CCAP Encryption Integrating CCAP into the Video Control
- Slides: 26
CCAP Encryption Integrating CCAP into the Video Control Plane Kevin Taylor Fellow Comcast July 31, 2014
Topics CCAP in a Nutshell CCAP In a System Context CCAP Encryption Goals CCAP Transition Strategy CCAP Encryption Hardware Requirements CCAP Encryption Options CCAP Encryption Phasing Case Study Special Considerations 2
CCAP in a nutshell • Converged Cable Access Platform • Combines the functions of the CMTS and Edge QAM • Implements all narrowcast and broadcast QAMs HSD/CDV IP Video VOD DS RF Port 64 NC QAMs + 96 BC QAMs Broadcast c. DVR Narrowcast & Broadcast Digital Services Legacy OOB & QAM CCAP DS US Analog 3 Split Legacy OOB MPEG TS Simplify, and eventually eliminate RF Combining DOCSIS CCAP DS Port Assignments
CCAP Impact • Engineering: Capacity and efficiency - 50% space savings with 4 x capacity - 60% power savings plus less cooling - Improve existing UPS and battery backup performance • Architecture: Simplicity and flexibility - Minimum, simplified combining wiring - Full-spectrum, MPEG/DOCSIS QAMs, easier migration to IPTV - Future proof, single access platform • Purchasing: Cost will quickly become a big driver - Especially DOCSIS QAMs are significantly cheaper • Operations: Reliability and manageability - Fully redundant (N+1 LC & 1+1 Commons) - Configuration change between QAM types vs. equipment swap-out - Much shorter maintenance window (ISSU) - Far less equipment to manage and maintain 4
CCAP in a System Context 5 System Context
CCAP Encryption Goals Architecture - Cost Efficiency - Resource Efficiency - Compatibility with Deployed Conditional Access Systems - Scalability - Security - Modern Network Architecture - Reliability and Resiliency Linear - Broadcast - DTA - PPV/IPPV - SDV VOD - Port Mapped (Static) - Session (Dynamic) 6
CCAP Encryption Converged Cable Access Platform Encryption Broadcast SDV & VOD QAM M-CMTS QAM Hardware platform specifications ARRIS Media. Cipher Cisco Power. Key DVB Encryption 7 I-CMTS
8 8 Legacy Encryption vs. CCAP Encryption Legacy Encryption EQAM: Proprietary Generation of CW and ECM EQAM: Encryption EQAM: Stream Multiplexing EQAM: Output Conversion GQAM, MQAM, SEM, APEX, Net. Crypt CCAP Encryption ECMG: Proprietary Generation of CW and ECMs move to Vendor ECMG device EQAM: Encryption, Multiplexing and output conversion remain in EQAM CCAP and 3 rd Party EQAM
CCAP Transition Strategy 9
CCAP Encryption Requirements 10 Decryption Support • Network Decryption (not currently implemented) - AES-128 Encryption Support • Media. Cipher / DTA - SCTE-52 (DES-CBC) • Power. Key / DTA - DES-ECB • AES • DVB-CSA/CSA 3 (Simulcrypt) CA System Support • PID Routing - CAT - DTA System Information - DTA EMM - DTA User Interface Data - DTA Messaging • PSIP Aggregation - PSIP - EAS
CCAP Encryption Options • Option 1 – CCAP with ECMG • Option 2 – CCAP with Bulk Encryption • Option 3 – CCAP with DVB Simul. Crypt 11
CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) Authentication CCAP Web Request {AC, ECM/CW} Load Balancer Shared ECMG Pool ECMG. CWG. . ECMG CWG ECM/CW cache Abbreviations: ECMG – Entitlement Control Message Generator ECM – Entitlement Control Message CW – Control Word CWG – Control Word Generator CAS – Conditional Access System 12 CAS
CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) Shared ECMG Pool ECMG CWG CWG Secrets Settop CAS DTA CAS http[AC, ECM/CW] Load Balancer http[AC, ECM/CW] 13 CCAP Encrypt MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) DTA CAT, SI, EMM, Data, EAS
CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) • ECMG is not in the video path • ECMG<>CCAP Interface is resilient to network delays and short outages • Batching of ECMs and CWs • Standard network load balancing is supported • CCAP needs licensed technology from CA vendors • ECMG is stateless 14
Option 2 - CCAP with Bulk Encryptor Settop CAS MPTS/SPTS Bulk Encryptor Video (Clear Secrets Content) DTA CAS Encrypt 15 CCAP Encryption DTA CAT, SI, EMM, Data, EAS MPTS/SPTS (Encrypted Content) Abbreviations: DTA – Digital Terminal Adaptor CAS – Conditional Access System SI – System Information EMM – Entitlement Management Message EAS – Emergency Alert System MPTS – Multi-Program Stream SPTS – Single Program Stream . . . CCAP MPTS/SPTS (Encrypted Content)
16 CCAP Encryption Option 2 - CCAP with Bulk Encryptor • Bulk encryptor is in the video path • Requires appropriate redundancy to be applied at the bulk encryptor and CCAP • Bulk encryptor encapsulates all of the propriety CA vendor information into a single video encryption device • Maybe resilient to network delays and short outages • Efficient encryption method for video architecture with many nodes
