Conditional access
The term access systems ( ZBS ) (also encryption standards and encryption technologies ) and English Conditional access system (CAS ) refers to the systems used in pay TV for encryption and decryption of program content.
Generally
The technique used in digital television to encrypt and decrypt the contents called Common Scrambling Algorithm ( CSA short ). For a receiver is able to decode the signal by means of CSA, it requires an ever-changing eight bytes wide so-called control word. To make available to the recipient of this control word and to address only specific recipients, is the task of the CA systems.
Technical procedures and details
CA systems here are the interface between the encrypted DVB data stream and the user's smart card (or subscribers). The provider sends as parallel to the payload still separate data packets called ECMs (ECM = Entitlement Control Message ). By means of these ECM an appropriately authorized recipient at the time the valid control word calculate and transmit them to the CSA decoder. This then makes the final decoding of the data stream. On the receiver side, a CA system is usually represented by a smart card to the customer bound and an anonymous customer Conditional Access Module. The module filters while the ECM packets from the data stream and is calculated using the information given in connection with the smart card, the corresponding control word. The logic of the CA system distributed in question here are on the module and on the other to the smart card. It is customary here vorzuhalten customer-specific data on the smart card, and to make this not be read by third parties.
Because regardless of the CA system used must always result in a unique control word for descrambling, here also several CA systems can be used in parallel for a single data stream ( Simulcrypt ). The provider must also send this for every integrated CA system according to their own ECMs.
In addition to the information that already is on the card of the customer, and the ECMs send all these methods still control codes on the incoming data stream. These so-called Entitlement Management Messages ( EMMs short ) are used to selectively enable or disable the loyalty cards. Context, there is also the opportunity to give the customer more or less rights regarding individual offer packages without the customer having to replace the smart card.
List of common CA systems
BetaCrypt, BetaCrypt -2
(CA- ID 0x170n satellite cable 0x172n ) was BetaCrypt of Beta Research, a subsidiary of Kirch Media, used for the d-box. It is one of Irdeto Access B. V. Licensed Software with altered CA- ID, otherwise it is identical to Irdeto. Originally, the church - transmitter used DF1 ( the first digital pay-TV channels in Germany ), World Premiere (Association of DF1 and Premiere Digital) and later its successor premiere of this encryption system.
Over time Betacrypt changed. Thus, a new generation of smart card was introduced with the launch of the D-Box 2, on which the serial numbers all ended with a Z. These smartcards implemented the so-called CAM -Crypt. The Smartcard and the CA module act in the initialization phase, a key - the so-called CAM -Key - from, by means of which the smart card encrypts all addressed to the CA module Control words and decrypted with the the CA module, the control words again.
Following the bankruptcy of the Kirch Group and the sale of the premiere another enterprise branch associated daughter Beta Research was sold and liquidated largely. She has awarded license rights for BetaCrypt 1 and was renamed TecLic. And situated close to completion BetaCrypt 2 was also a matter of policy reasons, no longer used and has been replaced by an encapsulated Nagravision Kudelski Group. The CAMs in the receivers could be maintained and the cards communicate still like classic Irdeto transferred, the Nagrapayload but within the Irdeto ECMs. Finally, the method ORF Digital - program of the Austrian Broadcasting Corporation was used in parallel with Cryptoworks. Because of the expiring license and for over five years no longer possible maintenance provided to a dissemination May 20, 2008.
BETACRYPT2
(CA- ID 0x171n ) is further developed by the comvenient GmbH & Co. KG and distributed internationally, ( hitron, artelecom, Nossa -tv Antina ) encrypt in Betacrypt2 system.
VIDEO GUARD
(CA- ID 0x0900 ) Videoguard NDS is with among others since 2009 from cable Germany in Simulcrypt procedure with Nagravision, since 2008 Kabel BW, Tele Columbus in Simulcrypt procedure with Conax and Sky Germany in Simulcrypt method Nagravision used. It also use British Sky Broadcasting, DirecTV, D- Smart ( Turkey 42 ° East), Sky Italia and OTE TV ( Greece ) to Euro Bird, 9 ° East. Widely used, the system is also available on the Sirius satellite, especially for Scandinavian stations, for example, Viasat. This makes it the world's predominant CA system. It could not be avoided.
When his predecessor analog VideoCrypt may apply. Other variants of VideoGuard are mVideoGuard for mobile applications and Synamedia / Video Guard for broadband TV (IPTV ) as it comes, for example, at A1 Telekom Austria A1 cable TV used.
Irdeto
(CA- ID 0x06nn ) Irdeto was an early digital coding system which found its first use in the Dutch pay- TV ( MultiChoice NL). It is used by only a few suppliers, since most changed to Irdeto 2 or hybrid solutions such as tunneled Nagra (current sky Germany method as of 2009) passed over. Contrary to widespread opinion, Irdeto has never been cracked: it was always only the cards that showed the weaknesses and the system made be compromised again and again.
The name Irdeto is derived from the Dutch manufacturer Irdeto Access; it represents a contraction of Ir. The Toonder - after the company's founder, Pieter the Toonder - is where Ir. the Dutch abbreviation for an engineer with a university education is.
