This document describes the Conditional Access mode of the BISS2 protocol called Mode CA (BISS CA).
It specifies an open, interoperable conditional access system allowing the operator to revoke or allow, in real time, the reception of programmes by a particular receiver.
The BISS (Basic Interoperable Scrambling System) protocol is a scrambling protocol based on the DVB CSA specification in its deprecated version 1 (BISS1) and on DVB CISSA for the version 2 (BISS2). The latest version, BISS2, was published in March 2018 as EBU Tech 3292v2. It uses fixed scrambling keys called Session Words (SWs) to secure the stream. With the BISS CA publication, the BISS protocol is extended to 4 operational Modes (Mode 0, Mode 1, Mode E, and Mode CA).
The BISS Mode E, referred to as BISS E, introduces a symmetric cipher to encrypt the Session Words (ESWs) with a Session Key (SK). While it does secure the Session Word itself, it still relies on unsafe transfer methods for the encrypted session words (ESW). Furthermore, it does not allow for a flexible management of the entitled receiver base.
The BISS CA mode is built on top of the mode E whereby the session word is encrypted. In addition, it allows the operator to change the session key in stream periodically in a seamless manner for the entitled receivers, while at the same time revoking receivers that are no longer entitled.
This standard addresses the need of sport federations and any content rights holder who is looking for a secure, transparent and traceable contribution and primary distribution system while being vendor agnostic. BISS CA is backward compatible with existing multiplexers as far as they comply with the MPEG 2 TS  and DVB specifications. Furthermore, the protocol is designed to allow additional customisation by reserving space for private data carriage.