MPKF-WP-08002v1.7 KeyFly 2.0 White Paper English

7/31/2019 MPKF-WP-08002v1.7 KeyFly 2.0 White Paper English

1/30

Key Fly 2.0Xtreme

Conditional Access System

Document Reference: MPKF-WP-08001v1.7


2/30

SIDSA, 2008. All rights reservedAccording to the laws of Spain, this document and the information contained therein are confidential and valuable trade secrets of SIDSA. This document shall notbe used for commercial purposes other than for supporting internal discussions between SIDSA and the Company. This document cannot be copied, disclosed, re-produced, stored in a retrieval system or transmitted in any form or by any means or otherwise used, whether in whole or in part, except in accordance with the prior

written agreement of SIDSA. The information contained in this document shall not be understood in any case as being legally or contractually binding for SIDSA inany manner whatsoever. SIDSA shall be entitled to modify the contents of this document, in whole or in part, at any time, without the other party or any third partyholding any right to seek compensation for those changes or compliance from SIDSA with its terms.

KeyFly 2.0

Xtreme

Key Fly 2.0XtremeSIDSA


3/30

Table of Contents

NAMING CONVENTIONS -----------------------------------------------------------------

INTRODUCTION -------------------------------------------------------------------------------

Present situation of conditional access systems (CAS) -------------------------Main hacks ---------------------------------------------------------------------------------------Market trends -----------------------------------------------------------------------------------Smartcard systems vs. systems without smartcards -----------------------------Breakdown of CA costs in receivers ---------------------------------------------------

ABOUT KEYFLY 2.0XTREME---------------------------------------------------------------

Description of the System ------------------------------------------------------------------Architecture -----------------------------------------------------------------------------End client devices --------------------------------------------------------------------Security ----------------------------------------------------------------------------------Scalability -------------------------------------------------------------------------------Modularity ------------------------------------------------------------------------------Types of rights ------------------------------------------------------------------------KeyFly business model development -----------------------------------------Product generation system -------------------------------------------------------KeyFly support in the set-top box ----------------------------------------------KeyFly commercial parameters

--------------------------------------------------Central server architecture --------------------------------------------------------

KeyFly 2.0XtremeFAQ ------------------------------------------------------------------------Conditional access system specifications -----------------------------------General -----------------------------------------------------------------------------------Integration in DVB-T headends --------------------------------------------------

Support for receivers -------------------------------------------------------------------------Which manufacturers and models support KeyFly? ---------------------How is a receiver certified and how long does the process take? --What does the receiver require to support KeyFly? ---------------------Can the terminal software be updated? --------------------------------------Can information banners or messages be sent to the user? ----------

KeyFly security ----------------------------------------------------------------------------------How is security implemented in KeyFly CAM? ----------------------------How does KeyFly avoid piracy? -------------------------------------------------Are there any countermeasures? -----------------------------------------------What is KeyFlys roadmap? ------------------------------------------------------

GLOSSARY --------------------------------------------------------------------------------------

4

4

4

5

8

9

10

12

13

13

16

17

17

17

18

19

19

20

20

20

21

21

21

23

26

26

26

27

2727

27

27

28

28

29

30

SIDSA


4/30

SIDSA

Naming Conventions / Introduction

In this document, the names KeyFly, Key-Fly 2.0 and KeyFly 2.0Xtreme are used todescribe KeyFly 2.0XtremeCAS.

Present situation of conditionalaccess systems (CAS)

At present, the conditional access marketis highly fragmented. Although the DVBforum has created a standard, it is limitedto interfaces and basic communication

protocols between standard equipment(such as multiplexers) and CAS proprie-tary equipment, e.g. Simulcrypt (betweenthe multiplexer-encoder and the CAS),CA message containers (EMM, ECM),common interface, etc.

Basically, broadcasters marry a pro-prietary security solution, which has itsadvantages and disadvantages. Onefundamental advantage is that the moreproprietary the solution, the more guaran-

teed the security and in the event of a se-curity breach, there is always a companyto turn to. The main disadvantage is that arelevant part of the business depends onanother company.

It is true that a company can have twoCAS providers, but that also increases thepossibilities of a security breach.

It is important to note that a CASscapacity for resisting hacks dependson how good the CAS devices in the

receivers are.

At present, there are three trends in se-curity issues (according to the philosophyin the receiver):

Traditional smartcard-based CAS.

SW-based CAS.

CAS based on proprietary HW(i.e. chip).

Smartcard-based CAS

Almost all the traditional CAS providersuse smartcards.

Basically, the smartcard stores the se-cret of the CAS (i.e. the code for openingthe content and the algorithmics).

The smartcard communicates eitherdirectly with the STB or with a conditionalaccess module (CAM), which houses the

smartcard and is inserted in a PCMCIAslot available in certain STBs and iDTVs.If the communication is direct with theSTB and the decryption function availa-ble in the decoder chips is used, CASsoftware is required in the STB thatis capable of communicating with thesmartcard to carry the keys, programmeinformation, etc.

In the case of a CAM, the entire TS (trans-port stream) reaches the CAM, which

communicates with the smartcard, de-crypts the corresponding programmes andsupplies them to the decoder chip (thenew CI+ standard protects this communi-cation between the CAM and the decoderchip with a copy protection system).

SW-based CAS

SW-based CASs are beginning to beaccepted in IPTV environments since,as there is bidirectional communication,authentication mechanisms can be es-

tablished that are not possible in a purebroadcast environment.

The main problem of a SW-based systemis the difficulty involved in providinghorizontal solutions, since it is basic forthe STB MW (where the SW-based CASworks) to be closely controlled (a CASmust be continuously updated to avoidpirac; in other words, it is much easierto break pure SW-based CASs, wherethere is no HW to hide secret codes).

4


5/30

SIDSA


Basically, they are working in operatingenvironments with middle-to-top-of-the-range controlled STBs.

CAS based on proprietaryHW (chip)

This is undoubtedly the most secure solu-tion. It is based on the TS being insertedin a security chip and, with no exchangeof codes with the exterior (i.e. with asmartcard), it comes out decrypted (in

the future, when CI+ becomes available,even with copy-protection mechanisms).

SIDSAs KeyFly 2.0 system works witha high-security chip, the K1, which canbe found either embedded in an STB orin a CAM. This chip decrypts the progra-mmes users have the right to watch, byprocessing the ECM (carrying the keysfor opening the programmes) and theEMMs (carrying the users rights) thatare included in the TS itself.

This document will show the advantages of using a solu-

tion based on a security chip and will perform a benchmark

test with other CASs, demonstrating that, in many cases,

the solution is cheaper than smartcard-based solutions and

infinitely more secure.

Main hacks

Nowadays, there are two typical typesof hacking:

Discovering how the CAS works (with

access to the CAS program and keys).

Card-sharing.

The breach of the CAS usually occursdue to inverse engineering processes(less and less frequent) or due to themultiple integrations CAS manufacturersmake with STB, often manufactured inChina, which sooner or later reveal keyparts of the CAS, making it possible forit to be opened.

The Hacker industry is very powerfulindeed. Price competition (and this alsoapplies to the issue of card-sharing) isvery intense and manufacturers and dis-tributors need strong sales arguments.A STB that opens many channels freeis a good sales argument.

Card-sharing is worse. It is an atomic bombfor the industry. It is based on sharingsmartcards. Basically, the CAS is not brea-ched; what happens is that the communica-tion (which has a very low bitrate) betweenthe smartcard and the STB, carrying thekeys, is intercepted and sent over theInternet to other STBs (in some cases, theyare sent on data channels by satellite or byusing card-sharing gadgets at home).

5

CAS

STB

ContentSubs-

cribers

Market

SHR

Comp Tech

Pay TV

STB

Industry

Prices

STBMarket

SHR

Comp

Pay TV

Industry

STB

VendorsImporters Distributors Dealers

End Users

PC/CS

Piracy

Introducing sharing as

value added FeatureSTB

Market

Potential customers find it attractive offer,

many go for it

Noticeable shift of current subscribers

to sharing


6/30

SIDSA


There are only two ways of fightingagainst card-sharing: A solution without a smartcard, e.g. theSIDSA solution based on a security chip.If there is no exchange of keys, there canhardly be any sharing.

