top of page
  • Ravi Sharma

Conditional Access System Basics

Updated: Feb 11, 2022

Conditional Access System Basics

Scramble All, Encrypt Small - The crux of CAS that we will discuss now.

Conditional Access System (CAS), as the name suggests, enables the operators to provide access to their subscribers with conditions. CAS provides the control to enable/disable service(s) based on the business interests.

CAS is usually considered as a Black-Box technology with little details available for obvious security reasons. But is it possible to explain this technology in simple terms that can enable the technical or Non-technical persons to have a better understanding? Or in other words, is it possible explain the technology in a way that the variety of teams, i.e. SMS, Sales, Marketing can have realistic expectations with the CAS system? The answer is Yes! Lets get into the basics now. The idea is to maintain the balance for both technical and non-technical readers.

The process starts with the Scrambling of the content (video/audio/data). Once the content is encoded into the relevant format (MPEG-2/MPEG-4), it is Scrambled using an algorithm to make it unreadable, jumbled or in other words say protected. There are multiple algorithms available for scrambling but a very basic format of scrambling is explained here. Assuming that the content to be scrambled "WELCOME TO INDIA THE LAND OF MANY POSSIBILITIES".

By using the block layer, stream layer, the above content is converted into 8x5 blocks as given below:









Then further the content is changed by reading in vertical lines i.e.









The actually scrambling is much more complex based on the algorithm used but the basics are same. The key with which this scrambling is achieved i.e. making 8x5 blocks (in the current example) and reading vertically or diagonally is known as "Control Word". The main advantage of using control is that the same block algorithm can be used with power to change control word as per requirement.

The next phase is to send the keys and the scrambled content to the user. In this phase the Control word is sent to CAS servers which then encrypts the Control words using a "Service key" (say a specific channel) and transmits it via ECMs (Entitlement Control Messages). The ECMs are send back to MUX by the CAS servers. The ECMs carry the control words to the user/receiver in encrypted form that is proprietary to each CAS company. The receiver will use this ECM to get the Control Word that will be used to de-scramble the content.

Next step is to authorise the user to de-scramble the content. The service key that was used to encrypt the Control word is now itself encrypted using an "". This user key belongs to an individual user/Smart Card/CAS ID etc. The resultant key is sent to receiver by using EMMs (Entitlement Management Messages).

So now we have everything needed in place and the only thing left is money :) which means a paying customer. Once the SMS gets a confirmation on payment for a user, it sends command to CAS to enable that user for the chosen services. The CAS will create an EMM and will broadcast it through the system. This EMM has the relevant service key (s). Once the receiver gets this EMM, it will forward the same to smart card for validation/processing. The smart card will check whether the incoming key matches to its own key. Once the match is successfully made, the Smart will take out the control word by using the service for specific service and will send it to the receiver. The receiver will use the control word to de-scramble the service by using the exact opposite of what was done during Scrambling at the Broadcast site.

This completes the overall process and enables the operator to provide/deny access to their customers.

As stated in the beginning the "Scramble All, Encrypt Small", all the content is scrambled and a small part (Control Word) is encrypted.

31 views1 comment

1 Comment

Monis Akram
Monis Akram
Feb 19, 2022

The most amazing part of the whole CAS system to me is the generation of Control Word, this string is nothing but Pseudo-Random Binary Sequence (PRBS) which is the heat of the same hardware machine scrambler digitized and termed PRBS. Followed by the structural EXORing this CW with the incoming data for scrabling.

bottom of page