BISS-CA entitlements

Managing BISS-CA entitlements

To successfully decrypt BISS-CA content, MK.IO Beam Distribution must have the correct entitlements. The provider of the scrambled content will require a public key from the receiver, with the paired private key embedded within the receiver.

To get the correct entitlements, follow these steps:

Step #1 - Contact content provider

Contact the provider of the scrambled content and determine how they wish to exchange key pairs. They will require one of the following methods:

  • Method 1: The receiver operator must send a Public key to the content provider.
  • Method 2: The content provider will send a Public/Private key Pair to the receiver operator.

The keys will need to be exchanged between the provider and the receiver operator using an out-of-band method chosen by the content provider.

Step #2 - Exchange keys

Method 1: Send public key to the content provider:
The content provider may request that the receiver operator must send a Public key so that the receiver can be entitled by the scrambler.
This can be done using the Self-Generated key pair.

Method 2: Import public/private key pair received from the content provider:
The content provider may send a public/private key pair to the receiver operator which must be imported in to MK.IO Beam Distribution. This can be done using injected key pair.

  1. Import injected key pair.

  2. Make a note of the EKID value that assigned to the key pair.

  3. The injected key pair should already be registered with the scrambler from the content provider and entitled.

Step #3 - Check authorization

  1. Enable BISS-CA decryption for service decode.

  2. From the Services page, click .

  3. Confirm that no alarms are raised.

  4. If the raised alarm Label reports BISS CA not decrypting and the Info column states not authorized then this is due to one or more of the following conditions:

    • The EKID (Entitlement Key ID) recovered from the transport stream for the Service ID does not match the EKID of any of the key pairs stored on the unit.
    • The content provider has not enabled entitlements.
    • The content provider has revoked entitlements.
  5. Contact the content provider to confirm that the correct public key has been registered and that entitlements have been enabled.

It may be necessary to refer to the EKID value noted in Step #2.