Q. Xie et al.
: A Smart-Card-based Conditional Access Subsystem Separation Scheme for Digital TV Broadcasting
A Smart-Card-based Conditional Access Subsystem Separation
Scheme for Digital TV Broadcasting
Qiang Xie, Student Member, IEEE, Shibao Zheng, Member, IEEE, and Xiaojing Yu
Abstract — In this paper we present a smart-card-based
conditional access subsystem (CASS) separation scheme at the
digital TV broadcasting receiving end. Following the
proposed scheme, different conditional access (CA) systems
can operate concurrently in one digital TV broadcasting
network using a common receiving platform which is
independent of any specific CA system. The digital TV
program subscriber needs only to change the corresponding
CA smart card to view pay TV programs which are scrambled
by different CA systems. The main points of the proposed
scheme and its reference implementation are presented in this
paper. The reference implementation has been developed to
verify the feasibility of the proposed scheme in practical
broadcasting environment. The system architecture and the
constituent logical function modules of this reference
implementation, especially the part in STB, have been
described in detail to better illustrate the working principle of
this scheme. Compared to PC-card-based or other smart-
card-based common interface schemes, the proposed one is
much more cost performance efficient, succincter and easier
to be accepted by CA system providers. This scheme is also
one of the candidate standards for Chinese digital TV
broadcasting1.
Index Terms — Digital TV broadcasting, conditional access
subsystem, set-top box, smart card interface.
I. INTRODUCTION
With the introduction of digital TV broadcasting, either
over air or through cable, digital TV service providers (TV
operator) can deliver their programs directly to the subscribers
bandwidth-efficiently. Most technical components of digital
TV broadcasting have been standardized by various
standardization organizations. For digital TV programs source
coding, there are MPEG-2 [1] and MPEG-4 [2] series
standards. As for the aspects related to digital TV programs
transmission, there are DVB [3], ATSC [4] and ISDB [5]
series standards. In order to control the subscribers’ access to
these standardized digital TV programs to make sure that only
those authorized ones who have paid the corresponding fees
1
This work was supported by the Ministry of Information Industry of P. R.
China under Grant No. 200442.
Qiang Xie is with the Institute of Image Communication and Information
Processing, Shanghai Jiao Tong University, Shanghai 200030, P. R. China (e-
mail: qxie@sjtu.edu.cn, qxie@cdtv.org.cn).
Shibao Zheng is with the Institute of Image Communication and
Information Processing, Shanghai Jiao Tong University, Shanghai 200030, P.
R. China (e-mail: sbzh@sjtu.edu.cn).
Xiaojing Yu is with the Institute of Image Communication and
Information Processing, Shanghai Jiao Tong University, Shanghai 200030, P.
R. China (e-mail: yuxiaojing2001@sjtu.edu.cn).
Contributed Paper
Manuscript received June 30, 2005 0098 3063/05/$20.00 © 2005 IEEE
925
can receive and decode these programs, mainly for commercial
reasons, the technique of conditional access (CA) is created to
reach this purpose and it has a long evolution history [6]. Due
to the considerations of commercial profits and security, most
current commercially available CA systems have not been
standardized and they are not compatible to each other at the
broadcasting receiving end. Thus, CA system is at the
technique core of the whole pay TV business [7].
Most CASSs at the receiving end can be classified into two
types according to the different locations of the interface
between STB and CA security module as indicated in Fig. 1.
When this interface is located at I2, which is the case for most
deployed CA systems in China, the whole CASS consists of two
parts: CASS buried part in STB and CASS detachable part in
security module. Most such kind of CASSs use 8-bit smart card
as the security module because it is cheap and its security
mechanism is mature. The CASS buried part in STB often
provides necessary supports needed by the CASS detachable
part in smart card, such as operating system functions, MPEG
transport stream (TS) or packetized elementary stream (PES)
demultiplexing, descrambling, on screen display (OSD),
possible return channel support through modem and etc. The
CASS detachable part in smart card usually contains the
proprietary cryptographic algorithms, authentication and binding
algorithms between STB and smart card, customer personnel
distribution key, customer entitlement files, consuming history
files and etc [8]. Because for such kind of CASSs there are
proprietary components which belong to the CA system provider
in STB, the STB is bound with the smart card provided by one
specific CA system provider. Both parts must work together in
order to correctly deliver conditional access related functions in
STB. The STB manufacturer has to firstly bid the order form of
STB from one TV operator, then pay the license fee for using
the CASS is his STB and sign a non-disclosure agreement (NDA)
with the CA system provider in order to make his STB products
can receive and decode the pay TV programs scrambled by this
CA system. Because different CASSs are not compatible with
each other, service providers have to provide STBs directly to
their subscribers in order to deliver their scrambled pay TV
programs. Such kind of STBs are tailored to one specific service
provider, especially to the CA system employed by this service
provider [9]. If the subscriber wants to receive and decode TV
programs scrambled by different CA systems, he/she has to
purchase additional corresponding STB. Due to the limited
number of digital TV programs subscribers in one district, one
STB often has to produce one kind of STBs which are bound
with one CA system at the scale of several ten thousands. The
obvious lose of commercial scale combined with the expensive
926
license fee for one CASS make such kind of STBs quite
expensive, especially for China which is a developing country.
