Managing BISS-CA entitlements
To successfully decrypt BISS-CA content, MK.IO Beam Distribution must have the correct entitlements. The Content Provider requires a public key exported from the receivers BISS-CA Key Pair table.
To get the correct entitlements, follow these steps:
Obtaining BISS-CA entitlements
Step #1 - Contact content provider
Contact the provider of the scrambled content and determine how they wish to exchange key pairs. They will require one of the following methods:
- Method 1: The receiver operator must send a public key to the content provider.
- Method 2: The content provider will send a public/private key pair to the receiver operator.
The keys will need to be exchanged between the content provider and the receiver operator using an out-of-band method chosen by the content provider.
Step #2 - Exchange keys
If requested by the content provider, the receiver operator must supply a public key to enable entitlement by the scrambler using a self-generated key pair.
-
If a self-generated key pair is not already available, create a self-generated key pair.
-
Send the public key to the content provider who will manage entitlements.
Step #3 - Check authorization
-
From the Services page, click to view the alarms page.
-
Confirm that no alarms are raised.
-
If the raised alarm Label reports BISS CA not decrypting and the Info column states not authorized then this is due to one or more of the following conditions:
- The EKID recovered from the transport stream does not match the EKID of any key pair stored on the receiver.
- The content provider has not enabled entitlements.
- The content provider has revoked entitlements.
-
Contact the content provider to confirm that the correct public key has been registered and that entitlements have been enabled.
It may be necessary to refer to the EKID value, see Managing BISS-CA keys.