Examples of the vulnerability of the cards were among others:
- Return the correct signatures ( to "sign " a valid ECMs )
- Timing of the signature
Irdeto 2
Irdeto - 2 differs fundamentally from Irdeto -1. If at Irdeto 1, only the necessary data for calculating the Control key words transmitted in encrypted form, the entire communication is encrypted by the program provider to the smart card in Irdeto 2. Only the header data, the so-called header and the checksum at the end of each data block are comparable to those of Irdeto -1 largely identical. This work Irdeto 2 Smart Cards in old once built for Irdeto CA -1 modules. The data returned by a Irdeto 2 Smart Card Control words are also encrypted. This form of encryption of the control words is identical to that of the known so-called 1 - Betacrypt CAM Crypt.
Cryptoworks
(CA- ID 0x0dnn ) Cryptoworks is used mainly on Astra and Hotbird and for example used by MTV Networks. Cryptoworks was also used by the premiere competitors "Easy TV" as encryption.
Cryptoworks was developed by Philips Electronic. Philips has now sold the Cryptoworks division to the Dutch firm Irdeto.
Cryptoworks ORF
Also, the ORF in April 2003 already offers its customers the opportunity to decipher the ORF programs with Cryptoworks. The old BetaCrypt SmartCards were supported until the end of April 2008.
Some Cryptoworks ORF receiver (decoder) had / have problems with a transmitter-side code change. A study commissioned by the transmit mode ORF daughter ORS is organizing in cooperation with the Austrian retailer replacement service for affected hardware.
Cryptoworks Arena
The former Bundesliga channel arena used for distribution via Astra a strengthened version of Cryptoworks. With arena, there was a split in the smart card technologies, on the one hand the size ( SIM format), on the other hand, the SIM reader. This brought compatibility problems with other smart cards with them, as with the ORF map.
Negative list:
- Humax CR -FOX (eg ORF)
More information encoded in Cryptoworks channels
Digiturk, UPC Direct, CNN, MTV Networks, Music XTRA, Czechlink, Wizja TV, Fox Kids Russia, Fox Kids Romania, VH1 Germany, BFBS TV, JSTV.
Nagravision
(CA- ID 0x1800 ) Nagravision has been developed by Swiss-based Kudelski SA. It was used primarily for Cyfrowy Polsat long time. Since almost all smart card series this system showed weakness, a change to the newer Nagravision Aladin system was carried out at many pay- TV operators worldwide. Only very few players use this system. However, it is still very common in Switzerland in the cable network. Tele Club and Cablecom it continue to set a.
Nagravision Aladin
(CA- ID 0x1801 0x1810 & / 0x17nn [ Betacrypt ] ) Nagravision Aladin was developed by the Swiss company Kudelski SA and is a development of older Nagravision system. Some smart card series of Nagravision Aladin vulnerabilities are known which make it possible to circumvent the system without a valid subscription.
The German pay-TV provider Sky Germany, cable Germany and Unity Media use it, and a specially modified version of Kudelski of Aladin in Simulcrypt method. The modification refers to the data transmission in EMM (Entitlement Management Message ) and ECM (Entitlement Control Message ). The data areas are hereby transferred in Betacrypt protocol ( CAID 0x17nn ), but are encrypted using the Nagravision Aladin algorithm. This makes it possible to continue to use older receiver with built Betacrypt CAMs (for example, d -box 1 and d-box 2). Prior to the conclusion of the contract between Sky Germany predecessor PREMIERE and Kudelski SA envisaged for PREMIERE card -ROM software version 120 was already completed. The former PREMIERE boss Georg Kofler insisted upon, not to replace the old receiver with a built Betacrypt against new Aladin receiver. The Aladin cards so needed to be able to run in old Betacrypt CAMs. However, since the Betacrypt - CAMs only filter ECMs on the caïds 0x1702 (sat), 0x1722 (cable) or 0x1762 ( Austria ) from the data stream and send it to the map, had the new cards against in the transition phase in which the old Betacrypt cards Aladin new cards were exchanged, support Betacrypt completely. This Kudelski had again interventions in the ROM 120 firmware make to incorporate the Betacrypt core. Due to time pressure, the software should be faulty, so that the possibility existed even before the card exchange completed and Betacrypt was off to circumvent the system. It is known so far, however, only a commercial cracking the ROM120 cards, which already works with Nagravision Aladin. Kudelski since August already distributed 2005 cards with the ROM122, which in turn contain more security updates. Sky Germany ( PREMIERE ) cable and Germany put Aladin in both forms since November 2003. Germany Cable used for indeed encrypted, but free -to-air channels, the new Betacrypt - CAID 0x1751 in Simulcrypt method together with the Aladin - CAID 0x1801. Aladin ( together with Cardmagedon ), used, for example, the Spanish supplier DIGITAL at the Canadian provider Dish and the Polish Polsat Cyfrowy provider.
