Digital content is available everywhere you look, posing new monetization challenges for producers. Perhaps the simplest and most lucrative way to monetize content is through paid subscription or viewing. Conditional access is a content and service delivery model that restricts user access based on paid subscriptions. It’s most commonly known as Pay-Per-View when used for television, but conditional access systems (CAS) are also used for paid services like phone and internet. A CAS comprises several components that work together to ensure only authorized users can access the restricted content, thereby executing the user-provider contract. Without a CAS, providers wouldn’t be able to fully monetize their content and would be subject to piracy at unsustainable levels.

Why is conditional access important for providers?

Even with affordable options and an overwhelming amount of legitimate streaming services, many consumers still try to access content they’re not entitled to. The most vital role of a CAS is to protect the provider’s revenue by executing the subscriber’s contract and preventing piracy. The CAS facilitates the exchange of content for payment and can restrict access in certain areas based on popularity or program rights.
Various components of the CAS provide vital functions to both the provider and the user. One component, the subscriber management system, sends and receives payments to and from the subscriber and the CAS and handles changes in subscriptions, billing, and user information. The subscriber authorization system identifies and verifies the user, shares the information with necessary service providers, and encrypts all data to prevent security attacks.
The security module protects the user’s information and prevents piracy or unauthorized viewing of the content. In television applications, the STB or receiver is the final piece of the CAS. It enables access and decrypts the content when the defined criteria are met. A CAS can also be used to regulate access to software like email, apps, documents, and information deployed as SaaS. Software providers using CAS have control over access and restrictions, like which browsers can access their data.

How does a conditional access system work?

The content provider transmits the content as a signal, which virtually anyone can pick up via satellite, terrestrial, or cable network. The CAS uses various protocols to encrypt the signal so the content can’t be watched, except by those users who meet the criteria defined by the provider. When a user meets the conditions of access, the receiver will decrypt the signal, making the content watchable for that user. The provider will have given the subscriber a set-top box (STB) or another receiver that integrates the CAS.

The STB or receiver requires an encryption key wrapped in an entitlement control message (ECM) to decrypt the content. The ECM structure is different for every CAS vendor, but the process of inserting the ECM into the transport stream (TS) is standardized. Each receiver contains unique and secret data to confirm the user’s authority to receive an entitlement management message (EMM). The EMM tells the receiver which broadcast channels and on-demand content it’s allowed to decrypt.

If a user fails to pay a bill or decides to cancel a subscription, the signal for that content will remain encrypted and will not be viewable for the user. If CAS keys are hacked, the CAS vendor will take action to prevent piracy, depending on the situation and technology being used.

Ideally, the CAS will be undetectable to users. Users will be able to pay bills, change channels, and access programs with no delay. The security modules must be resilient enough to provide anti-piracy measures and reliable security infrastructure to protect the user and provider data. Many conditional access systems are compatible with an open market of STBs and other receivers.