The public are reluctant to buy such kind of STBs, as a
consequence, in order to start digital TV broadcasting one local
district TV operator has to provide STBs to their subscribers
free of charge. It needs a long time to reach the profitable point
for service providers using this kind of STBs. A malign cycle is
created between the service provider, CA system provider, STB
manufacturer and subscriber. The whole business chain of the
digital TV broadcasting is jammed which prevents the Chinese
government efficiently realizing the whole transformation from
analog to digital TV broadcasting. Considering the tremendous
market for digital TV broadcasting in China and the current
economic status of the country, the Chinese government decides
to push the standardization of CASS separation which can make
STB or digital TV receiver become a common platform
independent of any specific CA system. To reach the target of
CASS separation at an acceptable cost is the underlying
momentum for the proposed smart-card-based CASS separation
scheme presented in this paper.
Video
Tuner &
Demultiplexer Decoder & II. EXISTING CASS SEPARATION SCHEMES
Demodulator
Audio
I1
Descrambler
CASS buried
part in STB STB
I2
CASS
detachable part
in secruity
module
CASS
Fig. 1 Possible locations for the interface between STB and CA
security module.
One way to break the constraints suffering the whole digital
TV broadcasting business chain is to locate the interface
between STB and CASS security module at I1 and makeI1 be
a common interface. For this kind of CASS, the security
module used to contain the CASS detachable part is often PC
card using PCMCIA physical interface [10] to connect to STB.
The whole CASS combined with one demultiplexer,
descrambler and multiplexer is integrated into one PC card. In
order to ensure the security of CASS in the PC card, an
optional smart card is used to work together with this PC card.
Although this kind of CASSs can make STB be a common
receiving platform compatible with different CA systems, the
high cost of the security module combined with the expensive
fee for CASS make such CASS separation scheme unsuitable
for China. In addition, there are hardware duplications in the
security module, such as the demultiplexer, descrambler and
multiplexer for which have already been embedded in most
commercially available STB decoder chip. And using this kind
IEEE Transactions on Consumer Electronics, Vol. 51, No. 3, AUGUST 2005
CASSs, a content protection mechanism must be devised to
protect the descrambled program transported over the common
interface. However, at present such content protection
mechanism is far from mature.
In order to realize just using one common receiving
platform which is independent of any specific CA system to
receive and decode the pay TV programs scrambled by
different CA systems, the proposed smart-card-based CASS
separation scheme tries to strike a good balance between the
cost and the implementation complexity both for STB and
smart card.
This paper is organized as follows. In Section II, we present
various existing CASS separation schemes and their
advantages and shortcomings. In Section III, We introduce the
main points of our proposed smart-card-based CASS
separation scheme. In Section IV, the experimental reference
implementation of this scheme, especially the STB part which
is a common software package for all kinds of STBs using
different CASSs is presented to better illustrate the working
principle of the proposed scheme. We give our discussions and
conclusions in Section V.
The effort to realize a common receiving platform which is
independent of any specific CA system has experienced a long
history. Schemes adopting various kinds of technique have
been proposed and some have been standardized.
DVB project has realized the deleterious results caused by
the compatibility problem between different CA systems at the
receiving end and has proposed two methods to reach CASS
separation target, including Simulcrypt and Multicrypt [11],
[12]. Using Simulcrypt method, different CA systems can exist
concurrently in one broadcasting head-end with one common
receiving platform. The distinctive characteristic for
Simulcrypt is that all CA systems in one broadcasting network
share the same scrambling key and use the common
scrambling algorithm (CSA) [13] specified by DVB. To
realize Simulcrypt, a common interface and common
scrambler module are needed at the head-end between
different CA systems. It is not a easy task to reach such an
agreement, mainly due to the commercial and technical
reasons. And in the perspective of system security, the whole
broadcasting network’s security level is aligned with the
weakest secure CA system deployed in this network [14].
Another negative effect caused by Simulcrypt is that the
bandwidth used to transport CA messages for all deployed CA
systems is greatly increased compared to the case for one using
CA system. The advantage of Simulcrypt is that the subscriber
can only use one cheap CA smart card to view pay TV
programs scrambled by different CA systems.
Because of the shortcomings stated above for using
Simulcrypt, the Multicrypt method was proposed to allow
different CA systems to scramble the pay TV programs
independently and exist concurrently at the head-end. At the
receiving end, different CASS resides in the security module
Q. Xie et al.: A Smart-Card-based Conditional Access Subsystem Separation Scheme for Digital TV Broadcasting
as a whole and the interface between STB and security module
is located at I1 as a common interface. There are many
standards which have defined the interface of I1 shown in Fig.
