Download this file - Using BISS E with TANDBERG Television's E57xx by bnmbgtrtr52

VIEWS: 183 PAGES: 7

									   Using BISS E with TANDBERG Television’s
      E57xx encoder and TT1260 decoder




                                      Confidentiality Notice
The information contained in this document is proprietary, confidential, and protected by copyright.
     Any dissemination, distribution, or reproduction of such information is strictly prohibited.
Table of Contents


1 Operation of BISS


2 BISS E


3 Configuring your system to use BISS E


4 Encoder configuration


5 Decoder configuration




                                      Confidentiality Notice
The information contained in this document is proprietary, confidential, and protected by copyright.
     Any dissemination, distribution, or reproduction of such information is strictly prohibited.
This document explains the operation of BISS E and how a TANDBERG
Television encoder and decoder can be configured to support it. For a more
thorough guide to BISS, please see the related document “Understanding
BISS”.

Please note that BISS is a hardware option for the E57xx series of encoder.
The board must is fitted onto the main encoder card, and so does not occupy
a rear option slot.

These notes are specific to an E57xx encoder fitted with BISS card, and the
TT1260 decoder. However, the set-up for the other encoder and decoder
products in the TANDBERG Television range (e.g. EN8040, Rx1290, Rx8200)
are very similar.



1.   Operation of BISS

Basic BISS mode 1 operation is as shown below.

At the heart of BISS is the same DVB-CA scrambler that is used with larger
CA systems. This device is responsible for performing the scrambling and is
based on open standards. To start the device scrambling, you need to
provide it with a key (known as the clear session word, BISS mode 1 key or
Control Word). This key selects the DVB compliant scrambling algorithm that
will be used to scramble the incoming packets.



                                  ENCODER                                                                      DECODER




                                DVB-CA Scrambler                                                           DVB-CA descrambler



         Clear T_S packets in                           Encrypted T_S packets   Encrypted T_S packets in                            Clear T_S packets out
                                DVB common scrambling            out                                        DVB common scrambling
                                      algorithm                                                                   algorithm




                                                                                                             Session Word
                                  Session Word




                                       Confidentiality Notice
 The information contained in this document is proprietary, confidential, and protected by copyright.
      Any dissemination, distribution, or reproduction of such information is strictly prohibited.
If the decoder is equipped with BISS and so has a DVB-CA de-scrambler,
then if the same clear session word (BISS mode 1 key) is entered into the
receiver, then it will de-scramble the transmission.

This works fine, but will enable anyone knowing the key and possessing a
BISS receiver to also decode the transmission. Sometimes, a customer will
illegally pass on the keys to others which can cause a security breach.

For simple transmissions where you can be sure the BISS mode 1 key is not
passed on, the risk may be acceptable. However, if you do not want to risk
the chance of having keys passed on to unauthorized users, BISS E must be
used.



2. BISS E

BISS E expands upon the features provided with the simpler BISS mode 1 to
make a key receiver specific.

It adds a relatively simple step to achieve this.

                           ENCODER                                                                       DECODER




                         DVB-CA Scrambler                                                            DVB-CA descrambler



  Clear T_S packets in                            Encrypted T_S packets   Encrypted T_S packets in                            Clear T_S packets out
                         DVB common scrambling             out                                        DVB common scrambling
                               algorithm                                                                    algorithm




                                                                                                                  Session Word
                                  Session Word




                                                                                                       Key Generator
                          Key Generator



                                                                                Encrypted session word                        Unique receiver ID
    Encrypted session word                       Unique receiver ID




                                                                                                                         Unique receiver ID can
                                       Unique receiver ID can                                                            either be user defined
                                       either be user defined                                                          (injected ID) or can be an
                                     (injected ID) or can be an                                                       embedded number (based
                                    embedded number (based                                                            on unique serial number or
                                    on unique serial number or                                                        in the case of TANDBERG
                                    in the case of TANDBERG                                                                Rx's, the Dallas ID)
                                         Rx's, the Dallas ID)



                                       Confidentiality Notice
 The information contained in this document is proprietary, confidential, and protected by copyright.
      Any dissemination, distribution, or reproduction of such information is strictly prohibited.
With BISS-E, you do not enter the session word directly because the session
word is generated by the device from two other numbers. One of these is
normally burnt into the device and cannot be changed, making it unique.
The other is provided to you and must be entered. Together, these two
numbers allow the correct session word to be re-generated by a BISS-E
compliant algorithm that resides within the BISS-E compliant device.

These two additional numbers allowing the original session word to be
regenerated are called the Encrypted Session Word (called “encrypted”
because it is not the actual session word, and the device-specific number
which is normally called the “injected user ID” because it is normally
programmed into the device when it is manufactured and cannot be
changed.

