BISS decryption modes

BISS decryption modes

BISS decryption has the following modes:

BISS Protocol VersionSupported ModesNotes
BISS v1Mode 1
Mode E
BISS v2Mode 1
Mode E
Mode CA (BISS-CA)
For notes about BISS-CA, see BISS-CA Decryption.

BISS can refer to both BISS v1 or BISS v2 which use the fixed Control/Session Word for decrypting scrambled content. For BISS v2 Mode CA, this is more commonly referred to as BISS-CA. These modes are specified in the EBU Tech 3292. MK.IO Beam Distribution offers these standard BISS decryption modes.

Mode 1

This mode is recommended for short events, such as sports broadcasts. Mode 1 uses a fixed control word to encrypt the data in the Transport Stream using the DVB Common Scrambling Algorithm.

This control word or key, known as the clear session word (CSW), is entered into the receiver using the web interface. If the same CSW has been entered into a BISS compliant encoder: the unit decrypts the encrypted service.

The decryption workflow:

  1. Generate a random 12 digit hexadecimal for BISS v1 or a 32 digital hexadecimal number for BISS v2
  2. Enter the number into the encoder
  3. Communicate the number securely to all decrypting decoders

Mode E

Mode E encrypts using an internal fixed 14-digit hexadecimal Injected ID for BISS v1 or an internal fixed 32-digit hexadecimal Injected ID for BISS v2. This mode is a more secure version of Mode 1. In this mode the clear session word (CSW) is encrypted to prevent clear keys from being used to access encrypted content.

The Encrypted CSW is also referred to as the ESW (Encrypted session word).

The decryption workflow:

  1. Generate a random 16-digit hexadecimal number for BISS v1 or a 32-digit hexadecimal number for BISS v2.
  2. Enter the number into the encoder.
  3. Communicate the number securely to all decrypting decoders Mode E is used to provide a secure content link from one encoded source to MK.IO Beam Distribution where the original CSW is hidden.

Mode E is used to provide a secure content link from one encoded source to the Content Processor where the original CSW is hidden.

Set BISS to mode 1

To set BISS to mode 1, follow these steps:

  1. From the Home page, select the RECEIVER item from the required feed then click to edit

  2. Select the Decrypt tab in the Parameters window.

  3. Select Mode 1 for BISS mode.

  4. Enter the 12-digit hexadecimal number for BISS v1 or the 32 hexadecimal number for BISS v2 provided for the transmission. The BISS key is visible while the key is being entered. Once complete, then the value of the key displays as ************.

  • If a service is received without decryption, or if a service is received with a service BISS encrypted with the key entered, then the service is be decrypted and all components are output from the Content Processor.
  • If a service is received with any other type of encryption, or with BISS encryption generated with a different key, then the decoder cannot decode the service.

Set BISS to mode E

  1. From the Home page, select the RECEIVER item from the required feed then click to edit

  2. Select the Decrypt tab in the Parameters window.

  3. Select Mode E for BISS mode.

  4. Enter the 16-digit hexadecimal number for BISS v1 or the 32 digit hexadecimal number for BISS v2 provided for the transmission. The BISS key is visible while the key is being entered. Once complete, then the value of the key displays as ************.

  • If a service is received without decryption, or if a service is received with a service BISS encrypted with the key entered, then the service is decrypted and all components are output from the Content Processor.
  • If a service is received with any other type of encryption, or with BISS encryption generated with a different key, then the decoder cannot decode the service.

Set the injector ID for BISS mode E

Before you start, retrieve the 14 digit injector ID number for BISS v1 or the 32 digit injector ID number for BISS v2 from your administrator.

⚠️
  • It is impossible to read back the set value once you configure the Injected ID number.
  • For added security, we recommended that the Injected ID is set by generating the ESW in the MK.IO Beam Distribution web interface. See Set BISS to mode E.
  1. From the homepage, select the Servers menu, then click in the Actions column to view server information.

  2. Navigate to the Appliance tab, then select the BISS Injected IDs tab.

  3. In the New Injected ID field, enter the 14 digit Injector ID provided for BISS v1 or the 32 digit Injector ID provided for BISS v2 .

  4. In the Description field, enter a unique description.

  5. Click Upload. The new injected ID is added to the list of available injected IDs.

You can enter as many keys as required into the unit using the same process. Ensure each key has a unique description.