Conditional Access for HD Radio
Aug 1, 2007 1:00 AM, By Thomas Rucktenwald
Two main concepts embody conditional access technology (CA): entitlement and encryption. The entitlement is an authorization; the encryption is a digital scrambling of the content.
The CA system sends an entitlement to a receiver, telling the receiver about the programming and all the necessary signals when a consumer registers to receive the entitled services. The system handles everything automatically once information is entered. The receiver obtains only its own entitlements because it is individually addressable by the CA system.
The broadcast contains encrypted program signals that the entitled receiver decrypts. The reconstructed content occurs without error or significant delay. The CA system sends information about how to decrypt the transmission along with the content.
Both transmission and reception are a part of this system. The transmitter and the receiver have complimentary provisioning. The broadcaster transmits entitlements; the receiver recognizes only its own entitlements. The broadcaster transmits encrypted programming; if entitled, the receiver can decrypt the programming.
Conditional access defined
In many traditional CA environments, the service is offered by one single-platform supplier. All content, all services, all entitlements and all authorized equipment for that system originate from one source: the platform provider.
The conditional access Scrambler connects to the HD Radio Importer.
This is not necessarily true for terrestrial digital radio. Content suppliers, radio stations, and station groups will continue to compete independently. A CA system for HD Radio must be a distributed system that coordinates all of these entities, without business interference, so that any equipped receiver may possibly receive any of these broadcasts.
Every station or station group that deploys CA will have the same type of equipment and perform a similar encryption process. At the same time, each station or station group must be uniquely distinct and recognizable by any receiver. There can be no identity, channel identification, or programming ID duplication.
For the system to operate correctly, every radio must be uniquely identified so that its entitlements can be individually addressed to it. Consumers should receive only the programming they desire and only the programming that is intended for them. Each radio must perform with every broadcast source.
The first CA system created for HD Radio is called NDS Radio Guard. It was created by NDS as a technological development in cooperation with Ibiquity Digital. NDS Radio Guard equipment fits into the station and operates within the station”s workflow.
CA in the station
The CA system incorporates into the existing HD Radio system. Only channels created by the Importer, secondary program services or the data channels may be encrypted because the main program will remain free-to-air. The V3.0 Importer (see Figure 1) will contain a new capability called the Scrambler. The Scrambler can be used to encrypt multiple channels, services, or programs simultaneously.
The Protector communicates with the system via an IP link.
NDS Radio Guard includes two additional components, the Protector and the Initiator. The Protector (see Figure 2) links directly to the Importer and Scrambler through an IP-based connection. For architectural efficiency, this function is collocated with the Importer. The Protector generates information about how the Scrambler is going to function. This information is constantly changing at a configurable rate. The Spooler is a carousel information buffer with data sent out through a narrow pipe, about 1kb/s channel, through the Importer.
The Initiator (see Figure 3) is a server that supplies CA administration to provide setup, parameter control and monitoring for the Protector. This server generates the radio entitlements based upon entered data and its local database. It can be physically located anywhere but must be a part of the IP network in order to control the Protector. The Initiator can control many Protectors, therefore a Network Operations Center (NOC) with just one Initiator is a realistic solution.
The National Resource Manager (NRM) (see Figure 4) is a universal component available to all stations. It ties competitive stations and all radio receivers into a cohesive global system. The NRM verifies station authenticity, provides unique CA service identification, verifies and signs radio entitlements, and holds the database of all radios. It is predicted that the radio database could reach one billion units for the U.S. All communication between the NRM and any Initiator in the system is via IP through a virtual private network.
Radios and receivers
The radio must be able to decrypt the encrypted content transmission in real time. To do that, the radio must know how the content was encrypted and it must already have the information it needs from the system to decrypt it. In a secure system, the information about decryption and how the content was encrypted is only available to authorized receivers. The authorization comes from entitlements embedded within the broadcast. Through an entitlement, the receiver knows that it is supposed to receive the encrypted signals and how to obtain the decrypt information.
The Initiator adds administration and monitoring functions to the system.
Addressing radios in a system that can receive information from multiple broadcasting sources requires something special. Every radio must be unique to the system, even though many may come from the same manufacturers. The most efficient technology that makes every radio unique is serialization.
Each radio is individually serialized through the decoder chip. Each decoder chip contains some unique codes and embedded secrets. The chip/radio identification can be accessed through an activation sequence on the radio. When the consumer calls or registers via a website with the radio information, the system individually addresses that radio.
NDS, as the CA manufacturer, automatically provides the serialization information to the decoder IC manufacturers. The NRM also knows all the serialization information. Servers, located at chip manufacturers and connected to NDS, program the data that individualizes each HD Radio decoder chip. This process is done for other broadcast systems and is well known in integrated circuit manufacturing.
With the proper radio ID information, the receiver obtains its entitlements and automatically turns on in a very short period of time.
Applying CA can be as simple as turning it on for specific multicast channels and leaving that to run until the station decides otherwise. The system will also support constant change. Operational personnel access the user interface to perform required CA changes, to apply CA to specific programs or channels and to change the setup at their discretion. One program may be encrypted but the next program may be free-to-air.
Because of the new channels and new programming opportunities, automation systems will need to control the HD Radio equipment as well as the multiple playlists. The automation system may provide one place to access and setup the entire station system.
Data entry is another future operational reality. When the consumer registers his radio, the radio ID information is critical for entitlement. However, this registration process is an opportunity to learn more about the consumer, which will be extremely valuable for the station advertisers.
The NDS Radio Guard CA equipment can entitle several thousand radios. Should entitlements exceed this, the station or station group might consider a subscriber management system (SMS), a subscriber or membership software that can be integrated with the CA system, or a private company that specializes in customer handling. The system accepts registration information from operations personnel, entries from an SMS system, or from a Web portal that allows the user to self-register.
Rucktenwald is director of data applications delivery for NDS, Costa Mesa, CA.