1、 TIA-1146 April 2009 Forward Link Only Open ConditionalAccess (OpenCA) Specification NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement
2、 of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conformi
3、ng to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (A
4、NSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory re
5、quirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. 3-0316, formulated under the cognizance of the TIA, TR-47 Terrestrial Mobile Multimedi
6、a Multicast. TR-47.1 Subcommittee onTerrestrial Mobile Multimedia Multicast based on Forward Link Only Technology). Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION Standards and Technology Department 2500 Wilson Boulevard Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA
7、TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call IHS USA and Canada (1-800-525-7052 ) International (303-790-0600) or search online at http:/www.tiaonline.org/standards/catalog/ All rights reserved Printed in U.S.A. NOTICE OF COPYRIGHT This document is copyright
8、ed by the TIA. Reproduction of these documents either in hard copy or soft copy (including posting on the web) is prohibited without copyright permission. For copyright permission to reproduce portions of this document, please contact TIA Standards Department or go to the TIA website (www.tiaonline.
9、org) for details on how to request permission. Details are located at: http:/www.tiaonline.org/standards/catalog/info.cfm#copyright OR Telecommunications Industry Association Standards (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its prese
10、nt or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by o
11、ne or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with referen
12、ce to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing term
13、s or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If the Document contains one or more Normative References to a document published
14、 by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of mandatory, alternate or optional elements (as defined in the TIA Engineering M
15、anual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essenti
16、al Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or
17、 monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND A
18、LL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS A
19、ND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIA
20、BLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), W
21、HETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUB
22、LISHED BY TIA WITHOUT SUCH LIMITATIONS. Forward Link Only Conditional Access Specification TIA-1146 6 Contents 1 2 1. Scope and Organization . 8 3 1.1. Organization of the document . 8 4 2. Apparatus 9 5 2.1. Compliance Terminology 9 6 2.2. Normative References 9 7 3. Definitions and abbreviations 1
23、0 8 3.1. Definitions . 10 9 3.2. Symbols and abbreviations . 10 10 4. Introduction . 11 11 4.1. General requirement for OpenCA compliant systems 12 12 5. Entitlement Management Message 13 13 5.1. Recommended Means of Delivering EMMs . 13 14 6. Entitlement Control Message 14 15 6.1. Signaling and del
24、ivery of ECMs 14 16 6.2. Crypto-period and Superframes . 15 17 6.3. Recommendation on Bandwidth Allocation for ECMs 15 18 7. Real-time Services 16 19 7.1. Encryption and transport settings . 16 20 7.2. Encryption Information Message 16 21 7.3. Examples of EIM use 17 22 7.4. Copy protection . 18 23 8
25、. The Secure Container as a UICC . 19 24 8.1. Application IDentifier (AID) . 19 25 8.2. KMS application selection . 19 26 9. Secure Authenticated Channel . 20 27 9.1. High level description of the SAC . 20 28 9.2. The cryptographic keys and parameters 20 29 9.2.1. The descramblers keys . 20 30 9.3.
26、The SAC protocol . 21 31 9.3.1. Session key establishment 21 32 9.3.2. Secure key exchange 21 33 10. Head-end interfaces . 22 34 10.1. Adaptation of Simulcrypt head-end interfaces 22 35 10.1.1. Reference head-end architecture and interfaces and adaptations 22 36 10.1.2. Definitions . 23 37 TIA-1146
27、Forward Link Only Conditional Access Specification 7 10.1.3. Message Protocol Version . 23 1 10.1.4. Interface ECMG SCS 23 2 10.1.5. Using ECMG SCS in a Forward Link Only network 23 3 10.2. Injecting EMM IP streams . 24 4 Annex A. (INFORMATIVE) 25 5 A.1 High-level view of the system . 25 6 A.2 Hiera
28、rchical model for content Head-end implementation of DVB 16 SimulCrypt. 17 6. ETSI TS 101 220 Smart-cards; ETSI numbering system for telecommunication application 18 providers. 19 7. ETSI TS 102 221 Smart-cards; UICC-Terminal interface; Physical and logical characteristics. 20 8. ISO3) 11770-3: Info
29、rmation technology Security techniques key management Part 3: 21 Mechanisms using asymmetric techniques. 22 9. ISO 7816-4:2005, Identification cards Integrated circuit cards Part 4: Organization, security and 23 commands for interchange. 24 10. IETF4) RFC 1112, Host Extensions for IP Multicasting. 2
30、5 11. IETF RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List 26 (CRL) Profile. 27 12. IETF RFC 3447, Public-Key Cryptography Standards (PKCS)#1; RSA Cryptography Specifications 28 Version 2.1. 29 13. ITU-T Recommendation X.509, Information Technology Open
31、 Systems Interconnection The 30 Directory: Authentication Framework ITU-T X.509 standard. 31 14. FIPS PUB 197. Specification for the advanced encryption standard (AES), 2001. 32 15. Recommendation for Block Cipher Modes of Operation, NIST Special Publication 800-38A, 2001 33 Edition. 34 1) TIA Stand
