Embedded common interface for exchangeable CA/DRM solutions; CA/DRM container, loader, interfaces, revocation
|Publication Date:||1 April 2020|
The architecture of the ECI system is defined in [ITU-T J.1011]; refer also to [b-ETSI GS ECI 001-1]. The ECI system is based on requirements as defined in [ITU-T J.1010]; refer also to [b-ETSI GS ECI 001-2]. This Recommendation specifies the core functionality of an ECI Ecosystem, including CA/DRM Container, Loader, Interfaces and Revocation details; see also [b-Illgner]. A major advantage and innovation of the ECI Ecosystem, compared with currently deployed systems, is a complete software-based architecture for the loading and exchange of CA/DRM systems, avoiding any detachable hardware modules. Software containers provide a secure ("Sandbox") environment for either CA or DRM kernels, hereafter named as ECI Clients, together with their individual Virtual Machine instances. Necessary and relevant application programming interfaces (API) between ECI Clients and ECI Host ensure that multiple ECI Clients can be operated in a secure operation environment and completely isolated from the rest of the CPE firmware and are specified in full details. The installation and exchange of an ECI Host as well as multiple ECI Clients is the task of the ECI Loader, which is initially loaded by a chip loader. ECI Host and ECI Clients are downloaded via the digital video broadcasting (DVB) data carousel for broadcast services and/or via IP-based mechanisms from a server in case of broadband access. This process is embedded in a secure and trusted environment, providing a trust hierarchy for installation and exchange of ECI Host and ECI Clients and thus enabling an efficient protection against integrity- and substitution attacks. For this reason, the ECI Ecosystem integrates an advanced security mechanism, which relies on an efficient and advanced processing of control words (CWs), specified as Key Ladder block and integrated in a system-on-chip (SoC) hardware in order to provide the utmost security necessary for ECI compliance. ECI-specific advanced security functions also play a key role in a re-encryption process in case of stored protected content and/or associated with export of protected content to an ECI-compliant or non-compliant external device. An advanced micro DRM system provides the necessary functionality and forms an integral part of such a concept. Advanced security functionality is relevant also in case of revocation of a CPE or a specific ECI Client. Related APIs are specified in this Recommendation, while advanced security is covered in detail in [ITU-T J.1014] and [ITU-T J.1015], refer also to [b-ETSI GS ECI 001-5-1] and [b-ETSI GS ECI 001-5-2].
A number of APIs characterize the ECI Ecosystem, guaranteeing communication with relevant associated entities, e.g., with ECI Loaders, the import and export of protected content, advanced security, decryption and encryption, local storage facilities and watermarking. Additional APIs are available for ECI Client man-machine-interfac
The exchange of ECI Clients is initiated by the User or may be requested by an Operator in case of necessary updates. A minimum of two ECI Clients are supported, with two additional ECI Clients as far as local storage on a personal video recorder (PVR) is available or for export reasons.
This Recommendation covers specification details in the following clauses:
The ECI certificate system is specified in clause 5, covering Certificates for various purposes for ECI Host Loader, ECI Client Loader and ECI Operator Certificates, including the definition of these Certificates and associated Revocation List, their composition into chains and the root certificate structure.
The ECI Host Loader is covered in clause 6, where the ECI Host loading process addresses the storage of an image, verification of the authenticity of the image by the CPE using ECI TA provided authentication data, and the subsequent activation of the image. This includes specification of the file format, th etransport protocol and the Operator specific revocation of the ECI Host Images.
Clause 7 covers all specification details with regard to the ECI Client Loader based on the fact that the ECI Host can download, store and activate ECI Client Images and accompanying data. The ECI Client loading process can be split up into several steps ranging from discovery process to download and initialization of ECI Clients, allowing the download process to be performed using data from the broadcast stream or from the internet.
Clause 8 deals with revocation specification details including functionality to selectively exclude the delivery of services to CPEs based on the ECI TA status of the CPE hardware, the ECI Host, other Platform Operations and ECI Clients loaded.
Detailed specifications of ECI Client interfaces can be found in clause 9, covering very comprehensive specification details necessary for the ECI eco-system, APIs for general ECI Host resources, ECI-specific ECI Host resources, ECI Host decryption resources, ECI Host re-encryption resources, content protection-related resources and ECI Client-to-ECI Client-related resources.
Finally, clause 10 deals with mandatory and optional ECI Host functionalities.
This ECI core specification only applies to the reception and further processing of content, which is controlled by a conditional access and/or digital rights management system and has been encrypted by the service provider.
Content that is not controlled by a conditional access and/or DRM system is not covered by this Recommendation.
This Recommendation is intended to be used in combination with a contractual framework (licence agreement), compliance and robustness rules and appropriate certification process agreements under the control of a trust authority, which are not subject to technical specifications as represented by ECI Group Specifications. Some of these basic aspects can be found in an informative annex to [b-ETSI GS ECI 001-6], related to trust environment, which specifies the technical mechanisms and relations concerning a trusted environment.