First introduce some Parameter definitions:
Parameter semantics
AC_delay_start: this parameter shall be used in place of the delay start parameter for the first Crypto period following a change in AC.
AC_delay_stop: this parameter shall be used in place of the delay stop parameter for the last Crypto period preceding a change in AC.
access_criteria: this parameter contains CA system specific information of undefined length and format, needed by the ECMG to build an ECM. It can be, for example, a pointer to an access criterion in an ECMG database, or a list of relevant access criteria items in an encapsulated TLV format. This parameter contains the information related to the CP indicated in the CW_provision message. The presence and contents of the access criteria parameter are the result of CA system supplier requirements.
access_criteria_transfer_mode: this 1-byte parameter is a flag. If it equals 0, it indicates that the access_criteria parameter is required in the CW_provision message only when the contents of this parameter change. If it equals 1, it indicates that the ECMG requires the access_criteria parameter be present in each CW_provision message.
CP_CW_combination: this parameter is the concatenation of the Crypto period number the control word is attached to and the control word itself. The parity (odd or even) of the Crypto Period number is equal to the parity of the corresponding control word (see ETR 289 [5]). This parameter is typically 10 byte long.
CP_duration: this parameter indicates the actual duration of a particular Crypto period for a particular stream when it differs from the nominal_CP_duration value.
CP_number: an identifier to a Crypto period. This parameter indicates the Crypto period number a message is attached to. This is relevant for the following messages: CW_provision; and ECM_response.
CW_encryption: this parameter enables encrypting of control words over the SCS <=> ECMG interface. If the parameter is included in the CW_provision message, control word scrambling is invoked; if omitted, CWs are being issued in the clear. This parameter may include sub-parameters according to the used encrypting method. It may be used by the CW security method described in annex D or by an equivalent method.
CW_per_msg: the number of control words needed by the ECMG per control word provision message. If this value is "y" and lead_CW is "x", each control word provision message attached to Crypto period "n" will contain all control words from period (n+1+x-y) to period (n+x). Control words are carried with their Crypto period number by means of the CP_CW_combination parameter. In most existing CA systems CW_per_msg is 1 or 2. See also lead_CW.
For example, if an ECMG requires the current and next control word to generate an ECM, it shall by definition specify at least one lead_CW. However, since it may buffer its own control words, it can set CW_per_msg to one. By doing this, it always receives the control word for the next Crypto Period and accessing the control word for the current Crypto Period from memory (a previous provision message). Alternatively, it may specify 2 CW_per_msg and have both control words available at ECM generation time. This eliminates the need for ECMG buffering and can be advantageous for a hot backup to take over, since each provision message includes all control words required.
An SCS shall minimally support CW_per_msg values 1 and 2.
delay_start: this signed integer represents the amount of time between the start of a Crypto Period, and the start of the broadcasting of the ECM attached to this period. If it is positive, it means that the ECM shall be delayed with respect to the start of the Crypto Period. If negative, it means that the ECM shall be broadcast ahead of this time. This parameter is communicated by the ECMG to the SCS during the channel setup.
delay_stop: this signed integer represents the amount of time between the end of a Crypto Period, and the end of the broadcasting of the ECM attached to this period. If it is positive, it means that the end of the ECM broadcast shall be
delayed with respect to the end of the Crypto Period. If negative, it means that the ECM broadcast shall be ended ahead of time. This parameter is communicated by the ECMG to the SCS during the channel setup.
ECM_channel_id: the ECM_channel_id is allocated by the SCS and uniquely identifies an ECM channel across all connected ECMGs.
ECM_id: the ECM_id is allocated by the head-end and uniquely identifies an ECM stream for a Super_CAS_id. The combination of the ECM_type, the Super_CAS_id and the ECM_id identifies uniquely an ECM stream in the whole system. The unique identifier principle is described in clause 8.2.7.
ECM_datagram: the actual ECM message to be passed by the SCS to the MUX. It can be either a series of transport packets (of 188 byte length) or an MPEG-2 section, according to the value of section_TSpkt_flag. The ECM datagram can have a zero length meaning that there is no ECM to be broadcast for the crypto period. The ECM datagram shall comply with ETR 289 [5].
ECM_rep_period: this integer represents the period in milliseconds for the repetition of data (e.g. ECMs).
