FROM-2
THE PATENTS ACT, 1970
(39 OF 1970)
&
The Patents Rules, 2003 Complete Specification
(See section 10 and rule 13)
TITLE :- A conditional access system and method of providing selective audio - visual information
APPLICANT :- Irshad Husain Muzeffar Contractor
103,RNA Classic,S.V.Road, Santa Cruz (West), Mumbai INDIA.
The following specification particularly describes the invention and the manner in which it is to be performed.

Field of Invention:-
A conditional access system and method of providing selective audiovisual information, a Conditional access in which of selectively determining if a particular consumer shall be made able to consume a video/audio product being distributed via a broadcast medium television networks, cable televisions net works etc, more particularly relates to a Single conditional access for multiple pay TV operators. The conditional access that was initially designed was for single operators using multiple packages. This unique application is enhanced to increase the silicon on the secure sim card, there by allowing multiple operators to have multiple packages using the same conditional access. This will allow an end user to watch multiple pay TV bouquets using one sim card and one set top box using a single conditional access system
Background / Prior art
EP Patent No. 658058 discloses generating a descrambling key using two places of transmitted data, in a conditional access system, the signals are usually scrambled using symmetric ciphers such as the data encryption standard, for the security reason the scrambling key is changed frequently the period of change being a frequent as every few seconds. The protection of the descrambling keys which need to be sent with signals is often provided by public key cryptography
US Patent no.7664268 teaches about A method for managing access to a signal representative of an event of a service provider, said method comprising: (a) receiving said signal in a smart card, said signal being scrambled using a scrambling key; (b) receiving, in said smart card, data

representative of a first seed value, the first seed value representing a first point in a coordinate system; (c) generating, in said smart card, said scrambling key using said first seed value and a second seed value in a predetermined function, the second seed value representing a second point in the coordinate system, whereby secret sharing is implemented, said second seed value being permanently stored in said smart card, wherein said first and second seed values are points on a Euclidean plane; and (d) descrambling, in said smart card said signal using said generated scrambling key to provide a descrambled signal, wherein the step of generating said scrambling key comprises calculating the Y-intercept of a line formed on said Euclidean plane by said first and second seed values.
US Patent No. 7673321 which discloses about Audio and video transmission and receiving system , the system of distributing video and/or audio information employs digital signal processing to achieve high rates of data compression. The compressed and encoded audio and/or video information is sent over standard telephone, cable or satellite broadcast channels to a receiver specified by a subscriber of the service, preferably in less than real time, for later playback and optional recording on standard audio and/or video tape.
US Patent No. 4590516 teaches about Recorded program communication system, Telephone selection signals are conducted through a separate signal path to a program selector at a remote program storing station from which program readout signals are conducted, after the telephone link is broken, to a signal carrier transmitter. A message signal is inserted during a timed message period, after which program transmission begins and is registered by a billing computer.

US Patent No. 4963995 discloses about Audio/video transceiver apparatus including compression means an improved video recorder/transmitter with expanded functionality including a capability for editing and/or copying from one video tape to another using only a single tape deck. The increased functionality is realized through the use of analog to digital conversion, signal compression and intermediate storage in an integrated circuit, random access memory. The recorder/transmitter has capabilities to transmit and receive program information in either a compressed or decompressed format over fiber optic lines.
Objects of the Present invention:-
The primary objective is to allow end user to access any and all contents, whether paid or free, to use one set-top box for multi operators, via this multi operator single conditional access technology. This will result in freedom of choice and reduced cost.
Another object of the present invention is that for conditional access is either cost control - restricting access to the content to a particular area or a specific group of consumers due to restrictions in program rights, or revenue generation - forcing consumers to access the content.
Further object of the present invention is that the conditional access system is normally to prevent commercial piracy. Commercial piracy occurs when the operator loses significant revenue due to a pirate distributing the means for unauthorized access to the content.
Further very important object of the present invention is that to protect a

point-to-multipoint one-way information stream. The consumers are in general not interested in secure communication if possible, they would like to access the content for free, resulting in that the reception equipment, including any security devices, at low cost.
Further very important object of the present invention is that the law enforcement regarding signal theft is weak in many jurisdictions, and the large revenue potential associated with pay-TV attracts well-funded, skilled and organized pirates. The present invention solves the above problems by implementing the secure communications. This scenario Is quite different from two-way systems like GSM where fraud detection is easier,
Further very important object of the present invention is that an alleged invention which reduces cost and increases convenience.
The current technology allows the end user to have one single set top box duly integrated with the conditional access, allowing the end user to select and pay for what he wants to watch. There may be multiple operators that can join the platform and individually manage their own subscriber management system. Each operator will have his own satellite head end including the encoders and the multiplexors and will only receive the EMMs and the ECMs from the Conax head end via a VPN line and then will uplink its signals to its respective satellites. When the signals come down they will only be available to be viewed on the sim card that has this multi operator single sim card technology. This eliminates the requirement of having many set top boxes in a single home, still allowing all the content to be viewed, thereby making it cheaper to the end user.

Summary of the invention:-
A conditional access system and a method for providing a selective audio visual information (Conax CAS7) comprising a built on Conax' strong security technology platform and long experience. When the Conax CAS7 is organized in a way that allows a digital TV operator to start with a basic system supporting pay TV and then include additional components to support more complex operations and business models. This technology has multi-sectors on single sim/ smart card for multiple Pay TV operators to use one single set top box.
Further more the conversion of FTA channels to pay TV, This method of laying down the boxes and making them addressable via the conditional access is the process of creating a pay TV platform in a completely unique way as never done before. Here we sell the HD boxes with the sleeper mode conditional access and then after reaching the threshold of 1 Million boxes at a minimum , this platform will invite the pay TV operators to come in and join using the multi operator pay TV conditional access using a single set top box with integrated multi sector sim card.
Description of the Invention:-
A conditional access system and method of providing selective audiovisual information to subscriber comprising the following components, such as The Conax CAS7 Core components necessary for standard pay TV are:
• SAS Server: Manages the generation of authorizations (EMMs) and
maintains status of the entire Conax smart card population.

• EMM Injector: Receives EMMs from the SAS Server, manages EMM playoutqueues, and feeds EMMs to the head end.
• ECM Generator: Manages encryption and packaging of entitlements and control words for scrambled services.
• Hardware Security Module: Dedicated security hardware for tamper-resistant storage and management of keys.
• Conax Smart Card: Performs EMM and ECM decryption and interpretation to determine whether the consumer shall be granted access to the content.
Optional components can be added to Conax CAS7 Core to support an as an extended service offering. The following options are available:
• Conax CAS7 Event PPV for prime PPV events.
Conax CAS7 NVOD PPV for an ensemble of NVOD channels.
• Conax CAS7 Tokens PPV for PPV tokens mode support.
Conax CAS7 VOD for VOD support,
Conax CAS7 Push VOD for Push VOD support.
• Conax CAS7 Mobile Server for ordering via mobile phone SMS text
messages.

