D-mystifying ‘DCAS’: Downloadable Conditional Access System
There is a lot of activity in the cable industry lately related to improving consumer choice. One of the most challenging activities in recent times was the”7/07″ transition. For those that may need a refresher, ‘7/07’, the name that the cable industry gave to July 1, 2007, was the date that the FCC mandated that new cable set-top boxes that arrive and deploy in the field must be equipped with separable security. The technology that is inserted into the set-top boxes to meet the separable security requirement is a multi-stream CableCARD. A CableCARD is a temporary removable security mechanism that, when inserted into a certified television or other device enables delivery of digital video programming and also allows the cable service provider to authorize protected subscription features for a specific subscriber. By mandating that all set-top boxes include separable security, the FCC is allowing consumers to choose to obtain their set-top box hardware from alternate sources other than their local cable operator, (i.e. retail, etc.) while still being able to subscribe and access the digital video services offered by their cable operator. Consumers may also choose to forgo the set-top box and purchase a CableCARD-enabled television to receive their digital programming services. While progress with 7/07 has been made and shipments of CableCARD set-top boxes are underway, the cable industry has been focused on a number of developments that could some day render the CableCARD obsolete. Scientific Atlanta is playing a leading role in the development and engineering of a technology called Downloadable Conditional Access System (DCAS).
Conditional Access Systems (CAS) are comprised of the system, software and components needed to provide consumers selective access or denial of specific content services in their cable operator’s network. Access to services is controlled by first encrypting the video, audio or data content before it is transmitted over the network. This transforms the data so that it can not be easily”snooped” while in transit or at rest in the network. Then, authorization is achieved through key distribution and entitlement messages sent to client devices. Until recently, the client portion of most CASs was embedded in predominantly fixed hardware such as secure microprocessors and encryption-handling ASICs.
With the convenience of the Web, CAS has been made available in a downloadable fashion which permits a more dynamic security solution. The download may be to relatively-generic host CPUs or to specialized hardware like a set-top box that provides a highly tamper-resistant perimeter for storage of CAS operating code and cryptographic parameters such as keys. Data carousel elements in the network store the CAS operating code images and can repetitively broadcast or multicast the common parts of the CAS. When personalized information is needed for a specific client device, this can be unicast to the device. Of course, Downloadable CAS approaches bring new security challenges with them. In previous embedded CAS solutions, the CAS operating code and personalization parameters were usually put into the client device in secure factory settings. With DCAS, the operating code and other CAS elements must be secure as they travel across the network. Further, the client device must be able to trust the source of the downloaded CAS. These requirements for privacy and authentication can be met with cryptographic methods, some of which are found in the conditional access systems themselves. Thus, DCAS is really a security and networking framework for the private and authenticated downloading of CASs.With downloadable security, sometime in mid-to late 2008, consumers could buy a digital-cable-ready TV, plug the cable connection to the back of the set and then call their cable operator, who could then send a software download to the TV to activate two-way digital video service. While our next generation set-top box family was designed to support the latest CableCARD technology, we have also integrated features into those set-top boxes that will enable the deployment of DCAS once it is available.