Pairing the STB (or the CAM) withthe smartcard.

Problems with pairing

STB with smartcard:

The STB requires a safe area to securi-tise communications between the smart-card and the STB, but not all the decoderchips have this function. Therefore, it isnot a universal solution. Furthermore, itcould force STB manufacturers to use aspecific decoder chip in accordance withthe agreements between the manufactu-rer and the CAS provider.

Although breaching the communicationbetween the STB and the smartcard is acomplex business, it is possible and theproblem would remain. It would eitherrequire OTA to change the protocol or thesmartcard would have to be changed.

Pairing the STB with the smartcardis not useful for horizontal markets; it isuseful only for vertical markets, where theSTBs are strictly controlled.

CAM with smartcard:

The CAM requires a safe area to secu-ritise the communications between thesmartcard and the CAM; although not allthe CAMs have this function, in generalit is possible. Using a CAM does openup horizontal markets, since all it needsis for the STB (or the iDTV) to includea common interface slot (which is astandard feature, except for implementa-tion errors).

Although breaking into the communica-tion between the CAM and the smartcardis a complex business, it is possible andthe problem would remain. It would eitherrequire OTA to change the protocol or thesmartcard would have to be changed.

In greater detail:

Smartcard-based systems suffer froma potentially serious security problem.The problem lies in the communication

between the transport stream decryptionunit located in the decoder in an insecureenvironment and the smartcard, whichis, in principle, a secure environment, butwith a very simple physical interface.

A hacker could obtain the keys andalgorithms that determine the encoding ofthe communications in a hired receiver byreverse engineering and ultimately be ca-pable of obtaining the control words usedto encrypt the transport stream, which

6

Price29%

Brand31%

Features40%

Built-in cam25% PRV

13%

Sharing

33%

Other

13%

Friendlyuser 16%

Which comes first?

What features customers

look for?

Survey on satellite STB dealers in the Middle EastSource: Non-disclosable SIDSA partner

Transport Streamscrambled

STB with Smart

Card readerEncrypted keys SmartCard

Clear keysINTERCEPTABLE:

REVERSEENGINNERING

CARD SHARING

INTERNET

Card-sharing scheme


7/30

SIDSA


are unique. The control words are knownwith a typical anticipation of approxima-tely 10 seconds, just enough time for apirate server on the Internet to publishthem for its subscribers.

Basically, these subscribers have systemsconnected to the Internet that use theappropriate programmes to receive thecontrol words in real-time and apply themto the decryption process of the transportstream without the need for any conditio-

nal access or contents provider device.

If the pirate subscriber uses a PC witha fast Internet connection, penetrationis unstoppable. The so-called pairingbetween the receiver and the smartcardwould not represent an effective counter-measure on the above scenario. The exis-tence of these so-called key servers iswell known, albeit true that they have notattained popularity owing to the existenceof other alternatives.

The above system reveals several

security problems:

1) Security is not actually end to endsince the transport stream deciphering de-vice is located in an insecure environment.The transport stream decryption processcannot be performed in the smart cardowing to its huge bandwidth requirements.The communication can be protected onlywith reduced security means as far as thedecoder software is concerned.

2) In the above system, there is no breachof the smartcard, but rather of the decodersoftware, which is much more insecure.Replacing the smartcard does not preventthe aforementioned attack.

3) The smartcard interface is the easiestoption for reverse engineering operations,for being copied by very cheap illegaldevices and for modifying the smartcardcontents with special commands.

4) The conditional access softwarecan only be fully renewed if it is donein the smartcard and in the decoder; normally, there are several decodermodels deployed, typically with diffe-rent hardware and software versions.In practice, in a traditional softwareplus smartcard system, it is extremelydifficult to change the software in all thecomponents. Only the software in thesmartcard can be changed.

However, with the K1 technology ofKeyFly 2.0, all the security functions areexecuted in a protected environment.Even if there is communication withan external card for any reason (notethat in KeyFly 2.0, there is no need forthis since all CAS function runs insideK1), it is made between two protec-ted environments. The only input andoutput points of the K1 are the transportstream and the user interface; there areno keys or rights on open

user interfaces.Furthermore, since conditional accessin KeyFly 2.0 is completely independentfrom the decoder software, there is realindependence from the manufacturer ofthe decoder. Even with different brandsof decoder, exactly the same softwarecan be used to change the full conditio-nal access on all the decoders.

Finally, KeyFly maintains the concept ofrenewable security. Secured OTA upgradeis done in order to update CAS software

in end-user devices (e.g. to add furthersecurity processing of keys) and to modifyhardware configuration of K1 (e.g. modifyconfiguration of decryption algorithms).These two methods ensure renewablesecurity at no cost.

Market trends

The figures given here are taken fromvarious market studies, mainly fromIMS research.

7


8/30

SIDSA

STB or iDTV

Integrated digital televisions (iDTV) aregaining ground on STBs. The new plasmatechnologies, LCD and DLP allow screensizes and quality levels that are far superiorto traditional television sets, which makespeople buy them (the push from DVDs andHD DVD/Blu-ray is also important for thepurchase of an iDTV) and the integration of

digital receivers is simple (a near insigni-ficant cost in comparison with the otherelectronics and the screen).

Besides the adoption of TDT, govern-ment mandates (in Europe, it is obliga-tory for iDTVs to include TDT) and fallingtechnology prices have boosted sales.113.1 million units are expected to havebeen sold by 2012, with Western Europetaking a share of 31.6%.

However, iDTVs are still limited by the

entry barrier of cost and there is a greatpossibility of only the TV set in the livingroom being an iDTV while the others aremuch cheaper traditional TVs with a STB.

There are also STBs that involve a highervalue-added than iDTVs, such as PVRfunctions, programme recommenders/finders, interactive services, etc. In addi-tion, certain STBs are evolving into homemedia centres, which is a complicatedgoal for iDTVs in the short-mid term.

H264.AVC and HDTV

Europe and the Middle East are expectedto become the second-largest HDTV mar-ket in the world thanks to satellite on theone hand and to the planned launches of

HD in TDT in Europe.

H264.AVC will gradually replaceMPEG-2 over the next five years,although many new launches of TDThave already begun with H264.AVC.High-definition TV marks the differencewith multichannel standard-definition TV.The best content is therefore expected tomove over to HDTV (sports, film premie-res, etc.) and, in many cases, the contentwill possibly be pay television.

The common interface (CI)

The CI is enjoying a second youth and,as will be shown in later chapters, it isbeginning to be more interesting for ma-nufacturers to include a CI rather than asmartcard reader and reach agreementswith CAS providers to include their pro-prietary protocols.

In addition, the price of CAM in compa-rison with middle- or top-of-the-range

8

600

500

400

300

200

100

0

2004 2005 2006 2007 2008 2009 2010 2011 2012

Prediction of worldwie receiver grown

600

400

200

0feb07 mar07 abril07 mayo07 junio07 julio07 ago07 sep07 oct07 nov07 dic07 ene08 feb08

191

118

186

133

161

109

219

132

202

111

248

129

207

129

225

154

314

166 127

291

429

257

433

252

337

141

iDTV vs STB in spanish market(monthly sales, in thousands)

STB iDTV

iDTV vs STB in spanish market: accumula-ted sales per year (in thousands)

4000

3000

2000

1000

02500 2600 2700 Feb 2008

STB iDTV

2560

858

3789

4341 4734

4559


iDTV

STB

DVD


9/30

SIDSA


STBs or iDTVs is beginning to becomeirrelevant (as happened with middle- orlow-range STBs or zappers).

CI+

The strength of the common interface(in general, iDTVs incorporate CI baysand not smartcard readers) is making theindustry take the current voids of the CIstandard very seriously. Basically, the TS(transport stream) arrives encoded from

the CAM (through the CI) and leavesclear from the CAM to the decoder(through the CI). Nowadays, it would bemore than possible to capture the TS andresend it over the Internet. Accordingly,CI+ is being standardised. By means ofa copy protection mechanism, it encodesthe communication between the CAMand the decoder chip.