ECM_stream_id: this identifier uniquely identifies an ECM stream within a channel. It is allocated by the SCS prior to stream setup.
error_information: this optional parameter contains user defined data completing the information provided by error_status. It can be an ASCII text or the parameter ID value of a faulty parameter for example.
lead_CW: the number of control words required in advance to build an ECM. If this value is "x" the ECMG requires control words up to Crypto Period number "n+x" to build the ECM attached to Crypto period "n". In most existing CA systems lead_CW is 0 or 1. See also CW_per_msg.
For example, if the ECMG requires the current and next control word to generate an ECM, lead_CW would be 1. In other words, it defines the most future control word required for ECM generation. An SCS shall minimally support lead_CW values 0 and 1.
max_comp_time: this parameter is communicated by the ECMG to the SCS during channel setup. It is the worst case time needed by an ECMG to compute an ECM when all the streams in a channel are being used. This time is typically used by the SCS to decide when to time-out on the ECM_response message. This value shall be lower than the min_CP_duration parameter of the same channel_status message.
max_streams: maximum number of simultaneous opened streams supported by an ECMG on a channel. This parameter is communicated from the ECMG to the SCS during the channel setup. A value of 0 means that this maximum is not known.
min_CP_duration: this parameter is communicated at channel setup by the ECMG to the SCS to indicate the minimum supported amount of time a control word shall be active before it can be changed. This value shall be greater than the
max_comp_time parameter of the same channel_status message.
nominal_CP_duration: this parameter indicates the nominal duration of Crypto periods for the particular stream. It means that all the Crypto periods related to this stream will have this duration, except for the purpose of event alignments and error handling. This parameter is set up by the SCS (see annex H).
In addition, the nominal Crypto period duration (Nominal_CP_duration) and the actual Crypto-period (CP_duration) shall in any case be greater than or equal to: all the min_CP_duration specified by the ECMGs during Channel_set-up;
all the max_comp_time values specified by the ECMGs during channel set-up, plus typical network latencies.
section_TSpkt_flag: this parameter defines the format of the ECM carried on this interface:
0x00: the ECMs carried on the interface are in MPEG-2 section format;
0x01: the ECMs carried on the interface are in MPEG-2 transport stream packet format, all TS packets shall be 188 byte long, any other payload length being considered as an error; it is the head-end's responsibility to fill the PID field in TS packet header;
other values: DVB reserved.
Super_CAS_id: the Super_CAS_id is a 32-bit identifier formed by the concatenation of the CA_system_id (16 bit) and the CA_subsystem_id (16 bit). It shall identify uniquely a (set of) ECMG(s) for a given SCS, see clause 4.3.1. The CA_subsystem_id is defined by the user, it is private.
transition_delay_start: this parameter shall be used in place of the delay start parameter for the first crypto period following a clear to scrambled transition.
transition_delay_stop: this parameter shall be used in place of the delay stop parameter for the last crypto period preceding a scrambled to clear transition.
Messages parse
1. Channel specific Messages
a) Channel_setup message(0x0001): ECMG <= SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
Super_CAS_id 1 0x0001 4
b) Notes:
i. The channel_setup message is sent by the SCS to setup a channel once the TCP connection has been established.
ii. It shall contain the Super_CAS_id parameter, to indicate to the ECMG to which CA system and subsystem the channel is intended (indeed, there could be several Super_CAS_ids handled by a single ECMG host).
iii. There is always one (and only one) channel per TCP connection. Once the TCP connection is established, the SCS sends a channel_setup message to the ECMG.
2. Channel_test message(0x0002): ECMG <=> SCS
a) Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
b) Notes:
c) The channel_test message can be sent at any moment by either side to check:
the channel is in an error free situation;
the TCP connection is still alive.
The peer shall reply with a channel_status message if the channel is free of errors, or a channel_error message if errors occurred.
d) At any moment either component can send a channel_test/stream_test message to check the integrity of a channel/stream.
3. Channel_status message(0x0003): ECMG <=> SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
section_TSpkt_flag 0x0002 1
AC_delay_start 0x0016 2
AC_delay_stop 0x0017 2
delay_start 0x0003 2
delay_stop 0x0004 2
transition_delay_start 0x0005 2
transition_delay_stop 0x0006 2
ECM_rep_period 0x0007 2
max_streams 0x0008 2
min_CP_duration 0x0009 2
lead_CW 0x000A 1
CW_per_msg 0x000B 1
max_comp_time 0x000C 2
a) Notes:
i. The channel_status message is a reply to the channel_setup message or the channel_test message.
ii. When the message is a response to a setup, the values of the parameters are those requested by the ECMG. All these parameter values will be valid during the whole lifetime of the channel, for all the streams running on it.
iii. When the message is a response to a test, the values of the parameters shall be those currently valid in the channel.