Unmodified or not tunneled (or " pure " ) Nagravision Aladin is often mistakenly referred to as Nagravision 2 because one brings Aladin mistake with the tunneling used in Sky Germany and Germany with cable Betacrypt in conjunction. The official brand-name of Kudelski SA for this system, however, is " Aladin ".
Nagravision Cardmagedon
(CA- ID 0x01nn [ Mediaguard ] ) Nagravision Cardmagedon is a further development of the Aladin system. Nagravision Cardmagedon was developed specifically for the Spanish pay-TV operator DIGITAL and is used for access control on the satellite Astra 19.2 ° E in the Simulcrypt method besides " pure " Nagravision Aladin ( 0x1801 ). Similar to the modified Nagravision Aladin sky Germany and cable Germany, the data in the SECA Mediaguard protocol (for sky and cable Germany in Betacrypt protocol) transmitted to continue using older DIGITAL receiver with built- SECA Mediaguard CAMs can. However, in contrast to the modified Aladin not only a Mediaguard wrapper (container) is used, but the entire data payload in addition to the Nagravision Aladin encryption again in Mediaguard encrypted ( Pseudocrypt ). This double encryption makes it considerably more difficult to attack or to write an emulation of the system.
Nagravision Cardmagedon is often mistakenly referred to as SECA Mediaguard 3 and is currently considered safe.
However, Nagravision Aladin ( CAID 0x1801 ), that comes next Cardmagedon in DIGITAL for use, be circumvented because of vulnerabilities in the ROM110 cards, whereby the safety of Cardmagedon has no effect ( because you can get with the help of Aladin to the current control data ).
Conax
(CA- ID 0x0bnn ) Conax is primarily used by the Scandinavian stations. Meanwhile, Conax is also used for the cable kiosk platform Eutelsat, use the German cable operators such as EWT, Cable & Media Services (cable television Munich ServiCenter GmbH & Co. KG ), WTC, Marienfeld MultiMedia, German Tele cable ( Versatel ) and other smaller network. Tele Columbus also encrypted or until further with Conax, Videoguard next in Simulcrypt method. The TechniSat Radio bouquet on the Astra satellite at 19.2 ° east was encrypted in Conax. From the first quarter of 2008 to 1 April 2009, the package premiere family was ( Formerly topic) via satellite, in addition to Nagravision Aladin, encrypted in Conax. The Austrian cable operator LIWEST and the Swiss cable operator Digital Cable Group also put a Conax, well the offers " intertainment -tv " from " breitband.ch " in the north-west Switzerland. It was developed by the Norwegian company Telenor. Conax also comes in Pixx - Rex and receivers for use. For the receiver manufacturer, the advantage is that there are no licensing fees per device, which is why Conax is now found in many receivers.
SECA Mediaguard 1
(CA- ID 0x01nn ) the mid-1990s developed the company Societe Europeenne de Controle D' Acces ( SECA ), the MEDIAGUARD Conditional Access System. It was a common coding in the early Digital TV times and it has been used, among others in France, Spain and Italy. The SECA -1 encryption was replaced by SECA 2, since all the smart cards of this generation aufzeigten bugs and thus the encryption could be circumvented.
SECA Mediaguard 2
(CA- ID 0x01nn ) SECA - 2 is the successor of SECA and is currently used in France, Belgium, Netherlands and Spain. SECA 2 went the same way as Irdeto Irdeto to -2 and established a CAM -Key in the communication between smart card and CAM.
SECA 2 (Spain and Italy formerly ) could be successfully circumvented the basis of a bug ( error) on the smart card SUN V7. Meanwhile, Italy's pay- TV has changed its encryption to NDS and Nagravision to Spain " Cardmagedon " because the older SECA 2 cards did not offer reliable protection against naysayers more. On the maps of the SECA 2 packages CA ID 0064 0067 0065 ie the cards of Spain (DIGITAL ) and Italy (Sky Italia ) were the bugs that have enabled the circumvention of encryption that are found on all the other cards, such as those of CANAL ( France ), TV Vlaanderen (Belgium ) or Canal Digitaal (Netherlands) were no major bugs are found ( so far).
PowerVu, PowerVu
(CA- ID 0x0e00 ) This encryption is used by the U.S. Army and the Bundeswehr TV for the supply of television programs on its international bases. PowerVu is also used to transmit television programs for feeding cable providers via satellite or to tunnel DVB-C multiplexes. To PowerVU stations are to decode special PowerVu receiver requires, as they (now Cisco Systems ) are producing so far exclusively by the U.S. manufacturer Scientific Atlanta. All PowerVU receivers have already installed the chip of a smart card in the form of an integrated circuit. Thus, each PowerVU receiver a unique serial number and can be individually enabled by the program provider, but also locks. Most receiver models also have a slot for receiving a further PowerVU SmartCard.
Verimatrix, VCAS
VCAS ( Verimatrix Content Authority System) is a software- based system for protecting digital video and audio content ( Content Protection and Digital Rights Management System), the companies in the field of IP networks ( IPTV, FTTH, VoD ) and DVB (DVB -S, DVB- T, DVB- C, DVB -H) use place.