ci-plus.com

[selinaw]

Hi,

we do CI+ licensee process in recently ,we plan to develop CI+ STB as a manufacturer,there is a question for DTCP ( Digital Transmission Content Protection ,technology protects high-value digital motion pictures, television programs and audio against unauthorized interception and copying in the home and personal environment ),
whether DTCP for USB out (PVR ready) is a "must" for CI+ certification or whether specification must require it?

We have our own ways to let the content only play in original disk, also a protection.

Thanks for kind reply!

Selina
e-mail: sales17@d-telemedia.com

[ElRabbit]

Hi,

DTCP is required is the content is to leave the box and be played elsewhere. In your case, content stored on the USB storage is meant to be played only on the STB. So you can use your own protection scheme. In that case the protection scheme you use fall into global security concern about the box implementation and you have to prove that the scheme you use is secure enough.

[vandaeb]

Given that DTCP is mandatory when the signal leaves the box, I have a fundamental question on implementing CI+ on professional sat rx.
On such a receiver the output is typically in the clear (not scrambled, nor encrypted) for further processing by service providers. (transcoding, rate limiting, remultiplexing, re-encryption, ...)

Given the need to have digital signal in the clear, can CI+ be implemented on such a receiver?

[ElRabbit]

Encrypting outgoing content for CI plus CAM is an option that is up to the CAM to decide depending on the program and receiver on the other side. It's up to CAM manufacturer and ultimately up to content owner to decide if content will be encrypted. CI plus is only the tool box that offer possibilty of encryption.

Content owner can decide to leave conent in the clear if receiver has enough credential (i.e. manufacturer certificates belong to a restricted list of professional receiver make); but I don't think content owner will be satisfied on the long run with content flowing in the clear, even it's just in head ends. One of the following solution can be used in middle/long term:

- Rescrambling CAM: having the CAM to perform directly rescrambling when required (not really manageable in my opinion)
- Secure head end: have content encrypted even between head end components using either CI plus encryption either proprietary encryption (DTCP or else), that will require all components to evolve at the same time using a standard that does not exist yet
- monolithic head end component: having all processing performed in a single device (descrambling, recoding, scrambling)

Again, when copy protection enter the game everything becomes a bit more complicated

[vandaeb]

Thanks for the answer.
I quite understand that by means of the URI, the operator can enforce re-encryption on the CI+ CAM (EMI>0).

However what I'm missing in the CI+ spec is how an operator can choose to allow one type of host (TV sets for example) to fully apply CI+ and another type of hosts (e.g. prof. rx) to not re-encrypt on the CAM.
As URI are bound to the content (services) and not to a host, how can the operator make the distinction when using the same content.
I've understood from the spec that whitelisting is only a way to remove blacklisted host and hence you can't grant a certain range of devices more rights.


Bart

[ElRabbit]

You must understand that delivery of copy bits to CI encryption is a proprietary mechanism internal to the CAM. CAM software can decide a lot of thing based on:
- Information received from the stream (ECM, EMM, Tables, blacklist)
- Information received from Smart Card (Entitlement, internal states)
- Information received from Host (Certficates)
Which copy protection is applied in function of these information is only an agreement between CAM manufacturer and content owner (in most cases that will be an indirect agreement through network operator and conditional access supplier). There is no specifications that tells the CAM how it is supposed to protect the content.
There is nothing that says that CAM manufacturer cannot agree with Network operator that content will be delivered in the clear to host model 123 of manufacturer XYZ (identified by certificates), as long as there is sign off from all the parties that this will be the expected behavior from the CAM.
The thing is that the ways to grant some receiver more rights that others is not covered by specifications until now and shall rely on private mechanism.

[vandaeb]

Thanks for your answer!

While reading through the interim license agreement, I ran into another obstacle that would prevent my host device to output content in the clear.
Section 2.0 states that

Licensed Product shall not output Controlled Content to any output, except as permitted in this Section 2.0. For purposes of this Exhibit C, an output shall be deemed to include, but not be limited to, any transmissions to any internal copying, recording, or storage device, but shall not include internal non-persistent or transitory transmissions that otherwise satisfy these Compliance Rules and the Robustness Rules.
Licensed products are not constrained with regard to the output of Uncontrolled Content by this License Agreement.

As I don't see any way to output restricted content (EMI>0) in the clear, I believe that this would violate the agreement and hence no such a device can be built.