1 as common interface, such as DVB-CI [15], DAVIC CA0
[16] and NRSS-B [17]. There is also a special one, DAVIC
CA1 [16], which locates the interface at I2 and makes it a
common interface. However, in DAVIC CA1, detailed
specifications on how to implement the common interface
using smart card have been stipulated, even the file system and
security mechanism in smart card have been stipulated. Due to
the consideration of intelligence property and security of the
CASS detachable part in smart card, most CA system
providers are reluctant to accept this specification.
Currently, there are three schemes have been proposed in
China to realize the target of CASS separation. Two of them
use DVB-CI based on PCMCIA and USB 2.0 [18] physical
interface to connect to STB, respectively. The third one is our
proposed smart-card-based scheme. The two schemes using
DVB-CI based on different physical interface basically have
no much innovation because DVB-CI was designed to be able
to support any physical interface between the receiving
platform (called host in DVB-CI) and the CA security module.
People who proposed to use DVB-CI plan to manufacture the
CA security module in China by themselves in order to reduce
the cost. However, the license fees for using DVB-CI, PCMCI
and USB 2.0 standards are not cheap and must be included in
the final price of the CA security module. In addition, most
current STBs in China are designed to receive standard
definition TV (SDTV) as the intermediate between analog to
digital TV broadcasting, these STBs have quite simple
functions in order to reduce the price. For this kind of STBs
there are often no PCMCIA or USB 2.0 slots in STB. There is
only smart card slot has been equipped because most current
commercially available STB decoder chips have embedded the
ISO/IEC 7816-3 [19] smart card interface I/O ports. In order
to use these two DVB-CI-based schemes, all sold STBs have
to be discarded and new type of STBs equipped with PCMCIA
or USB 2.0 slot have to be designed. All these factors will
surely increase the whole cost of one receiving platform and
this will be a great burden for the local TV operator. It is not
much suitable for the Chinese government to realize the whole
transformation from analog to digital TV broadcasting.
Because of the low cost of smart card as security module,
there are many smart-card-based CASS separation schemes
which have been proposed, such as those proposed in [8] and
DAVIC CA1. We have already noted the reasons why DAVIC
CA1 has not been widely accepted by CA system providers. As
for the scheme proposed in [8], the authors suggest to implement
the whole CASS in one smart card using high-performance 32-
bit RISC CPU. A common downloadable CA module (DCCAM)
has to be included both in smart card and STB. This scheme has
several commercial and technical shortcomings which make it a
quite unpractical proposition. First, most current RISC CPUs are
not designed for security purpose, which means they have not
equipped with a cryptographic coprocessor to assist the
927
computation intensive operations related to encryption and
decryption. Some CA messages, such as entitlement control
message (ECM) and entitlement management message (EMM)
have real-time requirement. To satisfy this requirement, most
current CASSs employ 8-bit smart card equipped with a
hardware cryptographic coprocessor to assist these operations. If
we use specific 32-bit RSIC CPU equipped with cryptographic
coprocessor, the cost of the whole security module will greatly
increase. In addition, using 32-bit RSIC CPU means the CA
system providers have to re-implement the whole CASS which
formerly running on 8-bit CPU and surely it is not an easy task.
Second, middleware has not been standardized and widely used
in China, as a direct consequence, most STBs cannot support
platform-independent codes, such as codes written in Java.
Without middleware, all codes must be written in native
language, such as C, C++ or assembly language, and these codes
must be compiled and linked as a whole before chipping STBs
to market. Obviously, DCCAM and any such kind of schemes
using downloading are unrealistic. Third, due to the intelligence
property and security considerations, most CA system providers
are reluctant to accept any common module, like DCCAM in [8],
to be included in their proprietary smart card. Because of the
same reason, DAVIC CA1 has not been accepted widely.
Thus, any new smart-card-based CASS separation scheme
must satisfy some premises in order to be accepted by the CA
system providers, STB manufacturers and digital TV service
providers. These premises include a) CASS separation scheme
will not reduce the security level at the receiving end compared
to those using previous proprietary CASSs; b) such scheme will
not require any change at the broadcasting head-end in order to
protect the service provider’s investment on infrastructure; c)
such scheme will be common enough to accommodate most
existing CA systems; d) such scheme will not stipulate any
implementation details on how to implement the proprietary
CASS part in smart card; e) such scheme will be able to use
cheap 8-bit smart card as the security module to achieving both
low cost and high interoperability. The proposed scheme is this
paper was designed with these premises in mind.
III. PROPOSED SMART-CARD-BASED SCHEME
The proposed smart-card-based CASS separation scheme
locates the interface between STB and security module at I2.