• Conax CAS7 Voucher Server for purchase of access through prepaid solution i.e. vouchers.
• Conax CAS7 Messaging for sending text messages to STBs,
• Conax CAS7 Data Playout Manager for playout of data, software or Push VOD content Eo STBs.
• Conax CAS7 Pairing for additional anti-hijacking and anti-piracy measures. (Formerly known as Verifier.)
• Conax CAS7 Fingerprinting for tracing of content redistribution. Conax CAS System Description.
• Memorizing and storing Set top box channels history of use by end user.
Detailed description of the Invention:-
A conditional access system and method of providing selective audiovisual information to subscriber comprising the following components, such as The Conax CAS7 Core components necessary for standard pay TV are, Broadcasting implies transmitting information from one sender to many recipients - point-to-multipoint. The digital television is becoming interactive where the consumer decoder/set-top-box (STB) may be communicating with a central server; the delivery of the content itself is still one-way communication. Characterized in that the a conditional access system comprising

(a) Transmission elements
on the transmit side, the audio and video source signal from a studio or a video server goes through, • MPEG-2/MPEG-4/H.264/AVC compression and encoding in both standard format (SD) and High Definition (HD) format having a Multiplexing several Audio/Video compressed and encoded streams into one multi-program transport stream (MPEG-2 Transport Stream). The Modulation and frequency conversion according to medium (satellite, cable, terrestrial, MMDS or broadband), The MPEG-2 Transport Stream is then transmitted through the broadcast medium, and is received by the consumer's STB, the STB performs the reverse processing on the signal, i.e. frequency conversion (tuning) and demodulation, demultiplexing, decoding/decompression and conversion of the signal to the format suitable for the TV set.
(b) The security elements
The security elements which secure a broadcast signal is to encrypt the signal' on the transmit side before broadcasting it, and to control that only selected consumers are able to decrypt the signal on the receive side. In order to enforce such decryption control on a broadcast signal, the operator needs to place a tamper-resistant device with the consumer. The Encryption of content is often referred to as "content scrambling' device, normally a smart card, determines if the particular consumer shall be granted access to the broadcast content. The security functions are separated into the so-called scrambling system and the conditional access system.
(c) The scrambling system
The scrambling system is the functions that synchronize the encryption and

decryption of the (digital) content itself, i.e. encryption of the payload. The scrambling process is controlled by cryptographic keys, denoted control words (CW). The DVB standardized scrambling algorithm is symmetric, and the CW used on the transmit side must therefore be conveyed to the STB. The CWS are normally changed every 10 seconds. The said scrambling system - denoted scrambler - usually resides in the MUX equipment.
(d) The conditional access system
The conditional access system which control the scrambling on the transmit side and determines if a specific consumer shall be granted access to the content. The said system further consists of the receive side includes a smart card, which provides a tamper-resistant environment. The CWs for the descrambler in the STB (or CAM/Cable Card") are carried in a particular type of conditional access system message denoted Entitlement Control Messages (ECM).
The Conax smart card first decrypts the ECM, and then compares the service reference and entitlement information in the ECM with corresponding information in its memory. If there is a match, the Conax smart card releases the CWs to the STB for the STB to descramble the scrambled payload.
Authorizations for Conax smart cards i.e. the Information establishing and/or updating the memory of the Conax smart card with service references, entitlements, start/end dates and times for access, cryptographic keys, etc-, are carried in so called Entitlement Management Messages (EMM), The ENMs are encrypted and addressed to a particular Conax smart card or a group of Conax smart cards.

Here the invention to be emphasized is the silicon on the Smart Card. This new technology allows multiple operators to use a single conditional access with independent billing solutions.
The conditional access system also share the main threats for commercial piracy such as the Breach of the scrambling, ECM or EMM crypto algorithms. An efficient attack on the scrambling algorithm may imply replacing the STBs in order to restore security. An efficient attack on the ECM or EMM algorithms may imply replacing the smart cards to restore security, By way of
• Logical attacks are logical faults in the implementation of the smart card in order to obtain secret information.
• Attacks on the transmit side equipment. This includes intrusion into components holding secret information, like the SAS Server and the ECM Generator. As transmit side keys are either (regenerated in specific smart cards or do not provide sufficient information to build a pirate device, such types of attack are normally not successful.
• Physical attacks on the smart cards. This includes invasive attacks, i.e. the physical manipulation (etching of layers, probing, etc.) of the smart card chip, and non-invasive attacks, i.e. measuring of physical parameters like power consumption, and the correlation of such measurements to extract secret information,
• With the increase in the number of online systems, distribution of

control words is becoming a commercial problem. By securing the transport path between the smart card and the STB, such attacks become more difficult to perform.
• Disloyal employees, Introduction Conax CAS7 Core are the baseline
Conax CAS7 product that supports subscription mode. Subscription
mode implies that the consumer is granted access to one or more
services for a fixed time period. Conax CAS7 Core can be used by an
operator to sell access to TV-channels or packages of TV-channels,
for example per month or per year. Conax CAS7 Core supports
enabling particular consumer access to the content as well as re-
enabling for subsequent subscription periods if the criteria for access
(normally having paid the btll) are met.
Detail Functional description
The conditional access system and a method for providing the information by subscription mode ( Conax CAS7) consistent with the general conditional access architecture for DVB/MPEG-2, the method comprising of,
• The scrambler generates a CW, and requests the Conax CAS7 ECM Generator to embed it into an ECM.
• The ECM Generator prepares the ECM content including the CW(s) and subscription mode access parameters such as the current time and date. Service references and associated entidement information. The ECM Generator encrypts the ECM and returns it to the scrambler for inclusion into the MPEG-2 transport stream.

• On the receive side, the STB acquires the ECMs and forwards them to the Conax smart card.
• The Conax smart card initially decrypts the ECM, and then compares the current time and date, service reference and the entitlement Information in the ECM with the corresponding service reference, entitlement Information and start- and end time and date for the subscription Information stored in the Conax smart card, further the smart card presents its addresses to the STB during initialization.
• The STB uses the CWs for the descrambling of the broadcast signal. Establishment or renewal of subscription access rights also follows the general architecture:
• All consumers and Conax smart cards are registered in the subscriber management system (SMS). The SMS determines, based on criteria like product selection and payment status, for which subscription services the Conax smart card of a particular consumer, shall be authorized. The SMS requests the Conax CAS7 SAS Server to generate corresponding EMMs.
• The SAS Server generates and encrypts EMMs corresponding to the subscription mode product requests from the SMS. A subscription mode EMM includes a service reference, entitlement information, and start- and end time and date for the subscription period.
• The EMMs are sent to the relevant Conax CAS7 EMM Injector(s).

The Injector inserts the EMMs repeatedly into the MUX or relevant head-end equipment.
• The Conax smart card presents its addresses to the STB during initialization. The STB uses this address information for filtering of EMMs relevant for the Conax smart card from the broadcast signal.
• The EMMs are sent to the Conax smart card. The Conax smart card decrypts the EMM and then updates its memory with the information In the EMM, e.g. the service reference, entitlement information, and start- and end time and date for the subscription period.
The characteristic features of Conax CAS7
• Distinct SMS-SAS Interface based on standard communication mechanisms allowing SMS's of any design to be used. The interface is asynchronous, i.e. no real-time performance requirements are imposed on the SMS. The SMS sends configuration information to Conax CA57, and Conax CAS7 sends ordering logs to the SMS.
• Supports multiple SMS's to be connected simultaneously.
• Supports distributed-remote operation, i.e. the SAS, ECM Generators and EMM Injectors need not be co-located.
• Flexible configuration of EMM playout including various routing of EMMs to all or selected multiple operator sites.

