1、 IEC 62455 Edition 2.0 2010-12 INTERNATIONAL STANDARD Internet protocol (IP) and transport stream (TS) based service access IEC 62455:2010(E) colour inside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2010 IEC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this
2、 publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of the requester. If you have any questions about IEC copyright or ha
3、ve an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. IEC Central Office 3, rue de Varemb CH-1211 Geneva 20 Switzerland Email: inmailiec.ch Web: www.iec.ch About the IEC The Internati
4、onal Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. About IEC publications The technical content of IEC publications is kept under constant review by the IEC. Please mak
5、e sure that you have the latest edition, a corrigenda or an amendment might have been published. Catalogue of IEC publications: www.iec.ch/searchpub The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,). It also gives information on p
6、rojects, withdrawn and replaced publications. IEC Just Published: www.iec.ch/online_news/justpub Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available on-line and also by email. Electropedia: www.electropedia.org The worlds leading
7、 online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical Vocabulary online. Customer Service Centre: www.iec.ch/webstore/custserv If y
8、ou wish to give us your feedback on this publication or need further assistance, please visit the Customer Service Centre FAQ or contact us: Email: csciec.ch Tel.: +41 22 919 02 11 Fax: +41 22 919 03 00 IEC 62455 Edition 2.0 2010-12 INTERNATIONAL STANDARD Internet protocol (IP) and transport stream
9、(TS) based service access INTERNATIONAL ELECTROTECHNICAL COMMISSION XP ICS 33.170; 35.100; 35.240.99 PRICE CODE ISBN 978-2-88912-289-9 Registered trademark of the International Electrotechnical Commission colour inside 2 62455 IEC:2010(E) CONTENTS FOREWORD 14 1 Scope 16 2 Normative references 16 3 T
10、erms, definitions and abbreviations. 18 3.1 Terms and definitions . 18 3.2 Symbols 23 3.3 Abbreviations. 24 3.4 Identifiers assigned by external entities 28 4 General . 28 4.1 Overview . 28 4.2 General description of the system and elements 29 4.2.1 General 29 4.2.2 Selected technologies 30 4.2.3 Ov
11、erview of four-layer model for service protection . 31 4.3 End-to-end system . 33 4.4 Supported systems and device types . 33 4.5 Service protection versus content protection . 35 5 General specifications . 36 5.1 End-to-end architecture 36 5.2 Special cases 38 5.2.1 Free-to-air services . 38 5.2.2
12、Free-to-view services 38 5.3 Service guide and purchase 38 5.4 Four-layer model Key hierarchy 39 5.4.1 General 39 5.4.2 Keys on the traffic layer . 40 5.4.3 Keys on the key stream layer . 40 5.4.4 Keys on the rights management layer (interactive mode) . 43 5.4.5 Keys on the rights management layer (
13、broadcast mode) 43 5.4.6 Keys on the registration layer (interactive mode) 43 5.4.7 Keys on the registration layer (broadcast mode) . 43 5.4.8 Authentication overview . 46 5.5 Deployment for broadcast mode of operation 47 5.5.1 Concept of Domains Interactive and broadcast domains 47 5.5.2 Addressing
14、 (group/subset/device/domain) 48 5.5.3 Zero message broadcast encryption scheme 51 6 Traffic layer 53 6.1 General . 53 6.2 IPsec 53 6.2.1 General 53 6.2.2 Selectors 54 6.2.3 Encapsulation protocol and mode . 54 6.2.4 Encryption algorithm 55 6.2.5 Authentication algorithm 55 6.2.6 Security associatio
15、n management . 55 6.3 ISMACryp 55 62455 IEC:2010(E) 3 6.3.1 Streamed content 55 6.3.2 Downloadable audio/visual content (stored in MP4 files) . 56 6.3.3 Use of ISMACryp with the rights management and key stream layers . 57 6.4 SRTP 57 6.4.1 General 57 6.4.2 Key management 59 6.4.3 Encryption algorit