Fig. 2 illustrates the reference model for this scheme from the
perspective of the data streaming path. As shown in Fig. 2, at
the receiving end, the whole previously proprietary CASS is
separated into tow parts. The common part for all CA systems
resides in STB to provide necessary data and common
supports needed by the proprietary part in smart card. Both
parts work together through the smart card interface to provide
various CA related functions. The interaction protocols
between the common part and the proprietary part are
stipulated in the proposed scheme and will be standardized as
a standard.
928
RF signal
Tuner and
Demodulator
TS out
TS in TS in
PES
Demuxer Descrambler
CA Status Word Control Word
Messages Separation
Filter
Smart Card
CA Messages
Fig. 2 Reference model for the proposed smart-card-based CASS
separation scheme.
The whole scheme is designed following the ISO OSI [20]
layered protocol model in order to keep its extendibility for
future expanded functions. Considering that most STBs have
only equipped with only one smart card slot, there is on
session layer in this scheme compared to DVB-CI to reduce
the implementation complexity.
All application layer data are defined as data objects which
are coded by means of general Tag-Length-Value (TLV)
coding rule derived from that used to code ASN.1 syntax [21].
By doing so, the coding for future expanded data objects is in
no problem. All these data objects are contained in the
data_field of the application protocol data unit (APDU)
commands and the corresponding responses as stipulated in
ISO/IEC 7816-4 [22]. These APDUs are passed directly into
the data link layer (using ISO/IEC 7816-3 T=1 transmission
protocol) or transport layer (using ISO/IEC 7816-3 T=0
transmission protocol). There are only five APDU commands
have been defined in the proposed scheme for the purpose of
CASS separation related protocol interactions in order to
simplify the implementation complexity. These APDU include
Get_data_more, Get_data_last, Put_data_more, Put_data_last,
Get_response. For implementation simplicity and the support
for smart card using small transmission buffer, all these APDU
commands and corresponding responses are designed to be
able to support data object partitioning and combining. Each
APDU commands and corresponding responses are
transported in transport protocol data unit (TPDU) using
different transmission protocol, such as T=0 or T=1 in this
scheme. Each TPDU is stipulated not to exceed 255 bytes in
order to simplify the implementation of transmission driver
program and it is reasonable because most CA messages are
short messages not longer than 255 bytes. Get_data_more and
Get_data_last are used to inquire and retrieve one or more data
objects from smart card. Get_data_more is used to inform
smart card that there are still more data needed to be
transported until receiving Get_data_last before starting
processing the transported data objects. Put_data_more and
Put_data_last are used to send one or more data objects to
smart card for corresponding process, such as data encryption
and decryption, data storage and etc. Put_data_more is used to
IEEE Transactions on Consumer Electronics, Vol. 51, No. 3, AUGUST 2005
inform smart card that there are still more data needed to be
transported until receiving Put_data_last before starting
To/from STB
System processing of the transported data objects. Get_response is
Program
used to retrieve the response from smart card when smart card
needs long time to process the data object sent by STB and the
process time has exceeded the interaction time-limit stipulated
in ISO/IEC 7816-3. Another case when STB needs
Get_response is when there are several parts of data needed to
CA
be retrieved because each TPDU should not exceed 255 bytes.
Control It should be emphasized that all protocol interactions between
STB
STB and smart card have to use Request and Answer pair
ISO/IEC 7816-3 because smart card is always passive and cannot start a
smart card interface
protocol interaction first as stipulated in ISO/IEC 7816-4. Fig.
3 illustrates one example of the data exchange course using the
APDU commands and responses defined in this scheme.
STB Smart Card
Put_data_last(data) Request
Processing time
is longer than the
ISO/IEC 7816-3
Get_response()
Request specification
SW2 = 0
Answer
Get_data_last(data) Request
SW2 != 0
Answer
Request
Get_response()
SW2 != 0
Answer
Get_response()
Request
Answer
SW2 = 0
Fig. 3 Example of the data exchange course between STB and smart
card.
There are mainly four types of data objects in the
application layer defined to support the protocol interactions
between STB and smart card in order to support the necessary
CA functions and other value-added applications provided by
various CA system providers.
The first kind of data objects are related to the security
mechanism between STB and smart card. Because this scheme
is designed to be a candidate standard for Chinese digital TV
broadcasting, it will be open and available to the public. The
detailed protocol interactions will be open to the public and
this will endanger the security of the whole CASS at the
receiving end. Because previous proprietary CASSs do not
open such protocol interactions to the public, obviously the
vulnerability to malicious attack is less than the proposed
scheme. In order to reach the aim of using the proposed
scheme as a standard and in the meantime ensure the security
level will not be reduced compared to the previous proprietary
CASS, a common security mechanism is stipulated between
Q. Xie et al.: A Smart-Card-based Conditional Access Subsystem Separation Scheme for Digital TV Broadcasting
STB and smart card. We should make sure that STB can
identify the legitimacy of the smart card inserted into its smart
card slot. Because the open of the protocol interactions the
possibility for the data transported over the smart card
interface being intercepted and duplicated will greatly increase.
