KMS Types0
- Eitan Dvir
- Ramya Raman (Unlicensed)
The KMS Configuration depends on the KMS type that is chosen. While adding a new KMS server or editing an existing KMS server, one can view the relevant fields for a specific KMS type.
Simulcrypt
Simulcrypt enables scramblers and content protection systems to exchange information about the encryption keys.
Originally the DVB Common Scrambling Algorithm (DVB-CSA) was used in conjunction with Simulcrypt for DVB satellite, cable, and terrestrial pay-TV operations. However, since the introduction of commercial IPTV services more than ten years ago by telecommunications companies ("telcos") using their managed networks, Simulcrypt deployments that utilize the Advanced Encryption Standard (AES) algorithm are also common.
The fields shown in the below figure are mandatory for Simulcrypt KMS.
Fields |
Description |
|---|---|
Name |
Name of the KMS. |
Type |
Type of KMS (Simulcrypt). |
Network |
Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Huawei PlayReady
The fields shown in the below figure are mandatory for Playready KMS. It is essential to configure the Certificates for the Certificate and Private Key to reflect in the dropdown list.
Fields |
Description |
|---|---|
Name |
Name of the KMS. |
Type |
Type of KMS (Huawei PlayReady). |
Port |
Port number. |
Network |
Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Certificate |
Certificate for negotiating with the KMS. |
Private Key |
Private Key for negotiating with the KMS. |
Verimatrix VMX
Verimatrix (VMX) provides content security for digital television services. It includes software and IP-based security through its Verimatrix Video Content Authority System (VCAS). The MCM9000 connects directly to the VCAS or MCAS systems to retrieve the key for descrambling VMX encrypted sources.
The fields shown in the below figure are mandatory for Verimatrix KMS.
Fields |
Description |
|---|---|
Name |
Name of the KMS. |
Type |
Type of KMS (Verimatrix, VMX). |
Network |
Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Key Server Manifest URL |
The Manifest URL from which to retrieve the Manifest files. |
Replace URL |
The URL to replace within the Manifest files. |
Verimatrix MultiRights
The fields shown in the below figure are mandatory for Verimatrix MultiRights KMS.
Fields |
Description |
|---|---|
Name |
Name of the KMS. |
Type |
Type of KMS (Verimatrix, MultiRights). |
Network |
Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL |
The Server URL to connect to. |
Token |
The Token to use for the connection to the server. |
SKY CKS
The Customer Key Server (CKS) is a system that the customer hosts entirely on their premises in the container-storing platform of their choice.
Among the fields shown in the below figure, Server URL and Asset Ids are mandatory for SKY CKS KMS. It is essential to input the fields in the below format.
Fields |
Description |
|---|---|
Name |
Name of the KMS. |
Type |
Type of KMS (SKY, CKS). |
Network |
Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL |
The Server URL to connect to (Please follow the suggested URL structure). |
Username |
Username to access the KMS. |
Password |
The password to access the KMS. |
Asset IDs |
Asset IDs to be replaced in the URL. |
Download repetition Rate |
The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys. |
Irdeto
Irdeto offers Security Key Server Technology solutions enabling customers to access premium content from any device securely.
Among the fields shown in the below figure, Server URL and Token Request URL are mandatory for Irdeto KMS. It is essential to input the fields in the below format.
Fields |
Description |
|---|---|
Name |
Name of the KMS. |
Type |
Type of KMS (Irdeto). |
Network |
Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL |
The Server URL to connect to. |
Token Request URL |
Token URL to use when negotiating a connection. |
Grant Type |
A URL that is used to send the request to the KMS system. |
Username |
Username to access the KMS. |
Password |
The password to access the KMS. |
Audience |
Audience URL to use when sending the request to the KMS system. |
Client ID |
Client ID to use when sending the request to the KMS system. |
Realm |
Realm ID to use when sending the request to the KMS system. |
Note: The MCM9000 offers these supported decryption methods and protocols:
- Simulcrypt, AES-128-CBC
- Verimatrix, AES-128-CBC
- Generic, AES-128-CBC
- Huawei PlayReady, AES-128-CTR
- Verimatrix, MultiRights, CENC
- SKY CKS, CENC
- Irdeto, CENC
- Simulcrypt, DVB-CSA
- Simulcrypt, AES-128-ECB