Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCAP Encryption Integrating CCAP into the Video Control Plane

Similar presentations


Presentation on theme: "CCAP Encryption Integrating CCAP into the Video Control Plane"— Presentation transcript:

1 CCAP Encryption Integrating CCAP into the Video Control Plane
Kevin Taylor Fellow Comcast July 31, 2014

2 CCAP In a System Context CCAP Encryption Goals
Topics CCAP in a Nutshell CCAP In a System Context CCAP Encryption Goals CCAP Transition Strategy CCAP Encryption Hardware Requirements CCAP Encryption Options CCAP Encryption Phasing Case Study Special Considerations 2

3 CCAP in a nutshell CCAP DS RF Port Converged Cable Access Platform
Combines the functions of the CMTS and Edge QAM Implements all narrowcast and broadcast QAMs CCAP in a nutshell CCAP DS Port Assignments HSD/CDV Simplify, and eventually eliminate RF Combining DOCSIS IP Video DS RF Port VOD cDVR 64 NC QAMs BC QAMs MPEG TS Broadcast Narrowcast & Broadcast Digital Services CCAP Legacy OOB & QAM Analog US DS Split Legacy OOB 3

4 CCAP Impact Engineering: Capacity and efficiency
50% space savings with 4x capacity 60% power savings plus less cooling Improve existing UPS and battery backup performance Architecture: Simplicity and flexibility Minimum, simplified combining wiring Full-spectrum, MPEG/DOCSIS QAMs, easier migration to IPTV Future proof, single access platform Purchasing: Cost will quickly become a big driver Especially DOCSIS QAMs are significantly cheaper Operations: Reliability and manageability Fully redundant (N+1 LC & 1+1 Commons) Configuration change between QAM types vs. equipment swap-out Much shorter maintenance window (ISSU) Far less equipment to manage and maintain 4

5 CCAP in a System Context

6 CCAP Encryption Goals Architecture Cost Efficiency Resource Efficiency Compatibility with Deployed Conditional Access Systems Scalability Security Modern Network Architecture Reliability and Resiliency Linear Broadcast DTA PPV/IPPV SDV VOD Port Mapped (Static) Session (Dynamic)

7 Hardware platform specifications
CCAP Encryption Converged Cable Access Platform Encryption M-CMTS QAM I-CMTS Broadcast QAM SDV & VOD QAM Hardware platform specifications ARRIS MediaCipher Cisco PowerKey DVB Encryption

8 8 Legacy Encryption vs. CCAP Encryption Legacy Encryption
EQAM: Proprietary Generation of CW and ECM EQAM: Encryption EQAM: Stream Multiplexing EQAM: Output Conversion GQAM, MQAM, SEM, APEX, NetCrypt CCAP Encryption ECMG: Proprietary Generation of CW and ECMs move to Vendor ECMG device EQAM: Encryption, Multiplexing and output conversion remain in EQAM CCAP and 3rd Party EQAM

9 CCAP Transition Strategy
9

10 CCAP Encryption Requirements
Decryption Support Network Decryption (not currently implemented) AES-128 Encryption Support MediaCipher / DTA SCTE-52 (DES-CBC) PowerKey / DTA DES-ECB AES DVB-CSA/CSA3 (Simulcrypt) CA System Support PID Routing CAT DTA System Information DTA EMM DTA User Interface Data DTA Messaging PSIP Aggregation PSIP EAS

11 CCAP Encryption Options
Option 1 – CCAP with ECMG Option 2 – CCAP with Bulk Encryption Option 3 – CCAP with DVB SimulCrypt 11

12 CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP)
CAS Shared ECMG Pool CCAP Load Balancer Authentication ECMG . CWG Web Request {AC, ECM/CW} ECMG CWG ECMG CWG ECM/CW cache Abbreviations: ECMG – Entitlement Control Message Generator ECM – Entitlement Control Message CW – Control Word CWG – Control Word Generator CAS – Conditional Access System

13 CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP)
Settop CAS Shared ECMG Pool ECMG ECMG ECMG CWG CWG CWG DTA CAS Secrets Secrets Secrets http[AC, ECM/CW] Load Balancer http[AC, ECM/CW] CCAP Encrypt MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) DTA CAT, SI, EMM, Data, EAS

14 CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP)
ECMG is not in the video path ECMG<>CCAP Interface is resilient to network delays and short outages Batching of ECMs and CWs Standard network load balancing is supported CCAP needs licensed technology from CA vendors ECMG is stateless

