CORDIS Archive
This page has been archived. It will no longer be updated.
Originator : Massimo Cicardo - Stream
Reference : AC219-WP2-STREAM-97002-MM-AC/a
Date : 19th June 1997
Synopsis :
This document contains the report of the "Conditional Access" Workshop held in Brussels, Belgium, on 4th June 1997 during the 6th Concertation meeting and hosted by the Commission.
General - Main topics of the meeting and action points - Conditional Access for digital TV - Functionality and architecture of a Conditional Access system - The DVB project: main objectives and results - Market availability - OKAPI Approach - Smart Card Technology - Open Discussion - Summary of future action points - Annex A: List of participants-
Copy list: Eurorim rapporteurs of Domain 1, participants to the Meeting
History : Version Date Reason to change
a 7.2.97 First version reviewed by J.M.Boucqueau
On 4th June 1997 in the morning, the "Conditional Access" workshop took place in Brussels during the 6th Concertation Meeting (3rd and 4th of June). The workshop was hosted at the Royal Crown Hotel in Avenue Royal and chaired by Jean-Marc Boucqueau (Okapi/UCL).
The projects participating to the workshop were the following: DIGISAT, OKAPI, EURORIM, ISIS, OCTALIS, SMASH, TELESHOPPE and TALISMAN. The commission was represented by Francisco Guirao Moya. The list of participants at the meeting as well as the cross references between participants and projects are given in Annex A.
The objectives of the meeting consisted mainly on the identification and discussion of the main issues concerning the implementation of a Conditional Access system
The workshop was organised according to the following steps:
The main features of a Conditional Access system have been presented by the chairman of the workshop, Mr. Jean-Marc Boucqueau (UCL), who structured the presentation in order to give an overall view of the subject and to identify the most critical issues concerning the implementation and integration of a Conditional Access system into an operating platform for digital television services (such as pay-tv, pay-per-view, near-video-on-demand, etc.).
The following chapters contain a summary of the topics that have been covered during the session.
To introduce the subject, the speaker explained the role of the "scrambling" process, describing the path followed by the signal through the scrambling module at the head-end site and the descrambling module at the end-user side and pointing out the role of synchronisation and signalling between the modules to guarantee a proper operation.
The functionality of the control key and the operation/management keys have been covered later: for the former, the process of enciphering the control key (the so called "control word" used to scramble the audio/video signal) with the operation key, the generation and the transmission to all users of the ECM messages have been described. For the latter, the speaker focused on the process of enciphering the operation/management keys (organised as a hierarchy of keys), the generation and the transmission (to a single user, a group of users or all users) of the EMM messages and the storage of the entitlements.
Afterwards the architecture of a Conditional Access system, in terms of equipment required and functions performed, have been depicted both at the head-end side (sending end) and at the user side (reception end); for the latter, in particular, the speaker pointed out the modular architecture of the user's STB and the functionality of each module (demodulation, demultiplexing, descrambling, etc.).
Emphasis has been given to the concept of "transcontrol", that is the process that allows to have different CA system in use on either side of a boundary between transmission media (for example at the boundary between satellite and cable transmissions). This process, thanks to the use of the common scrambling algorithm, allows to change the CA system without changing the scrambling signal, in particular without descrambling and rescrambling. This technique, therefore, allows the change of control over the signal to be achieved at low cost.
The DVB project deals with the Conditional Access issues at three different levels: there is an "Ad-hoc group on Conditional Access" which consist of parties concerned with the subject from the DVB membership. This group, which attempted to set out the ground rules, convened a "CA specialist
group" to undertake technical task, which in itself has a number of sub-groups regarding specialist subjects.
The main results of the "CA specialist group" concern the following subjects:
The DVB has defined a Common Scrambling Algorithm for DVB transmissions (specified by the crypto-experts sub-group). The specifications are available through ETSI: because the details of the scrambling are related to the security of the broadcast signals, the specifications are not published but are available to companies signing a non-disclosure agreement.
The objectives pursued by the DVB project to define the transport and filtering mechanism of ECM and EMM were the following: transport of these messages should be based on MPEG2 system, the same filtering mechanism should be adopted for all CA systems and transcontrol should be possible.
Those objectives have led to the following technical choices:
Concerning this subject, the following two solutions have been proposed by the DVB "CA specialist group":
The Simulcrypt solution is based on the possibility to incorporate in a DVB transmission the means to carry multiple messages which all enable control of the same scrambled broadcast but are generated by a number of different CA systems.
This system allows scrambled signals to be received by decoders using different access control systems. The principle of the system is that a single control word is used and drives the scrambling process. Then the different ECMs and EMMs needed for the various access control systems are sent over-the-air together. Anyone decoder picks out the information it needs and ignores the other codes.
The European DVB project has designed a Common Interface for use between the Integrated Receiver Decoder (IRD) and the CA system. In such a solution, the IRD contains only those elements that are needed to receive clear broadcast (i.e. tuning, demodulation, demultiplexing), while the Conditional Access elements (i.e. the common descrambler, together with proprietary CA components) reside in a fully detachable module which can be inserted in an interface socket inside a DVB receiver.