CCAP Encryption Option 3 CCAP with DVB Simul. Crypt Compliant CA System EIS Simulcrypt EIS<->SCS Abbreviations: ECMG – Entitlement Control Message Generator EIS – Event Information Scheduler SCS – Simul. Crypt Synchronizer CW – Control Word CWG – Control Word Generator CAS – Conditional Access System Settop CAS ECMG Secrets Simulcrypt SCS <->ECMG Secrets. DTA CAS . . Simulcrypt SCS <->ECMG CWG* 17 *Varies by CA vendor CCAP Encrypt* MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) DTA CAT, SI, EMM, Data, EAS
18 CCAP Encryption Option 3 – CCAP with DVB Simul. Crypt • ECMG is not in the video path • Standardized DVB Interfaces • Socket based interfaces • Not all CA Systems support a Simulcrypt mode with the CCAP being the Simulcrypt Synchronizer(SCS) • Some CA System have IP or secrets that need to be applied at the Encryptor
19 CCAP Encryption Option Comparison (1) Option 1 ECMG Option 2 Bulk Encryptor Option 3 DVB Simulcrypt CAS Operation Single Vendor Multi-Vendor Encryption Location CCAP Bulk Encryptor CCAP Location of Proprietary CA Secrets ECMG Bulk Encryptor ECMG Interface Standards Proprietary Propriety (Licensed to CCAP Vendors) Open Protocol Basis HTTPS Proprietary Socket Interface Authentication Authenticated Per vendor implementation None ECM Batching Y N/A N (Transaction per crypto period) Load Balancing Y N/A Concept of primary, secondary, and priority. Support vendor specific.
CCAP Encryption Option Comparison (2) Option 1 ECMG Option 2 Bulk Encryptor Video Path Redundancy CCAP Responsibility Bulk Encryptor and CCAP Responsibility CCAP share redundancy responsibility Network Load Resilient to short network outages Stateless Stateful Cloud Readiness Auto-scaling, load None balancing, and failure resiliency are part of architecture Concept of Primary / Secondary ECMG Hitless Upgrades Y – ECMG Pool provides redundancy N Maybe – requires 1: 1 redundancy Horizontal Scalability Y N Concept of Primary / Secondary ECMG ECM Stretching Vendor specific Support Current 20 Future Option 3 DVB Simulcrypt
CCAP Encryption Phasing Case Study – ARRIS Network Function VOD Encryption Linear Encryption Mode Media. Cipher Session Based Encryption Media. Cipher (CTCP) (ODCP) Session Y Y Y n/a Y Y Y n/a Y n/a Y Y Y Common Tier Privacy Mode Encryption VPME VOD Session Setup Port mapping Components CCAP Y Y ECMG n/a Y VOD Back Office N N Updates DAC N Y CASMR N Y BVSM n/a (One. Controller) Interfaces (Req’d) Cable. Labs RMI n/a CCAP-ECMG n/a Y CAMS-SM n/a 21 Linear + One. Controller Media. Cipher (CTCP, ODCP) Media. Cipher, Media. Cipher DTA Port or Session Y Y (CTCP, ODCP)
22 CCAP Encryption Phasing Case Study – Cisco Network Function VOD Encryption Linear Encryption Mode VOD Session Setup Embedded Power. Key VOD on ECMG Power. Key Linear with Simulcrypt Power. Key, SCP/SCC Linear with One. Controller Power. Key, SCP/SCC DNCS BVSM Session Components CCAP ECMG (PCG) N n/a Y Y (Simulcrypt) Y Y N Y Y Y n/a N N Y Y n/a Y Y Y N Y Y n/a Y N N N Y Y Y Y N Linear Session Setup VOD Back Office DNCS/EC ECS BVSM (One. Controller) DTACS Interfaces (Req’d) Cable. Labs RMI PEACH (ECMG) CAMS-SM Simulcrypt
Special Considerations • CCAP Broadcast Replication • Adult Content - Special Requirements - Combinations of Encryption Approaches 23
Summary • CCAP Architecture enables several mechanisms for the cable operator to enable video encryption • The cable operator will need to decide which approach is best for their system architecture, service type, and network 24 Comcast IConfidential
Questions? 25 Comcast IConfidential
- Integrated quotes examples
- Integrating sources into your writing
- Illinois ccap
- Ccap california community college
- North iowa community action
- Video yandex
- Video.search.yahoo.com
- Yahoo search video
- Digital media primer
- Embedded quotes mla examples
- Medial and lateral apertures
- Differential equation exponential solution
- Integrating classification and association rule mining
- Blue star plm
- Middle level integration
- Solution to it
- Integrating marketing communication to build brand equity
- Exemplifies the complexity of relationships
- Csr vs conscious marketing
- Non exact ode calculator
- Integrating type dvm
- Integration by parts tabular method
- Circumscribing in a relationship
- Integrating factor of differential equation
- Integrating quotes
- Separation of variables differential equations
- First ode