• One installation can serve satellite, CATV, MMDS, broadband network and terrestrial transmissions.
• The system includes a hardware security module (HSM) for processing intensive tasks like EMM encryption. The hardware security module provides for a tamper-resistant environment on the transmit side. This also prevents operation staff from accessing sensitive crypto keys.
• The system can be upgraded with concurrent hardware security modules for improved performance, i.e. EMM encryption.
• The keys stored in the transmit side operational equipment do not comprise sufficient information for the creation of a pirate card. Thus, the system is not compromised even if the operational keys on the transmit side are compromised.
• Entidements can be assigned to an elementary stream, a program, or a bouquet of programs.
• The Conax smart card contains a table allowing for a large number of service references, entidements and subscription dates to be stored. The size of the subscription table varies per type and configuration of Conax smart card.
Support key replacements in the Conax smart cards
• The subscription period is one month.

• Supports group EMMs for efficient EMM bandwidth utilization the group size is normally 512 smart cards per group.
• A manual scheduling facility is available for time-controlled change of conditional access configuration.
• Scalability is ensured through design for distributed processing and the use of standard UNIX computer platform and communication methods supporting distributed processing. This means that with additional computer hardware and software licenses, Conax CAS7 Core can be upgraded to a satisfactory level of performance.
• Includes support for the DVD Simulcrypt interface, and is compatibility tested and in operation with a large number of different MUX platforms.
• Supports parental control and geographical blackout.
• The PIN code used for e.g. parental rating can be reset by the system.
• The Conax smart cards can, before being Issued to the consumer, be loaded with initial access criteria. These pre-view entitlements give the consumer Instant access to the content without having to wait for the back-end system to register the consumer and generate the appropriate EMMs.
• Includes an overtime function that. If enabled, gives the consumer a

number of extra days of viewing after the subscription period has expired. This is to provide for an overlap between subscription periods relaxing the performance requirements on the billing system.
• A simple operational model supported by Conax CAS7 Core is to have prepaid cards where the Conax smart card self-activates for a programd number of services and for a programd relative duration when first inserted into the STB. SMS, SAS Server and EMM Injector are not strictly necessary when running in prepaid mode.
• Any STB middleware can be used, including OCAP and DVB MHP.
• Normal operation is based on positive update, i.e. subscribers need to be actively authorized for a new subscription period. Cancellation of updated are also supported. Group EMMs are used for positive updates.
Further the conditional access system (The Conax ) supports three different pay-per-view (PPV) access types: Event PPV, NVOO PPV and Tokens PPV.
The Conax CAS7 Event PPV option gives the operator the opportunity to offer programs in PPV event mode- PPV event mode implies that the consumer is granted access to one particular program event only.
Conax CAS7 Event PPV can be used to send access to particular sports events, entertainment events, or movies. Conax CAS7 Event PPV supports pre-booked ordering via telephone to the operator's customer

service and subscriber management system (SMS).
The Functional description of Conax CAS 7 event of PPV, the Conax CAS7 Event PPV option is an add-on to Conax CAS7 Core- Event PPV mode is arranged similar to subscription mode with respect to the content itself;
• The scrambler generates a CW and requests the Conax CAS7 ECM Generator to embed it into an ECM.
• The ECM Generator prepares the ECM content, which are the CW(s) and Event PPV access parameters. This includes current time and date and a PPV program tag. The Generator encrypts the ECM and returns It to the MUX for inclusion into the MPEG-2 transport stream.
• On the receiver side, the STB acquires the ECMs and forwards them to the Conax smart card,
• The Conax smart card first decrypts the ECM, and then compares the current time and date and PPV program tag in the ECM with the corresponding expiry time and dates and PPV program tags stored In the Conax smart card. If there is a match, the Conax smart card releases the CWs for descrambling.
• The consumer can contact the operator's customer service via telephone for ordering of events. The customer service operator enters the consumer's request into the SMS. The SMS requests the

Conax CAS7 SAS Server to generate an EMM authorizing the consumer's Conax smart card for the PPV event. The EMM is generated by the SAS Server, sent to the Conax CAS7 EMM Injector, and included in the broadcast signal.
Features of Conax CAS7 PPV
The Conax CAS7 Event PPV option has the following detailed characteristics:
• PPV based on pre-booking of the PPV access ticket provides for
exact viewing figures.
Conan CAS7 System description
• Distinct SMS-SAS Interface based on standard communication mechanisms allowing SMS's of any design to be used- The interface is asynchronous, i.e. no real-time performance requirements are Imposed on the SMS. The SMS sends configuration information to Conax CAS7, and Conax CAS7 sends ordering logs to the SMS.
• Supports multiple SMS's to be connected simultaneously.
• The Conax smart card contains a table allowing for a large number of PPV program tags to be stored. The size of the PPV program tag table varies with the type of Conax smart card. The PPV table also contains information like the title of the PPV program and expiry time and date that can be read from the Conax smart card and displayed on screen.

• The PIN code used for parental rating can be reset by the system.
• Any STB middleware can be used, including OCAP and DVB MHP.
• A scheduling facility is available for time-controlled change of Conditional access configuration to and from the PPV event.
• The PPV access modes may also be used for access to other types of services, e.g. games.
Introduction
The Conax CAS7 NVOO PPV option is designed for operators wanting to offer a continuous Near Video On Demand (NVOD) service in addition to subscription services and Event PPV.
NVOD is characterized by the showing of a movie repeatedly in one or more channels. With many NVOD channels, managing conditional access configurations becomes much more challenging than for other modes. Ordering of NVOD PPV programs Is supported through several ordering channels, e.g. through the STB return channel (default), mobile phone text messages, IVR systems, web-servers, or other ordering channels that use TCP/IP communication.
Functional description
• Conax CAS7 NVOD PPV server schedules the access criteria
(ECMs) that shall apply per movie. The scheduling controls the
conditional access system only, and not other subsystems like the
MUX.

• The scrambler generates a CW, and requests the Conax CAS7 ECM Generator to embed it into an ECM.
• The ECM Generator prepares the ECM content, which are the CW(s) and NVOD PPV access parameters. These are current time and date and a PPV program. The ECM Generator encrypts the ECM and returns 11 to the MUX for inclusion into the MPEG-2 transport stream.
• On the receiver side, the STB acquires the ECMs and forwards them to the Conax smart card.
• The Conax smart card first decrypts the ECM, and then compares the current time and date and PPV program tag in the ECM with the corresponding expiry time and dates and PPV program tags stored in the Conax smart card. If there is a match, the Conax smart card releases the CWs for descrambling. The consumer has to order the PPV program. Conax CAS7 NVOD PPV supports several ways of ordering:
• The consumer can order via the STB;
• The PPV program tag and information such as the title and the cost of purchasing are included in the ECM. This information may also be Included in the EPG or in dedicated PPV data streams, depending on how PPV support is implemented In the STB.

