Encrypted communications

AES Encrypted Comunication

Data security on a generic connection can be implemented on various levels. Normally on terrestrial sections, an end-to-end VPN is implemented through a GRE or IP Sec tunnel or other protocols, using relatively simple devices/software and configurations.

In many cases, 'consumer' customers simply need to have the channel protected along its terrestrial section, from the access point of the teleport to the public internet to the designated site. In this case, VPN-based solutions (GRE or IP Sec tunnel or other) between the teleport and the customer's site are still sufficient.

In more sensitive cases, also the satellite section must however be protected and this is ensured by most satellite modem manufacturers using specific protocols and functions that may be set up directly on the end modulator-demodulators.

When the Encryption function is enabled, the processor will encrypt all the outbound traffic on the satellite WAN interface and will perform the inverse operation for all the traffic received on this interface.

Transec Encrypted Communication

Channel Activity - to simulates channels with a constant energy density (channels always full of traffic even when use is limited, e.g. VoIP).

This requirement is implicitly satisfied in SCPC connections. On TDMA networks, the traffic generated on the Inbound channel is intermittent due to its nature so it would be simple for an observer equipped with a spectrum analyser to identify peak traffic times and probable position of the remote stations, creating potential indirect security problems. To solve this problem, iDirect has created the 'free slot allocation' algorithm, which makes sure that the inbound channel has a constant energy density, even when its use is limited. Another problem with TDMA networks is that an observer could easily identify the remote station acquisition periods, which could indirectly indicate a movement of troops in progress. iDirect solves this problem by sending dummy acquisition bursts, so observers would see a completely random trend of the acquisition cycles.

Control Channel Information: to hide IP protocol information On TDMA networks, even with AES encryption, some information such as the header of IP packets (which contains sender and recipient addresses, ToS, ...), travel unencrypted.

Although the contents of the packet cannot be accessed through this information, they may help the intruder identify the type of communication in progress, for example, VoIP and Video (which could indicate strategic communications) as opposed to generic communications (such as web or mail). The only way of solving this problem is full layer 2 encryption. iDirect has implemented the 'FIPS 140-2 certified 256 bit keyed AES encryption' for all of layer 2 and the control information.

Hub and Remote Unit Validation: to make sure that the remote stations on a specific network are authorized. Also in this case, a TDMA network is more at risk that an intruder may obtain the authorization illegally and transmit through a remote station. To solve this problem, on TRANSEC networks, iDirect uses a X.509 certification system, which implements public-key RSA encryption. The certificates are generated by the NMS (which is in the HUB) or supplied by third parties, and are installed on all the Line Cards and in all the Protocol Processors involved in the TRANSEC network. The teleport devices (line card and protocol processor) have the public key of all the remote stations enabled to use that network, and all the remote stations have the public key of the teleport devices. In this way, only authorized remote stations can be acquired on the network concerned.


Pay as you go

MT provides a time-based system that controls access for the users through prepayment and a voucher that may be printed directly with the credentials for accessing the system (username and password)

Key benefits The band used for internet access is separate from the VSAT Business service Simple procedure for granting internet access


Playout in cloud

Playout system with Windows 7/8 server.

Airbox with features that may be activated when needed by the customer.

The server is included in the DMZ network, giving the customer remote access in VNC or Teamviewer with the possibility of setting up on the server an FTP server for downloading films, which will be saved to a high-capacity HD or other storage unit.

The server is equipped with an SDI input/output card that sends the contents to the MT encoder, which packs the information in accordance with the ASI DVB standard.

A MAIN and SPARE MUX input is then integrated, mixed with the other services, sent to the RF platform and then sent to the satellite.

The card on the Playout server can also receive an SDI input. This input may be used to connect an IP receiver with SDI output for receiving the Live contents that may be recorded on the playout server and broadcast in a playlist later on.

Used to:
  • Broadcast files downloaded previously to the HD, sorted in a playlist set up for given times
  • Broadcast live contents due to IP reception
  • Broadcast pre-recorded contents previously downloaded live



Due to the implementation of QoS policies and the RTP (Realtime Transport Protocol), satellite networks started to support VoIP traffic satisfactorily.
The satellite band occupied by a VoIP call depends on the coding used to transform a voice packet into data and the protocol overhead used on the satellite networks for carrying the IP packets.
The combined use of packing, service quality and classes, RTP and header compression guarantee the highest quality.
With the aid of Voice over IP systems, the user can make telephone calls on his company network (from the branch offices to the central offices and vice versa, or from one office to another).


VPN Virtual Private Networks

By extending the user's network with a satellite VPN, the control of remote sites can be centralized.
Private network A private and secure point-to-point or multipoint solution provides dedicated links and band between different areas.
VPN (Virtual Private Networks) IP-based solution that provides partially mesh or star topology in which each remote station can communicate with the others through a central MT hub (double or single hop).



Radio and TV delivery through VSat IP in multicast mode on a private network, with customized contents for the customer with the option of a dedicated managed Playout and a remote store & forward server - set top box.