Video encryption/decrytion for IP TV

Metanate were asked to implement client and server ends of a smartcard-based video encryption system.

The encryption server ran on bespoke hardware consisting of a modular multi-processor system, with a core module providing smartcard cryptographic services and a PowerPC-based embedded Linux module per channel being encrypted. Metanate were responsible for implementing the code in each encryption module which performed the following functions:

• Generate periodic transient session keys for video encryption/decryption
• Encrypt the session keys using the smartcard keys
• Transmit the encrypted session keys as Entitlement Control/Management Messages
• Receive the unencrypted video stream from the network, encrypt it with session keys and transmit the encrypted stream

The complementary decryption client was implemented in the customer's STB, again running embedded Linux. The client performed the following functions:

• Receive encrypted session keys in Entitlement Control/Management Messages from the network
• Decrypt session keys using smartcard
• Install session keys in kernel using custom device-driver interface
• Decrypt video stream within kernel using session keys and pass directly to MPEG hardware