Conditional-access systems

Two key functions of CA systems are to exercise control over the access to a service that is transmitted electronically, and to control the conditions under which access is granted.
Publish date:
Social count:

All pay-media operators require a means for ensuring that payment is received in return for the program content they provide. The technical system that achieves this objective is called a conditional-access (CA) system.

Image placeholder title

Several companies have invested many years in creating smart cards that require high levels of investment to breach and, thus, thwart piracy attacks.

Two key functions of CA systems are to exercise control over the access to a service that is transmitted electronically, and to control the conditions under which access is granted. There are various reasons for implementing a CA system, such as the need to enforce payment by the end user for consumed services, to restrict access to programming in a particular geographical area because of program rights considerations or to facilitate parental control.

Essential components

CA systems provide three functions:

  • Scrambling of the services. The digitized broadcasting stream, called a transport stream (TS), is applied to the scrambler. It contains an algorithm that is designed to minimize the likelihood of a pirate attack. The output of the scrambler is applied to the distribution medium such as cable, satellite or terrestrial, for delivery to the end user. The descrambling key is recovered from the encrypted keys within the scrambled TS by the smart card, and it is applied to a matching de-scrambling algorithm to recover the original program content.
  • Encryption and decryption of keys. The CA system generates the control word (CW) for the scrambler and also generates and encrypts special CA messages, namely entitlement control messages (ECMs) and entitlement management messages (EMMs). These are used in conjunction with the entitlements stored on the smart card to recover the CW for descrambling the TS.
  • ECMs are related to the program content at a given time and are used for recovering the control word. The CA sub-system in the set-top box (STB) decrypts the control word only when authorized to do so, and that authority is sent to the STB in the form of an EMM. EMMs thus convey information related to the status of the subscription, and this layered approach is fundamental to the operation of all CA systems in use today.

Another part of the CA system stores smart card information in a database, and a smart card management system provides it with information on smart cards that have been processed for use in the pay-media operation.

  • An interface to a Subscriber Management System (SMS).The SMS contains a database of all subscribers in the pay-media network. It is capable of performing accounting operations on this data as well as issuing commands to the CA system to enable or disable services for subscribers.

Services supported by CA systems

Most CA systems support methods for authorizing several types of services for subscribers. The most common variants are standard subscription, pay per view (PPV), impulse pay per view (IPPV), video on demand (VOD) and near video on demand (NVOD).

End-user terminals

A low-cost consumer STB for terrestrial or cable networks, or an integrated receiver decoder (IRD) for satellite networks, together with a secure CA device such as a smart card, is key to the provision of pay-media services to the subscriber. The function of the secure CA device in the STB is to verify access rights and security levels, so tight integration between the CA system and the STB is required. Advanced STBs require their middleware to be integrated with the CA system, and STBs are also able to support other secure features such as software downloads and STB/smart card linkages.

Piracy resistance

Signal theft and pay-media piracy is a business that companies involved in conditional access must deal with continually. Effective piracy management is based on three principles: secure technology, legal measures and commercial measures. Secure technology involves the deployment of state-of-the-art technology with built-in electronic counter-measures, and the endorsement of that technology by external auditors.

Legal measures involve detection through surveillance and Internet monitoring, prosecutions through law enforcement agencies, participation in security-related bodies on national, international and global levels, and support of the development of relevant legislation. Commercial measures involve frustrating the supply of components to the pirate community and the distribution of the finished products.

CA system interoperability

Due to historical factors or regulatory requirements, service providers sometimes have a need for deploying different CA systems in the same network. In other cases, perhaps to keep STB costs low, different operators agree on one CA system but desire independence in the control and management of their subscribers. A number of solutions for ensuring the interoperability of CA systems under these conditions have been successfully deployed.


Technical progress in the field of CA systems is advancing rapidly, making modern CA systems more difficult to pirate than older ones and reduced-cost CA solutions more widely available thanks to some standardization of CA systems.

Technological developments and new business opportunities concerned with targeting content and services are leading to an increased use of narrowcasting rather than broadcasting, and are resulting in the provision of new CA solutions. While the convergence of transport media throws up technological challenges, it also provides new opportunities for CA-protected services and shows the growing importance of CA systems in both the broadcasting and information technology sectors.

Norman Lievaart is a technical consultant for Irdeto Access.

Home |Back to the top|Write us