The industry is waiting for CI+ to make afirm commitment to value contents, such as

high-definition content (which, in any case,also requires new equipment in homes).

Smartcard systems vs.systems without smartcards

Basically, this section compares smartcard-based CASs with CASs based on securitychips, such as KeyFly 2.0. We do notmake a comparison with software CASs(such as DCAS, i.e. downloadable CAS).

Security

Smartcard-based: traditionally, all thesmartcard-based CASs have been hac-ked. The solution involves changing all thesmartcards. Examples: some CAS ven-dors recommends changing them every18 months while other systematically re-commends changing the older smartcards(to avoid macro-substitutions); further-more, on markets where smartcards arecontinuously being taken out and insertedin the STB, there is a high fault rate (they

break easily).

In addition, smartcard-based CASs areprone to card-sharing.Security chip: unlike smartcards, whichrequire communication with the devices(CAM or STB), the security chip containsall the elements in the chip itself, whichprevents reverse engineering (apart fromtamper-resistant mechanisms). Besides,the fact that both its HW (part of it) andSW can be reconfigured by OTA, there are

virtually millions of countermeasures (forpossible hacking) that can be applied wi-thout the need for any physical change. Inaddition, the system is completely immuneto card-sharing.

OTA (over-the-air updating)

Both systems can perform OTA. However,once the keys have been discovered, thesmartcard needs to be replaced, but thechip HW can be reconfigured and a new

CAS loaded and no replacement is neces-sary to set up a new CAS system.

Business models: PPV,subscriptions, etc.

Both support all models.

Embedded rights

Both support embedded rights.

Single multi-operator card

Both support single multi-operator cards,although the system without a smartcard isa virtual card.

Value-added applications withelectronic IDs

Systems that use smartcards cannot per-form simultaneous value-added applica-tions that use electronic IDs since the SIMreader is occupied by the CAS. However,

9


10/30

SIDSA


with a system based on the security chip,such as KeyFly, it is possible, since thereader is not used (e.g. the smartcard rea-der in the CAM, although a KeyFly CAMwithout a smartcard reader is possible toreduce costs).

Cost

See the following section; however, by wayof summary, the systems based on a secu-rity chip are generally cheaper than those

based on a smartcard.

Breakdown of CA costsin receivers

What consumer equipment is necessary towatch pay-TV?

STB with embedded CAS (+ smartcard)

STB with CI plus a CAM (+ smartcard)

iDTV plus a CAM (+ smartcard)

STB with a patch hacked to watch freepay-TV

STB-sharing generally with an Internet con-nection to obtain the keys.

NB: the pirate systems are in italics... No further

details will be given...

A STB with an embedded CAS must haveimplemented the CAS in the STB SW;

in other words, the manufacturer mustpurchase a licence, pass the certificationtests and pay a licence for each unit soldto the CA provider. Furthermore, the CASsoftware must be regularly updated (as acountermeasure) and the service is alsousually charged (maintenance). Of course,the STB must include at least one smart-card reader.

For including a CI Bay, the manufac-turer does not have to pay any licence

or have any contact with CA vendorsat all. All that is necessary is a CAM, aCA module that is generally availablewith a smartcard reader and is capableof communicating with the smartcard.In this case, the CA vendor only hasto provide an interface with the CAMmanufacturer instead of with all the STBmanufacturers (or iDTV manufacturers).The situation is much more controlled.Pairing is much easier and the possibilityof horizontal markets is also opened.

In the CAM, there is a TS processorchip with a decrypter (DVB CSA: com-mon scrambling algorithm). The SW thatcommunicates with the smartcard runsin the said chip.

Depending on the CAM, the STB willhave more or fewer capacities: it will beable to perform multi-descrambling, havea dual or single smartcard reader, etc.There are CAMs that support several

CASs at the same time.

In a system without a smartcard, such asKeyFly 2.0, the said chip, which in thecase of SIDSA is called K1, also inclu-des highly protected internal memoriesand a greater processing capacity toinclude the CAS without the need fora smartcard. In other words, it is like aCAM chip with a SIM in it.

Cost comparisons in reception:

(these comparisons exclude platformlogo costs, which are commercial oppor-tunity costs).

Costs are calculated for minimum quan-tity of 100.000 ud.

STBs with smartcard vs. STBswith CI

STB with smartcard reader

10


11/30

SIDSA


NRE certification CAS: between200,000 and 15,000 (plus the costof own development staff). This costmay be negligible when consideringbig quantities.

Upgrades, CAS support: between10,000 and 3000 per annum.

CAS licence per unit: between $0 and$10 (depends largely on the market).

Smart Card renewal is estimated each18 months. Smart card cost depends onquantities and other commercial factors.

Smartcard reader: approximately $1.30.STB with CI

CI bay: approximately $2.

CAM: CAM cost depends on quanti-ties. CAM cost includes CAS license.

In other words, for an extra 0.70 USDin HW, the manufacturer avoids all theintegration problems with CAS vendors.

However, for the pay-TV operator, themost secure option is undoubtedly theinclusion of the STB with CI.

Overall CAS cost in reception,solution with smartcard

STB

STB: Smart card reader. CAS license. Smart card: two units, after 18 months.

CAM

STB (or iDTV): CI bay. CAM Smart card: two units, after 18 months.

Overall CAS cost in reception,solution with KeyFly 2.0 CAMSTB or iDTV

STB (or iDTV): CI bay CAM.

Overall CAS cost in reception,solution with embedded KeyFly2.0 (K1 chip)

STB

NRE: Integration of K1 in STB. Thereference design is similar to a CI, butwith the SIDSA chip instead of the CI. Asin the case of the smartcard system, thecost in the bill will be negligible if conside-ring big quantities.

STB: K1 chip cost and related circuitry.

Smartcard reader (optional, not neces-sary with KeyFly CAS).

Cost comparative table (after 18 monthsservice and for large sales of devices).NB: Does not include the cost of the STB

or the iDTV itself, only the extra charge ofthe CA.

To conclude, systems based on a securitychip are cheaper than those based on asmartcard reader and they also have agreater level of security.

11

Overall cost calculated after 24 mon-ths business plan (typical renewal ofSC every 18 months)

Overall CASdevice Cost

KeyFly 2.0CAS

Smarth Card

Based CAS

KeyFly 2.0 embedded in STB

STB/iDTV CAM KeyFly

2.0 (CI)

STB with Smart Card

STB/iDVT with CAM (CI)


12/30

SIDSA

About KeyFly 2.0Xtreme

KeyFly 2.0Xtreme (herinafter KeyFly 2.0or KeyFly) is an advanced conditionalaccess system that can be adapted tothe various technical and commercialoperating environments required bydigital television broadcasting systems.KeyFly is particularly adapted to horizon-tal markets, such as TDT.

The system is based on SIDSAs broadexperience in the development of ASICsfor cryptographic applications, conditio-

nal access and digital television. SIDSAis a conditional access provider capableof developing its own in-house ASIChardware solutions for the problem ofpiracy that affects digital TV.

KeyFly has been designed spe-

cifically to support the following

specifications:

Multiple client-side solutions. KeyFlysupports smartcards, CAMs with inte-

grated security (without smartcard), STBreceivers with integrated security.

Interoperable and independent fromheadend equipment manufacturers andbased on open standards.

Easily extendable, with support startingfrom a reduced number of subscribersand fully scalable.

Supports distributed subscriber mana-gement, allowing another organisation to

assume responsibility for distributing theaccess system (billing, etc.).

Modular, with support ranging fromsimple subscription systems (not basedon subscriber identity) to PPV.

Interfaces with flexible subscription,including the Internet, SMS messages,call centers, etc.

Multiple client-deployment options, from

support for common interface technologyto integrated decoders.

Implementation of scalable security.

Brands:

- KeyFly 1.0: CAS currently beingdiscontinued, with devices based onMACtsp I chip.

