CI Plus LLP Profile of the DVB CI Plus Specification
CI Plus LLP takes the DVB CI Plus Specifications as input and creates profile specifications (the CI Plus wrappers) stating the subset of the DVB CI Plus Specifications that shall be implemented for making CI Plus LLP compliant devices. The Profile Specifications also includes CI Plus LLP specific Root of Trust details.
Currently CI Plus LLP defines 3 Specification Profiles:
- CI Plus Specification v1.4 for PCMCIA CI Plus Devices supporting the Standard Security Level (as defined per the Robustness Rules of the Standard ILA)
- CI Plus Specification v2.0 for USB CI Plus Devices supporting the Standard Security Level (as defined per the Robustness Rules of the Standard ILA)
- CI Plus ECP Specification v1.2 for CI Plus Devices supporting the ECP Security Level (as defined per the ECP Robustness Rules of the ILA Addendum for ECP)
Testing and Certification of Devices against CI Plus LLP profiles
CI Plus Licensees are required to go through CI Plus certification testing before they can register their devices and start ordering certificates.
Resillion is the official CI Plus LLP approved CI Plus Test Centre.
Resillion also make available their CI Plus Test Tool as the official pre-test CI Plus Host Test Tool to facilitate the full development, testing and debugging of CI Plus and CI Plus ECP Host implementations.
Manage Registration of Licensees and Devices
DigiCert is the Trust Center appointed by CI Plus LLP for registration of Licensees and registration of Device Types.
A Certification Test Report and a declaration of robustness are required for registration of a Device Type.
Ensure the ongoing integrity of CI Plus devices in the field
Revocation is possible today
- Criteria for host device revocation are defined in the CI Plus ILA
- The technical specification has been ready since the launch of CI Plus
- Since July 2017, all newly certified CI Plus modules are required to support revocation
- Broadcasters/Operators that sign the Content Distribution Agreement (CDA) can receive the applicable revocation list from CI Plus LLP and broadcast it on their network
Secure delivery of the revocation trigger is the responsibility of the CAS system and the CAM vendor
Broadcast delivery of revocation lists is the responsibility of the network operator (not necessarily under CAS protection)
CI Plus LLP maintains a single revocation list, containing all known instances of lost, stolen or misused keys and Host devices that are currently in breach of CI Plus ILA and/or ECP Addendum
Revocation granularity: Unique device, range, model, brand, at service or event level
Revocation can be done for CI Plus standard security or ECP security level products
Deliver device certificates to manufacturers for use in certified devices
On behalf of CI Plus LLP, DigiCert offers online services for CI Plus Licensees to order batches of individual certificates to be provisioned securely in CI Plus Devices of a registered Device Type.
DigiCert delivers 60 to 80 million of CI Plus certificates annually.
Day to Day Activities
- Licensing of CI Plus “secrets” to implementers
- Certification of CI Plus Hosts and Modules (with Resillion)
- Provision of CI Plus Certificates to licensees with certified products (with Digicert)
- Enforcement that licensees comply with the CI Plus LLP specification and Compliance and Robustness Rules as defined by the License Agreement (ILA)
- Revocation of devices in breach of compliance and Robustness Rules in accordance with the ILA
- Continuous monitoring the market and reacts to fraudulent or misuse of the CI Plus Technology