16、hm 60 6.4.4 Authentication algorithm 60 6.5 MPEG2 TS crypt 60 6.5.1 General 60 6.5.2 Transport stream level scrambling 62 6.5.3 PES level scrambling . 62 6.5.4 Descrambling MPEG2 content 63 6.5.5 Supported ciphers . 64 6.5.6 Key management 64 7 Key stream layer 65 7.1 General . 65 7.2 Format of the
17、key stream message (KSM) 65 7.2.1 Format . 65 7.2.2 Descriptors for access_criteria_descriptor_loop 68 7.2.3 Constants . 75 7.2.4 Coding and semantics of attributes . 75 8 Rights management layer 83 8.1 General . 83 8.2 Identification of rights objects 83 8.3 Requirements for rights objects . 84 8.3
18、.1 Requirements for service ROs 84 8.3.2 Requirements for programme ROs 84 8.4 Format of rights objects 85 8.4.1 Format of an Interactivity channel rights object (ICRO) 85 8.4.2 Format of a broadcast rights object (BCRO) . 85 8.4.3 Format of the asset object 89 8.4.4 Format of the permission object
19、92 8.4.5 Format of the action object . 93 8.4.6 Format of the constraint object . 94 9 Registration layer . 100 9.1 General . 100 9.2 RI context 100 9.3 Registration layer protocols and message specification 101 9.3.1 Interactivity channel registration layer specification 101 9.3.2 Broadcast channel
20、 registration layer specification. 101 9.3.3 Domain joining and leaving 136 9.3.4 Token handling . 151 9.3.5 Mixed-mode registration for interactive and broadcast modes of operation 158 10 Signalling and service guide 159 10.1 General . 159 10.2 Signalling requirements 160 10.2.1 Signalling informat
21、ion 160 4 62455 IEC:2010(E) 10.2.2 Requirements for signalling the KSM . 160 10.2.3 Requirements for signalling of services . 160 10.3 Service guide requirements . 160 10.4 Service guide recommendations 160 11 Rights issuer services and rights issuer streams 161 11.1 General . 161 11.2 Rights issuer
22、 services. 161 11.2.1 Requirements for rights issuer services in IPDC over DVB-H systems 161 11.2.2 Requirements for rights issuer services in DVB-T/C/S systems 162 11.2.3 Requirements for the support of rights issuer services and streams in IPTV systems . 162 11.3 Usage of rights issuer streams and
23、 services . 162 11.3.1 General 162 11.3.2 Scheduled RI stream . 163 11.3.3 Ad hoc RI stream 163 11.3.4 In-band RI streams within a media service . 163 12 Service subscription and purchase . 165 12.1 General . 165 12.2 Purchase over an interactivity channel . 166 12.2.1 General 166 12.2.2 Typical pur
24、chase sequences 167 12.2.3 Protocol . 188 12.2.4 XML schemas for request and response messages . 189 12.2.5 XML schema definition for request and response related XML elements 203 12.3 Purchase for mixed-mode devices . 207 12.4 Out-of-band purchase . 208 12.4.1 Means of purchase Introduction . 208 1
25、2.4.2 Out-of-band purchase from service guide data . 208 12.5 Required service guide Information 210 12.5.1 General 210 12.5.2 Service operation centre (including service distribution management) . 211 12.5.3 Customer operation centre (including service subscription management) 211 12.5.4 Service 21
26、2 12.5.5 ScheduleItem 213 12.5.6 ContentItem 213 12.5.7 Purchase item . 214 12.5.8 Purchase data 214 13 Protection of IPDC over DVB-H systems . 214 13.1 General . 214 13.2 Delivery of traffic layer data in IPDC over DVB-H systems 215 13.3 Delivery of key stream data in IPDC over DVB-H systems 215 13
27、.4 Delivery of rights management data in IPDC over DVB-H systems 215 13.4.1 General 215 13.4.2 Delivery of ICROs in IPDC over DVB-H systems over interactivity channel 215 13.4.3 Delivery of BCROs in IPDC over DVB-H systems over broadcast channel 215 13.5 Delivery of registration data in IPDC over DV
