Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCAP Encryption Integrating CCAP into the Video Control Plane July 31, 2014 Kevin Taylor Fellow Comcast.

Similar presentations


Presentation on theme: "CCAP Encryption Integrating CCAP into the Video Control Plane July 31, 2014 Kevin Taylor Fellow Comcast."— Presentation transcript:

1 CCAP Encryption Integrating CCAP into the Video Control Plane July 31, 2014 Kevin Taylor Fellow Comcast

2 Topics CCAP in a Nutshell CCAP In a System Context CCAP Encryption Goals CCAP Transition Strategy CCAP Encryption Hardware Requirements CCAP Encryption Options CCAP Encryption Phasing Case Study Special Considerations 2

3 CCAP in a nutshell CCAP DS Port Assignments DS RF Port 64 NC QAMs + 96 BC QAMs HSD/CDV VOD DOCSIS MPEG TS Simplify, and eventually eliminate RF Combining IP Video Broadcast US DS Legacy OOB & QAM Narrowcast & Broadcast Digital Services CCAP Analog Split Legacy OOB Converged Cable Access Platform Combines the functions of the CMTS and Edge QAM Implements all narrowcast and broadcast QAMs cDVR 3

4 CCAP Impact Engineering: Capacity and efficiency -50% space savings with 4x capacity -60% power savings plus less cooling -Improve existing UPS and battery backup performance Architecture: Simplicity and flexibility -Minimum, simplified combining wiring -Full-spectrum, MPEG/DOCSIS QAMs, easier migration to IPTV -Future proof, single access platform Purchasing: Cost will quickly become a big driver -Especially DOCSIS QAMs are significantly cheaper Operations: Reliability and manageability -Fully redundant (N+1 LC & 1+1 Commons) -Configuration change between QAM types vs. equipment swap-out -Much shorter maintenance window (ISSU) -Far less equipment to manage and maintain 4

5 CCAP in a System Context System Context 5

6 CCAP Encryption Goals Architecture -Cost Efficiency -Resource Efficiency -Compatibility with Deployed Conditional Access Systems -Scalability -Security -Modern Network Architecture -Reliability and Resiliency Linear -Broadcast -DTA -PPV/IPPV -SDV VOD -Port Mapped (Static) -Session (Dynamic) 6

7 Converged Cable Access Platform M-CMTS QAM M-CMTS QAM Encryption Broadcast QAM Broadcast QAM SDV & VOD QAM SDV & VOD QAM I-CMTS Hardware platform specifications ARRIS MediaCipher Cisco PowerKey DVB Encryption ARRIS MediaCipher Cisco PowerKey DVB Encryption CCAP Encryption 7

8 8 Legacy Encryption vs. CCAP Encryption Legacy Encryption EQAM: Proprietary Generation of CW and ECM EQAM: Encryption EQAM: Stream Multiplexing EQAM: Output Conversion 8 CCAP and 3rd Party EQAM GQAM, MQAM, SEM, APEX, NetCrypt CCAP Encryption ECMG: Proprietary Generation of CW and ECMs move to Vendor ECMG device EQAM: Encryption, Multiplexing and output conversion remain in EQAM

9 CCAP Transition Strategy 9

10 CCAP Encryption Requirements Decryption Support Network Decryption (not currently implemented) -AES-128 Encryption Support MediaCipher / DTA -SCTE-52 (DES-CBC) PowerKey / DTA -DES-ECB AES DVB-CSA/CSA3 (Simulcrypt) CA System Support PID Routing -CAT -DTA System Information -DTA EMM -DTA User Interface Data -DTA Messaging PSIP Aggregation -PSIP -EAS 10

11 CCAP Encryption Options Option 1 – CCAP with ECMG Option 2 – CCAP with Bulk Encryption Option 3 – CCAP with DVB SimulCrypt 11

12 CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) 12 CCAP Load Balancer ECMG Web Request {AC, ECM/CW} ECM/CW cache Shared ECMG Pool CAS CWG Authentication Abbreviations: ECMG – Entitlement Control Message Generator ECM – Entitlement Control Message CW – Control Word CWG – Control Word Generator CAS – Conditional Access System

13 CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) 13 CCAP Load Balancer ECMG Shared ECMG Pool Settop CAS CWG Encrypt http[AC, ECM/CW] DTA CAS Secrets ECMG CWG Secrets ECMG CWG Secrets DTA CAT, SI, EMM, Data, EAS MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) http[AC, ECM/CW]

14 CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) ECMG is not in the video path ECMG<>CCAP Interface is resilient to network delays and short outages Batching of ECMs and CWs Standard network load balancing is supported CCAP needs licensed technology from CA vendors ECMG is stateless 14

15 15 CCAP Encryption Option 2 - CCAP with Bulk Encryptor CCAP Bulk Encryptor Bulk Encryptor Settop CAS Settop CAS DTA CAS DTA CAS Secrets Encrypt DTA CAT, SI, EMM, Data, EAS MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) MPTS/SPTS (Encrypted Content) Abbreviations: DTA – Digital Terminal Adaptor CAS – Conditional Access System SI – System Information EMM – Entitlement Management Message EAS – Emergency Alert System MPTS – Multi-Program Stream SPTS – Single Program Stream

