vcas
Video Content Authority System
™
Verimatrix EncryptionEngine™
High-performance Cryptographic Operations in Compact Form Factor
The Verimatrix EncryptionEngine is a hardware-based high-performance product that manages all VCAS™ for DVB head-end cryptographic
operations. It protects cryptographic ciphers and control mechanisms, including the set of operator keys. It also holds the operator-specific
Super Master Key (SMK), which is used to encrypt subscriber-related information.
The EncryptionEngine interfaces to, and is controlled by, the Verimatrix Broadcast Content Security Manager (BCSM) over a dedicated
Ethernet LAN. BCSM is the core component of VCAS for DVB for one-way networks (i.e. broadcast networks without a return channel
from the client devices to the head-end). BCSM includes an entitlement control message (ECM) generator, implementing DVB Simulcrypt with
third-party DVB multiplexers, which enables MPEG-compliant Multi-Program Transport Stream (MPTS) encryption. Furthermore, BCSM
generates and plays out entitlement management messages (EMMs). ECM and EMM messages are encrypted by the EncryptionEngine and
returned to BCSM, which in turn forwards the messages to the DVB Multiplexer via Simulcrypt for insertion into the MPEG-2 TS.
All VCAS keys are provided by Verimatrix to operators in encrypted form. Keys are never stored in the clear. Keys are processed, and
messages are encrypted and encapsulated, in the EncryptionEngine only. VCAS keys are never transmitted in the clear and no unencrypted
information ever leaves the device. All information is lost if the device is tampered with or powered off.
EncryptionEngine Front and Rear Panels
The EncryptionEngine is initialized with key data during start-up using a Key Injector and a
set of EncryptionEngine Arming Cards. The initialization procedure entails the transfer of
the SMK to the encryptor. Three unique EncryptionEngine Arming Cards, each holding
part of the SMK, are issued to each service operator, together with a 16-digit PIN code for
each. Three trusted employees each receive one card together with a PIN code. Any two
out of the three cards are required and sufficient to initialize the encryptor using the Key
Injector (connected via USB interface). The cards can be inserted in any order. When the
PINs have been entered and accepted for any two cards of the three, the initialization is
complete. The initialization procedure is performed at system boot-up and after any power
cycling, and only needs to be carried out once even if multiple encryptors are configured.
The device supports cryptographic operations for up to 1 million STBs in only 1 rack
unit (RU) space. Multiple units can be configured for redundancy and larger STB populations.
Key Injector with Arming Card
[Link]
� vcas
Video Content Authority System
™
Features
• Proprietary, high-performance encryptor card
• Supports cryptographic operations for up to 1 million STBs
• Ethernet/RJ-45 connector
• USB connector for Key Injector interfacing
• Power LED
• Status LED
• Dimensions – H: 1.75” (1RU), D: 5.50”, W: 19”
Standards Compliance
• CE
• EN ISO/IEC 17050-1 Set of Three Arming Cards
• FCC Part 15 for a Class A digital device.
• Directive 2002/95/EC of the European Parliament – RoHS (Restriction of Hazardous Substances)
Power Supply
• 100-240 VAC
• 0.7 A
• 50/60 Hz
VCAS™
VCAS provides the tools and support that digital TV operators require in order to address the new opportunities arising from the accelerating
convergence of video delivery over various types of networks - whether managed or unmanaged - to a multitude of devices. This convergence
must encompass a proactive revenue protection and enhancement approach that enables service operators to cast a much wider net with
their service offerings. As a consequence, the central value proposition for a pay-TV enterprise shifts beyond that of traditional, single network
content protection alone, towards the broader perspective of multi-network revenue security.
Verimatrix - Beyond Content Protection to Revenue Security
Verimatrix specializes in securing and enhancing revenue for multi-network, multi-screen digital TV services around the globe. The award-
winning and independently audited Verimatrix Video Content Authority System (VCAS™) and ViewRight® solutions offer an innovative
approach for cable, satellite, terrestrial, IPTV operators to cost-effectively extend their networks and enable new business models. As the
established trend setter in cardless security solutions for premier service providers, Verimatrix has leveraged its innovative 3-Dimensional
Security approach to provide a harmonized rights platform for premium content delivery to a range of devices over new hybrid network
combinations. Maintaining close relationships with major studios, broadcasters, industry organizations, and featuring an unmatched partner
ecosystem, enables Verimatrix to provide a unique perspective on digital TV business issues beyond content security as operators seek to
deliver compelling new services.
6825 Flanders Drive • San Diego, CA 92121, USA
Main: +1.858.677.7800 • Fax +1.858.677.7804
email: info@[Link]
Copyright © 2013 Verimatrix, Inc. All rights reserved.
Reproduction or redistribution of Verimatrix web site or collateral content is prohibited without prior written consent. [Link]