Thus, the common security mechanism is designed to include
two parts: a bilateral authentication and a buildup of safe
communication channel between STB and smart card. The
bilateral authentication protocol is used to make sure that only
legitimate STB or smart card can proceed with further protocol
interactions with the other side. A safe communication channel
(safe channel) between STB and smart card is needed because
some data objects deemed by the CA service providers being
security sensitive should be encrypted before the transmission
over the smart card interface. Malicious attackers will try to
intercept or modify these data objects, thus a transmission
session key is negotiated and exchanged between STB and
smart card. Whether the data objects transported over the
smart card interface are encrypted or in plain text can be
identified from the CLA_field of the APDU commands and
SW2_filed of the corresponding response. A unified algorithm
has been designed in the proposed scheme to realize the whole
security mechanism which combines the authentication and
safe channel buildup process together. This algorithm is
carefully designed to be a unbalanced and light-weight one
which is suitable for the resource-constrained 8-bit smart card
and computation-power-limited normal STB decoder chip. It is
designed to be able to proof the receiving end from the
following attacks: attacks of Oracle type, Replay attack,
attacks of Sign type, Substitution attack and Partial Chosen
Key attack [23].
up to 16 bytes
be filtered
offset
table_id rsvrd
section_
length
byte
0
byte
1 ... CA_data_byte (max. 253 bytes)
section header
(3 bytes)
section payload (max. 253 bytes)
Fig. 4 The unified filtering filed of CA messages.
The second type of data objects are related to the unified
CA message filtering mechanism. Thanks to a series of
international standards which have been adopted by digital TV
broadcasting, we can stipulated a unified CA message filtering
mechanism in the proposed scheme which can accommodate
various CA systems. MPEG-2 part 1[1] has stipulated how the
private data other than video and audio data bits and other
necessary standardized tables being multiplexed in MEPG TS
or PES through private_section. DVB-CA [24] also describes
the minimum set of common CA elements necessary to
achieve the interoperability between different CA systems.
With these standards, the proposed scheme stipulates a unified
filtering filed in CA message and the filtering conditions. This
unified filtering field is shown in Fig. 4. STB also needs to
acquire the conditional access table (CAT) and program map
table (PMT) in order to extract the CA_system_ID and
929
CA_PID from the CA_descriptor for the currenttly playing
scrambled pay TV program. Some CA systems may define the
CA_descriptor in their own way, thus CAT and PMT can be
sent to smart card as required, otherwise parsed by STB itself.
The most often used CA messages are ECM and EMM. When
ECM has been filtered out in STB and sent to smart card for
processing, odd or even CW is expected to be returned to STB
to set the descrambler. When some reasons cause CW cannot
be returned as expected, a Status word is defined to be
returned by smart card to indicate the corresponding reason.
These reasons include district blackout, no entitlement for the
current playing program, parent rate protection and etc. When
EMM or other kind of CA messages has been filtered out and
sent to smart card, necessary indication can be returned to STB
when smart card needs to interact with the viewer. These
indications is realized through high-level man machine
interface (MMI) data objects as in DVB-CI, including text,
enquiry, answer, menu and menu_ans.
The third kind of data objects are related to the smart card
properties and various value-added applications provided by
CA system providers. The data objects defined as the smart
card properties are for the convenience smart card’s
distribution and management. The multifold value-added
applications provided by different CA systems decide the data
objects related to these aspects are the most extendable part in
the proposed scheme. The typical value-added applications are
unidirectional e-mail and short message, weather forecast and
etc. Most of these data objects are defined using MMI data
objects for the universality of these data objects for different
CA system providers. The display style and format are decided
by the STB.
The fourth kind of data objects is used for the possible
return channel supports between STB and the broadcasting
head-end either using telephone lime modem or cable modem.
Due to most STBs have not equipped with such modems, these
data objects are not urgent for definition and have not been
fully defined.
IV. REFERENCE IMPLEMENTATION
In order to verify the feasibility of the proposed scheme in
real broadcasting environment, we has developed a reference
implementation of this scheme in STB to cooperate with the
smart card compliant with this scheme which is provided by
our cooperating CA system providers. The part in STB of this
scheme is implemented as a common software package and we
call it the common CA package (CCAP). Because this scheme
is designed to have no detailed specification on how CA
system providers to implement the part in smart card, we will
only present the system architecture and the logical function
modules of CCAP. We hope it can help the readers to better
understand the working principle of the proposed smart-card-
based CASS separation scheme.
930
STB Applications
Common Conditional Access Package (CCAP)
API Layer
CA Messages
Communication Descrambling
Safety Module Filtering
Module Module
Module
Porting Layer
STB OS and Device Driver
Tuner Demuxer Descrambler ISO/IEC 7816 Interface
Smart Card Hardware
Smart Card OS
CCAP
Coupled Proprietary CA
Fucntions Kernel
Fig. 5 System architecture of the reference implementation of the
proposed scheme, including the common CCAP in STB and the
cooperative smart card.