16 CCAP Encryption Option 2 - CCAP with Bulk Encryptor Bulk encryptor is in the video path Requires appropriate redundancy to be applied at the bulk encryptor and CCAP Bulk encryptor encapsulates all of the propriety CA vendor information into a single video encryption device Maybe resilient to network delays and short outages Efficient encryption method for video architecture with many nodes 16

17 CCAP Encryption Option 3 CCAP with DVB SimulCrypt 17 CCAP DVB SimulCrypt Compliant CA System Settop CAS MPTS/SPTS Video (Clear Content) Encrypt* Simulcrypt SCS ECMG DTA CAS Simulcrypt SCS ECMG EIS Simulcrypt EIS SCS DTA CAT, SI, EMM, Data, EAS ECMG CWG* Secrets ECMG Secrets MPTS/SPTS (Encrypted Content) *Varies by CA vendor Abbreviations: ECMG – Entitlement Control Message Generator EIS – Event Information Scheduler SCS – SimulCrypt Synchronizer CW – Control Word CWG – Control Word Generator CAS – Conditional Access System

18 18 CCAP Encryption Option 3 – CCAP with DVB SimulCrypt ECMG is not in the video path Standardized DVB Interfaces Socket based interfaces Not all CA Systems support a Simulcrypt mode with the CCAP being the Simulcrypt Synchronizer(SCS) Some CA System have IP or secrets that need to be applied at the Encryptor

19 CCAP Encryption Option Comparison (1) OptionOption 1 ECMG Option 2 Bulk Encryptor Option 3 DVB Simulcrypt CAS OperationSingle Vendor Multi-Vendor Encryption Location CCAPBulk EncryptorCCAP Location of Proprietary CA Secrets ECMGBulk EncryptorECMG Interface Standards Proprietary (Licensed to CCAP Vendors) ProprietyOpen Protocol BasisHTTPSProprietarySocket Interface Authentication AuthenticatedPer vendor implementation None ECM BatchingYN/AN (Transaction per crypto period) Load BalancingYN/AConcept of primary, secondary, and priority. Support vendor specific. 19

20 CCAP Encryption Option Comparison (2) 20 OptionOption 1 ECMG Option 2 Bulk Encryptor Option 3 DVB Simulcrypt Video Path Redundancy CCAP ResponsibilityBulk Encryptor and CCAP share redundancy responsibility CCAP Responsibility Network LoadResilient to short network outages StateStatelessStateful Cloud Readiness Auto-scaling, load balancing, and failure resiliency are part of architecture NoneConcept of Primary / Secondary ECMG Hitless Upgrades Y – ECMG Pool provides redundancy NMaybe – requires 1:1 redundancy Horizontal Scalability YNConcept of Primary / Secondary ECMG ECM Stretching Vendor specific SupportFutureCurrent

21 CCAP Encryption Phasing Case Study – ARRIS Network 21 Function Privacy Mode Common Tier Encryption Session Based Encryption Linear Linear + OneController VOD EncryptionVPME MediaCipher (CTCP) MediaCipher (ODCP) MediaCipher (CTCP, ODCP) Linear Encryption Mode MediaCipher, MediaCipher DTA VOD Session SetupPort mapping Session Port or Session Components CCAPYYY YY ECMGn/aYY YY VOD Back Office Updates NNY YY DACNYY YY CASMRNYY YY BVSM (OneController) n/a Y Interfaces (Req’d) CableLabs RMIn/a Y Y CCAP-ECMGn/aYY YY CAMS-SMn/a Y

22 CCAP Encryption Phasing Case Study – Cisco Network 22 Function Embedded PowerKey VOD PowerKey VOD on ECMG Linear with Simulcrypt Linear with OneController VOD EncryptionPowerKey Linear Encryption Mode PowerKey, SCP/SCC VOD Session SetupSession Linear Session Setup DNCSBVSM Components CCAPNY YY ECMG (PCG)n/aY Y (Simulcrypt)Y VOD Back OfficeYY NY DNCS/ECYY YY ECSYY YY BVSM (OneController)n/a Y DTACSn/a YY Interfaces (Req’d) CableLabs RMINY NY PEACH (ECMG)NY NY CAMS-SMNY NY SimulcryptNN YN

23 Special Considerations CCAP Broadcast Replication Adult Content -Special Requirements -Combinations of Encryption Approaches 23

24 Summary CCAP Architecture enables several mechanisms for the cable operator to enable video encryption The cable operator will need to decide which approach is best for their system architecture, service type, and network Comcast IConfidential24

25 Questions? Comcast IConfidential25

26


Download ppt "CCAP Encryption Integrating CCAP into the Video Control Plane July 31, 2014 Kevin Taylor Fellow Comcast."

Similar presentations


Ads by Google