stevem-tw
commented
7 years ago While I we may be able to use EME in a system that's using CI or CI+ for descrambling, I'm not sure that EME is a good fit with the way that embedded conditional access systems operate..
My reading of the EME spec is that all keys must be passed to the CDM via the MediaKeySession interface (see the definition of "Key" in section 2 of the EME spec). While some of this may be feasible in a CI-based environment, this is not possible with any of the embedded CA systems that I'm aware of for digital TV: in those cases, the library provided by the CA vendor (the equivalent of the CDM) expects to directly acquire the ECM messages containing the keys, using hardware resources that it has requested from the software that it's linked against.
There are several reasons for this; security being one of them but performance being another. Different CA systems will need different information from the stream at different times in order to operate correctly, and managing this via an update() call to a MediaKeySession will be problematic. In most cases, the CA library will directly set up the section filters it needs to extract the relevant data, based on the PMT and Condtional Access Table carried in an MPEG-2 transport stream.
While we could ignore embedded CA systems, that will exclude a lot of devices and potential uses. This may be an area where it's best for the spec to be mostly silent: different CA systems have different requirements, and so it is probably best left to the user agent to decide how a given CA system is integrated.
When an application tunes in to an encrypted channel, the decryption happens automatically provided the right CI Card is present on the system. My understanding is that this decryption is not tied to any particular origin: if the Card is there, any app can decrypt the content.
On the Web, EME comes to mind as an API to control playback of encrypted content. One advantage of using EME is that the application explicitly requests media keys for decryption and these keys are per origin. This provides a mechanism to restrict the decryption of encrypted channels to Web domains that are authorized to do so (as required by the presentation restrictions use case).
From a technical perspective, the use of EME seems already doable with the current API, at least in theory: if you get an encrypted media stream, you should be able to plug it into an
HTMLMediaElementand then use EME to associate media keys with it.However, the current API seems to assume that encrypted channels can always be associated with a CAS system ID. If EME seems like a useful possibility in some cases, applications probably need a way to tell whether a channel is going to need EME (and to filter out such channels if they know they cannot decrypt them).
I haven't thought much about the topic. Just raising this as an issue so that he group keeps an eye on it.