In Digital Video Broadcasting, the Common Interface (also called DVB-CI) is a technology which allows decryption of pay TV channels. Pay TV stations want to choose which encryption method to use. The Common Interface allows TV manufacturers to support many different pay TV stations, by allowing to plug in exchangeable conditional-access modules (CAM) for various encryption schemes.
The Common Interface is the connection between the TV tuner (TV or set-top box) and the module that decrypts the TV signal (CAM). This module, in turn, then accepts the pay-to-view subscriber card, which contains the access keys and permissions.
The host (TV or set-top box) is responsible for tuning to pay TV channels and demodulation of the RF signal, while CAM is responsible for CA descrambling. The Common Interface allows them to communicate with each other. All Common Interface equipment must comply with the EN 50221-1997 standard. This is a defined standard that enables the addition of a CAM in a DTV receiver to adapt it to different kinds of cryptography. The EN 50221 specification allows many types of modules but only the CAM has found popularity because of the pay TV market. Indeed, one of Digital Video Broadcasting's main strengths is the option of implementing the required conditional access capability on the Common Interface.
This allows broadcasters to use modules containing solutions from different suppliers, thus increasing their choice of anti-piracy options.
A DVB receiver may have one or two slots implementing the Common Interface (CI). The CI uses the conditional-access module (PCMCIA) connector and conforms to the Common Scrambling Algorithm (CSA), the normative that specifies that such a receiver must be able to accept DES (Data Encryption Standard) keys in intervals of some milliseconds, and use them to decode private channels according to a specific algorithm.
Those algorithms are proprietary to individual suppliers. Each one uses their own algorithms and there is no defined standard for them.
As the full MPEG-2 transport data stream comes out of the demodulator, and error correction units, the DTV Receiver sends it through the card plugged into the Common Interface, before it is processed by the MPEG demultiplexer in the receiver. If several CI cards are present, the MPEG transport data stream will be passed sequentially through all these cards.
An embedded CAM may not physically exist, as it may be in CPU software. In such a case, only the smart card reader normally in the CAM is fitted and not the PCMCIA type CI slots.
Even if the Common Interface has been created to resolve cryptography issues, it can have other functions using other types of modules such as Web Browser, iDTV (Interactive Television), and so forth.
The normative DVB-CI standard EN 50221 was defined in 1997 by CENELEC, the European Committee for Electrotechnical Standardization.
The specification only defines two aspects, two logical interfaces to be included on the same physical interface. The first interface is the MPEG-2 Transport Stream. The link and physical layers are defined in this specification and the higher layers are defined in the MPEG-2 specifications. The second interface, the command interface, carries commands between the host (receiver) and the module.
The specification does not define the operation or functionality of a conditional access system application on the module. The applications that may be performed by a module communicating across the interface are not limited to conditional access or to those described in this specification. More than one module may be supported concurrently.
The common interface shares many features of the PC Card Standard (PCMCIA). By reducing the widths of the address and data buses it has been possible to include a bi-directional parallel transport stream interface.
The transport stream format is specified by IEC 13818-1 and is the MPEG 2 TS format.
In addition there is a command interface for communication between the host and module.
This communication is in the form of a layered protocol stack which allows the host and module to share resources. For example, the module can request the current date and time from the host. To use this service, module shall open a session to the "Date-Time" resource provided by host. Or, module can ask the host to display a message on the TV screen and can then read keypresses from the host remote control. This is done by opening a session to host's Man-Machine Interface (MMI) Resource. This resource also allows the CAM to request and receive PIN numbers.
Some of defined by DVB-CI resources are de facto optional. For example, the host could contain a modem for communication over a telephone line allowing the CAM to implement pay-per-view. This can be done by opening a session to host's Low-Speed Communication (LSC) resource (assuming that the host announced the availability of this resource). The Host Control resource (allowing CAM to request force-tuned) also may be absent in some of hosts.
The definitely mandatory resources are Resource Manager, Application Information and Conditional Access Support ones. First two of these three are necessary for initial handshaking between CAM and its Host, while the CA Support resource is necessary for descrambling the selected channels.
The Command Interface is extensible and there are several specification documents available which describe these extensions (e.g. ETSI TS 101 699). However these extensions have often not proved popular with manufacturers.