- KeyFly 2.0Xtreme: CAS that incorpo-

rates CAM devices or the embedded K1chip only.

- KeyFly+: future CAS (roadmap Q4-2008/Q1-2009) compatible with CI+. Itwill use the K2 chip.

- KeyFly CI ready: If the product incor-porates a common interface port that hasbeen tested by SIDSA as compatible withour CAMs.

-KeyFly empowered:

The product in-corporates the Kx chip inside (both STBsand CAMs).

CAS devices:

- MACtsp I: TS processing chip. Discon-tinued except for KeyFly 1.0.

- Kx: family of conditional access chips.Current chip: K1. Scheduled for Q3 2008,the K2 supporting CI+.

- Easy CAM: CAM that does not includea smartcard reader, only supports KeyFly2.0. Decrypts two services.

- Single CAM: CAM that only incorpora-tes KeyFly 2.0 and a smartcard reader tosupport electronic ID reading. Decryptstwo services.

- Dual CAM: CAM that includes KeyFly2.0 and the CAS of a licensed manufactu-rer. Decrypts two services.

12


13/30

SIDSA


- Triple CAM: (roadmap Q4-2008)CAM that includes KeyFly 2.0 andsupports two licensed CASs. Incorpo-rates a dual smartcard reader. Decryptstwo services.

- CAM PRO: Professional CAM, de-crypts all the TS services simultaneously.

All the CAMs support HDTV, MPEG-2and H264/AVC. They also incorporatesecure OTA.

Description of the System

KeyFly has been designed as a modern,flexible conditional access system thatadapts to the various technical and com-mercial operating environments requiredby digital TV broadcasting systems.

KeyFly follows the definition of the DVBfor conditional access systems, i.e.security divided between a common

scrambling algorithm, approved by theDVB and safeguarded by the ETSI,which SIDSA is authorised to use ac-cordingly, and a high-security encryptionsystem developed and owned by SIDSA.

On the receiver side, the KeyFly systemis based on hardware circuits designedspecifically by SIDSA for this purpose.The circuits allow the deployment of thesystem without the need for smartcards,but retaining all their flexibility.

The K1 is the latest security device forprocesing DVB Digital video developedby SIDSA. It is the only solution on themarket in which all the security opera-tions on the client side, from right-ma-nagement to the decryption of the DVBstream, are carried out in one singletamper-resistant chip with RAM and in-ternal FLASH and proprietary algorithmsdirectly on the hardware. The K1 can beused embedded in the decoder or in acommon interface module.

Besides the proprietary hardware te-chnology as a security support, KeyFlyuses cryptographic algorithms andproprietary keys management systems,as well as an innovative traitor-tracingtechnique, which enables the rapid iden-tification of compromised devices andtheir rejection in the system, excludingthem from key renewals.

KeyFly also uses cutting-edge technologyfor system and database management,

using Web interfaces and XML-SOAPtechnologies to allow the integration withthird-party systems for business mana-gement. The interfaces with purchasingchannels and other systems are managedwith separate modules, which means thatthe system can be configured to meet theoperators requirements.

Architecture

The figure shows KeyFlys main software

modules. The figure is used as a referenceonly for the dependencies and communi-cations between the different modules anddoes not indicate the number of machinesor instances of modules on which theyrun. Depending on the size of the system,all the modules can run on one single ser-ver or be distributed on several machinesfor performance reasons.

The ECMG and the EMMG are the twocomponents that connect with the mul-tiplexer. The connection interface they

follow is Simulcrypt, which allows otherconditional accesses to coexist withKeyFly and not restrict the operator whowishes to migrate to other systems, whichwould require a change of equipment. Inaddition, the Simulcrypt standard ensurescompatibility for a wide range of headendequipment available on the market.

The function of the ECMG is to transmitthe ECMs, right-control messages that in-dicate the access conditions that apply to

13


14/30

SIDSA


SIDSA

a specific content and the keys with whichit is encrypted. The EMMG transmits theEMMs, right-management messages thattransmit the new access conditions (aka.rights) to a client device or a group ofclient devices.

The cryptoserver (CS) is a centralisedcryptographic operations unit. All thecryptographic operations on the systemare carried out by this module, which alsohas tamper-resistant devices to prevent

the illegal extraction of keys by employeeswho are disloyal to the operator. The cryp-toserver uses techniques established inthe field of banking for operation security.

The SAS is the component that builds theEMMs and manages the ECM-generationconditions. Unlike other conditional acces-ses, the SAS does not have databases.

The DS is the component responsiblefor the software downloads on the client

devices. The KeyFly monitor is an applica-tion that can be executed remotely on anymachine and monitors the status of theabove components.

The said above components (SAS, DS,CS, ECMG, EMMG and KM) constitutethe KeyFlyCORE, which is essential foroperating a conditional access system inits most basic configuration. This configu-ration does not handle client databases(anonymous users) and the rights areawarded for a set period when the decryp-

tion device is purchased. The channels arenot managed dynamically and only theirbasic configuration is accepted.

In a distributed environment, such as DTTnetworks, each headend would includea KeyFlyCORE that would communicatewith a KeyFlyCORE master and the KeyFlyCRM for user control, etc.

14


15/30

15

GraphiteSMS Mobile

Gateway

GraphiteCustomersWeb Portal

GraphiteOperator

Portal

Graphite Subscri-ber Manager

Third partyCRM/BSS

Data base:Customer infoCA infoOPS tracking...

KeyFly System

Crypto Server

SAS ECMG

EMMG

DS

KeyFly Monitor

KeyFly Manager

Headed components

MODULATION andDISTRIBUTION

CHANNEL (DVB-S,DVB-C, DVB-T)

SIMULCRYPT

MULTIPLEXERSCRAMBLER

ENCORERCONTRIBUTIONVIDEOSERVER

Customer permises components

STB KeyflyEmbedded

IDTV/STBwith CI

CAM

Horizontal market(common interface)

Vertical market:Embedded STB

This figure depicts the depen-dencies among components.Actual system may vary innumber of instances of com-ponents and machines.

GraphiteBankingInterface


16/30

SIDSA


KeyFlyCORE and KeyFly Manager makesup KeyFly System, which provides a com-plete set of features that enable operatorsto protect their content and to manageKeyFly CAS.

KeyFly Manager is a module that enablesthe tracing of all the operations perfor-med on the client devices. It allows themanagement of rights and the creation ofproducts, but it does not have commercialinformation about the client. With KeyFly

Manager, it is possible to know everythingthat happens in the conditional accesssystem and it also provides an additionallevel of system control.

Graphite Subscriber Manager increa-se functionality by providing additionalmanagement and business models andpurchasing interfaces. Technologies basedon application servers and Web serverswith XML-soap interfaces are used toenable customisation tasks, improve the

user interface (which does not requirespecific interface applications) and scaleup performance. These technologies arealso widely adopted for the developmentof business applications.

Graphite Subscriber Managerenables thecommercial operation of the system itself,including the management of operationswith the client, package definition and datause. It is readily adaptable and can assumebusiness rules and connect with otherinterfaces on interactive application servers

and return channels. Several interfaces areprovided for operating Graphite. Graphi-te Operator Portal for distributors or callcenter agents, Graphite Customer WebPortal, for end users that perform basicoperations, and Graphite SMS MobileGateway, for managing operations comingfrom Mobile phone such us scratch-cardactivation. Finally, Graphite BankingInterface is used for connecting GraphiteCustomer Web Portal to a Bank Gatewayfor credit card purchase. A database ser-

ver provides storage services for GraphiteSubscriber Manager and KeyFly Manager.It is also possible to carry out data-miningoperations with the information available inthis database.

On the other hand, integration between Key-Fly System and existing Business SupportSystems (BSS, aka. Back Office) or third-party Subscriber Manager is straightforwarddue to standard XML interface.

As indicated earlier, depending on the sizeof the system, all the modules can run onone single server or be distributed on di-fferent machines for performance reasons.KeyFly is perfectly scalable in accordancewith the operators requirements.

