Transcription of CI Plus Overview Presentation
1 CI plus Limited Liability Partnership (LLP) plus Overview11th November 20112/ - CI plus LLPfile: of ContentPage: One Page Overview of CI Plus3 History of Common Interface4 Requirements & Scope with CI Plus8 CI plus System Overview10 CI plus Specification11- SAC (Secure Authenticated Channel)- Authentification - Protection of TS (Transport Stream) with CC (Content Control)- URI (Usage Rules Information)- Revocation, Shunning- Interactivity with MHP CA API CI plus Administration21- CI+ LLP, Certificate Agent & Test Center- CI+ Documentation- Flow Chart of Certification & Licensing- Licensee Overview Summary26 Document History27 Abbreviations28 CAConditional AccessCAMCA ModuleCICommon InterfacePCMCIA Personal Computer Memory Card International AssociationSCSmart CardSCPCMCIACI-CAMCACID isclaimer:All text and images that are presented herein are just for illustration purposes about the principles of CI plus .
2 The Presentation may contain inaccuracies or errors. It does not necessarily reflect the most recent status of technical and licence relevant documents of CI - CI plus LLPfile: with v1 and Solution with 1997-02 Quite old standard EN 50221 (DVB-CI v1) with unencrypted CAM output 2006-09 Closed DVB TM-CIT group after missing consensus 2007-07 CI+ Forum founded by 6 companies 2008-01 CI plus Spec with encrypted CAM output 2008-11 CI+ forum replaced by CI plus LLP 2009-03 Appointment of Trustcenter & Test facility 2011-04 DVB adopts future development of CI plus specification 2011-05 SMiT becomes 7th partner in CI plus LLPIDTV additionalUsage Rulesfor A/D output and storageEncryptedTV SignalEncrypted Copy of originaldigital contentis impossible!
3 XPCMCIA InterfacexOne Page Overview STB, Recorder, ..not encryptedencryptedEncrypted4/ - CI plus LLPfile: of Common Interface (CI)1997-02:Standard DVB CI v1 (EN 50221)1999-11:Extension ETSI TS 101 6992002-01:EU directive for CI in IDTV with > 30cm2006-09:Start of DVB TM-CIT group (to close security gaps with new CI v2 ..)Closed after missing consensus on technology2007-07:Founding CI+ Forum by 6 companies2007-12CI plus Specification draft 2008-01CI plus Specification of CI+ Forum & creation of CI plus LLP (UK Limited Liability Partnership)2009-02CI plus Specification TC TrustCenter GmbH appointed2009-03 DTV Labs Ltd.
4 Appointed test facility2009-05CI plus Specification about continuation of specification under DVB2011-01CI plus Specification adopts development of CI plus spec beyond becomes 7th partner in CI plus LLP5/ - CI plus LLPfile: & CI plus - Usage for SD/HDTVSet-Top-Box withintegrated Decrypton-System(Only for few contentused or permitted)SDTVSDTVSDTVS mart Card with DVB-CISmart Card with CI+Smart CardDisplayor IDTV6/ - CI plus LLPfile: CI - First Generation Standard v1 CI-Module used with smartcard containing key-informationen CI-Module remove the encryption of protected content The output of CI-Module isunencrypted Due to this, most content providers prefer integratedsolutions because of higher securityEncryptedTelevion SignalCI-ModuleSmartcardNoEncryptionCopy of originaldigital contentis possiblePlasma / LCD IDTVE ncryptedTelevion SignalPCMCIA Interface7/ - CI plus LLPfile.
