scope:

ECI Architecture, Definitions and Overview, as covered by this framework document, is part of a multi-part standard specifying a system architecture for general purpose, software-based, embedded and exchangeable CA/DRM systems which would be the most appropriate and future-proof solution for overcoming market fragmentation and enabling interoperability. Key benefits of the envisaged approach for content security are:

• Flexibility and scalability due to software-based implementation

• Exchangeability fostering future-proof solution and enabling innovation

• Applicability to content distributed via broadcast and broadband, including OTT

• Support of multi-screen environment

• Stimulation of the market for platform operators, network/service providers, and consumers by avoiding "Lock-in"

• The specification of an open eco-system fostering market development

The ECI system aims at exchangeability of CA and DRM systems in CPEs on all relevant levels and aspects, at lowest possible costs for the consumers and at minimal restrictions for CA or DRM vendors to develop their target products for the PayTV market. The core element of ECI is to specify the interface between the software-based CA/DRM -client and the host system. Therefore, amongst others, the ECI has the following functionalities:

• A software container for the CA respectively the DRM kernel - hereafter called ECI Client - with:

- standardized interfaces to all relevant functionalities of the CPE

- a standardized Virtual Machine (VM) to run upon

• Support of smartcard-less systems as well as use in smartcard-based systems

• Inclusion of a multitude of such software containers in a CPE, each container running on its own instance of the VM

• Installation of the ECI Client independently from other CPE software by a secure and standardized loader concept

• Advanced Security, also known as Chip Set Security, to support state-of-the-art content protection

• Provisions to leverage hardware-assisted security functionalities

• Methods for the user to discover the right ECI Client to download

• Methods for revocation of (parts of) the ECI Client's functionality and CPE's functionality

• Suited for classical digital broadcasting, IPTV or modern OTT-based systems

• Although ECI shows some similarity with already deployed solutions, there are substantial differences:

1) The CA/DRM client module is in software and no longer in hardware. Hence, no costs are incurred at the consumer side to swap a CA or DRM system.

2) Several parallel ECI Clients can be implemented in one and the same CPE, without adding relevant cost.

3) These clients can run concurrently in the one device.

As a result, a CA or DRM component can be exchanged much easier, allowing the end-user to change operator or get services from a variety of operators on his CPE, without having to exchange expensive modules.

The complete multi-part standard consists of a group of specifications, including a Framework specification (the present document), in combination with the underlying specifications:

Part 1: Architecture, Definitions and Overview (the present document)

Part 2: Use cases and requirements [1]

Part 3: CA/DRM Container, Loader, Interfaces, Revocation [i.1]

Part 4: The Virtual Machine (VM) [i.2]

Part 5: The Advanced Security System [i.3]

Part 6: Trust Environment [i.4]

Part 7: Extended Requirements [i.5]

which together describe a solution allowing replacement of ECI Clients at any time by just downloading the ECI Clients requested by an end customer. The ECI Clients are installed in a standard software container in the CPE by a separate loader, with separate security algorithms and keys to protect the ECI Clients against integrity and substitution attacks independently from all other software in the CPE. The container's interfaces with the CPE are generic and defined in GS ECI 001-3 [i.1], enabling the ECI Client to interact with the various functions in the CPE and beyond.

The ECI Clients run upon a virtual machine instance that is defined in GS ECI 001-4 [i.2].

GS ECI 001-5 [i.3] specifies an Advanced Security mechanism to protect the key to the content during its travel into the CPE processor chip's content decryption facility.

The present document addresses an architecture and an overview of the relevant interface specifications for the implementation of interoperable CA/DRM systems in CPEs.

The ECI specification only applies to the reception and further processing of content which is controlled by a Conditional Access and/or Digital Rights Management system and has been scrambled by the service provider. Content that is not controlled by a Conditional Access and/or DRM system is not covered by the present document.

The ECI Group Specification is intended to be used in combination with a contractual framework (license agreement), compliance and robustness rules, and appropriate certification process (see note), under control of a Trust Authority, GS ECI 001-6 [i.4].

NOTE: Contractual framework (license agreement), compliance and robustness rules, and appropriate certification process are not subject to the standardization work in ISG ECI.