Conditional access (CA) is a term commonly used in relation to

software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...

and to

digital television Digital television (DTV) is the transmission of television signals using digital encoding, in contrast to the earlier analog television technology which used analog signals. At the time of its development it was considered an innovative adva ...

systems. Conditional access is that ‘just-in-time’ evaluation to ensure the person who is seeking access to content is authorized to access the content. Said another way, conditional access is a type of access management. Access is managed is by requiring certain criteria to be met before granting access to the content.

In software

Conditional access is a function that lets you manage people’s access to the software in question, such as email, applications, and documents. It is usually offered as

SaaS Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software. SaaS is con ...

(Software-as-a-Service) and deployed in organizations to keep company

data In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted ...

safe. By setting conditions on the access to this data, the organization has more control over who accesses the data and where and in what way the information is accessed. When setting up conditional access, access can be limited to or prevented based on the policy defined by the

system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to en ...

. For example, a policy might require access is available from certain networks, or access is blocked when a specific

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...

is requesting the access.

In digital television

Under the Digital Video Broadcasting (DVB) standard, conditional access system (CAS) standards are defined in the specification documents for DVB-CA (conditional access),

DVB-CSA The Common Scrambling Algorithm (CSA) is the encryption algorithm used in the DVB digital television broadcasting for encrypting video streams. CSA was specified by ETSI and adopted by the DVB consortium in May 1994. It is being succeeded by CSA3, ...

(the common

scrambling Scrambling is a mountaineering term for ascending steep terrain using one's hands to assist in holds and balance.''New Oxford American Dictionary''. It is also used to describe terrain that falls between hiking and rock climbing (as a “scramb ...

algorithm) and

DVB-CI In Digital Video Broadcasting, the Common Interface (also called DVB-CI) is a technology which allows decryption of pay TV channels. Pay TV stations want to choose which encryption method to use. The Common Interface allows TV manufacturers to ...

(the

Common Interface In Digital Video Broadcasting, the Common Interface (also called DVB-CI) is a technology which allows decryption of pay TV channels. Pay TV stations want to choose which encryption method to use. The Common Interface allows TV manufacturers to ...

). These standards define a method by which one can obfuscate a digital-television stream, with access provided only to those with valid decryption smart-cards. The DVB specifications for conditional access are available from th
standards page on the DVB website
This is achieved by a combination of

and

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...

. The data stream is scrambled with a 48-bit secret key, called the ''control word''. Knowing the value of the control word at a given moment is of relatively little value, as under normal conditions, content providers will change the control word several times per minute. The control word is generated automatically in such a way that successive values are not usually predictable; the DVB specification recommends using a physical process for that. In order for the receiver to unscramble the data stream, it must be permanently informed about the current value of the control word. In practice, it must be informed slightly in advance, so that no viewing interruption occurs.

Encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...

is used to protect the control word during transmission to the receiver: the control word is encrypted as an ''entitlement control message'' (ECM). The CA subsystem in the receiver will decrypt the control word only when authorised to do so; that authority is sent to the receiver in the form of an ''entitlement management message'' (EMM). The EMMs are specific to each subscriber, as identified by the smart card in his receiver, or to groups of subscribers, and are issued much less frequently than ECMs, usually at monthly intervals. This being apparently not sufficient to prevent unauthorized viewing, TPS has lowered this interval down to about 12 minutes. This can be different for every provider, BSkyB uses a term of 6 weeks. When Nagravision 2 was hacked,

Digital+ Digital usually refers to something using discrete digits, often binary digits. Technology and computing Hardware *Digital electronics, electronic circuits which operate using digital signals **Digital camera, which captures and stores digital i ...

started sending a new EMM every three days to make unauthorized viewing more cumbersome. The contents of ECMs and EMMs are not standardized and as such they depend on the conditional access system being used.https://www.itu.int/dms_pubrec/itu-r/rec/bt/R-REC-BT.1852-1-201701-I!!PDF-E.pdf The control word can be transmitted through different ECMs at once. This allows the use of several conditional access systems at the same time, a DVB feature called ''simulcrypt'', which saves bandwidth and encourages multiplex operators to cooperate
DVB Simulcrypt
is widespread in Europe; some channels, like the

CNN International CNN International (CNNI, simply branded on-air as CNN) is an international television channel that is owned by CNN Global. CNN International carries news-related programming worldwide; it cooperates with sister network CNN's national and inte ...

Europe from the Hot Bird satellites, can use 7 different CA systems in parallel. The decryption cards are read, and sometimes updated with specific access rights, either through a

conditional-access module A conditional access module (CAM) is an electronic device, usually incorporating a slot for a smart card, which equips an integrated digital television or set-top box with the appropriate hardware facility to view conditional access content ...

