ci plus overview presentation - common · pdf fileci plus llp - file: ci-plus_overview.ppt,...
TRANSCRIPT
![Page 1: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/1.jpg)
CI Plus Limited Liability Partnership (LLP)www.ci-plus.com
CI Plus Overview
6th July 2009
![Page 2: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/2.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
2 / 24
Table of ContentPage:
• One Page Overview of CI Plus 3• History of Common Interface 4• Requirements & Scope with CI Plus 8• CI Plus System Overview 10• CI Plus Specification 11
- SAC (Secure Authenticated Channel)- Authentification - Protection of TS (Transport Stream)
with CC (Content Control)- URI (Usage Rules Information)- Revocation, Shunning- Interactivity with MHP CA API
• CI Plus Administration 19- CI+ LLP, Certificate Agent & Test Center- CI+ Documentation- Flow Chart of Certification & Licensing
• Summary 23
SC
PCMCIA
CI-CAM
CA
CI
CA Conditional AccessCAM CA ModuleCI Common InterfacePCMCIA Personal Computer Memory
Card International AssociationSC Smart Card
![Page 3: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/3.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
3 / 24
Issue with and Solution with• 1997-02 Quite old standard EN 50221 with unencrypted CAM output• 2006-09 Closed DVB TM-CIT group after missing consensus
• 2007-07 CI+ Forum founded by 6 companies • 2008-01 CI Plus Spec.v1.0 with encrypted output• 2008-11 CI+ forum replaced by CI Plus LLP• 2009-03 Appointment of
Plasma/LCD IDTV
additional Usage Rules for A/D output and storage
Encrypted TV Signal Encrypted Common Interface Module Smartcard
☺
Copy of originaldigital contentis impossible!
x
PCMCIA
Interface
x
One pageoverview
STB, Recorder, ...
![Page 4: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/4.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
4 / 24
History of Common Interface (CI)1997-02: Standard DVB CI v1 (EN 50221)
(with unencrypted output of CAM) 1999-11: Extension ETSI TS 101 6992002-01: EU directive for CI in IDTV with > 30cm2006-09: Start of DVB TM-CIT group
(to close security gaps with new CI v2 ...) Closed after missing consensus on technology
2007-07: Founding CI+ Forum by 6 companies 2007-12 CI Plus Specification draft 2008-01 CI Plus Specification v1.0
(with encrypted CAM interface) 2008-11 Disbanding of CI+ Forum & creation of
CI Plus LLP (UK Limited Liability Partnership) 2009-02 CI Plus Specification v1.1
2009-02 TC TrustCenter GmbH appointed 2009-03 DTV Labs Ltd. appointed test facility
![Page 5: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/5.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
5 / 24
DVB-CI & CI Plus - Usage for SD/HDTV
Set-Top-Box withintegrated
Decrypton-System
(Only for few contentused or permitted)
SDTV
SDTV
SDTV
Smart Card with DVB-CI
Smart Card with CI+
Smart Card Displayor IDTV
![Page 6: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/6.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
6 / 24
DVB CI - Current Standard v1• CI-Module used with smartcard containing key-informationen• CI-Module remove the encryption of protected content• The output of CI-Module is unencrypted• Due to this, most content providers prefer integrated
solutions because of higher security
EncryptedTelevion Signal
CI-module
Smartcard
No
Encryption
Copy of original
digital contentis possible
Plasma / LCD IDTV
EncryptedTelevion Signal
PCMCIA Interface
![Page 7: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/7.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
7 / 24
CI Plus - Protection of Content• Based on existing DVB-CI Standard• Main requirement: achieving the same level of security as embedded solutions• CI Plus Module and Receiver
- Calculation & Usage of a secure key for content protection- Secure, authentificated channel for critical system messages
• The output of module is encrypted• Only certified devices are supported
Plasma / LCD IDTV
Smartcard
Local Encryption
EncryptedTelevision Signal
EncryptedTelevision Signal
Copy oforiginal
digital contentis not possible!