A. System Architecture
Following the reference model shown in Fig. 1 and the
protocol interactions stipulated in the proposed scheme, the
previous proprietary CASS can be separated into two parts: the
common part in STB and the proprietary part in smart card.
The common part in STB can be realized as a software
package (CCAP in our reference implementation) which has
no hardware modification requirement for most currently
available STBs. STB is only need to include CCAP in its
system program to become a common receiving platform
which is independent of any specific CA system. We will only
describe the common part in STB and the approximate
location of its corresponding functions in smart card. How the
CA system providers implement these corresponding functions
are decided by the CA system provider themselves.
CCAP provides necessary security mechanism and common
functions needed by CASS separation, such MEPG TS
demultiplexing, CA message filtering, OSD and interactions
between CASS and the viewer in front of the screen. The
interfaces of CCAP to outer environment, including the
necessary supports from STB hardware and operating system
and various functions provided to STB applications, can be
standardized as application program interface (API) functions
in two layers: App Layer and Porting Layer. All underlying
supports needed by CCAP to correctly work are defined in the
Porting Layer. The functions related to conditional access and
other value-added applications are define in the App Layer.
CCAP is located above the STB operating system (OS) and
device driver but under the STB applications. Fig. 5 outlines
the system architecture of CCAP and its logical function
modules. We can also clearly see the locations of App Layer
and Porting Layer. With the standardized APIs, the STB
manufacturers can follow the same developing flow just like
using the previous proprietary CASS. This will help the STB
manufacturers ship their STBs to market to cater for the
customer’s volatile needs as quickly as possible.
IEEE Transactions on Consumer Electronics, Vol. 51, No. 3, AUGUST 2005
Data and Commands
from/to STB Applications
EPG API Layer
Control CA Messages Filtering Module
Module
Authentication
Control Module Other CA
Submodule EMM EMM
Messages
Filtering Filtering
Filtering Porting
Layer
OSD Vid. & Aud. Decoder
Safe Channel
Communication Module
STB Submodule
Smart
Card
CA Smart Card
Fig. 6 The logical constituent function modules of CCAP and the
connections between themselves and the outer environment.
B. Logical Constituent Function Modules of CCAP
In order to streamline the development of the reference
implementation and better illustrate the working principle of
the proposed scheme, we can separate CCAP into several
logical function modules. Fig. 6 outlines these function
modules and the connections between themselves and the outer
environment.
In order to communicate with various kinds of CA smart
card which may use different transmission protocol (such as
T=0 or T=1) and communication baud rate, CCAP utilize the
so called Communication Module to deal with all aspects
related to data exchange between STB and smart card to
ensure the compatibility with ISO/IEC 7816-3 and ISO/IEC
7816-4. Other function modules can utilize the transportation
functions provided by the Communication Module to interact
with smart card while have not to know any communication
details.
The bilateral authentication and the buildup of a safe channel
between STB and smart card are realized by the Safety Module.
Because the authentication steps are only needed to be
executed once when smart card is inserted into the smart card
slot, while the safe channel has to be sustained through the
whole working phase of CCAP, the Safety Module is thus
separated into two submodules: Authentication Submodule and
Safe Channel Submodule as shown in Fig. 6. Safe Channel
Submodule provides functions to encrypt or decrypt data
objects before they are transported over the smart card
interface.
One important function of CCAP is to filter out various kinds
of CA messages according to filtering conditions given by the
smart card. The CA Messages Filtering Module is in charge of
CA messages filtering and the corresponding processing.
Different CA messages have different importance and real-
time requirement. ECM has the most stringent real-time
requirement because it contains the CW which is used to
descramble the current playing scrambled TV program. ECM
must be filtered out and sent to smart in good time in order to
Q. Xie et al.: A Smart-Card-based Conditional Access Subsystem Separation Scheme for Digital TV Broadcasting
get the right CW to correctly set the descrambler. ECM change
periodically and in one period it repeated at a quite high
frequency, thus version control is needed for ECM filtering in
order to avoid duplicated ECMs being sent smart card to get
the same CW. By doing so, the transportation and computation
burden of smart card are effectively reduced. EMM has no
such stringent real time requirement. In order to shorten the
waiting time to play pay TV programs, EMMs need to be
buffered in STB’s nonvolatile memory (NVM). This storage
space for EMMs and other kinds of CA messages is reserved
as required by different CA systems. When other CA messages
have been filtered out, MMI data objects are used by smart
card to interact with the viewer. Because there is only one
smart card slot in STB, ECM has the highest priority to use the
smart card interface, while EMM has the second highest
priority.
Control Module provides interaction interfaces for CCAP to
communicate with STB application programs and the viewer.