15 CCAP Encryption Option 2 - CCAP with Bulk Encryptor
Settop CAS DTA CAS DTA CAT, SI, EMM, Data, EAS . Bulk Encryptor Encrypt CCAP MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) MPTS/SPTS (Encrypted Content) Secrets Abbreviations: DTA – Digital Terminal Adaptor CAS – Conditional Access System SI – System Information EMM – Entitlement Management Message EAS – Emergency Alert System MPTS – Multi-Program Stream SPTS – Single Program Stream

16 CCAP Encryption Option 2 - CCAP with Bulk Encryptor
Bulk encryptor is in the video path Requires appropriate redundancy to be applied at the bulk encryptor and CCAP Bulk encryptor encapsulates all of the propriety CA vendor information into a single video encryption device Maybe resilient to network delays and short outages Efficient encryption method for video architecture with many nodes

17 CCAP Encryption Option 3 CCAP with DVB SimulCrypt
DVB SimulCrypt Compliant CA System EIS Settop CAS Simulcrypt EIS<->SCS ECMG Secrets Abbreviations: ECMG – Entitlement Control Message Generator EIS – Event Information Scheduler SCS – SimulCrypt Synchronizer CW – Control Word CWG – Control Word Generator CAS – Conditional Access System Simulcrypt SCS <->ECMG DTA CAS ECMG Secrets . Simulcrypt SCS <->ECMG CCAP Encrypt* CWG* MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) DTA CAT, SI, EMM, Data, EAS *Varies by CA vendor

18 CCAP Encryption Option 3 – CCAP with DVB SimulCrypt
ECMG is not in the video path Standardized DVB Interfaces Socket based interfaces Not all CA Systems support a Simulcrypt mode with the CCAP being the Simulcrypt Synchronizer(SCS) Some CA System have IP or secrets that need to be applied at the Encryptor

19 CCAP Encryption Option Comparison (1)
ECMG Option 2 Bulk Encryptor Option 3 DVB Simulcrypt CAS Operation Single Vendor Multi-Vendor Encryption Location CCAP Location of Proprietary CA Secrets Interface Standards Proprietary (Licensed to CCAP Vendors) Propriety Open Protocol Basis HTTPS Socket Interface Authentication Authenticated Per vendor implementation None ECM Batching Y N/A N (Transaction per crypto period) Load Balancing Concept of primary, secondary, and priority. Support vendor specific.

20 CCAP Encryption Option Comparison (2)
ECMG Option 2 Bulk Encryptor Option 3 DVB Simulcrypt Video Path Redundancy CCAP Responsibility Bulk Encryptor and CCAP share redundancy responsibility Network Load Resilient to short network outages State Stateless Stateful Cloud Readiness Auto-scaling, load balancing, and failure resiliency are part of architecture None Concept of Primary / Secondary ECMG Hitless Upgrades Y – ECMG Pool provides redundancy N Maybe – requires 1:1 redundancy Horizontal Scalability Y ECM Stretching Vendor specific Support Future Current

21 CCAP Encryption Phasing Case Study – ARRIS Network
Function Privacy Mode Common Tier Encryption Session Based Encryption Linear Linear + OneController VOD Encryption VPME MediaCipher (CTCP) MediaCipher (ODCP)  MediaCipher (CTCP, ODCP) MediaCipher (CTCP, ODCP)  Linear Encryption Mode MediaCipher, MediaCipher DTA VOD Session Setup Port mapping Session Port or Session  Components CCAP Y ECMG n/a VOD Back Office Updates N DAC CASMR BVSM (OneController) Interfaces (Req’d) CableLabs RMI CCAP-ECMG CAMS-SM

22 CCAP Encryption Phasing Case Study – Cisco Network
Function Embedded PowerKey VOD PowerKey VOD on ECMG Linear with Simulcrypt Linear with OneController VOD Encryption PowerKey Linear Encryption Mode PowerKey, SCP/SCC VOD Session Setup Session Linear Session Setup DNCS BVSM Components CCAP N Y ECMG (PCG) n/a Y (Simulcrypt) VOD Back Office DNCS/EC ECS BVSM (OneController) DTACS Interfaces (Req’d) CableLabs RMI PEACH (ECMG) CAMS-SM Simulcrypt

23 Special Considerations
CCAP Broadcast Replication Adult Content Special Requirements Combinations of Encryption Approaches

24 Summary CCAP Architecture enables several mechanisms for the cable operator to enable video encryption The cable operator will need to decide which approach is best for their system architecture, service type, and network Comcast IConfidential

25 Questions? Comcast IConfidential

26


Download ppt "CCAP Encryption Integrating CCAP into the Video Control Plane"

Similar presentations


Ads by Google