scope:

The Group Specification on ECI basic requirements, as covered by the present document, is part of a multi-part deliverable specifying a system architecture for general purpose, software-based, embedded and exchangeable CA/DRM systems which would be the most appropriate and future-proof solution for overcoming market fragmentation and enabling interoperability. Key benefits of the envisaged approach for content security are:

• Flexibility and scalability due to software-based implementation.

• Exchangeability fostering future-proof solution and enabling innovation.

• Applicability to content distributed via broadcast and broadband, including OTT.

• Support of multi-screen environment.

• Stimulation of the market for platform operators, network/service providers, and consumers by avoiding "Lock-in".

• The specification of an open eco-system fostering market development

The ECI system aims at exchangeability of CA and DRM systems in CPEs on all relevant levels and aspects, at lowest possible costs for the consumers and at minimal restrictions for CA or DRM vendors to develop their target products for the PayTV market. Therefore, amongst others, the ECI has the following functionalities:

• A software container for the CA respectively the DRM kernel - hereafter called ECI Client - with:

- standardized interfaces to all relevant functionalities of the CPE;

- a standardized Virtual Machine (VM) to run upon.

• Support of smartcard-less systems as well as use in smartcard-based systems.

• Inclusion of a multitude of such software containers in a CPE, each container running on its own instance of the VM.

• Installation of the ECI Client independently from other CPE software by a secure and standardized loader concept.

• Advanced Security, also known as Chip Set Security, to support content protection and to prevent unauthorized content access.

• Methods for the user to discover the right ECI Client to download.

• Methods for revocation of (parts of) the ECI Client's functionality and CPE's functionality.

• Suited for classical digital broadcasting, IPTV or modern OTT-based systems.

Although ECI shows some similarity with already deployed solutions, there are substantial differences:

1) The module is in software, no longer in hardware, hence no need for costs at the consumer side to swap a CA or DRM system.

2) Several parallel ECI Clients can be implemented in one and the same CPE, without adding relevant cost.

3) These clients can run concurrently in the one device.

As a result, a CA or DRM component can be exchanged much easier, allowing the end-user to change operator or get services from a variety of operators on his CPE, without having to exchange expensive modules.

The complete multi-part deliverable consists of a group of specifications, including a Group Specification on Use cases and Requirements (the present document), in combination with the underlying specifications:

Part 1: Architecture, Definitions and Overview [1].

Part 2: Use cases and requirements (the present document).

Part 3: CA/DRM Container, Loader, Interfaces, Revocation [i.1].

Part 4: The Virtual Machine (VM) [i.2].

Part 5: The Advanced Security System [i.3].

Part 6: Trust Environment [i.4].

Part 7: Extended Requirements [i.5].

Which together describe a solution allowing replacement of ECI Clients at any time by just downloading the ECI Clients requested by an end customer. The ECI Clients are installed in a standard software container in the CPE by a separate loader, with separate security algorithms and keys to protect the ECI Clients against integrity and substitution attacks independently from all other software in the CPE. The container's interfaces with the CPE are generic and defined in GS ECI 001-3 [i.1], enabling the ECI Client to interact with the various functions in the CPE and beyond.

The ECI Clients run upon a virtual machine instance that is defined in GS ECI 001-4 [i.2].

GS ECI 001-5 [i.3] specifies an Advanced Security mechanism to protect the key to the content during its travel into the CPE processor chip's content decryption facility.

The present document addresses use cases and requirements as basis for the implementation of interoperable CA/DRM systems in CPEs.

The ECI specification only applies to the reception and further processing of content which is controlled by a Conditional Access and/or Digital Rights Management system and has been scrambled by the service provider. Content that is not controlled by a Conditional Access and/or DRM system is not covered by the present document.

The ECI Group Specification is intended to be used in combination with a contractual framework (license agreement), compliance and robustness rules, and appropriate certification process (see note), under control of a Trust Authority, GS ECI 001-6 [i.4].