1. What is a conditional access system (CAS)? Electric Shaver,3 In One Shaver Set,Rechargeable Electric Shaver,Electric Floating Shaver ZHEJIANG SHENGFA ELECTRIC APPLIAMNCES CO.,LTD , https://www.sfelectricappliances.com
Conditional Access System (CAS) refers to the digital scrambling (or digital encryption) of the content of digital TV programs to establish an effective charging system. It is known as the technical security system for the healthy development of digital TV.
According to the location, the CAS consists of the front end (sending end) and the terminal (user receiving part. The front end mainly completes the scrambling of the program data stream, CW encryption, EMM generation, user information management and corresponding eye services; the terminal mainly completes the descrambling A hardware device descrambler associated with decryption, plus a smart card.
The current mainstream technology is: the demultiplexing part and the CW-related descrambling unit are in the main chip of the terminal STB (set top box); the smart card is the most important device of the whole sex, and all decryption power ratios are completed at the user end, as CA Developers need to provide smart cards that can perform decryption functions and provide porting technology for STB software developers.
2. Design of smart card hardware circuit
In the conditional receiving system of research and development, according to the principle of hardware design and the high security of CAS, the main chip selects AT90SCl616C produced by ATMEL. He uses high-performance, low-power AVR 8-bit CPU as the core, embedded 16k Flash programmable memory, 16k E2PROM and 1k RAM, and a 16-bit coprocessor (SCl6) for high-speed security. And authentication features.
3, the realization of decryption and charging function
At the user receiving end of the CAS, the smart card resolves the user's authorization and performs all decryption functions. The user basic information, authorization information, personal distribution key, and the like associated therewith are stored in the form of binary data in the file of the smart card. The storage process of these data is to use the APDU command on the platform of the interface function of the terminal and the card, establish a file in the E2PROM, and perform related operations. The computer language used for development can be VB, VC, VFP, C language, and the like. I chose VB for development.
3.1 Acquisition of CA information
In the conditional receiving system, the EMM is globally addressed to Global, the group is addressed to Shared, and the only three unique addressing strategies are addressed to the user receiving end. The user STB needs to read from the smart card before receiving the EMM. Take a unique user ID number, set the registers in the STB, and then receive the EMM. Therefore, as the unique addressing address of the smart card, the user ID needs to establish a basic information file and store it. In addition, according to the MPEG-2 standard, in the process of receiving the CAT table and the PMT table, the CA_system_ID must be judged before the EMMPID and ECMPID are parsed. Therefore, the CA_system_ID should also be stored in the basic information file of the smart card. In addition, according to different processing methods of CA information before receiving, the type and version of the encryption algorithm can also be stored as necessary information in the file of the smart card. All of this basic information can be placed in the same file, or it can be stored in different file types (such as binary files, fixed-length record files, etc.) as needed.
3.2 Implementation of the decryption function
The system uses the RSA algorithm and combines hardware circuits to implement all decryption processes for ECM. The Kerckhoff principle states that the entire secret of an encryption algorithm is based solely on the secrecy of the key. Therefore, the disclosure of a root key will be devastating for the smart card, for the entire CA system, forcing the application provider to shut down the CA system used, and the card issuer will replace all cards. For the sake of confidentiality, this article only briefly introduces the key generation, protection and access rights.
(1) Key generation
For the smart card put into the market and sent to the user, the root key is not written; for the master key in each card, the derived key generated by the chip number is actually generated. Moreover, there are 10 kinds of keys in the card, and the usages are different. Even if the key in the card is completely cracked, it only hinders the security of the same type of card, that is, the security of a group, and the largest user of a group only has 256, this does not hinder the whole system. The system can track the chip number (with uniqueness) of the user's smart card in the front-end part. Once found, the black card can be removed by corresponding means, making it impossible for illegal users to obtain commercial interest.
(2) Key protection
The key is placed in the key file and stored as an internal EF file in the E2PROM. Once the internal EF file itself is established, the internal data is not allowed to be read from the terminal, and the security of the key is guaranteed to the greatest extent. In addition, in order to further improve the security of the key, we adopt the "line encryption protection" method for the internal key file of our smart card, that is, RSA encryption of the transmitted key data and addition of 4B MAC (message identification) Code), the smart card is checked first, and only the correct data is accepted, so the possibility of leaking the key is minimized.
(3) Access to the key
For the smart card put on the market, no matter which way, it is impossible to read the key data from the smart card, which is determined by the security features of the hardware circuit of the smart card itself. For STB transplantation, as long as the dedicated smart card command is used, the obtained ECM and EMM are written into the smart card, and the control word CW required for descrambling can be obtained.
3.3 Implementation of the charging function
The system adopts the method of networking with the bank and the agent charging point at the front end, and realizes the charging function by establishing the file storage authorization information in the smart card and establishing the electronic wallet file and the ordinary wallet file in the terminal. The authorization and deductions obtained by the EMM are analyzed and obtained by the EMM. The establishment of the wallet file also adopts the "line encryption protection" method to protect the rights of consumers.
4, analysis of transplantation results
The system has been ported on the ST and NEC solutions and has been successful and is currently in production at a set-top box company. From the perspective of the migration results, the driver and read and write of the smart card become the key to the success of the transplantation.
For example, in the process of transplanting a program, the program in the STB occasionally has the loss of transmission data (mainly the loss of the first byte) when calling the card reader function. In fact, this is due to the default data of the smart card. The transmission rate is too high. The solution is to add a delay function before the card reading function and the card writing function.
5. The development direction of smart cards in CAS in the future
Although the application and production technology of the smart card is quite mature, since the smart card is the most important device for CAS security, at the same time, the exchange of data and the reading of the CW between the set-top box and the set-top box can be taken home by the user. Analysis and cracking, therefore, in order to enhance the security of the entire CA system, the development direction of smart cards in CAS in the future is: the descrambling module can be integrated into the smart card main chip, and even the entire CA module of the receiving end is considered to be integrated in the smart card. At the same time, the smart card has some functions of the middleware. Of course, such a design is technically difficult at present. First of all, the integrated main chip after compression is only a few millimeters thick like the current smart card. It is not realistic. Secondly, although the middleware has mature applications as the core of the set-top box software structure, it is in the smart card. How to achieve it is also a problem to be considered. However, with the development of society, on the one hand, it will put forward higher requirements for the security of CAS. On the one hand, it will promote the further development of microelectronics technology and electronic data processing technology. Then, the development direction of smart cards in CAS can be I figured it out.
6, the conclusion
At present, with the popularization of digital TV in China and the maturity of conditional access technology, more and more manufacturers have turned their attention to the development of CAS. At the same time, many set-top box developers have also transplanted CA on their own products. To adapt to fierce market competition. Therefore, the study of smart cards in CAS, whether for the development of CAS, or for the transplantation of set-top boxes, can be used for reference.