28、B-H systems 215 62455 IEC:2010(E) 5 13.5.1 General 215 13.5.2 Delivery of registration data in IPDC over DVB-H systems over an interactivity channel. 216 13.5.3 Delivery of registration data in IPDC over DVB-H systems over a broadcast channel . 216 13.6 Signalling and service guides in IPDC over DVB
29、-H systems 216 13.6.1 General 216 13.6.2 Signalling of KSM in IPDC over DVB-H systems . 216 13.6.3 The service guide for IPDC over DVB-H systems 217 13.7 Format and use of RI streams over IPDC over DVB-H systems . 217 13.7.1 General 217 13.7.2 IP characteristics 218 13.7.3 RI stream packet format. 2
30、18 13.7.4 Implementation notes 220 13.7.5 Mapping of messages to RI services and streams 221 13.7.6 Discovery of RI services, streams and schedule Information 221 13.7.7 Certificate chain updates . 222 13.7.8 Resending of BCROs 222 13.7.9 Summary of requirements for rights issuers . 223 13.7.10 Summ
31、ary of requirements for devices . 223 13.7.11 Mapping of messages to DVB-H time sliced bursts . 224 14 Protection of DVB T/C/S systems . 224 14.1 General . 224 14.2 Delivery of traffic layer data in DVB T/C/S systems 225 14.3 Delivery of key stream data in DVB T/C/S systems 225 14.4 Delivery of righ
32、ts management data in DVB T/C/S systems 226 14.4.1 General 226 14.4.2 Delivery of ICROs in DVB T/C/S systems over interactivity channel 226 14.4.3 Delivery of BCROs in DVB T/C/S systems over broadcast channel . 226 14.5 Delivery of registration data in DVB T/C/S systems 227 14.5.1 General 227 14.5.2
33、 Delivery of registration data in DVB T/C/S systems over an interactivity channel 227 14.5.3 Delivery of registration data in DVB T/C/S systems over a broadcast channel 227 14.5.4 Registration message table 228 14.6 Signalling and service guide in DVB T/C/S systems . 230 14.6.1 General 230 14.6.2 Si
34、gnalling of encrypted services in DVB T/C/S systems . 231 14.6.3 SI tables. 239 14.6.4 SI descriptors . 248 14.7 User-defined identifiers used in DVB-SI tables 262 14.8 Scope of identifiers used in DVB-SI tables 262 14.9 Format of RI services over DVB-T/C/S systems . 263 14.9.1 General 263 14.9.2 RI
35、 stream packet format . 263 14.9.3 Addressing of objects 263 14.9.4 Mapping of messages to RI services and streams. 263 15 Protection of MPEG2 TS-based IP systems . 263 15.1 General . 263 6 62455 IEC:2010(E) 15.2 Encapsulation of an MPEG2 TS in IP . 264 15.3 Delivery of traffic layer data in MPEG2 T
36、S-based IP systems 264 15.4 Delivery of key stream data in MPEG2 TS-based IP systems 264 15.5 Delivery of rights management data in MPEG2 TS-based IP systems 264 15.6 Delivery of registration data in MPEG2 TS-based IP systems . 264 15.7 Signalling and service guides in MPEG2 TS-based IP systems. 264
37、 15.7.1 General 264 15.7.2 Signalling and the service guide in DVB-IPI systems . 264 15.7.3 Signalling and service guides in non-DVB-IPI systems 267 15.8 Format of RI services over MPEG2 TS-based IP systems . 267 15.9 Content-on-demand support 267 15.9.1 General 267 15.9.2 Content-on-demand trick pl
38、ay support . 268 15.10 Use of server-side purchase interfaces 268 15.10.1 General 268 15.10.2 Example showing registration via a web interface . 269 15.10.3 Example showing purchase via a web interface 269 16 Protection of non-MPEG2 TS-based IP systems 269 16.1 General . 269 16.2 Delivery of traffic
39、 layer data in non-MPEG2 TS-based IP systems . 269 16.3 Delivery of key stream data in non-MPEG2 TS-based IP systems . 270 16.4 Delivery of rights management data in non-MPEG2 TS-based IP systems 270 16.5 Delivery of registration data in non-MPEG2 TS-based IP systems . 270 16.6 Signalling and servic
40、e guides in non-MPEG2 TS-based IP systems. 270 16.7 Format of RI services over non-MPEG2 TS-based IP systems 270 16.8 Content-on-demand support 270 Annex A (normative) Supporting specifications . 271 Annex B (informative) Deployment considerations . 354 Bibliography . 407 Figure 1 System overview .