It receives data and commands from STB through API
functions defined in App Layer and then dictates and
harmonizes operations in other function modules in order to
provide the required functions. The Control Module is also in
charge of the execution decision of the whole CCAP. For
example, when the Authentication Submodule reports that
STB or smart card has not passed the legitimacy authentication,
further protocol interactions will be suspended by Control
Module and it also gives indications to the viewer to check the
smart card or STB if he wants to view scrambled pay TV
programs.
V. CONCLUSIONS AND DISCUSSIONS
We present a smart-card-based CASS separation scheme
and its reference implementation in this paper to realize the
target of making STB or digital TV receiver be a common
receiving platform which is independent of any specific CA
system at a quite low cost. With the proposed scheme, no
hardware modification is needed for STB. The only
requirement is an inclusion of a common CA software package
like CCAP in the system program of STB to make it is CASS
separated. The CASS proprietary part in smart card is under
the whole control by CA system providers. CA system
providers have enough innovation space for their CA smart
card. Thus, the proposed scheme realize the CASS separation
target cost performance efficiently, in the meantime protects
the intelligence property and the characteristics of different
CA systems.
As indicated in [8], there are many benefits for parties
related to digital TV broadcasting to adopt a smart-card-based
CASS separation scheme.
For the STB manufacturers they can easily change their
current mature STB products into a common receiving
platform which is compatible to any CA system without any
hardware modification. The development flow of the inclusion
of CCAP in the STB system program is quite simple. Using
CCAP, there will be no need to pay license fees to CA system
931
providers in order to make STB be compatible with various
CA systems. Thus, the necessary cost of STB is greatly
reduced compared to DVB-CI-based schemes.
For the digital TV service providers, they can freely choose
any CA system to scramble their pay TV programs. They can
switch from one CA system to another when needed. The local
district TV operator is in no need of trans-control for the
distribution of programs provided by other TV operators
which may scrambled by different CA system. The most
important benefit is that TV operators are in no need to
directly provide STBs free of charge to subscribers. The
subscribers can purchase their favorite STB product from
home appliance stores at an acceptable price. It greatly reduces
the business risk for local district TV operators to start digital
TV broadcasting without the burden of STB.
For the public, they can choose their favorite STB from
home appliance stores according to their entertainment
requirements and home budget, while in the time before CASS
separation they have to accept the STBs provided by the local
district TV operator which may not satisfy the need of them.
For those lived in undeveloped areas, they can afford such
kind of cheap STBs which are the cheapest one among all the
three proposed schemes. If they cannot afford pay TV
programs, they can view free programs only with this CA-
system-ready STB. At any time when they could afford pay
TV programs, they could buy a CA smart card from the local
TV operator. Both of the STB and corresponding CA smart
card are the lowest cost solutions for CASS separation. It is
extremely suitable for China as a developing country to realize
the whole transformation from analog to digital TV
broadcasting.
Currently, the experimental reference implementation of the
smart-card-based CASS separation scheme is in its final
development stage. The following on-line field test for this
scheme will be conducted in two cities of China. At present,
the compatibility test set is under development to prepare for
the standardization of this scheme. The smart-card-based
CASS separation series standards will be available in a not far
future.
ACKNOWLEDGMENT
The authors would like to express their gratitude to Jianghai
Yuan, Hongguang Zhang, Dong Wei, Bing Zhu and Le You
for their work in the development of this smart-card-based
CASS separation scheme and its standardization. They also
provide beneficial discussions in writing this paper.
The constructive suggestions from the anonymous reviewers
are gratefully acknowledged.
REFERENCES
[1] ISO/IEC 13818-1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11: Information technology –
Generic coding of moving pictures and associated audio information,
International Organization for Standardization, 1996-2004.
[2] ISO/IEC 14496 -1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19: Information technology – Coding of audio-visual objects,
International Organization for Standardization, 2001-2005.
932
[3] U. Reimers, Digital Video Broadcasting (DVB) – The International
Standard for Digital Television, Springer, 1998.
[4] J. Whitaker, DTV Handbook: The Revolution In Digital Video, 3rd Ed.,
McGraw-Hill, 2001.
[5] T. Yoshimura, N. Kawai, E. Nakasu and T. Isobe, “Integrate services
digital broadcasting (ISDB),” Int. Broadcasting Convention, IBC 1992,
pp. 350-354, Jul. 1992.
[6] B. M. Macq and J. J. Quisquater, “Cryptology for digital TV
broadcasting,” IEEE Proc. IEEE, vol. 83, no. 6, pp. 944-957, Jun. 1995.
[7] W. G. P. Mooij, “Conditional access systems for digital television,” Int.
Broad. Con., IBC 1994, pp. 489-491, Sep. 1994.
[8] M. Zheng and S. Zheng, “A common smart-card-based conditional
access system for digital set-top box,” IEEE Trans. Cons. Elec., vo. 50,
no. 2, pp. 601-605, May 2004.