KeyFly has been designed in modulesthat can be added to a basic configu-ration to provide more features. Thesefeatures make KeyFly particularly attrac-tive for TV operators that are entering

the market and want an alternative that isindependent from existing CAS opera-tors and plan to introduce new businessmodels in the future.

End client devices

KeyFly is supported on ASICs (Applica-tion-Specific Integrated Circuits), develo-ped by SIDSA itself, which permits to takeadvantage of microelectronic technologyfor system usability and security.

SIDSA has developed the following ASICsfor conditional access support:

MACtsp I (in phase-out). This wasthe first-generation device for CAMs.The first to have an internally embedded32-bit microprocessor.

K1. The first device for common inter-face modules and receivers to includeintegrated RAM and Flash, with internalproprietary cryptographic devices and a

16


17/30

SIDSA


capacity for processing the entire con-ditional access from rights managementto transport stream decryption withoutdelegating in third-party hardware orreducing security due to the fact thatit is a tamper-resistant system. The K1is integrated in a STB without affectingsystem security since no informationis provided to the receiver on how todecrypt the content or how to sendmessages (ECMs or EMMs) to the smartcard, as occurs in traditional conditional

access systems.

CAMWatch. Integrated circuit forintegrating the common interface (CI) inthe receivers. In other words, it allows adual CI.

K2 (at design stage; scheduled forQ3-2008). The next generation of the Kxintroduces support for CI+, Opencard,MHEG-5 interactivity.

The final market format includes a verywide range of system implementations:

In CAMs (PCMCIA) that allow anySTB or iDTV receiver fitted with a com-mon interface bay to support KeyFly. TheKx-based CAMs do not require the useof smart cards (even though they couldbe deployed as an option, since it is aCAM chip; indeed, SIDSA has a line ofbusiness for the sale of CAMs for otherCAS providers), with the consequentreduction in the price of the system, in

its deployment on horizontal markets.

Embedded in STBs. The K1 isintegrated in the receivers. Indicated es-pecially for vertical markets or for a verylow-cost STB with conditional access.

Security

Security is the main feature on whichthe KeyFly conditional access system isbased. A smart card based conditional

access system is only as secure as thesecurity of the software in the receiver.The receiver is exposed to anybody whowants to change the software to obtainprotected content illegally. KeyFly 2.0 isbased on the K1 MPEG processor chip,designed and developed entirely by SID-SA. The chip has been designed fromthe experience obtained by SIDSAsengineers in the field of cryptographyand conditional access over the last10 years.

The K1 in the receiver, whether in aCAM or embedded in STB, provides afully protected environment for conditio-nal access software. The K1 has internalFLASH and RAM memory that is protec-ted from illegal access. This means thatto change the software inside the chip,you must have the cryptographic toolsrequired for the system to accept newsoftware; this means that changing thesoftware illegally is almost impossible.

The K1

architecture is such that accessto the internal chip memory is virtuallyimpossible. This feature has been widelytested to ensure a very high level of trustin the chips capacity for protecting theinternal memory from hackers.

Scalability

Scalability is the capacity for adjusting thesystem based on the continuous growth ofclient subscriptions. The basic system con-figuration is limited in the maximum number

of subscribers supported. This limitation isbased on physical limitations of the databa-se system and system performance. Thephysical limitations are the encryptors pro-cessing capacities, the server running allthe KeyFly System software and the serverrunning the Subscriber Manager.

KeyFly is completely scalable and su-pports multiple instances of its elements toimprove performance.

17


18/30

SIDSA


Modularity

KeyFly is modular in that certain functionscan be implemented depending on theclients requirements. If the client requiresminimum functionality, there is no need todeploy all the KeyFly systems modules.

Types of rights

From the point of view of the conditionalaccess system, there are three types of

rights over product consumption:

Subscription. Pay per view (session). Pay as you watch.

There are also two sources for awardingrights: Subscriber Manager (by means ofany of its gateways) or electronic purse or(which is also reloaded from the Subscri-ber Manager). Contents can be watchedsimultaneously using various forms of

consumption as chosen by the channeloperator. For example, content couldbe watched because it forms part of thesubscription or, at the same time, becausethe viewer pays using his purse (i.e. iPPV).

From the users point of view, there arethree types of purchases (which are ca-rried out on the Subscriber Manager):

Subscription to one or more channelsfor a specific period.

Purchase of a number of events of a cer-tain type (e.g. purchase of 10 action films).

Reloading the purse with a certain amount.

When viewing, the viewer can see a chan-nel because:

a) He has a valid subscription.

b) He has events of this type available (hebought 10 films). When he turns to the

channel, he authorises the deduction of 1event of this type.

c) He has sufficient credit in his purse.When he turns to the channel, he authori-ses the charge.

The charges are authorised through aspecific menu.

Subscription

Accordingly, the user can watch the con-tent if he has the right on the date on whichthe content is broadcasted. Subscription isdetermined by an identifier, a start date andan end date. The user pays for the viewingperiod and there is no control over whetherhe views everything or nothing during theterm of validity. Rights for consumption du-ring subscription can only be awarded fromSubscriber Manager or third party BSS.

Once special subscription system is auto-

subscription, in which the main parameteris the term of the subscription. The startdate is set when the consumer uses thecontent for the first time and the end dateis set automatically in accordance withthe term. This special type of right canonly be awarded when the card is issued.This right cannot be sent from an SMS.

Pay per view (session)

In this mode, users can view contentspecified by sessions. Session is the

content viewing unit, e.g. a complete filmor a chapter of a serial. Each viewing unitis marked by an identifier (event-ID). Theuser is charged for the number of viewingunits consumed. The user can changeto another channel and return to the paychannel without being charged again ifthe content corresponds to the one hewas charged for previously. This modeof consumption has maximum dates forconsuming the purchased content.

18


19/30

SIDSA


This mode of consumption has twosubtypes: impulsive and non-impulsive.In the impulsive subtype, the productis contracted from the purse, whichdiscounts the corresponding value. Inthe non-impulsive subtype, a number ofviewing sessions are charged exclusivelyfrom the Subscriber Manager.

The content is not automatically pur-chased simply because the user hascredit. The system asks the user for

express permission to purchase this typeof content. The system asks the userfor permission to watch a purchasedevent or for acquiring the rights for theviewing, charging the cost to the electro-nic purse.

Pay as you watch

In this mode, users can watch an event andpay as they watch it, e.g. if they watch 5minutes, they pay 5 cents and if they watch

10 minutes, they pay 10 cents. The cost ischarged exclusively to the electronic pursewhile the content is being viewed. The con-tent indicates the costs per ECM (time unit)charged to the user.

The content is not automatically purchasedsimply because the user has credit. Thesystem asks the user for express permis-sion to purchase this type of content.

KeyFly business model

development

With its modular structure and particularitiesthat can be performed on Graphite Subs-criber Manager or, in some cases, only ona third party Business Support System, theKeyFly architecture allows the developmentof different business models in accordancewith the type of rights indicated above, butwith interfaces with different means of pay-ment. The following are a few examples (NB:hereinafter, we refer to embedded K1 and

CAM devices as virtual cards):

Completely anonymous users with subs-cription rights or tokens on the virtual cardwith no update.

User who is anonymous with regard tothe operator but who reloads rights with acredit card on a bank gateway.

User who is anonymous with regard tothe operator but who reloads rights using

a mobile telephone. User known by the operator with aclassic subscription, interactive access tocontents via a return channel and charge toa bank account.

KeyFly has a mechanism for awardingrights that is particularly appropriate formanaging requests under low EMMbandwidth requirements and cryptographicprocessing. This provides technological

support for business models based on thePPV purchase of contents, with a shortresponse time between the request andthe right being awarded.

Besides straightforward conditionalaccess support, KeyFly supports theoption for implementing messaging andbartering services without the need fordeploying middleware in the decoders.Users can receive messages and viewthem on their own receivers. Thesemessages are usually sent from the

operator to the end user or to groupsof users.

Product generation system

The products are generated prefera-bly on the CRM and, if the CRM is notavailable, on the SMS. The products areconfigured in order of hierarchy: defi-nition of services, definition of productpatterns, definition of product and defini-tion of offer.

