1 / 26

CCAP Encryption Integrating CCAP into the Video Control Plane

CCAP Encryption Integrating CCAP into the Video Control Plane. July 31, 2014. Kevin Taylor Fellow Comcast. Topics. CCAP in a Nutshell CCAP In a System Context CCAP Encryption Goals CCAP Transition Strategy CCAP Encryption Hardware Requirements CCAP Encryption Options

quiana
Download Presentation

CCAP Encryption Integrating CCAP into the Video Control Plane

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CCAP Encryption Integrating CCAP into the Video Control Plane July 31, 2014 Kevin TaylorFellow Comcast

  2. Topics • CCAP in a Nutshell • CCAP In a System Context • CCAP Encryption Goals • CCAP Transition Strategy • CCAP Encryption Hardware Requirements • CCAP Encryption Options • CCAP Encryption Phasing Case Study • Special Considerations 2

  3. Converged Cable Access Platform • Combines the functions of the CMTS and Edge QAM • Implements all narrowcast and broadcast QAMs CCAP in a nutshell CCAP DS Port Assignments HSD/CDV Simplify, and eventually eliminate RF Combining DOCSIS IP Video DS RF Port VOD cDVR 64 NC QAMs + 96 BC QAMs MPEG TS Broadcast Narrowcast & Broadcast Digital Services CCAP Legacy OOB & QAM Analog US Split Legacy OOB DS 3

  4. CCAP Impact • Engineering:Capacity and efficiency • 50% space savings with 4x capacity • 60% power savings plus less cooling • Improve existing UPS and battery backup performance • Architecture:Simplicity and flexibility • Minimum, simplified combining wiring • Full-spectrum, MPEG/DOCSIS QAMs, easier migration to IPTV • Future proof, single access platform • Purchasing:Cost will quickly become a big driver • Especially DOCSIS QAMs are significantly cheaper • Operations:Reliability and manageability • Fully redundant (N+1 LC & 1+1 Commons) • Configuration change between QAM types vs. equipment swap-out • Much shorter maintenance window (ISSU) • Far less equipment to manage and maintain 4

  5. CCAP in a System Context System Context

  6. CCAP Encryption Goals Architecture • Cost Efficiency • Resource Efficiency • Compatibility with Deployed Conditional Access Systems • Scalability • Security • Modern Network Architecture • Reliability and Resiliency Linear • Broadcast • DTA • PPV/IPPV • SDV VOD • Port Mapped (Static) • Session (Dynamic)

  7. CCAP Encryption Converged Cable Access Platform Encryption M-CMTS QAM I-CMTS Broadcast QAM SDV & VOD QAM Hardware platform specifications ARRIS MediaCipher Cisco PowerKey DVB Encryption

  8. 8 Legacy Encryption vs. CCAP Encryption Legacy Encryption EQAM: Proprietary Generation of CW and ECM EQAM: Encryption EQAM: Stream Multiplexing EQAM: Output Conversion GQAM, MQAM, SEM, APEX, NetCrypt CCAP Encryption ECMG: Proprietary Generation of CW and ECMs move to Vendor ECMG device EQAM: Encryption, Multiplexing and output conversion remain in EQAM CCAP and 3rd Party EQAM

  9. CCAP Transition Strategy 9

  10. CCAP Encryption Requirements Decryption Support • Network Decryption (not currently implemented) • AES-128 Encryption Support • MediaCipher / DTA • SCTE-52 (DES-CBC) • PowerKey / DTA • DES-ECB • AES • DVB-CSA/CSA3 (Simulcrypt) CA System Support • PID Routing • CAT • DTA System Information • DTA EMM • DTA User Interface Data • DTA Messaging • PSIP Aggregation • PSIP • EAS

  11. CCAP Encryption Options • Option 1 – CCAP with ECMG • Option 2 – CCAP with Bulk Encryption • Option 3 – CCAP with DVB SimulCrypt 11

  12. CCAP EncryptionOption 1 - CCAP with ECMG (Load Balancer/HTTP) CAS Shared ECMG Pool CCAP Load Balancer ECMG . . . CWG Web Request {AC, ECM/CW} Authentication ECMG CWG ECMG CWG ECM/CW cache Abbreviations: ECMG – Entitlement Control Message Generator ECM – Entitlement Control Message CW – Control Word CWG – Control Word Generator CAS – Conditional Access System

  13. Settop CAS CCAP EncryptionOption 1 - CCAP with ECMG (Load Balancer/HTTP) Shared ECMG Pool ECMG ECMG ECMG CWG CWG CWG DTA CAS Secrets Secrets Secrets http[AC, ECM/CW] Load Balancer http[AC, ECM/CW] CCAP Encrypt MPTS/SPTS (Encrypted Content) MPTS/SPTS Video (Clear Content) DTA CAT, SI, EMM, Data, EAS

  14. CCAP EncryptionOption 1 - CCAP with ECMG (Load Balancer/HTTP) • ECMG is not in the video path • ECMG<>CCAP Interface is resilient to network delays and short outages • Batching of ECMs and CWs • Standard network load balancing is supported • CCAP needs licensed technology from CA vendors • ECMG is stateless

  15. CCAP EncryptionOption 2 - CCAP with Bulk Encryptor Settop CAS DTA CAS DTA CAT, SI, EMM, Data, EAS . . . Encrypt Bulk Encryptor CCAP MPTS/SPTS (Encrypted Content) MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) Secrets Abbreviations: DTA – Digital Terminal Adaptor CAS – Conditional Access System SI – System Information EMM – Entitlement Management Message EAS – Emergency Alert System MPTS – Multi-Program Stream SPTS – Single Program Stream

  16. CCAP EncryptionOption 2 - CCAP with Bulk Encryptor • Bulk encryptoris in the video path • Requires appropriate redundancy to be applied at the bulk encryptorand CCAP • Bulk encryptor encapsulates all of the propriety CA vendor information into a single video encryption device • Maybe resilient to network delays and short outages • Efficient encryption method for video architecture with many nodes

  17. CCAP Encryption Option 3 CCAP with DVB SimulCrypt DVB SimulCrypt Compliant CA System EIS Settop CAS Simulcrypt EIS<->SCS ECMG Secrets Abbreviations: ECMG – Entitlement Control Message Generator EIS – Event Information Scheduler SCS – SimulCrypt Synchronizer CW – Control Word CWG – Control Word Generator CAS – Conditional Access System DTA CAS Simulcrypt SCS <->ECMG ECMG Secrets . . . Simulcrypt SCS <->ECMG CCAP Encrypt* CWG* MPTS/SPTS (Encrypted Content) MPTS/SPTS Video (Clear Content) DTA CAT, SI, EMM, Data, EAS *Varies by CA vendor

  18. CCAP EncryptionOption 3 – CCAP with DVB SimulCrypt • ECMG is not in the video path • Standardized DVB Interfaces • Socket based interfaces • Not all CA Systems support a Simulcryptmode with the CCAP being the Simulcrypt Synchronizer(SCS) • Some CA System have IP or secrets that need to be applied at the Encryptor

  19. CCAP Encryption Option Comparison (1)

  20. CCAP Encryption Option Comparison (2)

  21. CCAP Encryption Phasing Case Study – ARRIS Network

  22. CCAP Encryption Phasing Case Study – Cisco Network

  23. Special Considerations • CCAP Broadcast Replication • Adult Content • Special Requirements • Combinations of Encryption Approaches

  24. Summary • CCAP Architecture enables several mechanisms for the cable operator to enable video encryption • The cable operator will need to decide which approach is best for their system architecture, service type, and network Comcast IConfidential

  25. Questions? Comcast IConfidential

More Related