32、ards and recommendations are issued by the Telecommunications Industry Association (TIA). The address of the TIA is: Telecommunications Industry Association, 2500 Wilson Blvd., Suite 300, Arlington, VA 22201 USA. 2) ETSI publications are available from http:/www.etsi.org. 3) ISO publications are ava
33、ilable from http:/www.iso.org. 4) RFCs are issued by the Internet Engineering Task Force (IETF). The address of the IETF is: IETF Secretariat, c/o Corporation for National Research Initiatives, 1895 Preston White Drive, Suite 100, Reston, VA 20191-5434, USA. Forward Link Only Conditional Access Spec
34、ification TIA-1146 10 3. DEFINITIONS AND ABBREVIATIONS 1 3.1. Definitions 2 All definitions from 2, 3, and 4 apply to this specification. 3 4 Content Owner: The Entity that owns the rights to the content. 5 Content Protection: Content protection deals with post-delivery usage rights which specify ho
35、w content 6 can be used according to permissions and constraints. 7 Content Provider: The Entity that provides and transmits the content via the Forward Link Only network. 8 Control Word: Key used to decrypt services. 9 Key Management System: An end-to-end system to authorize users and provide them
36、the necessary 10 means to access protected content. 11 KMS Device Agent: An entity that contains the specific logic required to control the descrambling process 12 for a specific KMS. 13 Secure Container: Secure hardware (e.g. a UICC) allowing performing secure generation of the Control 14 Words fro
37、m the received Entitlement Control Messages. 15 Service Protection: It refers to controlling consumer access to content on a service providers network at 16 the moment of broadcast. It does not define what happens to content once delivered to the client. 17 3.2. Symbols and abbreviations 18 APDU App
38、lication Protocol Data Unit CW Control Word ECM Entitlement Control Message EMM Entitlement Management Message KDA KMS Device Agent KMS Key Management System MLC Multicast Logical Channel SAC Secure Authenticated Channel SEK Service Encryption Key SMS Short Message Service UICC Universal Integrated
39、Circuit Card URL Uniform Resource Locator USI Usage State Information TIA-1146 Forward Link Only Conditional Access Specification 11 4. INTRODUCTION 1 The OpenCA framework is designed to provide commercial and security benefits to operators, horizontal-2 market channel providers and device manufactu
40、rers, and end-users. 3 Commercial benefits include: 4 Adaptability: The ability to download updates of key security features and new business models to 5 Devices in the field. Thus a flaw in the security system can be fixed by the security provider without 6 waiting for a standard to be agreed upon.
41、 Moreover, new business models can be developed by 7 operators and content providers and rapidly provided to end-users. 8 Vendor independence: Operators have the freedom to seamlessly switch between security providers 9 or even to simultaneously use two different vendors without the need to replace
42、the Device. 10 Moreover, the framework is ideally suited for implementation in horizontal-market (standard) devices, 11 free of integration cost or customization. 12 Proven approach: The framework is modeled after the proven pay-TV content security paradigms 13 that protect high quality content worl
43、d-wide. 14 Control of Key Management System: The Key Management System (KMS) is the security 15 component responsible for the generation of Entitlement Control Messages (ECMs) and business 16 model enforcement. For better security and control in the device, the KMS can be implemented inside 17 a Sec
44、ure Container under the control of the operator. 18 Interoperability: The framework enables the deployment of Simulcrypt, which provides secure 19 sharing of content amongst a set of operators, each with its own independent security system. Using 20 Simulcrypt, the effect of one security system bein
45、g compromised can be negated and has no impact 21 on the other security systems. 22 Security benefits include: 23 Renewable security: The main element of any security system is its KMS; the ability of a security 24 system to renew its KMS is crucial for long-term maintenance of security. 25 KMS comp
46、artmentalization: Having a choice from many independent KMSs enhances security as a 26 compromised KMS can be switched off in favor of a new one. The framework enables seamless 27 transition to another KMS provider. A KMS provider can use variants of their security solution in 28 different markets t
47、o minimize the likelihood and impact of any security compromise. 29 Support for multiple security systems: The framework is designed to support any number of 30 security providers technologies by allowing seamless replacement of one security providers KMS 31 with another. 32 The proven approach for
48、pay-TV systems has been adopted for broadcasting over satellite, terrestrial, 33 cable and mobile. It is extended by the OpenCA framework. The functional relationships provided by the 34 framework are illustrated in Figure 1. The framework sits above the common content 35 scrambling/descrambling mec
49、hanism, and allows any KMS to be plugged. For example, Figure 1 36 illustrates that a KMS solution that plugs into the framework could be from a provider “A”, “B”, or “C”. 37 C o n t e n t s c r a m b l i n g / d e s c r a m b l i n gO p e n C A f r a m e w o r kK M S A K M S CK M S BS I S i g n a l l i n g S i g n a l s p e r c o n t e n t w h i c h s y s t e m i s u s e d38 Figure 1: OpenCA fram