• Upon processing the ECM, the Conax smart card - depending on configuration - either manages the dialogue with the" consumer, or outputs the PPV program tag to the STB for the STB software to use it as an index to purchasing information in the transport stream.
• If the ordering process is managed by the Conax smart card, the smart card generates purchasing information for the STB to display for the consumer and interprets the consumer response. If the consumer eventually decides to purchase, the consumer Is asked for a PIN code confirmation.
• If-the ordering process is managed by the STB, the STB software acquires the purchasing information from the EPG or a PPV data stream, displays it to the consumer, and interprets the consumer response. Eventually, the STB asks the consumer for a PIN code confirmation, and sends the PIN code and the PPV program tag to the Conax smart card.
• In both cases, the Conax smart card now generates an order request including the Conax smart card serial number, the PPV program tag, and a digital signature.
• The STB connects with the Conax CAS7 NVOD PPV server via the return channel network and submits the order request over the connection.
• The NVOD PPV server verifies the digital signature, checks the card serial number against black lists and white lists, and - if acceptable -

generates an EMM.
• The EMM contains expiry time and date and the PPV program tag, and is sent to the Conax smart card via the return channel network (it can also be included in the broadcast signal).
• Online pre-booking follows a similar line of processing, except the program and purchasing information are not sent in the ECM, but rather in a dedicated PPV data stream.
The operator may automate the order handling using an Interactive Voice Response (IVR) system or a web-server. In this case, the IVR or web-server is connected with the Conax CAS7 NVOO PPV server and acts as a "super STB", i.e. they generate order requests on the same format as STBs. The NVOD PPV server checks the order requests in the same way as for the STB case, generates an EMM, and forwards the EMM to the Conax CAS7 EMM injector for inclusion in the broadcast signal. Conax CAS7 Mobile Server can be used as the ordering channel, enabling the consumer to order NVOD PPV program using mobile phone text messages.
Features
The Conax CAS7 NVOO PPV option has the following detailed characteristics:
• PPV based on online ordering/pre-booking of the PPV access ticket provides for exact viewing figures,
• Dynamic and configurable import and quality check of

playout schedules. Schedule resolution is one minute.
• Supports setting of access criteria such as price of the movie or PPV program/event, recommended maturity rating, pre-view/teaser duration, view-time, etc.
• Distinct SMS-SAS interface based on standard communication mechanisms allowing SMS's of any design to be used. The interface is asynchronous, i.e. no real-time performance requirements are imposed on the SMS. The SMS sends configuration information to Conax CAS7, and Conax CAS7 sends ordering logs to the SMS.
Supports multiple SMSes to be connected simultaneously-
A PPV program tag can be:
• included in ECMs for multiple channels In order to support e.g. multiple camera angles,
• used several times, e.g. for a drama mini series or for a sports season ticket.
• used in combination with other PPV program tags or in combination with subscription entitlements in order to sell the PPV event in different ways or include it in, e.g., a "gold" subscription package.
• used for access to other types of services, e.g. games. The Conax

smart card contains a table allowing for a large number of PPV program tags to be stored. The size of the PPV program tag table varies with the type of Conax smart card. The PPV table also contains information like title of the PPV program and expiry time and date that can be read from the Conax smart card and displayed on screen. The expiry time and date can be varied - e.g. be fixed to around 24 hours after ordering to emulate video shop renting - or be set to the end of the football season for the season ticket. Supports multi-languages and multi-currencies. Supports black and white list for ordering handling. The PIN code used for e.g. parental rating and confirmation of ordering can be reset by the system. The Conax CAS7 order request validation mechanism can be used also for parental control. Introduction
Tokens are prepaid credits. A token purse In the Conax smart card is used to store the tokens. Tokens can be used to pay for access to content. I.e. movies, events and/or subscription channels-Tokens PPV Is a mode that Is effective when selling PPV programs not requiring exact viewing figures. Hence, this mode has the following benefits:
• Impulse access to products can be implemented without the need of a return channel.
• The consumer will not have to decide exactly which movie/event/ subscription channel to watch at the time of purchasing access. Only at the time he starts viewing, must he agree to deduct tokens stored in the smart card.

• Tokens can be prepaid, and as such the operators do not have to
retry on the consumers' creditability to ensure their income.
Functional description
The Tokens PPV mode implies that the consumer purchases and gets uploaded into the Conax smart card, via an EMM, a number of tokens (or units). Purchasing of tokens can also be enabled by e.g. Conax CAS7 Mobile Server or Conax CAS7 Voucher Server.
• A cost in tokens is assigned to each program offered in Tokens PPV mode. Type of program can be subscription channels, events, and NVOD movies.
• When the consumer tunes in to a program, a confirmation dialogue is started, informing the consumer that the program is subject to Tokens PPV, presenting the cost in tokens, and requesting the consumer to confirm tokens deduction by entering a PIN code.
• The tokens can be deducted all at one time (Tokens PPV per program) or as tokens per minute (Token PPV per time), i.e. continues deducting from the purse as configured by the digital TV operator.
• The Conax smart card deducts the appropriate number of tokens, grants viewing access, and stores the program reference.
Features
The Tokens PPV can be run as concurrent conditional access mode with

standard subscription. Event PPV, or NVOD PPV. Reloading of the Tokens purse:
• The Conax CAS7 Mobile Server can be used as the ordering channel, enabling the consumer to reload the tokens purse using mobile phone text messages.
• Reloading of the Tokens purse can be done using the STB return channel.
• The operator may automate the reloading for the tokens purse using an Interactive Voice Response (IVR) system or a web-server. In this case, the IVR or web-server Is connected with Conax CAS7 Tokens PPV server and acts as a "super STB", i.e. it generates order requests on the same format as STBs. The Tokens PPV server checks the order requests, generates an EMM, and forwards the EMM to the Conax CAS7 EMM injector for inclusion to the broadcast signal. The log of the credit status transactions (i.e. reloading of the tokens purse transactions) can be read from the Conax smart card and be displayed on screen. The digital TV operator can configure whether or not the program reference shall be registered in the viewing history. PIN confirmation before deducting tokens from the token purse can be enabled or disabled by the TV operator. Access to read the program references for a particular Conax smart card and consumer can be controlled by the digital TV operator. The purse can have a label, e.g. 'Gold Movies purse'. The Conax smart card can be preloaded with a number of tokens during production of the card

Introduction
The Conax CAS7 VOD option makes it possible for the operators to add Video On Demand (VOD) services to their service offerings. VOD mode Implies that the consumer selects movies from an electronic catalogue and has the movie delivered instantly via the broadcast/broadband network. The consumer can stop, pause, fast forward, and rewind through the movie. Conax CAS VOD facilitates integration of any 3rd party VOD server with the Conax CAS7 system. The Conax CAS7 system will then control the consumer's access to the movie as well as the encryption.
Functional description
The consumer is offered an electronic catalogue service via the STB and chooses a movie tide from the catalogue. The order for the movie is sent from the STB to the operator's VOD server via the broadband network or another return channel network. If capacity is available to deliver the requested movie, the operator's VOD server relays the order request to Conax CAS7 for generation of the EMM ticket.
Conax CAS7 verifies the order request, e.g. checks the card serial number against black lists and white lists, and - if acceptable - generates an EMM. The EMM is distributed to the STB and the Conax smart card.
Conax CAS7 VOD supports two ways of encrypting the VOD movies:
• Pre-encryption of movies: The Conax CAS7 Pre-encryptor encrypts
the content before storage on the VOD server. The Conax CAS7 ECM Generator is used to generate ECMs 10 be Included with the encrypted movie stored on the VOD server.

