NetUP's Conditional Access System (CAS) encrypts the content for transmission over unprotected channels. The content may be reproduced only by the authorized users. By means of this system, the IPTV provider may control the clients' access to the content, as well as the ensuing financial commitments.
NetUP CAS/DRM is intended to be used as a component of the NetUP.tv solution. The system can work with different client equipment: classical and Android-based IP set-top boxes, and PC. Depending on the equipment type different encryption algorithms are used (CSA or AES) to optimally utilize the onboard STB hardware resources to decrypt the streams. This decreases the overall IP STB load that is especially critical in case of High Definition video. CSA (Common Scrambling Algorithm), a scrambling algorithm developed in 1994, is today widely used in digital broadcasting. AES (Advanced Encryption Standard) is currently the most popular symmetric-key encryption algorithm.
The CAS server accepts content from an IP network to one of its network interfaces, encrypts it, and sends via another interface into an IP network where the IPTV consumers reside.
Once encrypted, the content is sent to an STB client or a PC client. The STB must have the NetUP firmware installed, which accepts and decrypts the content, and also implements the Middleware graphical interface (these functions are not intended to be handed over to a third-party software).
The CAS server interacts closely with the IPTV Middleware to ensure the clients' authentication. The CAS and Middleware servers of one IPTV complex share a common database.
Each media content unit is associated with its encryption key. The NetUP CAS/DRM uses three-level encryption.
The billing system keeps a personal account, a certificate, a private key, and a one-time activation code for each customer. On the first launch of an STB or a PC client, the customer would enter the activation code, so the certificate and private key are saved on the customer's side. They are used later for establishing the SSL connections and for the authentication on the Middleware server.
If the customer is using the PC client, the certificate and private key are stored in an encrypted form with the key derived from the hardware configuration of the computer where the client is installed, thus preventing them from being transferred to another computer. To run the PC client on another machine, the customer would need another activation code.
In such a manner, the NetUP CAS/DRM system does not use smart cards, unlike other conditional access systems. Therefore considerable expenses of cards production are avoided.