19


20/30

SIDSA

A service is a channel that is to be en-crypted. A product pattern correspondsto a combination of services linked to aright or purse consumption. A productis a refined product pattern with expiryor duration dates. An offer is a productwith a price.

The end clients purchase offers, whe-reas system administrators define thepurchasing conditions and hierarchy thatultimately define a product. This system

affords great flexibility to the creation ofthe commercial terms and conditions fora product.

KeyFly support in the set-top box

KeyFly uses the K1 chip as a securitysupport, embedded in the STB. The K1is the only device that handles the de-cryption, rights and all the cryptographicoperations. It has embedded RAM andFlash, as well as proprietary cryptogra-

phic elements for maximum security. TheSTB manufacturer has no informationabout the procedures that control theencryption of the content.

KeyFly commercial parameters

The typical commercial specificationsare as follows:

Number of providers: 4

Number of subscription rights per

provider: 21

Number of PPV rights per provider: 10

Number of associable rights perstream (service): 30

Number of different rights: 65,536

Number of different events for thesame right: 65,536

These parameters can be adjusted befo-re production.

Central server architecture

As indicated previously, all the manage-ment software uses application serverand web server technology, whichmakes it easy to increase the numberof features and also provide a uniqueinterface for other applications and for

a human interface. The system can becontrolled simply with a web browserwith access to the KeyFly network. Ausername and password system controlsthe operations that can be performed byeach user. The Web communications areprotected by https.

20



21/30

SIDSA

KeyFly 2.0Xtreme FAQ

Conditional access systemspecifications

General

Does KeyFly support smartcards?

Yes, KeyFly 2.0 has a smartcard imple-mentation, but it is not the recommendedmethod. KeyFly 2.0 is based mainly on acryptographic chip, the K1, for the comple-te rights management and the decryption

of protected contents. This is the greatdifference between KeyFly 2.0 and otherconditional access providers.

The K1 is a chip developed by SIDSA withthe following specifications:

Integration of Flash and RAM in the devi-ce. The chip has securitisation mechanismssimilar to those used in smartcards, butalso based on proprietary systems.

Decryption of the transport stream in thedevice, without the need for communica-tion with other devices for transporting thecontrol words.

Integration of cryptographic algorithms inhardware, some of which are proprietary,which prevents their reserve engineering.

Common interface support and supportfor communications with smartcards.

The K1 is supplied embedded in a common

interface module or it can be integrated inthe STB.

When do the client devices have to

be replaced?

Intrusion in the K1 chip is consideredalmost impossible due to its specifications.The K1 is not a generic smartcard device,but rather it has been specifically desig-ned to protect the transport stream. Thecontrol words are protected by proprietary

algorithms implemented directly on thehardware, as well as others implementedin software. SIDSA considers the reverseengineering of the said hardware algori-thms almost impossible: there is no CASsoftware that can be read and ported toanother processor. In addition, part of theHW can be reconfigured by OTA so that,even if the HW was emulated, SIDSAcould change it through OTA on all thedevices deployed.

The latest techniques used in hackingconditional access systems are basedon the publication of the control wordsthat protect the encrypted content overthe Internet. This technique is based onattacking the systems weakest point,which is the communication of the con-trol words between the smartcard andthe STB.

As the STB is not an intrinsically securedevice, it is relatively easy to extract the

algorithms and keys that protect the saidcommunication. Once the communicationin one single device has been broken(note the number of receiver manufac-turers and models), the entire system isseriously compromised. There are spe-cially designed receivers that connect tothe Internet to download these keys andapply them to the transport stream theyreceive. The popularity of ADSL linesmeans that this attack is very viable.

The replacement of the cards does not

solve the problem because to change thealgorithms that protect the communicationwith the smartcard it would be necessary toupdate the receiver firmware, which is notviable as there is no one common modelof machine (as is the case with standardWindows-PC architecture). Replacing thecards could only solve the vulnerable pointsof the card itself. The use of the K1 avoidsthe communication of control words and,therefore, eradicates the main weaknessthat affects all conditional access systems

21


22/30

SIDSA


for smartcard-based broadcast systems.In the hypothetical case of a penetration inthe K1, as there is only one single executionplatform, the complete, continuous OTA up-dating of the conditional access is possibleand makes life very difficult for hackers. Inpractice, this increases the service life of thesystem, avoiding the need for renewing thedevices that have been deployed.

How is the user identified

for purchases?

The system uses the card serial numberas identification for purchasing by any pa-yment channel; however, the card serialnumber can be associated with a mo-bile telephone number so that the SMSpurchase message is shorter. In addition,the same mobile telephone number canbe used as an identifier for purchasesby other payment means. The associa-tion with the mobile telephone numberenables the identification of the device

that is to be reloaded.

Which commercial models are su-

pported? Subscription, PPV...? How

are the products organised?

KeyFly supports the following commercialmodels depending on the Business Su-pport System or Subscriber Manager used.

KeyFly supports PPV (also referred to asordered PPV), i.e. the sending of a GSM-SMS to request access to a content.

The system sends to the user devicean EMM, enabling the decryption of thecontent for him. This method providesexhaustive control over the real audienceof the contents.

In addition, PPV by electronic purse (iPPV)is also supported. This does not require thesending of EMMs for consuming the event,but it does require EMMs to be sent forreloading the purse on the client device.

The subscriber subscription model is alsosupported by KeyFly.

With KeyFly, an offer can group togetherseveral products, which are assigneda price. The prices do not apply to theproducts, but rather to the offers, as anaggregation of products. Discounts or 2x1are configured as offers of various productswith a specific price.

Can different commercial models be

supported on the same channel?

KeyFly is capable of offering the sameevent under subscription and by PPV. It canapply up to three commercial models to thesame event.

How much bandwidth is taken up

by the EMMs? Can I send EMMs to

user groups?

KeyFly allows the sending of rights to client

devices in groups or individually.

The EMMs to one single user have a typicallength of 376 bits, whereas the EMMs sentto a group have a length of 1193 bits. Theuse of one type of routing or another isfully configurable in the system. The criteriafor using one or the other depends on thepopulation to which the right is sent.A group EMM can be sent to 1024 usersdirectly. In this group, each user can bedistinguished individually.

On a scenario with 2 million users, assu-ming a bit rate of 150 Kbps for EMMs bymultiplex and 1 PPV service operating onthe multiplex, assuming that all the rightsare sent by group EMMs:

Number of group EMMs =

22

Numbers UsersxNumber Rights

1024

2000000x1

1024= 1,954=


23/30

SIDSA

KeyFly 2.0XtremeFAQ

Bit rate to be sent:1,954x1,193=2,330,078 bits.Delay time in sending the EMM carousel= 18,640,625/150,000 = 16 seconds.

What effect does the number of

users and channels have on KeyFly?

Is KeyFly scalable?

The number of subscribers does not havea significant effect on the system due to thelow storage requirements per system user.

The number of channels does not have asignificant effect on the size of the system.

What actually determines the size ofthe system is the number of transactionsper second that have to be processed.This is the most critical element of thesystem configuration. The number ofrequests per second also affects theGSM-SMS service provider for the sizeof his system.

Integration in DVB-T headends

Which multiplexers can work

wi th KeyFly?

KeyFly has been approved by the fo-llowing multiplexer manufacturers:

Harmonic, Thomson-Nextream, Tandberg,Scopus, Streamtel, Adtec and, of course,SIDSA itself. It has integration certificateswith Thomson and Tandberg. However,the capacities of the units made by the

aforementioned manufacturers may varysignificantly with regard to the number ofconditional accesses per service, numberof conditional accesses supported andthe dynamic access criteria manage-ment or encryption (scheduling). With allthe abovementioned manufacturers, theSI tables are generated in the multiplexer.

As no proprietary signalling is used in thetransport stream, KeyFly does not requirespecific table generators. On the basis

of previous experience, SIDSA considersthat there should be no integration pro-blems regarding other manufacturers notincluded on the above list.

