inc. | 2010 | Secure | |
| 0x4AE0, 0x4AE1, 0x7be1 | DRE-Crypt | Cifra | 2004 | Secure | |
| Unknown | PHI CAS | RSCRYPTO | 2016 | Secure |
Pirate decryption is the decryption, or decoding, of pay TV or pay radio signals without permission from the original broadcaster. The term "pirate" is used in the sense of copyright infringement. The MPAA and other groups which lobby in favour of intellectual property regulations have labelled such decryption as "signal theft" even though there is no direct tangible loss on the part of the original broadcaster, arguing that losing out on a potential chance to profit from a consumer's subscription fees counts as a loss of actual profit.
Viaccess is a conditional access system edit by Orange S.A. There are six versions in use today, Viaccess PC2.3, Viaccess PC2.4, Viaccess PC2.5, Viaccess PC2.6, Viaccess ACS3.x/Prime Sentinel, Viaccess ACS4.1, Viaccess ACS5.0, and Viaccess ACS6.x/Adaptive Sentinel.
A conditional access module (CAM) is an electronic device, usually incorporating a slot for a smart card, which equips an integrated digital television or set-top box with the appropriate hardware facility to view conditional access content that has been encrypted using a conditional access system. They are normally used with direct-broadcast satellite (DBS) services, although digital terrestrial pay TV suppliers also use CAMs. PC Card form factor is used as the Common Interface form of Conditional Access Modules for DVB broadcasts. Major CAM manufacturers are Airmod.tech and SMIT. Airmod, created in 2022, regroup CAM formerly managed by Neotion and SmarDTV.
CableCARD is a special-use PC Card device that allows consumers in the United States to view and record digital cable television channels on digital video recorders, personal computers and television sets on equipment such as a set-top box not provided by a cable television company. The card is usually provided by the local cable operator, typically for a nominal monthly fee.
VideoGuard, produced by NDS, is a digital encryption system for use with conditional access television broadcasting. It is used on digital satellite television systems - some of which are operated by News Corporation, which owned about half (49%) of NDS until its sale to Cisco in 2012. Since 2018 VideoGuard is improved and maintained by Synamedia. Its two most widely used implementations are Sky in the United Kingdom and Ireland and DirecTV in the United States, the former of which launched the digital version of the system in 1998.
Television encryption, often referred to as scrambling, is encryption used to control access to pay television services, usually cable, satellite, or Internet Protocol television (IPTV) services.
Nagravision is a company of the Kudelski Group that develops conditional access systems for digital cable and satellite television. The name is also used for their main products, the Nagravision encryption systems.
In Digital Video Broadcasting, the Common Interface is a technology which allows decryption of pay TV channels. Pay TV stations want to choose which encryption method to use. The Common Interface allows TV manufacturers to support many different pay TV stations, by allowing to plug in exchangeable conditional-access modules (CAM) for various encryption schemes.
Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers, produced by German multimedia vendor Dream Multimedia.
EuroCrypt is a conditional access system for Multiplexed Analogue Components-encoded analogue satellite television. It had several versions. It supported receivers with card slots and those with embedded keys. Its most widespread use was in Scandinavia, where the only EuroCrypt protected broadcasts remained until July 2006.
Downloadable Conditional Access System or DCAS was a proposal advanced by CableLabs for secure software download of a specific Conditional Access client which controls digital rights management (DRM) into an OCAP-compliant host consumer media device. The National Cable & Telecommunications Association (NCTA) proposed that DCAS be used as a substitute for physical CableCARDs, a standard also created by CableLabs for which products began appearing in August 2004 as part of industry compliance to the FCC mandate, which in turn is pursuant to the Telecommunications Act of 1996. DCAS is growing in popularity as a less expensive alternative for CableCARD, with major North American operator deployments from Cablevision and Charter. DCAS deployments can be expected to grow in the coming years, thanks to favorable regulatory view from the STELA Reauthorization Act of 2014 and FCC appointing a Downloadable Security Technical Advisory Committee, and wider support for key ladder (K-LAD) functionality from system-on-chip (SoC) vendors and set-top box manufacturers.
In television encryption, Cryptoworks is a DVB conditional access system, developed by Philips CryptoTec but now belonging to Irdeto.
Card sharing, also known as control word sharing, is a method of allowing multiple clients or digital television receivers to access a subscription television network with only one valid subscription card. This is achieved by electronically sharing a part of the legitimate conditional access smart card's output data, enabling all recipients to gain simultaneous access to scrambled DVB streams, held on the encrypted television network.
Multi-Choice TV (MCTV) is a television service provider in Barbados. It is a Multichannel Multipoint Distribution Service (MMDS) or DVB-C wireless microwave-based broadcast subscription television provider. They offer a variety of packages which can be considered as comparatively priced to similar providers throughout the world.
Satellite television is a service that delivers television programming to viewers by relaying it from a communications satellite orbiting the Earth directly to the viewer's location. The signals are received via an outdoor parabolic antenna commonly referred to as a satellite dish and a low-noise block downconverter.
A free-to-air or FTA Receiver is a satellite television receiver designed to receive unencrypted broadcasts. Modern decoders are typically compliant with the MPEG-2/DVB-S and more recently the MPEG-4/DVB-S2 standard for digital television, while older FTA receivers relied on analog satellite transmissions which have declined rapidly in recent years.
The Netherlands now has three major forms of broadcast digital television. Terrestrial (DVB-T), Cable (DVB-C), and Satellite (DVB-S). In addition IPTV services are available. At the end of the first quarter of 2013 almost 84% of the households in the Netherlands had some form of digital television.
Dream Satellite TV was the first all-digital Direct-To-Home (DTH) television broadcasting service via satellite in the Philippines. Broadcasting from the Dream Broadcast Center located at the Clark Special Economic Zone in Pampanga. Content is received from program providers, compressed and broadcast via Koreasat 5 in DVB-S and NTSC color format exclusively to its subscribers using the Integrated Receiver-Decoder and the Conax/Nagravision 3 Encryption System.
The Vu+, is a series of Linux-powered DVB satellite, terrestrial digital television receivers, produced by Korean multimedia brand Ceru Co., Ltd.
Unibox is a satellite, cable and terrestrial digital receiver. It has been distributed widely for use with Pay TV. It also enables the receiver to store digital copies of MPEG TS on internal harddisk or networked filesystems.