CI Plus Module
PCMCIA Interface
![Page 8: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/8.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
8 / 24
CI Plus - Scope of Protection
CA Conditional AccessCC Content Control
![Page 9: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/9.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
9 / 24
CI Plus - Scope of Compatibility
Host
CA Module (CAM)
DVB CI CI Plus
Host in DVB-CI mode
Module in DVB-CI mode*
Host & Module CI Plus mode
Host & Module DVB-CI mode
☺* DVB-CI mode operation defined by network operator
![Page 10: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/10.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
10 / 24
CI Plus - System Overview
CA Conditional AccessCC Content ControlCI Common InterfaceCAM Conditional Access Module
![Page 11: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/11.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
11 / 24
CI Plus - Specification v1.2Chapter: Pages:
1-3 Scope, References, Definitions, ... 174 System Overview 45 Theory of Operation 316 Authentication Mechanisms 167 Secure Authenticated Channel 128 Content Key Calculations 49 Public Key Infrastr. & Certificate Details 910 Host Service Shunning 411 Command Interface 1312 CI Plus Application Level MMI 1013 CI Plus MMI Resource 214 Other CI Extensions 1415 PVR Resource 8
Annex A...N 99Total: 243
file: ci_plus_specification_v1.2.pdf date: 2009-04-25
![Page 12: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/12.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
12 / 24
CI Plus - Protocols1. Compare CI+ versions supported by IDTV and CAM.2. If both sides have the same auth key, they have
performed a successful authentication with each other.3. CI+ CAM and IDTV authenticate each other to make sure
the opposite device is a valid CI+ device.4. The Secure Authenticated Channel (SAC) is used
for transmission of security-related messages between CAM and IDTV.
5. Usage Rules Information (URI) version negotiation to find a URI version that is supported on both sides.
6. URI transmission and acknowledgement used by CAM to send a set of usage rules information to the IDTV.
7. Content Control (CC) key calculation used by both sides to calculate keys for scrambling /descrambling of transport stream (TS).
8. System Renewability Message (SRM) transmission and acknowledgement is used from CI+ CAM to transfer SRM for HDCP and DTCP-IP to the IDTV.
Host Capability Evaluation
Auth Key Verification
Authentication
SAC Key Calculation
URI Version Negotiation
URI Acknowledgement
CC Key Calculation
SRM Acknowledgement
1.
2.
3.
4.
5.
6.
7.
8.
![Page 13: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/13.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
13 / 24
CI Plus - Transport Stream Output ProtectionHost and CICAM Capabilities:
• DES-56-ECB Data Encryption Standard, 56-bit key, Electronic Code Book (USA 1999-10, Federal Information Processing Standards, FIPS 46-3)
• AES-128-CBC Advanced Encryption Standard, 128-bit key, Cipher Block Chaining (USA 2000-10, National Institute of Standards and Technology, NIST, FIPS 197)
![Page 14: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/14.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
14 / 24
CI Plus - AuthenticationSupported Authentication Phases per Service Mode:
• Basic Service Mode• Registered Service Mode
- Requires upstream communication to HE (Head End)
example:
DH = Diffie-Hellman key exchange
![Page 15: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/15.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
15 / 24
CI Plus - Devices & external Interfaces
Analogue PAL / NTSC / SECAMRGB / YUV / S-Video
DigitalHDMI / HDCP
DTCP-IP
IDTV Signals
/ Interfaces
Devices
time shifted recording(optional)
STB/PVR
CI Plus
Display
Encrypted Content, paired to receiver: the content cannot be copied without authorization..
![Page 16: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/16.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
16 / 24
URI initial default value for host, e.g. after channel change:• protocol version = 0x01• emi_copy_control_info = 0b11 (Encryption Mode Indicator)• aps_copy_control_info = 0b00 (Analog copy Protection System)• ict_copy_control_info = 0b0 (Image Constraint Trigger/Token)• rct_copy_control_info = 0b0 (Redistribution Control Trigger)• rl_copy_control_info = 0b000000 (Retention Limit, default 90 min)• reserved bits = 0b0
URI Mapping Table:• Analog Output (MV, APS, CGMS, ICT) • Digital Output (HDCP, DTCP, SPDIF)• Digital Storage (AACS, CPRM, VCPS)
see e.g. Digital Transmission Content Protection (DTCP), www.dtcp.com• Specification 2007-10, rev 1.51
CI Plus - Usage Rules Information (URI)
URIURI
Analog Digital Digital Storage
![Page 17: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/17.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
17 / 24
Host Service Shunning• Host shunning state determined from Service Descriptor Table (SDT)• Shunning active: Service can only be descrambled by CI+ Module• Shunning non active: Service can be descrambled by DVB-CI or CI+ Module
Host Revocation• Certificate Revocation List (CRL) transmitted to CICAM black-lists a host• Certificate White List (CWL) can revert a previous revocation of a host• Level of revocation granularity:
1. Unique host2. Range of hosts3. Certain model4. Certain brand
Revocation by CAS• Possible, but out of CI Plus specification scope
CI Plus - Mechanisms of Revocation
![Page 18: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/18.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
18 / 24
CI Plus - Additional Interactivity with ConsumerCI Plus Browser
• Enables to CI Plus modules to display graphics with menues, pictures, logos, ... in a common method on all CI Plus receivers/displays Allows easy interaction with default remote control
Support of MHP CA API• Enables to the broadcasted MHP applikation to communicate
with a CA Smartcard inside the CI Plus module
Country- and Language Support• Enables CI Plus modules to use the same language in menues,
which is already defined by user in the receiver setting.
