Transcription of CI Plus Specification 1 - Common Interface
1 CI plus Specification (2011-01) Technical Specification CI plus Specification . Content Security Extensions to the Common Interface . 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 2 CI plus LLP Pannell House Park Street Guildford Surrey GU1 4HN UK A company registered in England and Wales Registered Number: OC341596 Copyright Notification All rights reserved. Reproduction in whole or in part is prohibited without the written consent of the copyright owners. 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 3 Contents Foreword .. 14 1 Scope .. 15 2 References .. 15 Normative references .. 15 3 Definitions, symbols and abbreviations .. 17 Definitions .. 17 Symbols .. 18 Abbreviations .. 18 Use of Words .. 20 4 System Overview (informative) .. 20 Introduction .. 20 Content Control System Components .. 21 Host.
2 21 CICAM .. 22 Head-End .. 22 Implementation Outline .. 22 Device Authentication .. 23 Key Exchange and Content Encryption .. 23 Enhanced MMI .. 23 CI plus Extensions .. 24 CI plus Extensions .. 24 5 Content Control Overview (normative) .. 24 End to End Architecture .. 24 General Interface Behaviour .. 25 Key Hierarchy .. 27 Keys on the Credentials Layer .. 29 Keys on the Authentication Layer .. 29 Keys on the SAC Layer .. 30 Keys on the Content Control Layer .. 30 Module Deployment .. 30 Deployment In Basic Service Mode .. 31 Deployment In Registered Service Mode .. 33 Registration Messages .. 34 Notification Messages .. 35 Generic Error Reporting .. 36 Introduction to Revocation (informative) .. 36 Host Revocation .. 37 Revocation Granularity .. 37 Revocation Signalling Data .. 37 Transmission Time-out .. 38 SOCRL and SOCWL Download Process.
3 38 Denial of Service .. 40 (De)Scrambling of Content .. 42 Transport Stream Level 42 PES Level Scrambling .. 43 Scrambler/Descrambler Definition .. 43 Scrambling rules .. 43 Transport Stream Scrambling with DES .. 45 Transport Stream Scrambling with AES .. 45 Copy Control Exertion on Content .. 48 URI Definition .. 48 Associating URI with Content .. 48 URI transfer Head-End to CICAM .. 49 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 4 URI transfer CICAM to Host .. 49 URI Refresh Protocol .. 49 URI Version Negotiation Protocol .. 52 Format of the URI message .. 52 Coding And Semantics Of Fields .. 53 Modes Of Operation .. 56 Host Operation with Multiple CICAMs .. 57 Single CICAM with Multiple CA System Support .. 58 Introduction .. 58 CICAM Device Certificates .. 58 CCK Refresh .. 58 Host revocation .. 58 Authentication Overview.
4 58 Content License Exchanges .. 60 Record Start Protocol .. 60 Content License Exchange on 60 Content License Exchange on Check .. 60 Content License Exchange on Playback .. 61 Parental Control .. 61 CICAM PIN Capabilities .. 61 No CICAM PIN Capabilities .. 62 CICAM PIN Capabilities for CA Services Only .. 62 CICAM PIN Capabilities for CA and FTA Services .. 62 CICAM PIN Capabilities for CA Services Only (cached PIN) .. 62 CICAM PIN Capabilities for CA and FTA Services (cached PIN) .. 62 CICAM PIN code .. 63 Host PIN code .. 66 Notification that a PIN is required .. 66 Transfer of Parental Rating to CICAM .. 66 Recording and Playback .. 67 Playback (Informative) .. 68 SRM Delivery .. 69 Data file transfer protocol .. 69 Initialisation and message overview .. 69 Data transfer conditions .. 71 6 Authentication Mechanisms .. 72 CICAM Binding and Registration.
5 72 Verification of Certificates & DH Key Exchange .. 72 Verification of Authentication Key .. 72 Report Back to Service Operator .. 73 CC System Operation .. 73 Authentication Protocol .. 75 Initialisation and Message Overview .. 75 Authentication Conditions .. 78 Authentication Key Computations .. 82 Diffie Hellman Parameters .. 86 Calculate DH Public Keys (DHPH and DHPM) .. 86 Calculate DH Keys (DHSK).. 86 Calculate Authentication Key (AKH and AKM) .. 86 Power-Up Re-Authentication .. 87 7 Secure Authenticated Channel .. 87 CI SAC 89 SAC Initialisation .. 89 SAC (re)keying Conditions .. 90 SAC Key Computation .. 92 SAC error codes and (re) set SAC state .. 92 Format of the SAC Message .. 93 Constants .. 94 Coding and Semantics of Fields .. 94 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 5 Transmitting SAC Messages.
