Transcription of CI Plus Specification 1.3 - Common Interface
1 CI Plus Specification (2011-09). Technical Specification CI Plus Specification . Content Security Extensions to the Common Interface . 2 CI Plus Specification (2011-09). CI Plus LLP. Pannell House Park Street Guildford Surrey GU1 4HN. UK. A company registered in England and Wales Registered Number: OC341596. Copyright Notification All rights reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owners. 2008, 2009, 2011 CI Plus LLP. 3 CI Plus Specification (2011-09). Contents Foreword .. 14. 1 Scope .. 15. 2 References .. 15. Normative references .. 15. 3 Definitions, symbols and abbreviations .. 17. Definitions .. 17. Symbols .. 18. 18. Use of Words .. 20. 4 System Overview (informative) .. 20. Introduction .. 20. Content Control System Components .. 21. Host .. 21. CICAM .. 22. Head-End .. 22. Implementation Outline .. 22. Device Authentication.
2 23. Key Exchange and Content Encryption .. 23. Enhanced MMI .. 23. CI Plus Extensions .. 24. CI Plus Extensions .. 24. 5 Content Control Overview (normative) .. 24. End to End Architecture .. 24. General Interface Behaviour .. 25. Key 26. Keys on the Credentials Layer .. 28. Keys on the Authentication Layer .. 28. Keys on the SAC Layer .. 29. Keys on the Content Control Layer .. 29. Module Deployment .. 29. Deployment In Basic Service 30. Deployment in Registered Service Mode .. 32. Generic Error Reporting .. 32. Introduction to Revocation (informative) .. 32. Host Revocation .. 32. Revocation Granularity .. 33. Revocation Signalling Data .. 33. Transmission Timeout .. 34. SOCRL and SOCWL Download Process .. 34. Denial of Service .. 36. (De)Scrambling of Content .. 38. Transport Stream Level 38. PES Level Scrambling .. 39. Scrambler/Descrambler Definition .. 39. Scrambling rules.
3 39. Transport Stream Scrambling with DES .. 41. Transport Stream Scrambling with AES .. 41. Copy Control Exertion on Content .. 44. URI Definition .. 44. Associating URI with Content .. 44. URI transfer Head-End to CICAM .. 44. URI transfer CICAM to Host .. 44. URI Refresh Protocol .. 45. 2008, 2009, 2011 CI Plus LLP. 4 CI Plus Specification (2011-09). URI Version Negotiation Protocol .. 48. Format of the URI message .. 48. Coding And Semantics Of Fields .. 49. Modes Of Operation .. 53. Host Operation with Multiple CICAMs .. 53. Single CICAM with Multiple CA System Support .. 54. Introduction .. 54. CICAM Device Certificates .. 54. CCK Refresh .. 54. Host 54. Authentication Overview .. 55. Content License Exchanges .. 56. Record Start Protocol .. 56. Content License Exchange on 56. Content License Exchange on Check .. 56. Content License Exchange on Playback .. 57. Content License and Timeshifting.
4 57. Record Stop Protocol .. 57. Parental Control .. 57. CICAM PIN Capabilities .. 58. No CICAM PIN Capabilities .. 58. CICAM PIN Capabilities for CA Services Only .. 58. CICAM PIN Capabilities for CA and FTA Services .. 58. CICAM PIN Capabilities for CA Services Only (cached PIN) .. 59. CICAM PIN Capabilities for CA and FTA Services (cached PIN) .. 59. CICAM PIN 59. Host PIN code .. 62. Notification that a PIN is required .. 63. Transfer of Parental Rating to CICAM .. 63. PIN Code Caching .. 63. Recording and Playback .. 63. Playback Session .. 65. SRM Delivery .. 66. Data file transfer protocol .. 66. Initialisation and message overview .. 66. Data transfer conditions .. 68. 6 Authentication Mechanisms .. 69. CICAM Binding and Registration .. 69. Verification of Certificates & DH Key Exchange .. 69. Verification of Authentication Key .. 69. Report Back to Service Operator .. 70.
5 CC System Operation .. 70. Authentication Protocol .. 72. Initialisation and Message Overview .. 72. Authentication Conditions .. 74. Authentication Key Computations .. 78. Diffie Hellman Parameters .. 82. Calculate DH Public Keys (DHPH and DHPM) .. 82. Calculate DH Keys (DHSK).. 82. Calculate Authentication Key (AKH and AKM) .. 83. Power-Up Re-Authentication .. 83. 7 Secure Authenticated Channel .. 83. CI SAC 85. SAC Initialisation .. 85. SAC (re)keying Conditions .. 86. SAC Key Computation .. 88. SAC error codes and (re) set SAC state .. 88. Format of the SAC Message .. 89. Constants .. 90. 2008, 2009, 2011 CI Plus LLP. 5 CI Plus Specification (2011-09). Coding and Semantics of Fields .. 90. Transmitting SAC Messages .. 92. Message Authentication .. 92. Message Encryption .. 92. Receiving SAC Messages .. 93. Message Counter State .. 93. Message Decryption .. 93. Message Verification.