KeyFly does not need to generate pro-prietary describers in the EIT tables.There are two methods for controllingopen-to-closed transitions and vice versa:

The multiplexers have multiplexerconfiguration scheduling applications,

including whether the programme isencrypted or not and the access criteriathat affects the service. These applica-tions are the multiplexer manufacturersproprietary applications.

The multiplexers implement the exten-sions laid down in Simulcrypt 1.3.1 for anexternal management system to com-mand the access criteria and the open-to-closed transitions and vice versa.

KeyFly does not control open-to-closedtransitions at any time. This is carried outby the Event Information System (in thecase of Simulcrypt) or the multiplexerconfiguration scheduling applications.

KeyFly does not restrict the combinationof PPV events with free broadcast eventsin the multiplexer.

Can KeyFly manage several hea-

dends at the same time?

The KeyFly platform is capable of simul-taneously managing several headends.However, the only interface supportedis the one laid down in Simulcryptv1.3.1. Other interfaces would requirespecific development.

Does KeyFly support distributed

multiplexing?

KeyFly supports distributed multiplexingmodels in such a way that a central

23


24/30

SIDSA

KeyFly 2.0XtremeFAQ

infrastructure can establish commu-

nications with other headends that

operate with provincial, regional or

local cover, as well as a headend at

state level.

In the case of distributed headends, theproposal normally involves the installationof servers with ECMG, CS and EMMGfunctions on the remote headends. This isdue to the following reasons.

The EMM carousel for the local headendis generated on an EMMG that is adja-cent to the local multiplexer. The centralheadend sends the individual EMMs tothe local EMMG without generating thedata carousel itself. This reduces con-nection requirements between the centraland regional headends considerably andmakes the system very robust. A loss ofconnection between the regional headendand a central headend would not mo-mentarily affect users. The EMMs would

continue to be sent normally, although,obviously, new requests could not beprocessed until the communication isrestored. The EMMs from the nationalheadend could be multiplexed with thosegenerated locally.

The ECMs are generated locally, butunder the access conditions laid downby the central headend. In the event ofconnection loss with the local headend,the system could continue to encrypt andchange the control words. To provide

the local ECMG with a service, a cryp-tographic service based on smartcard isincluded (not high-performance co-pro-cessors). The local CS keys are updatedfrom the central CS. The cryptographicoperations for generating the EMMs arecarried out on the central servers.

Although, in principle, a completelycentralised ECM and EMM managementmodel can be used on the central hea-dend, maintaining IP connections with the

local multiplexers, such a model wouldbe highly sensitive to connection lossesbetween both headends and there wouldbe a considerable aggregation of IPtraffic on the central server to support allthe local EMM and ECM carousels. Theproposed solution works well becausethe local headend servers do not haveexcessive performance requirements. Thecommunication between the local andcentral headends is protected by a VPNor an SSH tunnel if the Internet is used.

Is there any limitation to the future

addition of new headends?

KeyFly accepts the possibility of the pro-gressive addition of new headends.

The only requirement is the installation ofa KeyFlyCORE adjacent to the headendmultiplexer and IP connectivity betweenthe said server and the conditional ac-cess management system.

There are no restrictions to the number ofheadends that can be installed.

Can I issue permission without sen-

ding an EMM?

One method for drastically reducingEMM bandwidth and the reception of per-mission without the need for tuning themultiplexer is as follows:

- When the user wants to buy an event,

the STB or iDTV, following instructionsgiven by KeyFly, presents a code the usermust include in the GSM-SMS message,the Internet page or the telephone orderfor purchasing the event.

- In the return SMS message, Internetconfirmation page or when the telephoneorder is confirmed, the user is given a PINnumber which, once entered in a menuon the receiver, activates the purchaseof the requested event. The PIN number

24


25/30

SIDSA


is cryptographically linked to the userdevice serial number and is different foreach event and serial number. There isa limited number of times a PIN numbercan be entered, after which the method isblocked and has to be unblocked by anoperator.

With the above method, EMMs would notbe strictly necessary to activate the rightsand, consequently, event request peaks canbe absorbed. However, user intervention is

necessary. Of course, it would be possibleto combine both methods (PIN and EMM) tocover different types of users.

This method is included in KeyFly 2.0.

Does KeyFly need a specific EPG?

Is it necessary to enter proprietary

information in the tables or generate

proprietary tables?

KeyFly does not have a system for sending

EPG information and does not imposeone. KeyFly does not need to generateproprietary tables or proprietary descri-bers in the EIT tables. The only proprietarydescribers are located in the CAT.

How is the transport stream encrypted?

At transport level, the encryption is perfor-med in DVB-CSA-v1. This task is perfor-med by the multiplexer, with which KeyFlycommunicates using the Simulcrypt proto-col (version 1.3.1) defined by the DVB.

What bitrate overhead applies to the

encryption process?

Encryption overheads.Signalling.CAT: 7 bytes + (4 bytes * numberof providers).PMT: Per encrypted service, 7 bytes.ECM bitrate.

Depends on Simulcrypt parameters. Con-

sumption of 7 kbit/s per service, suppo-sing a repetition period of 250 ms.

What APIs are used to control

KeyFly?

The integration can be performed at KeyFlyManager level or at Subscriber Mana-gerlevel. KeyFly Manager uses an HTTPinterface as an API, on which XML docu-ments are sent with a description of thetransaction that is to be made. The Subs-

criber Manager uses a SOAP interface asan API, where the Subscriber Managerfunctions are offered as web services.

The two APIs use technologies that arewidely used in the computer industry andsupported in the J2EE, .NET or otherprogramming environments. However, bothKeyFly Manager and Subscriber Manage-rare implemented in J2EE.

How do users process registrations

and removals in KeyFly?

The registrations and removals can be ca-rried out by a mobile text message (SMS),a telephone call to a call centre or via anInternet portal. The Graphite CustomerWeb Portal and Graphite SMS Gatewaymodules support the registration and remo-val function over the Internet and by SMS,respectively. For telephone calls, an ope-rator accesses the Graphite SubscriberManager via the Operator Portalto performthe operation required by the user.

Can information be preloaded in

virtual cards (CAM, Kx)?

During the manufacture of client devicesand the phase referred to as personalisa-tion, any additional information that can betransmitted as an EMM can be included.

This includes rights, electronic purse,expiry dates, etc. The only requirement isfor the personalisation phase to be unique.

25


26/30

SIDSA


Subsequently, any updating of this informa-tion would require the sending of an EMM.

What format is used for billing?

The results of the billing queries are deli-vered in XML, which can be transformedinto another format using an XSLT trans-formation to another XML format that canbe used by the entity using the paymentcollection data.

Does the KeyFly management includeuser access profiles?

The implementation of the access profilefunction differs in accordance with eachKeyFly module. In the Graphite SubscriberManager, the administrator can define theoperations that define a profile. For example,the commercial profile can be defined toallow the definition of products, but not ac-cess to the queries or the screens that allowthe processing of a purchase. The profiles

can be fully customised. Of course, varioususers can then be defined with the profile.

Other applications limit access to only thetype of user that is going to access. Forexample, the Customer Web Portal only hasthe end client user type. Other informationthat may require access uses another inter-face or the Subscriber Manager.

How can I supervise and manage

KeyFly?

The CAS platform has web interfaces orremote access available (IP-based proprie-tary interface).

The SAS, CAS, ECMG and EMMGmodules have a specific monitoring andmanagement interface that can be used witha higher hierarchy management system.The protocol used is proprietary protocol.The KeyFly monitor tool enables the con-tinuous monitoring and management ofthese modules.

The Graphite Subscriber Manager, andinterfacing modules are controlled fromthe Tomcat application server manager it-self. There are also applications that checkthe status of these applications and sendan e-mail to report when the applicationshave crashed or generate an error messa-ge. The manager can indicate the requiredlogging level. These logs are stored in aconventional text file.

Support for receivers

Which manufacturers and mo-dels support KeyFly?

