Transcription of CI Plus Specification 1 - Common Interface
1 CI plus Specification (2011-01) Technical Specification CI plus Specification . Content Security Extensions to the Common Interface . 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 2 CI plus LLP Pannell House Park Street Guildford Surrey GU1 4HN UK A company registered in England and Wales Registered Number: OC341596 Copyright Notification All rights reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owners. 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 3 Contents Foreword.
2 14 1 Scope .. 15 2 References .. 15 Normative references .. 15 3 Definitions, symbols and abbreviations .. 17 Definitions .. 17 Symbols .. 18 Abbreviations .. 18 Use of Words .. 20 4 System Overview (informative) .. 20 Introduction .. 20 Content Control System Components .. 21 Host .. 21 CICAM .. 22 Head-End .. 22 Implementation Outline .. 22 Device Authentication .. 23 Key Exchange and Content Encryption .. 23 Enhanced MMI .. 23 CI plus Extensions .. 24 CI plus Extensions .. 24 5 Content Control Overview (normative).
3 24 End to End Architecture .. 24 General Interface Behaviour .. 25 Key Hierarchy .. 27 Keys on the Credentials Layer .. 29 Keys on the Authentication Layer .. 29 Keys on the SAC Layer .. 30 Keys on the Content Control Layer .. 30 Module Deployment .. 30 Deployment In Basic Service Mode .. 31 Deployment In Registered Service Mode .. 33 Registration Messages .. 34 Notification Messages .. 35 Generic Error Reporting .. 36 Introduction to Revocation (informative) .. 36 Host Revocation .. 37 Revocation Granularity .. 37 Revocation Signalling Data.
4 37 Transmission Time-out .. 38 SOCRL and SOCWL Download Process .. 38 Denial of Service .. 40 (De)Scrambling of Content .. 42 Transport Stream Level 42 PES Level Scrambling .. 43 Scrambler/Descrambler Definition .. 43 Scrambling rules .. 43 Transport Stream Scrambling with DES .. 45 Transport Stream Scrambling with AES .. 45 Copy Control Exertion on Content .. 48 URI Definition .. 48 Associating URI with Content .. 48 URI transfer Head-End to CICAM .. 49 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 4 URI transfer CICAM to Host.
5 49 URI Refresh Protocol .. 49 URI Version Negotiation Protocol .. 52 Format of the URI message .. 52 Coding And Semantics Of Fields .. 53 Modes Of Operation .. 56 Host Operation with Multiple CICAMs .. 57 Single CICAM with Multiple CA System Support .. 58 Introduction .. 58 CICAM Device Certificates .. 58 CCK Refresh .. 58 Host revocation .. 58 Authentication Overview .. 58 Content License Exchanges .. 60 Record Start Protocol .. 60 Content License Exchange on 60 Content License Exchange on Check .. 60 Content License Exchange on Playback.
6 61 Parental Control .. 61 CICAM PIN Capabilities .. 61 No CICAM PIN Capabilities .. 62 CICAM PIN Capabilities for CA Services Only .. 62 CICAM PIN Capabilities for CA and FTA Services .. 62 CICAM PIN Capabilities for CA Services Only (cached PIN) .. 62 CICAM PIN Capabilities for CA and FTA Services (cached PIN) .. 62 CICAM PIN code .. 63 Host PIN code .. 66 Notification that a PIN is required .. 66 Transfer of Parental Rating to CICAM .. 66 Recording and Playback .. 67 Playback (Informative) .. 68 SRM Delivery .. 69 Data file transfer protocol.
7 69 Initialisation and message overview .. 69 Data transfer conditions .. 71 6 Authentication Mechanisms .. 72 CICAM Binding and Registration .. 72 Verification of Certificates & DH Key Exchange .. 72 Verification of Authentication Key .. 72 Report Back to Service Operator .. 73 CC System Operation .. 73 Authentication Protocol .. 75 Initialisation and Message Overview .. 75 Authentication Conditions .. 78 Authentication Key Computations .. 82 Diffie Hellman Parameters .. 86 Calculate DH Public Keys (DHPH and DHPM) .. 86 Calculate DH Keys (DHSK).
8 86 Calculate Authentication Key (AKH and AKM) .. 86 Power-Up Re-Authentication .. 87 7 Secure Authenticated Channel .. 87 CI SAC 89 SAC Initialisation .. 89 SAC (re)keying Conditions .. 90 SAC Key Computation .. 92 SAC error codes and (re) set SAC state .. 92 Format of the SAC Message .. 93 Constants .. 94 Coding and Semantics of Fields .. 94 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 5 Transmitting SAC Messages .. 96 Message Authentication .. 96 Message Encryption .. 96 Receiving SAC Messages.
9 97 Message Counter State .. 97 Message Decryption .. 97 Message Verification .. 98 SAC Integration into CI plus .. 98 8 Content Key Calculations .. 99 Content Control Key refresh 99 Initialization and message overview .. 99 Content Control Key re-keying conditions .. 101 Content Key Lifetime .. 102 Content Control Key Computation (CCK) .. 102 Content Key for DES-56-ECB Scrambler.. 103 Content Key and IV for AES-128-CBC Scrambler.. 103 9 PKI and Certificate Details .. 104 Introduction .. 104 Certificate Management Architecture.
10 104 Certificate Format .. 105 version .. 106 serialNumber .. 106 signature .. 106 issuer .. 106 validity .. 107 subject .. 107 subjectPublicKeyInfo .. 108 issuerUniqueID and 108 extensions .. 109 Subject Key 109 Authority Key Identifier .. 109 Key usage .. 109 Basic constraints .. 109 Scrambler capabilities .. 110 CI plus info .. 110 CICAM brand identifier .. 110 signatureAlgorithm .. 111 signatureValue .. 111 Certificate Verification .. 111 Verification of the brand certificate .. 111 Verification of the device certificate.