[9] F. Kamperman and B. V. Rijinsoever, “Conditional access system
interoperability through software downloading,” IEEE Trans. Cons.
Elec., vol. 47, no. 1, pp. 47-54, Feb. 2001.
[10] PCMCIA, PC Card Standard Release 8.0, Personal Computer Memory
Card International Association (PCMCIA), Apr. 2001.
[11] D. J. Cutts, “DVB conditional access,” Elec. Comm. Eng. Jour., pp. 21-
27, Feb. 1997.
[12] G. M. Murry, “Interoperability in digital broadcasting systems,” IEE
Colloq. Dig. Tele. – Where Is It and Where Is It Going? (Ref. No.
1999/072) pp. 6/1-6/7, Mar. 1999.
[13] DVB Blue Book A011, Digital Video Broadcating (DVB) – DVB
Common Scrambling Distribution Agreements, Digital Video
Broadcating (DVB) Project, Jun. 1996.
[14] J. L. Giachetti, V. Lenoir, A. Codet, D. Cutts and J. Sager, “A common
conditional access interface for digital video broadcasting decoders,”
IEEE Tran. Cons. Elec., vol. 41, no. 4, pp. 836-841, Aug. 1995.
[15] CENELEC En 50221, Common Interface for Conditional Access and
other Digital Video Decoder Applications, Comité Européen de
Normalisation Électrotechnique CENELEC, Feb. 1887.
[16] Digital Audio-Visual Council (DAVIC), DAVIC 1.4 Specifications –
Part 10, DAVIC 1998.
[17] “A guide to understanding NRSS part A and B,” SPECS International,
vol. 9, no. 7, Nov. 1997.
[18] Compaq, Hewlett-Packard, Intel, Lucent, Microsoft, NEC and Philips,
Universal Serial Bus Specification, Revision 2.0, Apr. 2000.
[19] ISO/IEC 7816-3: 1997, Information technology – Identification cards –
Integrated circuit(s) cards with contacts – Part 3: electronic signals
and transmission protocols, International Organization for
Standardization, 1997.
[20] ISO/IEC 7498-1: 1994, Information technology – Open System
Interconnection – Basic Reference Model: The Basic Model,
International Organization for Standardization, 1994.
[21] ISO/IEC 8825-1: 2002, Information technology – ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical Encoding
Rules (CER) and Distinguished Encoding Rules (DER), International
Organization for Standardization, 2002.
[22] ISO/IEC 7816-4: Information technology – Identification cards –
Integrated circuit(s) cards with contacts – Part 4: Interindustry
commands for interchange, International Organization fro
Standardization, 1997.
[23] D. R. Stinson, Cryptography Theory and Practice, 2rd Ed., CRC Press
LLC, 2002.
[24] ETSI ETR 289, Digital Video Broadcasting; Support for use of
scrambling and Conditional Access (CA) within digital broadcasting
systems, 1996.
IEEE Transactions on Consumer Electronics, Vol. 51, No. 3, AUGUST 2005
Qiang Xie (SM’04) received the B. Eng. degree in 2000
from Zhengjiang University, Zhejiang, P. R. China, and
the M. S. degree from the Graduate School of the
Chinese Academy of Sciences in 2003, Shanghai, P. R.
China. He is currently working toward the Ph. D. degree
in electronic engineering at the Institute of Image
Communication and Information Processing of Shanghai
Jiao Tong University, Shanghai, P. R. China.
Since 2004, he has been engaged in the research and development of the
smart-card-based conditional access subsystem (CASS) separation scheme for
Chinese digital TV broadcasting and its standardization work. His research
interests include cryptographic algorithms for video transmission, wireless
video streaming and wireless network cross-layer optimization for video
streaming.
Shibao Zheng (M’02) received the B. S. degree and M.
S. degree from Xidian University in 1983 and 1986
respectively, Xi’an, P. R. China. From 1986 to 1999, he
was an expert of the national project in HDTV and the
chief designer of the ground digital TV equipment in 921
Project. Now, he is responsible for the Shanghai DTV
Industry Union. As a professor and vice chairman, he is
now with the Institute of Image Communication and Information Processing
of Shanghai Jiao Tong University. His research interests include DTV, ASIC
and multimedia streaming system.
Xiaojing Yu received the M. S. degree from Shanghai
Normal University in 1999, Shanghai, P. R. China. She
is currently working toward the Ph. D. degree in
electronics engineering at the Institute of Image
Communication and Information Processing of Shanghai
Jiao Tong University, Shanghai, P. R. China.
Since 2004, she has been engaged in the research and
development of the smart-card-based conditional access subsystem (CASS)
separation scheme for Chinese digital TV broadcasting and its standardization
work. Her research interests include video communication and processing,
her recent focus are on the conditional access (CA) system and video watering
marking.