KeyFly devices have proven compatibilitywith the majority of the STB and iDTVwith Common Interface in the market.Interoperability with leading IRD ma-nufacturers ensures high-performancehigh-availability professional applica-tions. KeyFly devices support latestbroadcast technologies, such as H.264/

AVC, Dolby digital and High Definition,opening new markets for broadcastersand content providers.

Can KeyFly operate in receivers with MHP?

Yes, as long as the receiver has a com-mon interface bay.

However, the new K2 chip will includeMHEG-5 support, as indicated in theCI+ standard.

Tested receivers include iDTV with MHP(Sony), iDTV without MHP (Panasonic,Sony, Samsung), CI STB without MHPand CI STB with MHP.

How is a receiver certifiedand how long does theprocess take?

Support is provided with the integration.It includes schematics, layout tips andautomatic protocol test suites, which

26


27/30

SIDSA


include a PC programme and transportstreams. Once the automatic test hasbeen passed, the receiver is subjectedto certification tests in our offices.Integration times vary greatly dependingon the resources used by the manufac-turer. Full integration times vary betweenthree weeks and two months.

What does the receiver require tosupport KeyFly?

No special processing requirements aremade of the receiver terminal since all thetransport stream decryption task is perfor-med in the K1, which has all the necessarymemory and CPU.

Can the terminal softwarebe updated?

Traditionally, the updating of terminal (STB)software on a horizontal market is almostimpossible in view of the large number of

models on the market and the fact that theirarchitectural models are not compatible.The terminal software can only be updatedon vertically integrated platforms wherethere are only a few models deployed.

However, in KeyFly, all the client deviceswith K1 support the OTA updating of theinternal firmware. This software is updatedas EMMs sent to the cards. These EMMsare digitally signed and encripted. Byreducing the number of architectures tobe supported, software updating is per-

fectly viable in KeyFly. This is particularlyimportant for the deployment of serviceimprovements and countermeasures.

Can information banners or mes-sages be sent to the user?

On all the KeyFly client devices, it ispossible to present pop-up messagesgenerated by client devices. These pop-upmessages can be sent from the headendand controlled by the operator. The text of

the message is free, but the presentationformat is limited by the receiver specifi-cations (especially those with a commoninterface). This service can be used, forexample, for messaging or chats, as wellas for providing information about specialoffers, etc.

There may be interoperability problemswith the presentation of messages insome (only a few) receivers with a com-mon interface, due exclusively to receiver

limitations. This problem is common to allthe CAMs, regardless of the manufactu-rer.

KeyFly security

How is security implemented inKeyFly CAM?

The K1 has internal flash that provides asecure execution environment. It also hasa keys repository with hardware support

whose content cannot be directly acces-sed by the applications, and standard andhardware-implemented proprietary cryp-tographic co-processors. Each K1 has aunique identifier in a write-protected areathat prevents the cloning of the device.

This set of measures is not only capa-ble of protecting the smartcard commu-nication keys (as in the case of smartcard based CAS), but also allows fullKeyFly support.

The CAMs can be updated by OTA,which allows the deployment of coun-termeasures. KeyFly has a traitor-tracingsystem that determines the origin of thedevice that may have been hacked. Onceidentified, the keys can be changed toexclude the devices that have been identi-fied as compromised. This system can berepeated indefinitely.

Parental control is set on a specific menuthat sets the assigned age above which

27


28/30

SIDSA


an event cannot be seen in the parentalcontrol. Parental control is transmitted inthe ECMs. The parental control configu-ration is changed by a PIN number.

How does KeyFly avoid piracy?

KeyFly security is based on a series ofcryptographic techniques with hardwareand software support. The hardware su-pport (led by the K1) is a differentiating spe-cification offered by SIDSA in its conditional

access. The hardware provides a secureexecution environment that is unbeatable incomparison with those offered by softwaresolutions (which can always be emulated).

KeyFly security is implemented using thefollowing techniques:

1. Tamper-resistant execution means withprotected RAM/flash. The K1 is the firstdevice to decrypt the transport streamdirectly in a secure execution environ-

ment. The flash/RAM embedded in thechip ensures zero user intervention/mo-dification and makes reverse engineeringextremely difficult.

2. Hardware-embedded customised cryp-tographic processes. Besides standardalgorithms, the K1 has its own batch ofhardware-implemented proprietary crypto-graphic algorithms in which the processordoes not have direct access to the keys.

3. Cryptographic implementation with maxi-

mum diversification by device. High-securitykeys. All the K1 chips are diversified toprevent cloning. The length of the keys hasbeen increased to maintain the inviolabilitylevel of the algorithms.

4. Intrusion detection with identification(traitor-tracing). The diversification of thecryptographic devices can be seen in theirexecution profile. This makes it possible toidentify which chips have been attacked andapply specific countermeasures.

5. Constant renewal of cryptographickeys. This makes the cryptanalysis taskeven more difficult due to the short servi-ce life of the keys.

6. Embedded cryptographic softwarerenewal (moving target). This works inconjunction with the previous measure.The idea is not only to resort to armourplating as measure of protection, but alsoto have the system continuously evolvingin its execution environment.

7. Minimum number of possible intrusionchannels. As there are no communicationchannels available for the user (smart-card), the possibility of implementing che-ap illegal decryption solutions is reduced.In any case, as a secure platform, theK1 can process external communicationwith the smartcard without the keysthat protect the communication beingeasily revealed.

All the security, from the processing ofrights and purses to the decryption ofthe transport stream, is processed in onesingle hardware unit.

8. Tamper-resistant headend cryptogra-phic devices. To prevent possible securitybreaches by disloyal headend operators,the headend cryptographic devices alsohave tamper-resistant measures.

Are there any countermeasures?

KeyFly includes the following counter-measures:

1. Key renewal. In the case of intru-sion, the continuous renewal of keyscan adopt a more selective system toeliminate the cards that were originallyused to cryptanalyse the system.

There are 6 key renewal profiles, depen-ding on the compromise between EMMtraffic and security. In the case of intru-

28


29/30

SIDSA

sion, the continuous renewal of keys canadopt a more selective system to elimina-te the cards that were originally used tocryptanalyse the system.

2. Substitution of hardware crypto-graphic algorithms. There are variousproprietary hardware cryptographicalgorithms that can be selected at anytime (K1).

3. Downloading/upgrading of CAS

software with frequent updates andspecific countermeasures. The devicesaccept sw-downloading (as long as itis from appropriately certified sources)that enables the deployment of effectivecountermeasures.

KeyFly is based on the idea that the con-ditional access system must be economi-cally unviable for large-scale hacking. Anextremely limited level of hacking could beviable for hackers with a very high level of

technology who are committed to makinghigh investments, but the popularisationof the pirate version of the system is notpossible under any circumstances.

What is KeyFlys roadmap?

The following are the most signifi-cant elements of SIDSAs conditionalaccess roadmap.

K2, new generation of ASIC for condi-tional access, supporting CI+, MHEG-5

interactivity, Ethernet. It will also includeprice improvements in comparison withK1. It is anticipated for Q3/4 of 2008.

Devices based on K2: CAM, USB-CAM,interactive CAM. Q1/2009.

Support for new business models inKeyFly, PIN-based to reduce EMM band-width. Q2/3 2008.

Integration with different payment platforms


29

and advanced Business Support Systems.


30/30

CAS

CRM

CS

DS

DVB

DVB-ASI

DVB-H

DVB-S

DVB-T

DVD

ECM

ECMG

EMM

EMMG

IP

KeyFly

OTA

SAS

SMS

Conditional Access System

Customer Rights Management

Cryptoserver

Downloading System

Digital Video Broadcasting

DVB Asynchronous Serial Interface

DVB Handheld

DVB Satellite

DVB Terrestrial

Digital Versatile Disk

Entitlement Control Management

ECM Generator

Entitlement Message Management

EMM Generator

Internet Protocol

SIDSA product. CAS system

Over The Air. Mechanism to upload newfirmware versions

Subscriber Authorization System

Subscriber Management System

30

Glossary

Documents

MPKF-WP-08002v1.7 KeyFly 2.0 White Paper English