Tech corner

Taking the card out of CA – moving from broadcast to interactive networks

All operators are moving to more interactive and on-demand services as broadband penetration increases. Known as a ‘return path’, the original connectivity was a telephone line but has now largely transitioned to an IP connection. Increasingly, this connection is ‘always-on’, but not all IP connections are created on an equal footing and there is a big difference between an internet connection and a managed IP network. This is where telecom (and more recently cable) operators have a big advantage. Since they control the network and the quality of the service, they can begin to offer linear LiveTV and on-demand services. This also means that new security approaches are possible.

When it comes to pure broadcast networks and unreliable return paths, smart cards are the right way to go. They offer many unique business models such as pre-provisioned rights and anonymous services that are not possible in any other way. However, there is an inventory and logistics cost to smart cards that some operators are keen to avoid.

For ‘always-on’ managed networks, Nagravision has developed conditional access software for IPTV, called NAGRA Media ACCESS ELK. Standing for ‘Embedded Link’, it uses Nagravision’s chipset security (called NOCS and NASC) instead of a smart card to secure the system.

This means that content keys for subscription services can be delivered on demand to each set top box (STB). Instead of having a smart card either embedded within or plugged into your STB, NAGRA Media ACCESS ELK connects the STB regularly with the head-end to retrieve new and updated content keys. This ensures constant authentication of STB to detect cloning and security updates to protect content delivered via IPTV. Nagravision’s approach consumes minimal bandwidth and has been proven to scale to millions of subscribers.

Using secure hardware with Nagravision’s On-Chip Security (NOCS) within a Nagravision Advanced Security Concept (NASC) certified STB, the keys can’t be recovered or the software modified. How it works is that NOCS embeds secret keys within the chipset for control-word encryption, memory encryption and secure software download. In addition, Nagravision certifies that STB manufacturers have correctly implemented the solution. NASC provides a coherent security framework for the STB: it forces any attacker to not only inject software into a STB but also to perform costly hardware modifications. It thus prevents massive attacks on the operator’s STB, while in turn protecting its investment.

For a complete interactive solution, NAGRA Media ACCESS ELK is also the security part of Nagravision's end-to-end IPTV solution, which includes client-side user interface, middleware, service delivery platform (SDP) and content management system (CMS) for LiveTV, VOD, catch-up, start-over and widget offerings. It is a complete turnkey system, yet the operator remains in control of the user experience.

The solution can also be deployed to multiple operators, where one STB supports multiple operators, or in a wholesale model where one centralised operator provides wholesale IPTV services to smaller regional operators. It’s also straightforward to implement – Nagravision recently deployed an IPTV solution for Elisa in Finland in under three months from hardware install to production. The system can be provided in a low-cost, entry-level configuration, yet scales to meet any rate of growth – NAGRA Media ACCESS ELK has been deployed in both large (over a million subscribers) and small configurations (20,000 subscribers).

However, this doesn’t mean the end of smart cards completely. Nagravision has deployed the solution with a hybrid STB using a smart card to receive content via a broadcast cable network and from an IPTV network without a card. It can also work on a mixed device network where some devices are connected using IPTV and some continue to use cards. The STB can support both options, allowing operators to gradually transition to a more interactive network, when possible and where feasible. While some over-the-top (OTT) software security providers think it is black and white, Nagravision is committed to helping operators make a smooth migration while not forgetting about existing satisfied customers and legacy STB investments.

In summary, Nagravision is committed to providing the right security for the right network configuration and device – broadcast, hybrid, wholesale, always-on. We also provide solutions for unmanaged OTT internet delivery of content, but that is a topic for the next newsletter. Nagravision doesn’t stop at security, but provides a full turnkey IPTV solution that enables operators to fully take advantage of an ‘always-on’ connection.