What is Conditional Access? hero graphic

What is Conditional Access?

Posted On

By Bo Ferm


Until the late 1950s, the TV industry had a single business model: Sell advertising or product placement to pay for programming. With the gradual introduction of pay-TV in the 60s, this model began to change. 

When it comes to charging for content and protecting the associated revenues, the basic requirement was (and still is) access control. To control access, companies encrypt content so only subscribers paying their bills can access and watch it. Pay-TV operators adopted conditional access systems (CAS) to manage content security and ensure that they and other rights holders could monetize their assets.

The conditional access (CA) model is still used for transmission of digital video broadcasting over satellite and terrestrial networks, as well as telco IPTV (a.k.a. managed IPTV), although they both have been complemented with digital rights management security for OTT (streaming video over the Internet).

How Conditional Access Systems Work

One of the major challenges with broadcasting is that it is a one-way distribution system. Under this system, the satellite or cable feed is distributed to everyone, and the transmitting organization does not receive any feedback regarding who is picking up their feed or what they are doing with it. 

Here’s how conditional access systems work: The transmitter (for example, the pay-TV operator) encrypts their content and provides subscribers with the means to decrypt it via their set-top boxes (STB) aided by some CA-specific messages.

This decryption process of CA systems can be explained by looking at how a digital receiver such as an STB works:

  1. The broadcaster encrypts its content.
  2. The content is sent over satellite, terrestrial, or cable networks to a user’s STB.
  3. The STB has the technology to decrypt the feed but needs the specific encryption key from the provider to do so, together with an entitlement that confirms the user may decrypt this content.
  4. This encryption key is wrapped in an entitlement control message (ECM), a process that is repeated up to several times a minute. The ECM is sent to each receiver. The internal structure of ECMs are proprietary per CA vendor, but the mechanism of inserting ECMs into the MPEG Transport Stream is standardized through DVB Simulcrypt, an interface specification.
  5. The user’s receiver contains unique (secret) information, which confirms the authority to receive an entitlement management message (EMM). These EMMs are sent much less frequently and they inform each STB what content it is allowed to decrypt. The EMM can be said to contain the “channel line-up” for each subscriber although EMMs are not limited to linear (broadcast) channels but can be used for on-demand content too.
  6. If the CAS keys contained in EMMs and ECMs were to be hacked, the CAS vendor has to initiate piracy counter measures that could mean replacing smart cards (if such are still used) or taking other remedial action depending on the circumstances and the CA technology in use.

The CAS uses the EMM to specify a user’s unique entitlement (such as the channels paid for) to enable decryption of the signal. In the same way, if a user fails to pay their bill or drops a channel from their package, it will remain encrypted and not available for watching. 

Conditional Access Solutions and Standards

For digital TV, the concern over pay-TV security is even greater. Unlike analog content, which deteriorates with each subsequent copy, each “copy” of digital content is as good as the original. So, for the digital age, content providers have had to find new ways to ensure content security and enable full monetization of rights.

Specifically, digital content providers have adopted a variety of CAS solutions such as the DigiCipher 2 (DCII) from General Instruments (the company was later split into three and the parts divested), Nagravision from Nagra Kudelski, and VideoGuard from what originated as NDS, today named Synamedia. One of the most widely used industry standards is the Digital Video Broadcasting (DVB) standard. This is an open standard service managed by an international committee consisting of broadcasters, equipment vendors, and other companies with an interest in digital broadcasting. 

It is also a good example of how CAS technology addresses the challenges traditional broadcasters face. The DVB-CI (Common Interface) and CI+ standards allow device manufacturers to work with many different CA systems and the DVB-CSA (Common Scrambling Algorithm) standard provides the cipher that encrypt the content. The DVB standard also specifies SimulCrypt as a methodology to reduce the amount of bandwidth it takes to transmit video if more than one CAS is deployed. With Simulcrypt compliant CA systems the video is only transmitted once to all subscribers, who then also receive EMMs and ECMs to help determine what content they may watch. 

Another major issue for broadcasters is that if a CAS system was hacked (which would generally happen after three to four years with smart card-based systems), the pay-TV operator had to pay for and send new smart cards with new unique information, thus rendering the old cards useless. This represents a major cost and considerable operational challenges for pay-TV operators, thus hitting them with additional CAPEX (purchase new cards) and OPEX (logistics of card distribution). 

Cardless CAS and the advent of two-way communications means that smart cards for pay-TV are becoming obsolete in most markets. With cardless security, the anti-piracy countermeasures can usually be managed over-the-air.

Why Conditional Access Matters

As the world becomes more digital, rights holders and content producers face new challenges when it comes to monetizing their content and preventing piracy. As a result, DRM has come to complement CA systems as an improved form of content security for digital transmission over IP-based networks such as the Internet. DRM has the advantage that it can use two-way (IP) networks to communicate between head-end and receivers, which enables far better security approaches compared to one-way networks. 

However, CAS still plays an important role for pay-TV broadcasters using one-way networks, typically satellite or terrestrial transmission. 

Finding a Balance 

With the growth of OTT streaming services, content providers must find a balance between the functions of CAS and DRM. Moving solely to DRM does not suit the existing infrastructure while sticking only to CAS limits potential growth into new markets and technologies such as OTT services.

Thus, broadcastersespecially well-established onesneed a blend of CAS and DRM. This blended model can help organizations harness the power and reach of adaptive bitrate streaming for OTT services, while at the same time bolstering their subscription models.

On the Intertrust website you can read more about how Intertrust is bridging CAS and DRM. You’ll learn about how the seamless transmission of 4K/UHD content is being enabled by our ExpressPlay XCA™ solution, which brings CAS and DRM together into a single unified infrastructure.

Location is becoming even less important in the digital world, which can cause issues for the proper use of content created by national broadcasters. Across the world, legacy national broadcasters (such as the BBC in the UK or RAI in Italy) use a government-imposed charge to fund this public service. This fund then makes it free for the citizens of that country to access the content. 

CAS, this time based on location rather than paying a fee, is thus essential for these organizations to continue to provide free-to-air services to people in their own countries while blocking access to those outside, which is an essential rights holder licensing requirement.

Conditional access is still a very important tool in the fight against piracy for broadcasters over one-way networks. It ensures rights holders and content providers get returns on their investment and effort. 

As one of the world’s leaders in security solutions and the inventor of DRM, Intertrust brings the latest technology and security techniques to the pay-TV model. To find out more about our converged DRM and CAS solution, and how it helps broadcasters and content providers all over the world, get in touch with our team.

Bo Ferm

About Bo Ferm

Bo Ferm is a Product Marketing consultant for Media Solutions at Intertrust Technologies. He is a versatile technology professional with 30+ years of successful B2B positions in Europe, North America and South East Asia. He has worked extensively with pay-TV technologies, with the past 12 years dedicated to content security in various forms.