To give you the best possible experience, this website uses cookies. By continuing to use NetUP websites without changing your browser settings, you are agreeing to our use of cookies.

Particular qualities of CI and CI Plus standards
or why CI Plus CAM cannot be used with professional headends

TV operators and copyright holders always sought ways to protect media content while broadcasting. It is not so obvious for modulated DVB signal since it streams in one direction without feedback from user devices. The only way to control and manage paid services with the use of DVB technology is content encryption. The broadcasting side encrypts the signal and on the receiving side, it is decrypted with a device called CAM (Conditional Access Module or CA-module) with a smartcard. CA-module carriers algorithms and a decryption system that opens content for viewing, recording, or copying. Without CA-module the stream cannot be decrypted and the content will not be played.

This technology has been named Common Interface (CI). The Common Interface is also a special slot for CA-module insertion into receiving devices. The module decrypts the TV channels, radio, or other services by the TV operator such as “Video on Demand" (VoD).

CI standard contains principles of hardware compatibility. It allows connecting CAM and smartcards to all receiving devices that have CI slots. But software encryption algorithms also known as CAS (Common access system) are individuals and unique depending on the developer of CA-modules. The most famous development companies of CAS are Viaccess, Irdeto, VideoGuard, and Nagravision.

Let's take a look at the scheme of encrypted signal streaming from a broadcasting side to a user device.

An unencrypted stream with the provider's content is delivered at the broadcasting headend. Then the stream is encrypted with a secret key (CW) from CW-generator. Along with it, the encryption system generates an ECM (Entitlement control message) - a message for delivering secret keys and EMM (Entitlement Management Message) - a message with user access rights.

Encrypted stream with ECM/EMM messages is broadcasted further to the receiving side. If there is no CAM in the CI slot the stream will not be decrypted. With inserted CAM the stream is sent through it for decryption.

A smart card that carries the algorithm for processing ECM returns secret keys back to the CAM where the stream is decrypted. Through the demultiplexer, an opened content gets for further broadcasting.

The performance of CAM is limited. Household modules usually open only 1 channel, professional ones can process up to 16 channels simultaneously.

The CI technology developed in the 1990s was very popular but wasn't without problems. The main problem was that the CAM returned a decrypted stream that wasn’t protected from copying or rebroadcasting and copyright holders couldn't control that.

This forced the DVB consortium to develop a new security standard called CI Plus introduced in 2008. The key difference between CI Plus and CI was “reverse encryption”. The CI Plus encrypts the signal again at the output of the CAM. Playback can only be performed on devices that support the CI PLUS and have an authentication certificate.

Each CAM needs to have its own certificate and the appliance must have a certificate set by the device manufacturer for authentication and validation. Certificates are issued by a trusted organization and encryption keys are unique for each connection between CI Plus CAM and receiver (host).

The CI Plus standard is developed for TV operators who want to work directly with individuals. CI Plus certificates are issued only for the developers of user devices such as televisions and household receivers. Therefore, it is almost impossible to stream the encrypted CI Plus channels through professional headends. Also, CI Plus CAM are single-channel and their use in professional headends is economically inexpedient.


to other articles