I have read that

a) in a satellite channel it is possible to transmit a number of diffrent services e.g. different tv-programs.

b) that the transport stream of the satellite channel (that carries the different tv programs) is scrambled with a Control Word.

The different tv programs are provided in different packets by the service providers. So it is possible a user to have paid for a program but not for another one in the same satellite channel.

If the user have received the Control Word for his desired program, why he cannot decrypt the program that he hasnt paid for?(Since the same Control Word has been used...? )

Ad. 1 http://en.wikipedia.org/wiki/MPEG_transport_stream

Ad. 2 http://en.wikipedia.org/wiki/Conditional_access

Ad. 3 ECM/EMM must match (simplifying whole store)

see also:

http://www.nhk.or.jp/strl/publica/bt/en/le0012.pdf

and perhaps

http://www.etsi.org/deliver/etsi_etr/200_299/289/01_60/etr_289e01p.pdf

So, it can be assumed that:

a) the scrabling is made at the PES level and the PES packets of each programme are scrambled with different CWs?

b) whenever a user gains access to a program, he has only recovered the CW that was used for the scrambling of the specific PES packets?

c)therefore, as he only owns a specific CW he can only descramble the PES packets that was scrambled with the specific CW..?

Are these assumptions true?

a) the scrambling typically happens at the TS level and every program in a MPTS is scrambled with a different CW, although broadcasters may choose to assign many CWs (actually ECMs) to different component PIDs arbitrarily.

b) yes

c) more precisely he owns a right that is compared to an access criteria found into the ECM, if the match is successful then he is given a CW that can be used to descramble every PID that was scrambled with that very same ECM

So CWs are always sent alongside access criteria in an encrypted message known as ECM.

To be sure that I understood what you say:

Each program in a TS is possible to be scrambled with a different CW i.e. if there are e.g. 3 programs, 3 different CWs will be used.
So, in the scheme of page 20 of

http://www.etsi.org/deliver/etsi_ts/103100_103199/103197/01.05.01_60/ts_103197v010501p.pdf

the transport stream is scrambled with multiple CWs, one for each program?

The access criteria tha you mention are in ECMs or in EMMs ?

Are they "criteria" parameters or keys? Because somwhere I read about a 3 level key hierarchy where CW is distributed encrypted by a key, named AK .

In turn, AK is distributed encrypted by the private key of the user.

Therefore, if the broadcaster does not want a user to have access a user to the content, he simply does not sent AK encrypted by his private key.


Thanks in advance!

Each program in a TS is possible to be scrambled with a different CW i.e. if there are e.g. 3 programs, 3 different CWs will be used.


Not necessarily although this is the most common configuration... as already said broadcasters may choose to assign the same CW to different programs, or many CW to a single program (e.g. one for video component and a different one for audio component).


The access criteria tha you mention are in ECMs or in EMMs ?

Are they "criteria" parameters or keys?


Access criteria are not keys, they are parameters sent via ECM.


Because somwhere I read about a 3 level key hierarchy where CW is distributed encrypted by a key, named AK .

In turn, AK is distributed encrypted by the private key of the user.

Therefore, if the broadcaster does not want a user to have access a user to the content, he simply does not sent AK encrypted by his private key.


How the ECM is encrypted is CA vendor specific, typically symmetric-key cryptography is used to encrypt ECM and public-key cryptography is used to encrypt EMM...
I've never heard about AK key.