The reason why the injected user ID is normally unique for the device and
permanently set at manufacture is central to the extra security that BISS E
offers. The goal is always to recover the original clear session word that is
being used to encrypt the transmission, so that it can be decrypted. We
know that with BISS-1, the clear session words are freely passed and
anyone with knowledge of it can enter it and decrypt the service. We also
know that with BISS-E, the clear session word is not passed on to the users;
it is the encrypted session word that is provided. Once this is entered into
the device (e.g. a receiver), the device will use the encrypted session word
and the injected user ID that is burned into and will apply the BISS-E
algorithmic process to derive the clear session word. If the combination of
encrypted session word and injected user ID are correct, then a valid clear
session word will be generated and it will cause de-cryption to take place in
the correct way. If they are incorrect and fail to create the same clear
session word that is being used for encryption, then it will not be possible to
de-scramble the service correctly.

 If it was possible to enter the injected user ID manually, then knowing a
valid combination of encrypted session word and injected user ID would be
the same as knowing what the clear session word is. However, by having
fixed injected user ID’s which are different for each device, each user must
be provided with a unique encrypted session word that will result in the
correct clear session word being regenerated. This means that any
encrypted session word will only work in the device with the injected user ID
that it was intended for, and so makes the encrypted session word useless in
terms of enabling any device other than the one it is intended for.

The process is analogous to adding two numbers together. Consider that
5+5=10 and 8+2=10. Both cases is analogous to having a different
                                       Confidentiality Notice
 The information contained in this document is proprietary, confidential, and protected by copyright.
      Any dissemination, distribution, or reproduction of such information is strictly prohibited.
combination of injected user ID and encrypted session word, but in both
cases the same clear session word is correctly regenerated (e.g. 10). Of
course, the BISS-E algorithm is much more complex that this, but the
concept behind BISS-E is the same.



3. Configuring your system to use BISS E

The following steps will enable your system to work in BISS E mode using a
user-generated injected ID.

First, we will configure the encoder and then we will configure the decoder.



4. Encoder configuration

      Enter the setup menu. From the video display screen (root menu)
       press MORE / MORE / SETUP

      The BISS settings are in the MUX menu, so select MUX.

      In MUX menu, you will find many settings relating to scrambling. The
       first that we need to change is SCRAMBLE. Set this to BISS E. This
       setting is the master switch for the DVB-CA module that makes it
       active and able to scramble transport stream packets. It effectively
       turns on the DVB-CA scrambler.

      Below SCRAMBLE is the CLEAR SESSION WORD. Do not set anything
       here; ignore it and move down the menu.

      Below CLEAR SESSION WORD is the ENCODED SESSION WORD. Do
       not set anything here; ignore it and move down the menu.

      The next item of interest is on the next page of the menu and is
       INJECTED USER ID. Enter a number of your choice into this field and
       write it down since you will need to enter the same number into the
       receiver later.

      You have now finished with this menu, and need to move back in the
       mux menu and select the service that you wish to encrypt. This will
       look something like 1.”service name”. It is still in the mux menu.

                                       Confidentiality Notice
 The information contained in this document is proprietary, confidential, and protected by copyright.
      Any dissemination, distribution, or reproduction of such information is strictly prohibited.
      Set the first item, OUTPUT to ON-BISS E

      The next item is on the next page of the menu, so page down to “ENC
       SESSION WORD”. Enter a number of your choice into this field and
       write it down since you will need to enter the same number into the
       receiver later.

      Set the OUTPUT to ON-BISS E for any other services requiring
       encryption that might be coming in via a REMUX card.

      The encoder configuration is now complete. If you had a receiver
       looking at the output, it should now have failed since the output will be
       BISS encrypted.




5. Decoder configuration

      The CA settings in the TT1260 are in menu 4 (CA menu)

      Make sure the TT1260 is locked to the transport stream before you
       start.

      Menu 4 should show that the incoming stream is BISS encrypted and
       should say “BISS ENCRYPTED, CAS_Idxxx”

      Move to menu 4.4 or 4.6 (software version dependent) to access the
       CA / BISS setup menu

      Set the mode to “MODE E USER 1” and then press the right arrow key
       to move the cursor onto the key itself. Set the key to be the same as
       the encrypted session word entered into the encoder.

      Move right in the menu structure to 4.6.1 (or 4.4.1 in earlier versions
       of TT1260 software) and set the USER 1 key to be the same as the
       injected user ID entered into the encoder.

      The receiver should now decode and work.

Operation using the fixed receiver key is very similar. You simply need to
select this mode on the encoder and enter the Dallas_ID of the receiver into
the encoder as the receiver unique ID. You will have to put leading zeros in
to pad out the Dallas ID or use the TTV software “secure session word
generator” to do this.
                                       Confidentiality Notice
 The information contained in this document is proprietary, confidential, and protected by copyright.
      Any dissemination, distribution, or reproduction of such information is strictly prohibited.

								
To top