РУС|ENG
menu news menu products menu documentation menu customer area menu partners menu iptv forum menu about menu

Articles & How-to's Brochures



www.media-kb - media knowledge base
All rights reserved (c) 2001-2007 NetUP Inc. (www.netup.tv)
Reprinting, republishing and any further distribution,
regardless of format, require written permission from NetUP Inc.

NetUP DRM/CAS Overview

Introduction

The Conditional Access System consists of two components: the server component and the client one. The client part is loaded in an IP STB and realizes decoding of streams. At this time encryption keys from the server part are being periodically updated.

The modules are developed in the C programming language with the use of optimized algorithms. The code is compiled to work on x86, PowerPC and other platforms. If Linux OS is used on the IP STB, then the client module is loaded as the kernel module; it intercepts packets with encrypted content and decodes them. CAS/DRM server part manages subscriptions, generates one-time keys, controls and encrypts IP streams.

The scheme of DRM/CA system for IPTV

System Components

Precisely, the system consists of the following components:

  • Linux kernel module on the CAS server
  • Linux kernel module on the client's IP set-top box
  • Client-server application for exchange of the encryption keys. The server part runs on the server, the client's part runs on the IP STB.

System Operation

The Linux kernel module on the CAS server intercepts IP packets with multimedia content and encrypts them. The packets are marked as encrypted and forwarded into the network. By default the key change period is 10 seconds. For each IP stream it is provided generation of unique encryption keys.

The client's set-top box establishes protected connection with the CAS server and periodically receives updated encryption keys. The received keys are forwarded to the Linux kernel module on the set-top box. This module intercepts IP packets coming from the network and performs their decryption (if the stream is encrypted and there are available keys for the current IP stream). Then the decrypted packets are forwarded to the applications they are intended for. This action is performed transparently to other applications on the IP STB.

The encryption library used is certified by the Russian Federal Security Service that confirms compliance of the CAS basic encryption algorithm with Federal Standard (GOST) 28147-89 (RFC 4490).

Subscriber's electronic certificate is supplied on a USB flash drive. Due to the certificate the subscriber is securely identified by the system, and data, transferred via the network, are encrypted.

A foto of a subscriber's IP STB Aminet 110 with the USB flash drive:

A subscriber's set-top box IP STB Aminet 110 with the USB flash drive

Discuss this article on the forum...

 
Phone: +7 (495) 543-9220 (ext 0), email: info@netup.tv