Content security
Aug 1, 2007 12:00 PM, BY ANDY MATHIESON
Downloadable conditional access systems create a buzz.
Many operators and broadcasters have a fraught relationship with their conditional access (CA) provider. Having supplied CA for a long time, I think I know why. Spending money on CA doesn't win you extra customers or make your service any better. It can be costly to deploy, and it often introduces inflexibility. On occasion, it even slows down the introduction of new business models. So, perhaps it's no wonder that the relationship's often strained.
Figure 1. Lyse Tele’s EPG for its advanced IPTV service
Downloadable CA systems (DCAS) are creating a buzz within the industry. In this article, I'll explain how DCAS solve most of the issues introduced by the hardware element of CA.
Before I go any further, I would like to explain that although I think the smart card/embedded chip is the root of most of the issues with CA today, the hardware approach made a lot of sense when it was first introduced. That was in the early days of pay-TV. The standard method developed to secure content and revenues was to use embedded CA systems within the set-top box (STB) itself. This approach, however, has the limitation that a serious hack could necessitate the replacement of all an operator's STBs. To ensure that the CA system could be updated without replacing the STB, a removable CA module — the smart card — dominated many markets.
Over time, however, limitations to this approach became apparent. Smart cards are costly to produce, distribute and manage. Following a serious piracy attack, all smart cards would have to be changed.
Smart cards also reduce operator flexibility. For instance, an operator may have to wait until the next smart card switch before introducing new business models and content packaging strategies.
Two decades later, DCAS are quickly gaining acceptance as it becomes understood that their deployment removes the main problems associated with hardware-based CA, including:
- Deployment
Downloadable CA is much more cost-effective to deploy.
- Replacement
Downloadable CA can be replaced easily and cost-effectively, removing the vendor lock-in issue.
- Management
DCAS are much easier to manage and distribute.
- Flexibility
The complexity of hardware-based CA can drastically reduce an operator's flexibility.
- Security
Hardware-based CA offers a fixed target, and the smart card is the best method for a hacker to profit from a hack. Both security issues are avoided with DCAS.
Downloadable CA in IPTV
Almost all of the first systems commercially deployed were at IPTV networks. There are several reasons IPTV operators chose DCAS, including the fact that many had a fresh approach and limited budgets. The smaller IPTV operators also knew they would be unlikely to come under concerted attack.
Figure 2. The network architecture employed at Multimedia Polska
Click image to enlarge.
All IPTV operators needed a security approach that maximized operational flexibility — as flexibility would be a key advantage over incumbent pay-TV operators. For these reasons, DCAS became, and still remain, the de facto standard security method for IPTV.
However, at the two extremes of IPTV in terms of size and complexity (i.e. Tier-1 and Tier-3 operators) telco TV operators have different architectures, challenges and business models. Despite this, Tier-1 and Tier-3 operators are usually offered similar IPTV content and revenue security solutions.
Case study: Lyse Tele
An example of a company that has effectively integrated CA solutions with its middleware set-up is the Norwegian IPTV operator Lyse Tele. This operator required the advanced functionality of a fully featured CA system to support its ambitious network and business plans.
Lyse Energi is a Norwegian utility company that provides gas and electricity to more than 100,000 customers in the South Western region of Norway. The subsidiary Lyse Tele was formed to provide a triple-play package of telephone, TV and Internet services.
Following deregulation, the company saw the founding of a telecommunications division as both a defensive measure — reducing churn from new competitors by offering customers an enhanced service — as well as an offensive measure — and gaining new revenue streams from a triple-play offering. Broadband services are a natural extension of the company's traditional product offerings, delivering new products through a wired communication infrastructure that can be laid alongside Lyse's traditional power services.
The content security system was designed to allow Lyse Tele to move from the present centralized architecture to a distributed network whenever the business case made such a transition viable. The transaction processing architecture allows the company complete flexibility of marketing models and packaging of pay-TV content. The flexibility of DCAS also allowed the company to easily move to a franchise business model, through which Lyse enables other companies throughout Scandinavia to launch IPTV services.
The flexibility provided by DCAS means that Lyse Tele can employ whichever business models it decides best suit its goals and consumer preferences. When running on a bidirectional network, DCAS also enable the CA provider to view the status and efficiently administer, operate and maintain security remotely.
| Want to use this article? Click here for options! |  |
