A Security Architecture for Pay-Per-View Business Models in Conditional Access Systems

This paper presents a security architecture for a pay-TV conditional access system, assuming the most challenging scenario from a designer's point of view; a pay-per-view business model in a broadcast-only environment. The starting point for the security architecture is a broadcast encryption scheme and a queueing network for injecting conditional access messages into the broadcast stream. Design constraints related to a conditional access client are taken into account in the design of the architecture, as well as a maximum amount of bandwidth available for the transmission of conditional access messages. In addition, commercial design objectives like quick content access and quick client activation are also addressed. A substantial part of the paper is devoted to the design and analysis of an efficient injector model based on queueing theory, defining the strategy for injecting conditional access messages into the broadcast stream. A numerical example with real-world values of the parameters is used to demonstrate the effectiveness of the presented approach.