Therefore, the CA system is contained in a low-priced, proprietary module (i.e. PCMCIA) which communicates with the IRD via the Common Interface (no secret conditional access data passes across the interface). This approach allows broadcaster to use CA modules which contain solutions from different suppliers, thus increasing their choice and anti-piracy options.
The following table summarise the advantages and drawbacks of both approaches:
|
|
| ||
|
SIMULCRYPT |
Technically simple No need for further specification No impact on the decoder |
Need of commercial agreements The global security is the security of the weakest system | |
|
MULTICRYPT |
Low cost decoder because wide distribution Decoder may be integrated in the TV Allows evolution of CA or introduction of a new CA in the system The Common Interface can be used for other applications |
Cost of the module Equipment not available (at the moment STB fully compliant with the Common Interface specification are available only as prototypes) |
Hereafter the main Conditional Access systems commercially available and the relative suppliers are listed:
The main goal of OKAPI is the achievement of CA openness, equity and interoperability.
With these objectives in mind, OKAPI sees the evolution of Conditional Access systems as follows (four steps have been identified):
Smart cards are a key issue for a conditional access system. The main features and functionality of this fundamental tool have been overview by Mr. Jan Van Eenoo, from the Giesecke & Devrient company (providing Siemens smart cards).
Firs of all, the speaker addressed the microprocessor chip issue. 4 types can be presently found on the market:
These chips include RAM, ROM and EEPROM (EEPROM is disappearing, replaced by FRAM). These memories size range have been provided for a certain number of Siemens smart cards. Chips are inserted into masks, one mask per level. One of the mast improvements of the Siemens smart cards was related to these masks, optimised for different ROM associated for the different O.S. (GSM, STARCOS, ICAROS). A softmask is also designed for the EEPROM.
The speaker insisted on the customisability allowed by development tools like STARCOS (O.S. for the Siemens ones). It let to the card life cycle, demonstrating the multi application aspect combined with portability (thanks to the compliance with existing and largely applied standards). More details about the STARCOS O.S. where provided, focusing on the large offer in cryptographic modules.
Finally, a last section was devoted to the security features of smart cards. From the HW point of view, a scrambling and different layers of silicium characterise the chip. From the SW point of view, encryption and file access rights (with certain file physically protected) grant a high security level.
return to begin
After the two presentations, a discussion was opened in order to identify the possible area of cooperation between OKAPI and the other ACTS projects.
Among those projects represented at the workshop, ISIS and DIGISAT renewed their interest in the collaboration with OKAPI, because both projects need to implement a CA system (that could guarantee openness and interoperability) but they have not scheduled any internal activity for the development of such a system. For this main reason, both projects look outside for someone who could provide this functionality.
The following open issues have been identified:
The chairman and the attendees have agreed that, for the time being, there is no need for future workshops. In case that new arguments of discussion are identified (a FAQ process will be set up by the chairman in order to identify such issues), a new workshop could be organised possibly including the participation of speakers expert on the subject of Conditional Access both internal and external to the ACTS program.
|
|
|
|
|
|
|
| Christophe Augustyniak | G&D | +32.2.7120509 | |||
| Jean Marc Boucqueau | OKAPI OCTALIS |
UCL | +32.10.478072 | +32.10.478029 | boucqueau@tele.ucl.ac.be |
| Massimo Cicardo | EURORIM | Stream | +39.6.8866 3398 | +39.6.8866 3391 | massimo.cicardo@stream.it |
| Horst Clausen | ISIS | Univ. Salzburg | +43.662.80446307 | clausen@cosy.sbg.x.at | |
| Jan Van Eenoo | G&D | +32.2.7120501 | |||
| Francisco Guirao | European Commission | +32.2.296.0096 | +32.2.295 0654 | francisco.guirao@bxl.dg13.cec.be | |
| Marisan Lebaw | SMASH | Univ. Ljubljana | +386.61.1768354 | lebawn@fe.uni-lj.si | |
| Jean Paul Lefevre | TELESHOPPE | Agora Conseil | +33.476984170 | jplefevre@compuserve.com | |
| Benoit Macq | OKAPI | UCL | +32.10.472271 | +32.10.472089 | macq@tele.ucl.ac.be |
| Steffen Malmros | European Commission | +32.2.2963401 | stefan.malmros@bxl.dg13.cec.be | ||
| Gabriele Mocci | ISIS | Nuova Telespazio | +39.6.4079 3897 | +39.6.4079 3933 | gabriele_mocci@telespazio.it |
| Hector Prieto | DIGISAT | Hispasat | +34.1.372 9000 | +34.1.307 6683 | telecom@hispasat.es |
| Catherine Simon | TALISMAN OCTALIS |
Thomson | +33.1.46132594 | catherine.c.s.simon@thomson.fr | |
| Guy Verniers | G&D | +32.2.7120501 |