CAS was designed to protect pay-TV content during transport from the digital video processing head-end (a.k.a. network operations center, or NOC) to STBs over various kinds of broadcast or “one-way” networks. DRM, on the other hand, is a broader asset protection mechanism that also safeguards content when at rest in addition to the transport phase, made possible by IP-based “two-way” networks such as the internet.
The first Conditional Access System (CAS) was designed during the mid ‘90s with the emergence of the MPEG-2 and Digital Video Broadcasting (DVB) standards, although there are also non-DVB CAS products from other vendors. DRM technology was developed during the end of the ‘90s although the majority of DRMs only came a decade later with the proliferation of the internet.
The role of a CAS is to provide key management and protect television transmissions over RF-based networks, such as satellite (DVB-S/DVB-S2 standards), terrestrial/over-the-air (DVB-T/T2), and cable (DVB-C/C2). The CAS design had to take into account that the transmission was “one-way” in nature, without any return channel from the STB back to the head-end. Because of the lack of a return channel, it was necessary to find ways to hide the “pay-TV secrets” in the STB, such as subscriber entitlements (“channel line-up”) and various keys used to access/decrypt entitlement management messages (EMM), and entitlement control messages (ECMs), holding the content encryption key required for the STB to decrypt the content. This led to the emergence of so-called smart cards (similar to chip-based credit cards) to store and protect those secrets. Removable smart cards turned out to be costly since they were subject to various forms of piracy, including smart card cloning, and have to be replaced every couple of years, typically at the expense of the pay-TV operator. For U.S. cable networks, CableCARD filled the same role. Later, various software-based CAS were offered, taking advantage of advanced STB system-on-a-chip technology.
Digital rights management (DRM) systems, on the other hand, were designed for IP-based, two-way networks, as exemplified by the internet. DRM technology takes advantage of the two-way nature of communication, which allows the receiver (STBs, mobile devices, PC/Macs, etc.) to request information (keys and licenses) from the head-end. Because of the two-way nature, DRM systems are inherently more flexible. This may include rules for how many times, or for how long time, specific content may be played back, and whether it can be copied to other devices and even downloaded for offline playback, for example during travel.
With the rapid growth of video streamed (transmitted) over the internet using adaptive bitrate protocols such as those used by major OTT operators like Netflix and Hulu, OTT DRM technology has advanced to the forefront. CAS technology is gradually being phased out as broadcasters add on-demand services over IP and thus can take advantage of the two-way nature of IP-based networks. For today’s OTT pay-TV operators, a cloud-based multi-DRM service is the best choice to achieve secure OTT streaming.
Effectively, DRM functionality is a superset of CAS. While CAS is generally limited to broadcast devices and it only applies to video/audio content, DRM protects content on any device with various distribution models (offline, online, with or without return channel), and can also be applied to other types of digital content such as e-books, bytecode, and more.
Two-way IP-based networks have of course also had a major impact on other technologies and services such as video analytics and addressable advertising.
For broadcasters with legacy CAS deployments and an intention to modernize the security infrastructure to support hybrid broadcast-OTT services, read the blog post How DRM-based converged security reduces TCO of Broadcast TV.