6 96 Message Authentication .. 96 Message Encryption .. 96 Receiving SAC Messages .. 97 Message Counter State .. 97 Message Decryption .. 97 Message Verification .. 98 SAC Integration into CI plus .. 98 8 Content Key Calculations .. 99 Content Control Key refresh 99 Initialization and message overview .. 99 Content Control Key re-keying conditions .. 101 Content Key Lifetime .. 102 Content Control Key Computation (CCK) .. 102 Content Key for DES-56-ECB Scrambler.. 103 Content Key and IV for AES-128-CBC Scrambler.. 103 9 PKI and Certificate Details .. 104 Introduction .. 104 Certificate Management Architecture .. 104 Certificate Format .. 105 version .. 106 serialNumber .. 106 signature .. 106 issuer .. 106 validity .. 107 subject .. 107 subjectPublicKeyInfo .. 108 issuerUniqueID and 108 extensions .. 109 Subject Key 109 Authority Key Identifier.
7 109 Key usage .. 109 Basic constraints .. 109 Scrambler capabilities .. 110 CI plus info .. 110 CICAM brand identifier .. 110 signatureAlgorithm .. 111 signatureValue .. 111 Certificate Verification .. 111 Verification of the brand certificate .. 111 Verification of the device certificate .. 111 Verification of the service operator certificate .. 112 10 Host Service Shunning .. 112 CI plus Protected Service Signalling .. 112 CI Protection Descriptor .. 113 CI Protection Descriptor .. 113 Private Data Specifier Descriptor .. 114 Trusted Reception .. 114 CI plus Protection Service Mode .. 114 Service Shunning .. 115 Service Shunning In-active .. 117 Service Shunning Active .. 117 11 Command Interface .. 117 Application Information resource .. 117 Application Information Version 3 .. 117 Request CICAM Reset .. 117 request_cicam_reset APDU.
8 117 Reset request using the IIR bit .. 118 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 6 Data rate on the PCMCIA 118 data_rate_info APDU .. 118 Host Language and Country resource .. 118 Host Language and Country resource APDUs .. 119 Host_country_enq APDU .. 119 Host_country APDU .. 119 Host_language_enq APDU .. 119 Host_language APDU .. 120 Content Control resource .. 120 Content Control resource APDUs .. 120 cc_open_req APDU .. 121 cc_open_cnf APDU .. 121 cc_data_req APDU .. 122 cc_data_cnf APDU .. 122 cc_sync_req APDU .. 123 cc_sync_cnf APDU .. 123 cc_sac_data_req APDU .. 124 cc_sac_data_cnf APDU .. 125 cc_sac_sync_req APDU .. 125 cc_sac_sync_cnf APDU .. 126 Content Control Resource PIN APDUs .. 126 cc_PIN_capabilities 126 cc_PIN_cmd APDU .. 127 cc_PIN_reply APDU .. 128 cc_PIN_event 128 cc_PIN_playback APDU.
9 129 cc_PIN_MMI_req APDU .. 129 Content Control Protocols .. 130 Host Capability Evaluation .. 130 Authentication .. 130 Authentication Key verification .. 131 CC key calculation .. 131 SAC key calculation .. 132 URI transmission and acknowledgement .. 132 URI version negotiation .. 133 Content License Exchange .. 133 CICAM to Host License Exchange Protocol .. 133 Playback License Exchange Protocol .. 134 License Check Exchange Protocol .. 135 Record Start Protocol .. 136 Change Operating Mode Protocol .. 137 Record Stop Protocol .. 137 SRM file transmission and acknowledgement .. 138 Specific Application Support .. 138 Application Life-cycle .. 139 12 CI plus Application Level MMI .. 139 Scope .. 139 Application MMI Profile .. 141 Application Domain .. 141 Set of Classes .. 141 Set of Features .. 141 CI plus Engine Profile .. 142 Not required features.
10 142 Stream Objects .. 142 RTGraphics / Subtitles .. 142 GetEngineSupport .. 142 Content Data Encoding .. 143 Content Table .. 143 Stream "memory" formats .. 143 User Input .. 143 2008, 2009, 2011 CI plus LLP CI plus Specification (2011-01) 7 Engine Events .. 143 Protocol Mapping and External Connection .. 143 Resident Programs .. 143 RequestMPEGD ecoder .. 144 Engine Graphics Model .. 144 LineArt and Dynamic LineArt .. 145 PNG Bitmaps .. 145 MPEG Stills .. 145 User Input .. 145 High definition graphics model.. 145 Discovery .. 145 Engine 145 Downloadable 145 OpenType Fonts .. 146 Presentation .. 146 Defensive 146 CI Application Life Cycle .. 147 Application Life Cycle .. 147 Launching and Terminating the CI plus Application .. 147 Interaction with DVB Common Interface Module .. 147 MHEG Broadcast Profile .. 148 MHP Broadcast Profile.