(CAM), a PC card-format card reader meeting DVB-CI standards, or through a built-in

ISO/IEC 7816 ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, and more recently, contactless mobile devices, managed jointly by the International Organization for Standardization (ISO) ...

card reader, such as that in the Sky Digibox. Several companies provide competing CA systems; ABV,

VideoGuard VideoGuard (sometimes referred to simply as ''NDS''), produced by NDS, is a digital encryption system for use with conditional access television broadcasting. It is used on digital satellite television systems - some of which are operated by News ...

, Irdeto,

Nagravision Nagravision (or Nagra Kudelski or simply Nagra) is a company of the Kudelski Group that develops conditional access systems for digital cable and satellite television. The name is also used for their main products, the Nagravision encryption syste ...

Conax Conax develops television encryption, conditional access and content security for digital television. Conax provide CAS technology to pay TV operators in 85 countries. The company has offices in Norway (headquarters), Russia, Germany, Brazil, t ...

Viaccess Viaccess is a conditional access system edit by Orange S.A. There are six versions in use today, Viaccess PC2.3, Viaccess PC2.4, Viaccess PC2.5, Viaccess PC2.6, Viaccess ACS3.x/Prime Sentinel, Viaccess ACS4.1, Viaccess ACS5.0, and Viaccess ACS6.x/A ...

, Synamedia,

Mediaguard MediaGuard is a conditional access system for digital television developed by SECA (Société Européenne de Contrôle d'Accès; renamed to Canal+ Technologies SA) (CEO François Carayol), a subsidiary of Canal+ Group, sold to Thomson (CEO Thierry ...

(a.k.a.

SECA The SecA protein is a cell membrane associated subunit of the eubacterial Sec or Type II secretory pathway, a system which is responsible for the secretion of proteins through the cell membrane. Within this system the SecA ATPase forms a translo ...

) are among the most commonly used CA systems. Due to the common usage of CA in DVB systems, many tools to aid in or even directly circumvent encryption exist. CAM emulators and multiple-format CAMs exist which can either read several card formats or even directly decrypt a compromised encryption scheme. Most multiple format CAMs and all CAMs that directly decrypt a signal are based on reverse engineering of the CA systems. A large proportion of the systems currently in use for DVB encryption have been opened to full decryption at some point, including Nagravision, Conax, Viaccess, Mediaguard (v1) as well as the first version of VideoGuard.

Conditional access in North America

Canada Canada is a country in North America. Its ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, covering over , making it the world's second-largest country by tot ...

and

United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...

, the standard for conditional access is provided with

CableCARD CableCARD is a special-use PC Card device that allows consumers in the United States to view and record digital cable television channels on digital video recorders, personal computers and television sets on equipment such as a set-top box not pr ...

s whose specification was developed by the cable company consortium

CableLabs Cable Television Laboratories, Inc. (CableLabs) is a nonprofit corporation promoting innovation as a research and development lab founded in 1988 by American cable operators. System operators from around the world are eligible to be members. Th ...

. Cable companies in the United States are required by the

Federal Communications Commission The Federal Communications Commission (FCC) is an independent agency of the United States federal government that regulates communications by radio, television, wire, satellite, and cable across the United States. The FCC maintains jurisdiction ...

to support CableCARDs. Standards exist for two-way communication (M-card), but

satellite television Satellite television is a service that delivers television programming to viewers by relaying it from a communications satellite orbiting the Earth directly to the viewer's location. The signals are received via an outdoor parabolic antenna comm ...

has separate standards. Next-generation approaches in the United States eschew such physical cards and employ schemes using downloadable software for conditional access such as DCAS. The main appeal of such approaches is that the access control may be upgraded dynamically in response to security breaches without requiring expensive exchanges of physical

s. Another appeal is that it may be inexpensively incorporated into non-traditional media display devices such as

portable media players A portable media player (PMP) (also including the related digital audio player (DAP)) is a portable consumer electronics device capable of storing and playing digital media such as audio, images, and video files. The data is typically stored o ...

Conditional access systems

Conditional access systems include:

Analog systems

* EuroCrypt *

Videocipher VideoCipher is a brand name of analog scrambling and de-scrambling equipment for cable and satellite television invented primarily to enforce Television receive-only (TVRO) satellite equipment to only receive TV programming on a subscription basis ...

VideoCrypt VideoCrypt is a cryptographic, smartcard-based conditional access television encryption system that scrambles analogue pay-TV signals. It was introduced in 1989 by News Datacom and was used initially by Sky TV and subsequently by several other bro ...

Digital systems

References

External links

CAS history
in Spanish
CA ID list on dvbservices.com
{{broadcast encryption Digital television Digital rights management Broadcast engineering