41、29 Figure 2 Service protection via four-layer model 31 Figure 3 Highly simplified view of the end-to-end system . 33 Figure 4 Service protection versus content protection 35 Figure 5 Service protection and purchase entities and names (broadcast architecture) . 36 Figure 6 Public key infrastructure 3
42、7 Figure 7 Overview of service guide and purchase . 39 Figure 8 4-layer key hierarchy Use of SEK only 41 Figure 9 4-layer key hierarchy Use of PEK and SEK . 42 Figure 10 Authentication hierarchy 46 Figure 11 Explaining the concept of addressing 48 Figure 12 (Oversimplified) group BCRO . 49 Figure 13
43、 (Oversimplified) subscriber group BCRO . 49 Figure 14 (Oversimplified) unique device BCRO 50 Figure 15 (Oversimplified) broadcast domain BCRO 50 Figure 16 Example of a zero message tree with three nodes (keys) 51 62455 IEC:2010(E) 7 Figure 17 IPsec security association elements 54 Figure 18 ISMACry
44、p Key Management . 57 Figure 19 SRTP cryptographic context management 59 Figure 20 MPEG2 transport stream cryptographic context management 61 Figure 21 Single-key versus dual-key TS over time . 63 Figure 22 Registration for broadcast mode of operation with one ROT 102 Figure 23 Offline NDD protocol
45、. 103 Figure 24 Samples of notification displays 104 Figure 25 Off-line NSD protocol. 104 Figure 26 Action request code (ARC) . 104 Figure 27 Samples of notification displays showing an ARC message . 106 Figure 28 Sample of token consumption reporting notification display . 107 Figure 29 Sample of T
46、AA report display . 108 Figure 30 1-pass PDR protocol (first) device registration . 109 Figure 31 1-pass IRD protocol RI initiated message to device (here re-registration) . 109 Figure 32 Unique device number . 112 Figure 33 Device_registration_response() message 122 Figure 34 Structure of device_re
47、gistration_response() message . 123 Figure 35 Domain_registration_response() message . 142 Figure 36 Structure of domain_registration_response() message 143 Figure 37 Registration for mixed-mode operation with one ROT 159 Figure 38 Relationship between RI service and RI streams and other services an
48、d RI Streams. 163 Figure 39 Message flows for service subscription and purchase for the connected mode of operation 165 Figure 40 Message flows for service subscription and purchase for the unconnected mode of operation 166 Figure 41 Interactions for bulk download of service and programme keys 168 F
49、igure 42 Interactions for bulk download of purchase information . 169 Figure 43 Interactions for announcement of purchase items in service guide 170 Figure 44 Interactions for pricing inquiry 171 Figure 45 Interactions for unsuccessful purchase 175 Figure 46 Interactions for successful purchase . 179 Figure 47 Interactions for subscription RO renewal and asynchronous charging . 183 Figure 48 Interactions for asynchronous charging