• Real-time scrambling ("session based"): The unencrypted content is
stored on the VOO server and the content is scrambled in real time
during playout. The ECM Generator is used in a similar way as for
broadcasting, i.e. the MUX generates the CW and requests the ECM
Generator to generate a corresponding ECM. This mode is
compliant with the Open CAS specification from SCTE. The EMMs
and ECMs are processed by the Conax smart card, and access Is
granted in a similar way as for standard broadcast services.
Features
' Open CAS interfaces are supported for the communication between
the VOD server and the conditional access system components.
• The EMM can be provided either in the return channel network or in the broadcast signal.
• The order request from the STB may be digitally signed by the Conax smart card.
• The system can be upgraded with additional hardware security modules for increased performance for processing intensive tasks like EMM and ECM encryption.
• The operator has full control with the types of STBs that are allowed to watch VOD as chipset pairing is mandatory for Conax VOD.
• Scalability, i.e. to handle peaks of ordering requests, is ensured

through design for distributed processing including Oracle and the use of standard UNIX computer platform and communication methods supporting distributed processing. This means that with additional computer hardware, Conax CAS7 VOD can be upgraded to any level of performance and redundancy.
The VOD services are integrated with existing ordering mediods and payment solutions used for purchasing traditional PPV content. Available ordering mediods include STB return channel, mobile SMS messages, web portals, and interactive voice response (IVR). Payment solutions include billing, credit cards, vouchers (Conax CAS7 Voucher Server), and mobile payment (Conax CAS7 Mobile Server). Call-centre ordering with invoicing can also be used.
Introduction
A push VOD service provides the digital TV operator with the possibility to download the latest movies onto the consumer's STB hard disk drive. The consumer can select the movie to watch through menus containing text, Images, and trailers. The movie can be purchased similar to a club concept, per movie, a bundle of movies, on a weekly or monthly basis, or according to the business mode! selected by the digital TV operator. This concept is called push VOD. Conax CAS Push VOD facilitates integration of any 3'" party push VOD server with the Conax CAS7 system. The Conax CAS7 system will then control the consumer's access to the movie, as well as the encryption. Push VOD content supports full trick-play, i.e. the consumer can pause, fast-forward, and rewind. The push VOD video asset offering may be changed on a regular basis, weekly or at any other Interval according to the TV operator's business model.

Functional description
• The push VOD video asset is encrypted either by using a MUX or the Conax CAS Pre-encryptor,
• Pre-encryption can be done whenever It suites the TV operator, since this is an offline and one-time task.
• The TV operator may attach any metadata (text, Image, and trailer) to the push VOD video asset. Such a collection is called a bundle. Two bundle formats supervised through an XML interface are available:
• One format merges all metadata files and the movie file into one, big self-contained file.
• The other format keeps the metadata files and the movie fife as separate files but linked together using a dedicated file structure. Each file may be added, removed or modified at any given time.
• The pre-encrypted push VOD video assets and other files making up the bundles are delivered to the Conax CAS Data Playout Manager to be packetized and broadcasted.
• The Conax CAS Data Playout Manager acts as the push VOD data playout carousel. Scheduling information specify which files to be broadcast, as well as when, how often and for how long. This process is invisible to the operator and without any manual Interactions.

• To increase confidentiality of the data carousel during broadcast, the
complete stream may be scrambled by the MUX. the Conax CAS7
EPG/SI Manager Is used to signal the push VOO services to the
STB population using standard DVB broadcast mechanisms. In
order to be able to receive push VOD content while watching other
TV programs, two tuners must be present in the STB. The STB
software tunes Into the push VOD services, filters and aggregates
push VOD bundles, and starts assembling the files contained in the
bundle- Packages not correcdy received are Identified by Integrity
checks, and the STB refilters these during the next playout cycle to
make sure that the whole file is assembled completely in a consistent
way. After the downloading is completed., the push VOD video
assets can be presented in a catalogue presenting all currently
available push VOD content. The consumer can order any of the
available push VOD video assets and start viewing. The push VOD
video asset is decrypted immediately prior to consumption, i.e. prior
to decoding.
Features
• The video may be formatted using efficient compression algorithms, e.g. NPEG-2, MPEG-4 layer 10 (H.264/AVC) or Microsoft Media Codec 9 (WM9). This, together with downloading during off-peak hours, optimizes bandwidth usage,
• The pre-encryption and packetizing of the push VOD content Introduce minimal overhead in playout bandwidth usage during broadcasting.

• To preserve consistency and correctness of the encrypted, packetrzed push VOD content through the broadcast medium, cyclic redundancy check (CRC) information is attached to all sections played out at the head-end side.
• The size of the private data sections, into which the push VOD files are split, is configurable at the head-end side to adapt to ST6 specific disk storage capabilities to speed up performance during hard disk drive storage. This size is typically set to a multiple of SI2 bytes.
• The push VOD content Is securely stored encrypted on the STB hard disk drive preventing unauthorized access.
• The TV operator may give each push VOD bundle a priority, making it possible to enforce the preference order of the bundles to be stored on the STB hard disk drive. This gives the TV operator flexibility when the STB population is complex and consists of STB's with different push VOD hard disk drive sizes. This ensures that the most attractive push VOD content broadcasted is always stored on the STB hard disk drives, even on the STB's in the population with the smallest push VOD hard disk drive storage.
• All existing sales modes are supported: Subscription, pre-booked PPV, and token PPV, In addition, rental mode similar to video shop rental is supported. Some older versions of Conax smart cards may not support all sales modes. The operator has full control with the types of STBs that are allowed to watch VOD as Chipset Pairing is mandatory for Conax Push VOD.

The push VOD services are integrated with existing ordering methods and payment solutions used for purchasing traditional PPV content. Available ordering methods include STB return channel, mobile SMS messages, web portals, and interactive voice response (IVR). Payment solutions include billing, credit cards, vouchers (Conax CAS7 Voucher Server), and mobile payment (Conax CAS7 Mobile Server). Call-centre ordering with invoicing can also be used. Push VOD can coexist with IVR in the STB. The IVR enables recording and playback of ordinary broadcasted TV programs and is fully initiated and operated by the consumer, much like a VCR.
Introduction
The lack of convenient and broadly deployed return ordering channels has so far limited the potential for introducing interactive services such as PPV Event, Near-Video-On-Demand (NVOD), and other interactive digital television service concepts. Most digital TV consumers have mobile phones, and they are familiar with the use of mobile phone text messages. The Conax CAS7 Mobile Server enables the digital TV consumers to use mobile phone text messages as a return channel for ordering TV content and associated services. It can also be used as the payment channel, e.g. by sending text messages containing credit card details or voucher numbers to pay for content.
Functional description
The Conax CAS7 Mobile Server is a server Interfacing between the various mobile operators' messaging protocols (GSM-SMS or CDMA-text) and Conax CAS7 Core and options. The Mobile Server performs the following main tasks:

• The Mobile Server is connected with the mobile operator Short Message System (SMS) data centre. The Conax CAS7 Mobile Server will be registered with a short and easy to remember phone number.
• The consumer enters a text message according to instructions on the TV screen, on a voucher, or otherwise, and sends it to the Conax Mobile Server through the operator's SMS gateway.
• The Mobile Server receives the text message as a ready formatted instruction, and checks the syntax and completeness of the message.
• The Mobile Server checks if it holds a Conax smart card serial number for this consumer's mobile phone number. If not, the consumer is prompted to send the Conax smart card serial number. The serial number is verified and stored for subsequent use.
• The Mobile Server looks up the configured processing method according to the coded instruction. An example of subsequent processing is to request Conax CAS7 to generate an authorization (EMM) and write a notification to the SMS/billing system.
• Upon successfully processing, the Mobile Server sends a confirmation text message to the consumer's mobile phone.
Features
The Conax CAS7 Mobile Server has the following detailed characteristics:
• Mobile operator interface:

• Supports automatic routing to correct mobile operator of outbound text messages.
• Supports number portability between mobile operators.
• Supports connection to any number of mobile operators.
• The interface to the mobile operators supports major flavours of GSM and CDMA text message protocols.
• The coded Instruction can be completely configurable by the digital TV operator. The coded Instructions are based on ASCII characters
• The digital TV operator's existing STB population. Including low-cost STBs, can be used without any modifications.
• The Mobile Server supports logic for requesting the consumer to re-enter incorrect or missing information.
• The Mobile Server runs on UNIX computer platform and can be co-located with Conax CAS7 Core and options.
Mobile operator integration
Direct connection to the mobile operator Short Message System (SMS) or CDMA data centre facilitates high capacity, fast response and high stability In addition, the TV viewer will benefit from and a short-and-easy-to-remember telephone number to send text message orders to. An agreement

between the digital TV operator and each relevant mobile operator In the digital TV operator's coverage area is required. This agreement specifies the digital TV operator's costs, as well as the physical connection and the protocol between the digital tv operator and the mobile operator.
Introduction
For digital pay TV operators, the prepaid scratch card (voucher) has several advantages to traditional billing. The prepaid voucher system is sometimes the only automated alternative to cash over the counter when a substantial portion of the TV consumers are not creditable or if invoicing is not desirable, e.g. due to lack of Infrastructure, etc. The operator may choose to offer a prepaid solution instead of, or In addition to, traditional billing. The Conax CAS7 Voucher Server is designed for such operations. Voucher codes can be submitted to the Voucher Server using mobile phone text messages, web, IVR (Interactive Voice Response system), etc.
Functional description
The Conax CAS7 Voucher Server comprises two main modules: The Voucher Generator and the Voucher Server. Voucher Generator module Functions:
• The Voucher Generator generates a unique voucher code per voucher. Each voucher code is derived in a way identifying the voucher and the product as well as inherently being a one time password.
• Each voucher representing its voucher code is unique and can only

be used once.
• The Voucher Generator queries the operator for the number of vouchers to be generated and an expiry date.
• The Voucher Generator generates the requested number of vouchers and the output is written to an XML file.
• This XML file is exported to the Conax CAS7 Voucher Server and to a print shop for printing of physical vouchers.
• The voucher codes are printed and sealed on the physical vouchers by the print shop.
• The digital TV operator distributes the vouchers to e.g. retailers.
Voucher Server functions:
• The Voucher Server receives the XML file generated by CAS7 Voucher Generator. The voucher codes and expiry date are loaded into the Voucher Server's database.
• The Voucher Server is configured according to the TV products to be sold by vouchers. These may be subscription channels, events, or token TV products. The TV products are configured and scrambled using standard DVB mechanisms.
• The consumer purchases a voucher from e.g. the local retailer. The

consumer orders the TV product through an available ordering channel.
• The digital TV operator has a choice of several different ordering channels. Supported ordering channels Include GSM SMS text messages, STB rerun channel, I.VR, web-servers, and digital TV operator's call centre/SMS.
• The consumer selects an available ordering channel and places an order by reporting the voucher code and the Conax smart card serial number,
• The Voucher Server verifies the validity of the voucher by checking that;
• the voucher code is valid and has not expired
• the voucher code has not been used before
• the smart card serial number is valid
• the smart card serial number is not black-listed
• if all checks are passed, the Voucher Server ticks off the voucher code as used and thereby blocks the voucher for subsequent use.
• The Voucher Server requests Comx CAS7 to generate an appropriate authorization (EMM) for the specific smart card to enable access to

the specific ordered TV product.
• Conax CAS7 inserts the EMM Into the broadcast signal. The EMM
is filtered by the STB and forwarded to the Conax smart card, which
updates Its entitlements memory accordingly,
Features
The Voucher Server runs on a standard Unix environment. The Voucher Generator is designed as a stand-alone application running on Java and provided with a user Interface. The Conax smart card serial number may be pre-registered with the ordering channel, i.e. the consumer does not need to re-enter the smart card serial number in subsequent ordering..
Introduction
The Conax CAS7 Messaging option enables operators to send alphanumeric messages to consumers by addressing their smart cards. The messages are presented on-screen to the consumer by the STB. Messaging can be used to inform a subscriber that subscription is about to expire, for promotion, to broadcast important operator information, etc.
Functional description
• The Conax CAS7 Messaging receives the messages from the operator's subscriber management; system (SMS).
• Messages can be generated automatically by the SMS system by example In case a subscription is about to expire.
• The messages are properly formatted and transmitted inside EMMs

or ECMs going to the Conax smart card.
• The Conax smart card filters the relevant messages and passes relevant messages back to the STB.
• The STB displays the messages according to presentation parameters.
Features
• Addressing modes include unique messages to a single consumer and shared messages to a group of consumers or all consumers.
• The message can be immediate (to be presented Immediately), scheduled (to be presented at a specified time) or mail messages (to be presented at the consumer's request).
• The message can be displayed one time or several times, with configurable duration and Interval.
• The message content is kept confidential, i.e. is encrypted during transmission.
• The maximum number of characters is 150.
• Channel specific addressing can be supported. This enables addressing all consumers currently watching a given program.

• Conax CAS7 supports a simple graphical user interface to send
instant and scheduled messages to STB, Mail messages are supported
only from the operator's subscriber management system (SMS).
• International character sets are supported-
Conax CAS 7 Data Playout Manager
Introduction
In a digital TV environment where new service concepts are added and old ones adjusted, there is a need to enable such services on the fly with minimum use of manpower. This requires a function on the transmit side that is able to include STB software upgrades, application software and streamed video content (Push VOD) Into the broadcasted signal. Conax CAS7 Data Playout Manager implements this function,
Functional description
Conax CAS7 Data Playout Manager performs the following main tasks:
• Converts any file into a playout file formatted as MPEG-2 Transport Packets.
• Presents the playout file repeatedly to the head-end equipment according to the DV8 private cata interface as specified in ETS1 TS 103 197.
• The STB is normally configured to look for data on specific PID(s) in the MPEG-2 transport stream and will pull down data from the data carousel if it discovers a new version. In some cases, the

consumers can also manually trigger the download.
• Different STBs require different signaling with respect to PSI/SI
tables, descriptors, etc. These settings need to be configured in the
MUX and head-end equipment
Features
• Supports playout of software packages for several types of STBs simultaneously in the same data carousel.
• Supports playout of push VOD content to STBs equipped with HDD and push VOD support See Conax CAS Push VOD option for details. Variable bit rate configuration from a few kilobits to several mega bits.
Delivery option
The Data Playout Manager can be delivered with DVB ASI device as interface to head-end equipment.
Introduction
A Conax CAS7 Pairing Is based on a security function, the Pairing module, embedded in the STB. The pairing has the following main objectives:
Prevent STB hijacking: By including a Pairing module inside the STB, the STB can ensure that the smart card inserted in the STB has been issued by a particular operator. Thus, the operator can control that the STB Is not used for receiving services from another o

• Hinder the use of pirate cards on the STB: If there Is a unique pairing between a particular STB (via the Pairing module) and a particular smart card, and a pirate has obtained the secrets of one or a few legitimate cards, then this unique pairing will prevent easy distribution of pirate cards.
• Hinder content piracy by control word distribution: With the increase in the number of online systems, distribution of control words is becoming a commercial problem. By securing the transport path between the smart card and the STB, such attacks become more difficult to perform.
• Prevent redistribution of high value content: When implementing pairing, the operator can control what type of STBs are allowed to receive what type of content. The operator can control by example that high value content only are delivered to STBs where the digital video signal is secured all the way to the TV screen. Unlike standard Conax CAS7 STBs, Conax STBs with Pairing module have to be configured with unique data at production time. Therefore, Conax STBs with Pairing module must be specifically produced and the pairing data must be included from the outset.
Functional description
Conax CAS7 Pairing performs the following main tasks:
• A management message (VMM) is conceptually the same as an
entitlement management message (EMM), but is Intended for the
Pairing module Inside the STB and not for the smart card.