4. Channel_close message(0x0004): ECMG <= SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
a) Notes:
i. The channel_close message is sent by the SCS to indicate the channel is to be closed.
ii. Channel closure can occur when the channel is no longer needed or in case of error (detected by SCS or reported by ECMG). This is done by means of a channel_close message sent by the SCS. Subsequently, the connection shall be closed by both sides.
5. Channel_error message(0x0005): ECMG <=> SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
error_status 1 to n 0x7000 2
error_information 0 to n ox7001 n
a) Notes:
A channel_error message is sent by the recipient of a channel_test message or by the ECMG at any time to indicate that an unrecoverable channel level error occurred.
6. Stream specific messages
7. Stream_setup message(0x0101): ECMG <= SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
ECM_id 1 0x0019 2
nominal_CP_duration 1 0x0010 2
a) Notes:
i. The stream_setup message is sent by the SCS to setup a stream once the channel has been established.
ii. The SCS has a prior knowledge of the mapping between Super_CAS_ids and the IP addresses and port numbers of the ECMGs.
iii. When a new ECM stream is requested by the EIS for a given Super_CAS_id value, the SCS will open a new stream with the appropriate ECMG. This might require the opening of a new channel (which involves the opening of a new TCP connection).
iv. When a new ECM stream is created in a transport stream, a new ECM_id shall be assigned to it by the head-end, according to the operational context (ECM stream creation or ECMG replacement). The value of the ECM_id parameter remains unmodified as long as the ECM stream exists. The combination {ECM type + Super_CAS_id + ECM_id} identifies uniquely this new ECM stream in the whole system.
v. NOTE: There can be several ECMGs associated with the same Super_CAS_id value (e.g. for performance or redundancy reasons). In such a case the SCS should be able to choose with which ECMG the connection will be opened, based on either a redundancy policy or resource available.
8. Stream_test message(0x0102): ECMG <=> SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
a) Notes:
i. The stream_test message can be sent at any moment by either entity. The peer shall reply with a stream_status message if the stream is free of errors, or a stream_error message if errors occurred.
9. Stream_status message(0x0103): ECMG <=> SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
ECM_id 1 0x0019 2
access_criteria_transfer_mode 1 0x0011 1
a) Notes:
i. The stream_status message is a reply to the stream_setup message or the stream_test message.
ii. When the message is a response to a setup, the value of the access_criteria_transfer_mode parameter is the one requested by the ECMG.
iii. When the message is a response to a test, the values of the parameters shall be those currently valid in the stream.
10. Stream_close_request message(0x0104): ECMG <= SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
a) Notes:
i. The ECM_stream_id is sent by the SCS in the stream_close_request message to indicate which of the streams in a channel is due for closure.
11. Stream_close_response message(0x0105): ECMG => SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
a) Notes:
i. The ECM_stream_id is sent by the ECMG in the stream_close_response message to indicate which of the streams in a channel is closing.
ii. Stream closure is always initiated by the SCS. This can occur when an ECM stream is no longer needed or in the case of an error. This is done by means of a stream_close_request message. A stream_close_response message indicates the stream has been closed.
12. Stream_error message(0x0106): ECMG <=> SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
error_status 1 to n 0x7000 2
error_information 0 to n ox7001 n
a) Notes:
A stream_error message is sent by the recipient of a stream_test message or by the ECMG at any time to indicate that an unrecoverable stream level error occurred.
13. CW_provision message(0x0201): ECMG <= SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
CP_number 1 0x0012 2
CW_encryption 0 to 1 0x0018 user defined
CP_CW_combination CW_per_msg 0x0014 CP:2; CW: user defined
CP_duration 0 to 1 0x0013 2
access_criteria 0 to 1 0x000D user defined
a) Notes:
i. CW_provision message is sent by the SCS to the ECMG and serves as a request to compute an ECM.
ii. The value of the CP_number parameter is the Crypto period number of the requested ECM.
iii. The control words are carried by this message with their associated Crypto period numbers in the CP_CW_combination parameter,according to the value of lead_CW and CW_per_msg as defined during the channel setup. For instance, if lead_CW = 1 and CW_per_msg = 2, the CW_provision message for Crypto period N shall contain control words for Crypto periods N and N+1.
