etUP's Conditional Access System (CAS) is intended to limit the access to the multimedia content, i.e. to encrypt the content so that only the legitimate users would be able to decrypt and view it. The encrypted streams are transmitted over unprotected channels. IP CAS enables an IPTV service provider to strictly control access to the content and therefore to build financial relations with subscribers and content providers alike.
NetUP's Conditional Access System consists of two parts: the server and the client module.

The server part encrypts multicast IP streams in real time using the DVB CSA (common scrambling algorithm), and also creates encryption keys. The keys are distributed by multicast as well as the content itself, and are directed to the same multicast address, though to other port.
Several CAS servers may be used simultaneously, while the load balancer distributes the tasks between them.
The client part is included in the STB client, which is the program running on the user's set-top boxes. This application receives the keys from the stream and passes them to the onboard CSA chip (the hardware decoder) which decrypts the multimedia streams in real time.
STB client controls the user's access to various streams based on the user subscription details stored in the billing system. The user is identified by an SSL certificate which is associated with the STB and used only once.
The client part of the system is reliable and well-protected against possible security threats. To authorize, the user must enter the digital code with the limited number of attempts. The decoding process is not controlled by the user and works automatically. Local time of the IP set-top boxes is periodically synchronized with the Middleware server.
The system has DVB CAID 0x4AEF.