• Conax smart cards and STB identity are registered in the subscriber management system SMS). The SMS requests the Conax CAS7 Pairing server to generate corresponding VMMs and/or EMMs for pairing of particular smart card(s) and STB's).
• The Conax CAS7 Pairing server generates and encrypts VMMs and EMMs for pairing of particular smart card(s) and STB(s).
• The VMMs and EMMS are sent to the relevant Conax CAS7 EMM Injector(s). The EMM Injectors insert the VMMs and EMMS repeatedly into the MUX or equivalent head-end equipment.
• The Pairing module in the STB contains a set of addresses. The STB uses this address information for filtering and acquisition of VMM's. The STB will update Itself according to the information in the VMM's. The smart card will receive and process the EMMs. The STB and the smart card are paired, and subsequent exchange of control words will be protected.
Features
• Subsets of STB's may be defined to allow only specific STB's Implementations to receive specific high-value content.
• The same smart card may be configured to work in both Pairing and standard, non-pairing, STB's.
• The SMS requests the Conax CAS7 system to pair an STB and a

smart card via the SMS-SAS Interface.
• Pairing requires appropriate logistics systems and operations to be,
established and maintained.
Delivery options
Conax CAS7 Pairing can be delivered in two variants, depending on the characteristics of the STB. The two variants differ mainly in the way the pairing information is stored and used within the STB whether embedded in the chipset (Chipset Pairing) or in memory accessible by the main CPU (Memory Pairing).
■ Chipset Pairing Chipset vendors with support for Conax Chipset
Pairing may have different types of pairing support. The Conax smart cards need to be configured according to pairing type and chipset.
• Memory Pairing Memory Pairing can be prepared In STB's and
Conax smart cards from day one, white actual pairing is enabled only
when the need for anti-hijacking or anti-piracy has been detected.
This in contrast to Chipset Pairing, where the Pairing is always
enabled.
Introduction
The objectives of fingerprinting is to add to digital content being received via a (broadcast) medium an identity or digest identifying the recipient, and. In case of unauthorized redistribution, to be able to identify the source of such redistribution. Conax CAS7 Fingerprinting option enables operators to embed unique fingerprints In the video stream out of the reception device.

The operator may then use fingerprint detection to Identify reception device from which the content origins. Unlike standard Conax CAS7 STBs, Conax STBs with Fingerprinting have to be configured with Conax CAS7 Pairing, Therefore, Conax STBs with pairing must be specifically produced.
Functional description
The Conax CAS7 Fingerprinting performs the following main tasks to impose fingerprinting;
• The Conax smart card has data slots reserved for storage of consumer specific fingerprint data. The Conax smart card can be instructed to release the data to the STB while descrambling,
• One data slot for fingerprinting is by default set to the Conax smart card's unique serial number in ASCII characters.
• The digital TV operator can update the contents of the slots via EMMs by sending a request file as defined In the SMS-SAS Interface.
• Conax CAS7 fingerprinting can impose the fingerprints for one particular STB, selected STBs or all STBs.
• Conax CAS7 fingerprinting can impose the fingerprints for one channel, selected channels or all channels.
• The Conax smart card will append the unique fingerprint data from the smart card data slot to the received common fingerprint text

before returning the complete unique fingerprint to the STB.
• The STB imposes the fingerprint on the content according to the
fingerprint configuration received from the smart card.
Features
Conax CAS7 Fingerprinting has the following detailed characteristics:
• Supports visible fingerprints and will typically have a deterring effect, as the consumer will be aware that the content contains fingerprints.
• Supports non-visible (covert and hidden) fingerprints. Is more robust against manipulation, and is better for identifying the source of copyright Infringements.
• The on-screen position of the fingerprint is configurable
• Conax CAS7 Fingerprinting requires Conax CAS7 Pairing.
Introduction
Conax CAS7 is also designed for use In IPTV operations where MPEG-2 Transport Streams (MPEG-2 TS) are used as the main earner for transmission of the audio/video signal. The MPEG-2 TS can carry MPEG-2/MPEG-4/H.264/AVC compression and encoding in both standard format (SO) and High Definition (HD) format. The MPEG-2 TS can be carried over any kind of transmission protocol (QAM, QPSK,

COFDM, Ethernet/IP, ATM, IP-RTP. IP-UDP/Multicast, etc). The figure below Illustrates the transmission protocol stack layer.

Conax CAS7 for IPTV works on MPEG-2 TS layer both for the scrambling/encryption of the content and conditional access protocol (ECM and EMMs). Some advantages with using this approach are:
• Content owners have confidence In the DVB scrambling system (encryption), which simplifies negotiations between operators and content owners. This is one of the main arguments for using standard NPEG-2 transport stream with DVB scrambling for IPTV.
• The same CAS system can be used both for DVB and IP Infrastructure, and transparent retransmission simplifies the xOSL head-end processing. The signal quality is preserved as single point of content processing and encryptions.
Common and proven transport protocol (MPEG-2 T5) agnostic to video encoding and compression used. The MPEG-2 T5 can carry MPEG-2/MPEG-4/H.264/AVC compression and encoding in both

standard format (SD) and High Definition (HD) format The concept is based on proven, standardized and worldwide deployed technology. A number of open standardized third party IP streamers and DVB scramblers are available supporting DVB Simulcrypt. This prevents the Digital TV operator from being locked in by any DRM vendor's proprietary ciphers and encryption formats. Also, using low-cost DVB chipsets for descrambling and decoding substantially reduces the price of IP STBs.
Encryption of content is often referred to as 'content scrambling'.
Functional description
The basic principle of IPTV head-end is receiving the television and radio services from satellite, re-multiplexing each service Into SPTS (Single Program Transport Stream) and forwarding this to the broadband IP streamer where the SPTS is mapped onto an IP multicast address and port. Exceptions are services that use high variable bandwidth encoding compared to the available network capacity. In such cases, trans-coding to fixed bitrate is necessary. Services that are scrambled with another CA system in the contribution network are descrambled and re-scrambled using Conax CA. If an operator has both a cable and an IPTV operation, a common scrambling process for both networks is possible, saving cost for the operator. The encryption is done within the IP streamer or stand-alone DVB/IP scrambler with Ethernet output port supporting DVB Simulcrypt. Conax CAS7 Core Is used for conditional access and key management, IPTV head-ends normally use a type of web portal for service overview, news, etc., that can be viewed by the STB browser. The STBs may store semi-static channel lists with mapping of IP multicast address and port for