iv. The SCS is not allowed to send a CW_provision message before having received the ECM_response message for the previous Crypto periods, except if there has been a time-out expiration, or an error message (in which case the way this error is handled is left to the discretion of the SCS manufacturer).
v. The specific CWs that are passed in the CP_CW_combination to the ECMG via the CW_provision message are derived from the values of lead_CW and CW_per_msg. The following table shows a number of different values these parameters can take to achieve different ECMG requirements. These graphs depict which CWs has to be passed for a specific CP, based on the different methods listed above. For any given CP, X-axis, the corresponding CW is portrayed on the Y-axis. In the CW_provision message, the boxed CWs are the set of CP_CW_combination that has to be passed.
TS 103 197 - V1.4.1 - Digital Video Broadcasting (DVB); Head-end implementation of DVB SimulCrypt
Example |
Requirements |
lead_CW |
CW_per_msg |
1 |
1 CW per ECM per CP |
0 |
1 |
2 |
the CWs for the current and next CP per ECM and the ECMG buffers the current CW from the previous CW Provision message |
1 |
1 |
3 |
the CWs for the current and next CP per ECM and the ECMG receives both CWs from the SCS in each CW Provision message |
1 |
2 |
4 |
3 CWs per ECM per CP |
1 |
3 |
TS 103 197 - V1.4.1 - Digital Video Broadcasting (DVB); Head-end implementation of DVB SimulCrypt
1. ECM_response message(0x0202): ECMG => SCS
Parameter Number of instances in message
ECM_channel_id 1 0x000E 2
ECM_stream_id 1 0x000F 2
CP_number 1 0x0012 2
ECM_datagram 1 0x0015 user defined
a) Notes:
i. The ECM_response message is a reply to the CW_provision message. It carries the ECM datagram, computed by the ECMG, from the information provided by the CW_provision message (and possibly from other CA specific information).
ii. The value of the CP_number parameter shall be the same in the replied ECM_response message as in the previous incoming CW_provision message (on that stream).
iii. The time-out for the ECM_response message shall be computed by the SCS from the max_comp_time value defined during channel setup, and the typical network delays.
2. Security in ECMG <=> SCS protocol
The control words conveyed in the CP_CW_combination parameter within the CW_provision message constitute the clear cryptographic keys that are used to directly scramble content. Knowledge of these keys by unauthorized agents can result in the compromise of the security of the broadcast service. Therefore it is incumbent upon all Simulcrypt participants to employ effective and appropriate methods to preserve the confidentiality of the control words traversing this interface. One approach is to use only an inherently secure network for the ECMG <=> SCS interface. Another is to use a control word encryption scheme such as the one recommended in annex D of the present document to deliver the CW to the ECMG in a secure manner. In any case, the security of the CW on this interface shall be maintained so that unauthorized interception is prevented.
3. Error status
a) Dealing with errors
stream and application level errors occur during the lifetime of a TCP connection.
There are two different error messages on these interfaces. The channel_error message for channel wide errors and the stream_error message for stream specific errors. These messages are sent by the ECMG to the SCS. When the ECMG reports an error to the SCS, it is up to the SCS to decide the most appropriate step to be taken. However "unrecoverable error" explicitly means that the channel or stream (depending on the message used) has to be closed. Most of the error status listed in the table 6 cannot occur in normal operation. They are mainly provided to facilitate the integration and debugging phase.
b) Unexpected communication loss
Both SCS and ECMG shall be able to handle an unexpected communication loss (either on the connection, channel or stream level).Each component, when suspecting a possible communication loss (e.g. a 10 second silent period), should check the
communication status by sending a test message and expecting to receive a status message. If the status message is not received in a given time (implementation specific) the communication path should be re-established.
c) Handling data inconsistencies
If the ECMG detects an inconsistency it shall send an error message to the SCS. If the SCS receives such a message or detects an inconsistency it may close the connection. The SCS (as the client) will then (re-)establish the connection, channel and (if applicable) streams.
NOTE: The occurrence of a user defined or unknown parameter_type or message_type shall not be considered as an inconsistency.
Summary:
1. In DVB the encryption is behind the MUX
2. the process of actual SCS works(take one commercial products for example):
a) TCP setup
b) Close TCP
c) channel setup
d) channel close
e) channel setup
f) stream setup
g) for(;;){
channel test
CW provision
}