5 plus - Protection of Content Based on existing DVB-CI Standard Main requirement: achieving the same level of security as embedded solutions CI plus Modul and Receiver- Calculation & Usage of a secure key for content protection- Secure, authentificated channel for critical system messages The output of modul is encrypted Only certified devices are supportedPlasma / LCD IDTVS martcardLocal EncryptionEncryptedTelevision SignalEncryptedTelevision SignalCopy oforiginaldigital contentis not possible!CI plus ModulePCMCIA Interface8/ - CI plus LLPfile: plus - Scope of ProtectionCA Conditional AccessCC Content Control9/ - CI plus LLPfile: plus - Scope of CompatibilityHostCA Module(CAM)DVB CICI PlusHostinDVB-CI modeModuleinDVB-CI mode*Host& ModuleCI plus modeHost& ModuleDVB-CI mode * DVB-CI mode operation permitted by network operator10 / - CI plus LLPfile: plus - System OverviewCAConditional AccessCCContent ControlCICommon InterfaceCAM Conditional Access Module11 / - CI plus LLPfile.
6 plus - Specification History2007-12 Specification Draft2008-01 Specification Specification Specification Change number 002, effective 2009-04-23 (Security Extension)- Summary: Errata of , CICAM CIS CI plus compatibility advertisement Change number 005, effective 2011-03-01 (Security Extension)- Summary: Security fix for CI plus Host to check for Brand ID in a CI plus CICAM device certificate during Specification Change number 007, effective 2012-08-01- Summary: Extensions of PVR related functionality, CAS protected recording removed, Parental Control Clarifications, Low Speed Communication Resource, Extended CI Tuning Resource, Operator Profile2011-10 Specification Change number 013, effective 2012-08-01- Summary: Errata of , implementation guidelines12 / - CI plus LLPfile: plus - Specification :Pages:1-3 Scope, References, Definitions.
7 194 System Overview45 Theory of Operation476 Authentication Mechanisms167 Secure Authenticated Channel128 Content Key Calculations59 Public Key Infrastr. & Certificate Details910 Host Service Shunning511 Command Interface2212 CI plus Application Level MMI1213 CI plus MMI Resource414 Other CI Extensions52 Annex :316file: : 2011-01-1413 / - CI plus LLPfile: plus - Specification ChangeKey changes of compared to Extensions to PVR related functionality. CAS protected recording removed. Parental Control Extensions & Clarifications.
8 Optimization of Low Speed Communication Resource & IP support. Extension to CI Tuning Resource to support Cable VOD Applications. Introduction of an Operator Profile. Change Notice with References prng_seed per manufacturer [ ] URI version 2 [ ] Digital Only Token [ ] Content license [ ] Parental Control [ ] Recording and Storage [ ] Host Authentication [Table , step 13, item d] Certificates, Service operator ID [ ] Host shunning, SDT absent [ ] Version 2 of CC resource [ ] SAS APDU clarifications [ , Annex ] MHEG profile extensions [ ] Low Speed Communications v3 [ ] IP connection by name [ ] Application MMI clarifications [ ] Application MMI File Caching [ ] Host Control v2 [ ]
9 Operator Profile [ , Annex N] APDU clarifications [Annex E] CIS Feature Identification [ ] Removal of PVR Resource [ , 15]Details of changes:file: : 2011-01-21file: : 2011-03-1014 / - CI plus LLPfile: plus - Protocols1. Compare CI+ versions supported by IDTV and If both sides have the same auth key, they have performed a successful authentication with each CI+ CAM and IDTV authenticate each other to make sure the opposite device is a valid CI+ The Secure Authenticated Channel (SAC) is used for transmission of security-related messages between CAM and Usage Rules Information (URI)
10 Version negotiation to find a URI version that is supported on both URI transmission and acknowledgement used by CAM to send a set of usage rules information to the Content Control (CC) key calculation used by both sides to calculate keys for scrambling /descrambling of transport stream (TS).8. System Renewability Message (SRM) transmission and acknowledgement is used from CI+ CAM to transfer SRM for HDCP and DTCP-IP to the Capability EvaluationAuth Key VerificationAuthenticationSAC Key CalculationURI Version NegotiationURI AcknowledgementCC Key CalculationSRM / - CI plus LLPfile: plus - Transport Stream Output ProtectionHost and CICAM Capabilities.