CI+ (also known as CI Plus or Common Interface Plus) is a specification that extends the original DVB Common Interface standard (DVB-CI, sometimes referred to as DVB-CIv1). The main addition introduced by CI+ is a form of copy protection between a CI+ conditional-access module (referenced by the spec as CICAM, while CI+ CAM seems to be a more precise abbreviation) and the television receiver (Host). CI+ is backward compatible with DVB-CIv1. Old television receivers, which have CIv1 CI-slot, can be used with CI+ CAM and vice versa, but for viewing only those of TV programs which are not marked as CI+ protected.
A first draft of the specification was put up for review in January 2008 as V1.00 CI Plus Specification. The establishment of the Trusted Authority has been completed and an official security certification lab appointed.
In 2009, versions 1.1 and 1.2 were released. The 1.2 version became the first one which was massively deployed. The main features added to the original DVB-CI standard by the CI+ v1.2 are:
The spec doesn't state explicitly about each feature if it is mandatory or optional. The mandatory feature (as it's actually the main raison d'être of CI+) is Content Control. The optional feature of v1.2 version is "PVR Resource" – this can be concluded from the fact that it doesn't appear in newer CI+ spec versions.
In 2011, version 1.3 of the CI+ spec was released (later, was replaced with CI+ v1.3.1 and then with , still commonly referenced as CI+ v1.3). The main features added by CI+ v1.3 to CI+ v1.2 are:
With the development of CI+, the standard has now come under the umbrella of the DVB standards organization.
In 2014, DVB released specification, defining what is often referred as "CI+ v1.4". The main features added by ETSI TS 103 205 to CI+ v1.3 are:
In 2018, ETSI published the second generation DVB-CI standard (often referred to as CI+ v2.0): . The main evolution of this version is to add USB as physical layer to replace the aging PC Card interface.
CI+ Host and CAM testing and certification is carried out by (formerly Digital TV Labs) in the UK, Hong Kong, Belgium and Poland.
By making use of certificates issued by a trusted certification authority, a secure authenticated channel (SAC) is formed between a CI+ CAM and television receiver (Host). This SAC is used to generate a shared key, unique per a CAM-Host pair, which protects from unauthorized copying the content marked in the associated URI (Usage Rules Info) as a content which needs to be re-encrypted on its way from CAM to Host after removal the original CA or DRM scrambling (in the original CI standard, decrypted content could be sent over the PCMCIA interface only in unscrambled form).
CI+ standard allows revocation of compromised CI+ Hosts. This is done by broadcasting a Service Operator Certificate Revocation List (SOCRL) in a DSM-CC data carousel. If CAM detects that its Host's ID, model or brand is listed in SOCRL (and isn't listed in optional SOCWL - Service Operator Certificate White List), the CAM must refuse descrambling the content marked in CI+ URI as protected. A SOCRL is created and signed by the CI+ Root-of-Trust on request of a Service Operator. To prevent replay of out-of-dated SOCRL and SOCWL, they must be broadcast in combination with RSD (Revocation Signaling Data) table which specifies the last versions of SOCRL and SOCWL and their location in the DSM-CC data carousel. The RSD also must be signed.
A CI+ compliant Host device must also implement MHEG-5 interactive TV engine to manage navigation of the user within an interactive TV application, using its device remote control. Support of MHP or HbbTV interactive TV engines is optional.
The following operators have currently rolled out CI+ support or plan to do so:
In July 2009 the largest Cable operator in the Netherlands, Ziggo, announced that it will support CI+ based Integrated Digital Television sets (IDTVs) actively. In September 2009 the first batch of 15,000 (Shenzhen State Micro Technology Co., Ltd.) CI+ CAMs was offered by various Dutch retailers, followed in October 2009 by the first batch of Neotion CAMs. Other supporters include Canal+, and conditional access companies Irdeto and Conax. In 2009, NDS (now Cisco) announced that it will support Kabel Deutschland to deploy CI+ to its customers. In 2014, CI+ CAMs with Cisco VideoGuard CA, manufactured by were deployed at D-Smart, KDG (Kabel Deutschland), KBW, Sky Deutschland, Tele Columbus etc.
A new ETSI working group will be working on Embedded Common Interface (ECI).