![Page 19: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/19.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
19 / 24
CI Plus - LLP, Certificate Agent & Test CenterCI Plus LLP contact details:
• CI Plus LLP, www.ci-plus.com• The Billings, Guildford, Surrey GU1 4YD, UK• Tel/Fax: +44.1483. 302264/-302254
CI Plus LLP authorized Certificate Agent: • TC TrustCenter GmbH, www.trustcenter.de• Sonninstrasse 24-28, 20097 Hamburg, Germany• Tel/Fax: +49.40.808026-0/-126• Mail: [email protected]
CI Plus LLP approved Test Center:• Digital TV Labs Ltd., www.digitaltv-labs.com • Venturers House, King Street, Bristol, BS1 4PB, UK• Tel/Fax: +44.117.915-4018/-4088• Mail: [email protected]
![Page 20: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/20.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
20 / 24
CI Plus - DocumentationDocuments on www.ci-plus.com:
• CI Plus Device Interim License Agreement- Compliance and Robustness Rule...
• CI Plus Specification v1.2- Detailed Specification for Receiver and Module
with change notices 001 and 002• Supplementary Specification v1.2
- Requirements for host revocation/shunning• Test Specification v1.0
- Definition of test- and registration process• Registration Application
- Application for test and registration of a device
Documents on www.trustcenter.de:• On-Boarding Guideline, CI Plus Specification• Interim License Agreement (ILA)
Certificate Supply Agreement (CSA)• Forms: Identification, Administrator Authorization
Brand On-Boarding, Registration Application• Robustness Certification Checklist
last update: 2009-04-25
.../solutions/consumer_electronics.htm
![Page 21: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/21.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
21 / 24
CI Plus - License Agreement with Exhibits A-L
A: Device Type
B: Robustness Rules
C: Compliance Rules for Host Device
D: Compliance Rules for CICAM Device
E: URI Mapping Table
G: Robustness Rules Checklist
H: Confidentiality Agreement
I: Fee schedule
J: Registration Procedure
K: Change Procedure
L: Revocation Procedure
CICAM Device
Host Device
Robustness Rules
ComplianceRules
Confidentiality Agreement
![Page 22: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/22.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
22 / 24
CI Plus - Implementation
CI Plus LLP (Limited Liability Partnership)
Trust Authority
(TA)
Certification Authority (CA)
Test of Device
Device Manufacturer
of CI Plus Module / Host
TC Trust Center
Sign License Agreement€15,000 registration/yearlyReceive License specs and Test technologyAt Website
Public Specification, License Agreement (incl. Compliance and Robustness)
Order Certificates (keys) € 500/10.000 devices
Device Testing Result Robustness Checklist € 5,000/device type
Device RegistrationProduction Credentials
Test Partner
New deviceRobustness Checklist Device Testing
Result
or Self-Test-Registration(after registration of 2 different device types)
Deliver Certificates (keys)
...
![Page 23: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/23.jpg)
CI Plus LLP - www.ci-plus.comfile: ci-plus_overview.ppt, v2009-07-06
23 / 24
CI Plus - Summary• CI Plus is based on DVB-CI standard and is downward compatible• Encrypted communication over the CI/CI+ interface
- Secure & authenticated channel for critical system messages- Encrypted transmission of digital content from CI+ module towards the host device
• Implementation- Licensing & administration of Certificates managed by independant Trust-Center- Certification of end user devices & CI+ modules in a digital TV laboratory
• Future proof with URI (Usage Rules Information) for UPnP, CPCM, CSA3, DTCP, DLNA, ...
STBPVR
LAN Internet
![Page 24: CI Plus Overview Presentation - Common · PDF fileCI Plus LLP - file: ci-plus_overview.ppt, v2009-07-06 2/ 24 Table of Content Page: • One Page Overview of CI Plus 3 • History](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aa6f35a7f8b9ac5648b718b/html5/thumbnails/24.jpg)
CI Plus Limited Liability Partnership (LLP)www.ci-plus.com
Thank you for your interest
CI Plus LLP www.ci-plus.comwww.ci-plus.com/forum
TC TrustCenter GmbH www.trustcenter.deDigital TV Labs Ltd www.digitaltv-labs.com