Security division icon


CryptoFirewall Content Protection Core

Our CryptoFirewall core secures digital entertainment content by protecting cryptographic keys and computations from attack. It provides a robust foundation for securely delivering content to pay TV devices. Operators and over-the-top (OTT) content distributors can benefit from this hardware-based security solution that satisfies the most stringent requirements for premium content, all while utilizing the same conditional access (CA) and digital rights management (DRM) systems.


Product Brief

CryptoFirewall Content Protection Core block diagram

How it works

Our CryptoFirewall core is a separate, on-chip, hardware-based security block. It is designed to be easily used by major CA/DRM vendor platforms.

CryptoFirewall solution supports various systems:

In broadcast systems: the core receives the data it needs for operation in standard encrypted messages from the conditional access system.

In OTT systems: data for the core is typically sent in license files during the provisioning of the device.

In CA systems: the core can either derive or generate the control word and deliver it into the DVB-CSA descrambler. For derivation of the control word, the core delivers a key into the key ladder.

In DRM systems: operation is similar to the CA system, except the key that is being derived is the content encryption key and is usually delivered to a bulk AES decryption engine. In both cases, generation and derivation of the control word or content encryption key is handled in secure, protected hardware.

Our CryptoFirewall solution supports a multi-domain security feature that is unique to our core and is based on an advanced hardware root-of-trust. This innovative feature allows premium content to flow securely from the cloud directly to pay TV devices like STBs, forming a secure foundation for convenient access to all pay TV content on one device. It enables new ways to distribute pay content, providing benefits to both operators and OTT distributors:

  • Operators can provide their subscribers with instant individual choice of content on the STB or TV
  • OTT distributors can deliver content directly and securely to operator STBs and TVs

Our core is integrated into leading multimedia decoding chips. To view a list of our SoC partners, click here.

Solution Offerings


DPA Countermeasures

DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.