6 94. SAC Integration into CI Plus .. 94. 8 Content Key Calculations .. 95. Content Control Key refresh 95. Initialization and message overview .. 95. Content Control Key re-keying conditions .. 97. Content Key Lifetime .. 98. Content Control Key Computation (CCK) .. 98. Content Key for DES-56-ECB 99. Content Key and IV for AES-128-CBC Scrambler.. 99. 9 PKI and Certificate Details .. 100. Introduction .. 100. Certificate Management Architecture .. 100. Certificate Format .. 101. version .. 102. serialNumber .. 102. signature .. 102. issuer .. 102. validity .. 103. subject .. 103. subjectPublicKeyInfo .. 104. issuerUniqueID and 104. extensions .. 105. Subject Key 105. Authority Key Identifier .. 105. Key usage .. 105. Basic constraints .. 105. Scrambler capabilities .. 106. CI Plus info .. 106. CICAM brand identifier .. 106. signatureAlgorithm .. 107. signatureValue .. 107. Certificate Verification.
7 107. Verification of the brand certificate .. 107. Verification of the device certificate .. 107. Verification of the service operator certificate .. 108. 10 Host Service Shunning .. 108. CI Plus Protected Service Signalling .. 108. CI Protection Descriptor .. 109. CI Protection Descriptor .. 109. Private Data Specifier Descriptor .. 110. Trusted Reception .. 110. CI Plus Protection Service Mode .. 110. Service Shunning .. 111. Service Shunning In-active .. 113. Service Shunning Active .. 113. 11 Command Interface .. 113. Application Information resource .. 113. Application Information Version 3 .. 113. Request CICAM Reset .. 113. request_cicam_reset APDU .. 113. 2008, 2009, 2011 CI Plus LLP. 6 CI Plus Specification (2011-09). Reset request using the IIR bit .. 114. Data rate on the PCMCIA 114. data_rate_info APDU .. 114. Host Language and Country resource .. 114. Host Language and Country resource APDUs.
8 115. Host_country_enq APDU .. 115. Host_country APDU .. 115. Host_language_enq APDU .. 115. Host_language APDU .. 116. Content Control resource .. 116. Content Control resource APDUs .. 116. cc_open_req APDU .. 117. cc_open_cnf APDU .. 117. cc_data_req APDU .. 118. cc_data_cnf APDU .. 118. cc_sync_req APDU .. 119. cc_sync_cnf APDU .. 119. cc_sac_data_req APDU .. 120. cc_sac_data_cnf APDU .. 121. cc_sac_sync_req APDU .. 121. cc_sac_sync_cnf APDU .. 122. Content Control Resource PIN APDUs .. 122. cc_PIN_capabilities 122. cc_PIN_cmd APDU .. 123. cc_PIN_reply APDU .. 124. cc_PIN_event 125. cc_PIN_playback APDU .. 125. cc_PIN_MMI_req APDU .. 126. Content Control Protocols .. 126. Host Capability Evaluation .. 126. Authentication .. 126. Authentication Key verification .. 127. CC key calculation .. 127. SAC key calculation .. 128. URI transmission and acknowledgement .. 128. URI version negotiation.
9 129. Content License Exchange .. 129. CICAM to Host License Exchange Protocol .. 129. Playback License Exchange Protocol .. 130. License Check Exchange Protocol .. 131. Record Start Protocol .. 132. Change Operating Mode Protocol .. 133. Record Stop Protocol .. 133. SRM file transmission and acknowledgement .. 134. Specific Application Support .. 134. Application Life-cycle .. 135. Data 135. 12 CI Plus Application Level MMI .. 136. Scope .. 136. Application MMI Profile .. 137. Application Domain .. 137. Set of Classes .. 137. Set of Features .. 138. CI Plus Engine Profile .. 138. Not required features .. 138. Stream Objects .. 138. RTGraphics / Subtitles .. 139. GetEngineSupport .. 139. Content Data Encoding .. 139. Content Table .. 139. 2008, 2009, 2011 CI Plus LLP. 7 CI Plus Specification (2011-09). Stream "memory" formats .. 139. User Input .. 139. Engine Events .. 140. Protocol Mapping and External Connection.
10 140. Resident Programs .. 140. 140. Engine Graphics Model .. 141. LineArt and Dynamic LineArt .. 141. PNG Bitmaps .. 141. MPEG Stills .. 141. User Input .. 141. High definition graphics model.. 142. Discovery .. 142. Engine 142. Downloadable 142. OpenType Fonts .. 142. Presentation .. 143. Defensive 143. CI Application Life Cycle .. 143. Application Life Cycle .. 143. Launching and Terminating the CI Plus Application .. 143. Interaction with DVB Common Interface Module .. 144. MHEG Broadcast Profile .. 144. MHP Broadcast 144. File Request and Acknowledge .. 145. Persistent Storage .. 145. Host Resource Model .. 145. Memory Resource .. 145. Link Recursion Behaviour .. 145. Timer Count and Granularity .. 145. Application Stacking .. 145. Name Mapping .. 145. Names within the Host .. 145. Name Space Mapping .. 145. MHEG-5 Object References .. 146. Mapping Rules for GroupIdentifier and ContentReference.
