Conditional Access - Revenues in; Racketeers out

With the advent of digital TV, broadcasters are looking to cash in on the new service options the technology affords them. Yet none of this new complexity could be commercialised without the use of conditional access systems - the systems that authenticate genuine, paying subscribers and provide broadcasters with the necessary tools to manage and bill their service offerings.

CA systems encrypt the content as it is transmitted from the broadcaster and then decrypt it at the subscriber's set-top box, thereby protecting it from thieves and hackers. The systems also protect and control the information accessed from the viewer's smart card, determining what programming they can watch and when.

The most vital job of any conditional access system is to secure the broadcast signal, which is an ongoing challenge for CA companies. The proliferation of set-top boxes with smart cards - not to mention the huge increase in data being handled by numerous companies before it reaches the TV set - has created new openings for hackers. 'Most conditional access systems have been hacked at some time or another,' says Dr Abe Peled, CEO of NDS. 'Sometimes hackers intercept the keys sent to the set-top boxes to decrypt 'Pay-Per-View' (PPV) and sometimes they reverse-engineer the smart card.'

NDS's own response to this has been to use algorithms instead of keys in PPV systems, and to make the smart card unhackable. 'We've decided not to use commercially available chips in our smart cards, but even then hackers can find them so we use lots of different chips,' says Peled. NDS has to be careful because its customers UK-based BSkyB and US-based DirecTV (US-based) serve millions of viewers, and any successful hacking spree would seriously dent a company's financial stability. 'Sky hasn't been hacked for four years,' says Peled. 'If a hacker got Sky that would be a really big deal, so it's essential the security works.'

top

Ahead of the game

Conditional access companies have to maintain a constant dialogue with their customers and continually monitor any possible weaknesses in their systems. 'Our technology is continually developing in order to stay ahead of pirates,' says Stewart Palmer, vice-president of engineering at conditional access supplier Irdeto.

'Whether we're winning the race or not depends on which technology you're talking about. The smart card is definitely the weakest link but the DECSS incident - where hackers published the code for breaking DVD encryption - shows that an attack can come from anywhere. We move forward by being open with our customers about the dangers and learning from experience,' he says.

Amino Communications, a firm that produces digital rights protection technology, has another way of dealing with hackers. 'The bulk of watermarking technology is about identifying the copyright owner, but in order to catch hackers, you need to identify who has stolen the content in the first place,' says Amino's CTO Martin Gilbert. 'At some point the content has to be decrypted, so there will always be a way in for hackers. We take the ID from the smart card, encrypt it, and bury it in the content. If someone copies content from the TV to a DVD disk, we can then trace who's responsible for that.'

Crucial

CA systems do not just keep out hackers, they are also an essential part of the networks' business strategy. The CA system interfaces with a network's database of customers in order to verify that a viewer is authorised to access content. Thus CA systems are vital when networks are considering new business models. PPV, especially, is becoming more flexible thanks to new CA technology.

BSkyB uses the NDS conditional access system to find new ways to present PPV broadcasting. 'Pay-Per-View has been around for a while, but only in the pay-ahead format,' says NDS's Peled. 'This is because a key has to be sent to the set-top box, and if a large amount of viewers requested a programme at the same time, the bandwidth wouldn't be able to deal with it,' he adds.

However, NDS's use of algorithms means that impulse Pay-Per-View is now possible. 'You can address the whole Sky population in minutes. It means broadcasters can offer something like a sports match to the post-pub crowd,' says Peled.

top

Platform independence

So far, CA system companies have built a market for themselves by collaborating closely with network providers - but new open standards are challenging the status quo. CA systems include a module within the set-top box that proves the viewer is entitled to see the content.

When multi-channel TV was first being developed, that security technology was proprietary and viewers had to have the model of set-top box their provider dictated. Now, with customers wanting to buy their own set-top boxes, conditional access companies and set-top box manufacturers are having to place the security module within the smart card or another removable device, rather than in the box, making the CA system 'hardware-agnostic'.

'When the big network providers first started out they all had their own boxes which they subsidised. That makes it difficult for small providers, who can't afford to give away their boxes free and so has created the market for the conditional access module,' says Manfred Mueller, director of strategic business development at conditional access module company SCM Microsystems.

The EU has mandated that, by the beginning of 2002, all new set-top boxes must have a common interface that will take any smart card or security module. This is good news for viewers but it is also good news for the consumer electronics industry. If viewers are able to buy their own set-top box or digital TV, the networks no longer control the set-top box market and the door is open for more expensive, higher specification boxes.

top

'The consumer electronics industry is very happy with the modular approach,' says Mueller. 'But the providers that subsidise set-top boxes are going to have to change their business plans. Viewers will be able to change their providers much more easily and it will shake up the market,' he adds. Mueller does not think, however, that this will kick-start a rush for integrated digital TVs. 'People will want to upgrade their technology and it's easier to buy a new set-top box than a new TV,' he says.

CA providers also need to deal with the fact that some channels are shown over more than one network, with the networks all using different CA systems. In the UK, for example, many channels are simultaneously broadcast over the BSkyB satellite system, NTL and Telewest's cable systems, as well as the terrestrial ITV Digital platform.

This potential problem has been overcome with a technology called 'Simulcrypt', which is specified by the Digital Video Broadcast standard. Simulcrypt enables the channel to be broadcast only once along with its various 'entitlement management messages (EMM)', but the security module will only recognise the EMMs relating to the viewer's provider.

This control not only saves bandwidth and cost for the broadcasters, it also precipitates a far more open CA market in Europe and creates a situation where CA companies will have to try harder to differentiate their systems. 'Each CA provider had carved out a little niche for themselves with a particular set of providers, but content owners want to repurpose content for any platform and don't want to be held back by the CA system,' says Gilbert of Amino.

'The market is convergent now and everyone is suddenly going head to head. Simulcrypt allows CA systems to work together and allows other people to come onto your turf. The CA providers are going to have to abandon proprietary technology in favour of becoming 'service' providers,' adds Gilbert.

top

Opportunities

Although the market is becoming more open and more competitive for CA system providers, there are also other opportunities on the horizon. One of these is the advent of personal video recorders (PVRs), which require encryption technology for the hard disc, and Video-on-Demand (VOD).

Both PVRs and Video-on-Demand also need encryption that can cope with viewers forwarding and rewinding video as it is being broadcast. The conditional access companies are working on perfecting this technology using 'Real Time Streaming Protocol', a technology developed for streaming video over IP.

Although the Video-on-Demand market is still very circumscribed, some CA system companies think this is where the future lies. 'Video-on-Demand using technologies such as DSL is waiting to happen and we want to be in there when it does,' says Palmer of Irdeto. 'According to Forrester Research, by 2005, 29 million people around the world will have server-based Video-on-Demand. We're firm believers in IP because the bandwidth is owned by the telcos and they're only using 20 per cent of it,' he says.

Thus, for CA companies, the future looks bright. Having built a market for themselves in a predominately analogue world, the switch to digital broadcasting together with the convergence of distribution platforms and devices, means their market is on the verge of dramatic growth.

top