Security division icon


CryptoMedia Content Protection Core

Designed to cost-effectively secure the broadcast and streaming of digital content, our CryptoMedia Content Protection Core provides pay TV operators and over-the-top (OTT) media providers robust security against security threats, like side channel attacks, through a hardware root-of-trust embedded directly in the device multimedia chipset. The core enables a cardless solution that is compatible with existing conditional access systems (CAS) and digital rights management implementations.


Product Brief

CryptoFirewall Content Protection Core block diagram

Diagram of CryptoMedia Content Protection Core

How it works

Functioning essentially as a smart card within a set-top-box (STB) or multimedia chipset, the CryptoMedia Content Protection Core is a separate, on-chip security block that protects and stores cryptographic keys and computations from attacks. The core is extremely resistant to a wide range of sophisticated attacks, such as side-channel attacks, while providing the flexibility to integrate with multiple CAS or DRM solutions. This combination of robust security and broad compatibility provides a trusted security solution for the broadcast and streaming of premium content without the need for a smart card.

CryptoMedia Content Protection Core provides side channel attack resistance in a wide variety of ecosystem configurations:

In broadcast systems: the core receives the data it needs for operation in standard encrypted messages via infield provisioning from the CAS, including: pay-per-view (PPV) and subscription updates and security configurations.

In OTT systems: the core is configured via license files that are updated via infield provisioning to enable feature upgrades.

In CAS: the core is designed to work with a variety of CAS providers as it can either help derive or directly generate the control word and deliver it into the key ladder or descrambler.

In DRM systems: as with CAS providers, the core functions with diverse DRM systems.  The operation is similar to the CAS, except the derived key is the content encryption key that is delivered to an AES decryption engine. In both cases, generation and derivation of the control word or content encryption key is handled in secure, protected hardware.

Our CryptoMedia solution supports a multi-domain security feature that is unique to our core and is based on an advanced hardware root-of-trust. This innovative feature allows premium content to flow securely directly to pay TV devices like STBs, forming a secure foundation for convenient access to all pay TV content on one device. It enables new ways to distribute pay content, providing benefits to both operators and OTT distributors:

  • Operators can provide their subscribers with instant individual choice of content on the STB or TV
  • OTT distributors can deliver content directly and securely to operator STBs and TVs

Our core is integrated into leading multimedia chipsets. To view a list of our SoC partners, click here.

Solution Offerings


DPA Countermeasures

DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.