the different services. The list must be updated whenever new services are added or deleted. An alternative is to use the DVB Service Discovery and Selection (ETSI TS 102 034 - Transport of MPEG-2 Based DVB Services over IP Based Networks) specification for IPTV systems. The IP STB uses this information to navigate and select the TV and radio/music services. Conax CAS does not depend on private data being inserted into service information tables, and therefore puts minimal requirements on the head-end systems being used. Most information relevant for descrambling of the IPTV service is present in the Program Map Table (PMT) In the MPEG-2 Transport Stream- Conax CAS is agnostic to the selected middleware. The CA-level IP STB API is largely indifferent to the middleware. IP STBs are not required to use any middleware or specific service information system, which also helps keeping the STB entry price low. Conax CAS7 for IPTV is consistent with the general conditional access architecture for DVB/MPEG-2;
• The scrambler generates a CW and requests the Conax CAS7 ECM
Generator to embed It into an ECM. This is done via the DVB
Simulcrypt interface.
The ECM stream is identified through the PMT in the MPEG-2 transport stream. Conax CAS for IPTV does not require any specific middleware or service discovery and selection model to be used.
• On the receive side, the IP STB reads the MPEG-2 Program Map
Table (PMT) and then acquires the relevant ECMs and forwards
them to the Conax smart card.

• If access is granted, the STB uses the descrambling keys released from the smart card to descramble the IPTV multicast stream carrying the MPEG-2 Transport Stream Establishment and renewal of subscription access rights also follow the general architecture:
• All consumers and Conax smart cards are registered in the subscriber management system (SMS). The SMS determines - based on criteria tike product selection, payment status, black list, etc. - for which services the Conax smart card of a particular consumer shall be authorized. The SMS requests the Conax CAS7 SAS Server to generate the appropriate EMMs.
• The SAS Server generates and encrypts EMMs corresponding to the access mode product requests from the SMS.
• A Conax defined EMM IP Address descriptor containing the IP multicast address and port number of the EMM IP Multicast stream is inserted within a Conax CA descriptor and included in the CAT.
The EMMs are sent to the relevant Conax CAS7 EMM Injector(s). The Injector inserts the EMMs into an IP Multicast stream.
The EMM IP Multicast stream is distributed as IP/UDP packets with payload consisting of MPEG-2 transport stream packet(s) containing one or more EMMs, each wrapped within one CA message section (defined in ETR 289).
• The IP STB uses the CAT to acquire the EMM IP address for

acquisition of the EMM IP Multicast stream.
• The Conax smart card presents its addresses to the IP STB during initialization. The IP STB uses this address information for filtering of EMMs relevant for the given Conax smart card from the EMM IP Multicast stream.
• The EMMs are sent to the Conax smart card and access rights are updated accordingly. Conax CAS7 for broad band/IPTV can He extended with the following options:
• Conax CAS VOD for support of video on demand.
• Conax CAS Push VOD for support of movies being downloaded to the STB's HDD.
• Conax CAS7 Event PPV for prime PPV events.
• Conax CAS7 Tokens PPV for PPV tokens mode support. Conax CAS7 NVOD PPV for an ensemble of NVOD channels.
• Conax CAS7 Voucher Server for purchase of access through prepaid solution, i.e. vouchers.
• Conax CAS7 Pairing (formerly known as Verifier) for additional anti-hijacking and anti-piracy.

I Claim,
1. A conditional access system and method of providing selective audio - visual information to subscriber (Conax CAS7 system) for pay TV comprises of a Conax CAS7 Core components for standard pay-TV are Broadcasting information from sender to many recipients - point-to-multipoint, Characterized in that the a conditional access system comprising,
(a) Transmission elements
an audio and video source signal from a studio or a video server goes through, • MPEG-2/MPEG-4/H.264/AVC compression and encoding in both standard format (SD) and High Definition (HD) format having, a Multiplexing several Audio/Video compressed and encoded streams into one multi-program transport stream (MPEG-2 Transport Stream), a Modulation / frequency conversion (satellite, cable, terrestrial, MMDS or broadband), The MPEG-2 Transport Stream is transmitted through the broadcast medium, and is received by the consumer's STB, the STB performs the reverse processing on the signal, i.e. frequency conversion (tuning) and demodulation, demultiplexing, decoding/decompression and conversion of the signal to the format suitable for the TV set.
(b) The security elements
is a secure a broadcast signal is to encrypt the signal' on the transmit side before broadcasting it, and to control that only selected consumers are able to decrypt the signal on the receive side, in order to enforce decryption control on a broadcast signal,

is called "content scrambling' device,
(c) The scrambling system
which synchronize the encryption and decryption of the (digital) content of the payload the scrambling process is controlled by cryptographic keys, denoted control words (CW), said scrambling system - denoted scrambler resides in the MUX equipment,
(d) The conditional access system
which control the scrambling on the transmit side and determines a specific consumer shall be granted access to the content, the said system further consists of the receive side includes a smart card, which provides a tamper-resistant environment, the CWs for the descrambler in the STB (or CAM/Cable Card"*} are carried in denoted Entitlement Control Messages (ECM),
2. A conditional access system as claimed in claim 1, wherein the Conax smart card first decrypts the ECM, and then compares the service reference and entidement information in the ECM with corresponding information in its memory,
3. A Multi operator conditional access system as claimed in above claim wherein a single set top box with multi sectors on its embedded sim card with various subscriber management systems, individually addressable to each sector , there by allowing each and every pay TV operator to charge separate prices for their different bouquets to an individual end users,

4. A method as claimed in claim 1, wherein the SAS Server which Manages the generation of authorizations (EMMs) and maintains status of the entire Conax smart card population , an EMM Injector which Receives EMMs from the SAS Server, manages EMM playout queues, and feeds EMMs to the head end, ECM Generator which Manages encryption and packaging of enddements and control words for scrambled services,
5. A conditional access system as claimed in claim 1 to 3, wherein the hardware Security Module which provides dedicated security hardware storage and management of keys,
6. A system as claimed in claim 1, further comprises Conax CAS7 Event PPV for prime PPV events,
7. A system as claimed in claim 1, wherein the Conax CAS7 NVOD PPV for an ensemble of NVOD channels,
8. A system as claimed in claims 1, wherein the Conax CAS7 Tokens PPV for PPV tokens mode support,
9. System as claimed in claim 1 wherein the Conax CAS7 VOD for VOD supports,
10. System as claimed in claiml further comprises Conax CAS7 Push VOD for Push VOD support.
11. System as claimed in claim 1 further comprises Conax CAS7 Mobile

server for ordering via mobile phone SMS text messages,
12. System as claimed in claim 1 and 10 wherein the Conax CAS7 Voucher Server for purchase of access through prepaid solution i.e. vouchers.
13. System as claimed in claim 1 wherein the Conax CAS7 messaging for sending text messages to STBs,
14. System as claimed in claim 1 further comprises Conax CAS7 Data layout Manager for playout of data, software or Push VOD content o STBs.
15. System as claimed in claiml wherein the Conax CAS7 Pairing for additional anti-hijacking and anti-piracy measures. (Formerly known as Verifier.)
16. System as claimed in claiml further comprises Conax CAS7 Fingerprinting for tracing of content redistribution,
17. A conditional access system and a method substantially as herein described with reference to the description and accompanying drawings,