September 25, 2013 by John Moulding
Conax launched its first cardless CA solution at IBC this year, designed for use on one-way as well as two-way networks. The ‘Conax Cardless’ solution is anchored in hardware on a set-top box and the company views it as a premium option for Pay TV providers looking for a cardless approach. Tom Jahr, EVP Products & Partners at Conax, says recent developments in STB chipset technology has increased security to a level where his company is comfortable with the concept of ‘cardless.’
Conax has worked with the set-top box SoC vendor ALi for the first implementation of the cardless CA using a secure zone within its set-top box silicon. The two companies have also created a reference design set-top box featuring this security solution plus a User Interface to provide operators with a rapid deployment option.
While the analogue-to-digital switch-over market is an obvious target for Conax Cardless, it provides existing digital network operators with additional flexibility. Because the cardless solution integrates into the same Conax Contego backend used for the company’s smartcard CA, a network operator can easily manage homes with a cardless CA alongside homes with smartcards. So a network operator could secure its basic tier services with cardless and still use smartcards for customers with premium channel bouquets (and by shipping STBs with a smartcard slot they could easily upgrade a subscriber from cardless to smartcard).
(Tom Jahr, EVP Products & Partners, Conax)
The company said in its press release about the new solution: “Conax will continue to guide operators to determine which type of content would best benefit from cardless or smartcards based on the value of content, the threat scenario and required functionality.”
As these comments suggest, Conax does still believe that smartcard CA is the most secure option for a Pay TV provider, so believes cardless has a slightly different role to play. Jahr emphasizes that, whilst viewed as a hardware-based content security vendor, Conax has always written the software code needed to keep hackers out, but until now protected and distributed this software using a chip on a card. Now it is writing its code for the isolated secure zones provided by the SoC vendors, starting with ALi.
The code is dedicated to each chip, so each implementation of the Conax software code on a SoC secure zone will be different. Conax audits the secure zones for its customers. Jahr says the initial implementation on the ALi SoC sets a high standard for security levels provided by this model (i.e. software CA on an STB hardware root of trust). He says the ALi SoC also provides an excellent price-to-performance ratio for this security model. The company will work with other SoC vendors, of course.
“And yes, you can use this cardless solution for a one-way broadcast network. The analogue shut down is an important market for this product but even the most advanced cable operators have pockets without two-way network support. This product works like a smartcard, only it is inside the STB chip. You do not need a hybrid set-top box. This product will have wider appeal because of this.”
Conax Cardless will be available commercially from November and ready for mass production by Q1 next year. The company says it has an exciting pilot planned for January 2014.
This is the second major product development for Conax this year. At ANGA in June the company introduced Conax Secure Client, a DRM for OTT video including multiscreen. This is based on Conax security-hardened Microsoft PlayReady DRM implementations, featuring obfuscation, key smearing, variability, renewability, secure storage, secure time, optimized cryptography and other advanced functions.
During IBC the company also highlighted the impact that its new generation Contego content security platform is having for existing customers. Designed to provide a unified headend for STB and multiscreen and provide the basis for a TV Everywhere future, Contego also delivers important performance improvements for ‘standard’ STB deployments.
DISH TV in India, a DTH operator with 15 million subscribers, has just migrated from its ‘legacy’ Conax CA platform to Contego, resulting in a 40% improvement in efficiency when handling cancellations and new customer sign-ons, two activities that generate a lot of subscriber management traffic towards the end of each month. The result is that people lose their service faster or get their new services faster, which has important customer care and revenue implications.