1、 ETSI GS ECI 001-1 V1.1.1 (2014-09) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 1: Architecture, Definitions and Overview Disclaimer This document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM solutions ETSI Industry Specifi
2、cation Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 2Reference DGS/ECI-001-1 Keywords CA, DRM, swapping ETSI 650 Route des Luc
3、ioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org The p
4、resent document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such ve
5、rsions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the
6、 current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be rep
7、roduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restrict
8、ion extend to reproduction in all media. European Telecommunications Standards Institute 2014. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its
9、 Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 3Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Introduction 5g31 Scope 6g32 References 7g32.
10、1 Normative references . 7g32.2 Informative references 8g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 The technical concept of the ECI System 9g34.1 Basic considerations . 9g34.2 Architectural overview . 10g34.3 Mandatory functionality of ECI compliant devices 12
11、g34.4 Necessary Interfaces between ECI-Host and ECI-Client . 12g34.5 A minimum User Interface and Display functionality 13g34.6 The Virtual Machine 13g34.7 The “Advanced Security“ facility . 13g34.8 Re-scrambling 13g34.9 The ECI Loader functionalities 14g34.10 Revocation 15g35 Trust Environment 16g3
12、5.1 Necessary operational workflows . 16g3Annex A (informative): Implementation of a ECI-compliant Trust System . 19g3Annex B (informative): Bibliography . 21g3History 22g3ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 4Intellectual Property Rights IPRs essential or potentially essential to the present doc
13、ument may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect o
14、f ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other I
15、PRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common Interface (ECI) for exchangeable C
16、A/DRM solutions. The present document is part 1 of a multi-part deliverable covering the Architecture, Definitions and Overview for the Embedded Common Interface for exchangeable CA/DRM solutions specification, as identified below: Part 1: “Architecture, Definitions and Overview“; Part 2: “Use cases
17、 and requirements“; Part 3: “CA/DRM Container, Loader, Interfaces, Revocation“; Part 4: “The Virtual Machine“; Part 5: “The Advanced Security System“; Part 6: “Trust Environment“; Part 7: “Extended Requirements“. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should
18、 not“, “may“, “may not“, “need“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citat
19、ion. ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 5Introduction Service and content protection realized by Conditional Access (CA) and Digital Rights Management (DRM) are essential in the rapidly developing area of digital Broadcast and Broadband, including content, services, networks and customer premis
20、es equipment (CPE), to protect business models of content owners, network operators and PayTV operators. While conceptually CA focuses on mechanisms to access protected content distributed by a service provider over a network, DRM originally describes type and extent of the usage rights, according t
21、o the subscribers contract. PayTV operators have established Digital TV platforms, which implement standards for basic functions, extended with proprietary elements. Most CA and DRM systems used for classical digital broadcasting, IPTV or new OTT (over-the-top) services capture consumer premises equ
22、ipment (CPE) by binding it with proprietary security related elements. As a result, consumer premises equipment configured for use in network or platform A cannot be used in network or platform B or vice versa. Thus, the consumer electronics market for digital TV is still fragmented, as specificatio
23、ns differ not only per country, but also per platform. Detachable CA/DRM modules only offer a partial solution: the modules are again proprietary to the CA/DRM system, they are not cheap either, and they are used primarily for cable or satellite TV and are not usable in modern-type equipment such as
24、 tablets due to lack of appropriate physical interfaces. Currently implemented solutions, whether embedded or as detachable hardware, result in “Lock-in“ effects. This seriously restricts the freedom of many players in digital multimedia content markets. Due to technological advances, innovative, so
25、ftware-based CA/DRM solutions become feasible. Maximizing interoperability while maintaining a high level of security, they promise to meet upcoming demands in the market, allow for new businesses, and broaden consumer choice. It is in consumers interest that they are able to continue using the CPEs
26、 they bought e.g. after a move or a change of network provider or even utilize devices for services of different commercial video portals. This can only be achieved by interoperability of CPEs regarding CA and DRM, based on an appropriate security architecture. Further fragmentation of the market fo
27、r CPEs can only be prevented and competition encouraged by ensuring a consumer-friendly and context-sensitive exchangeability of CA and DRM systems. ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 61 Scope ECI Architecture, Definitions and Overview, as covered by this framework document, is part of a multi-
28、part standard specifying a system architecture for general purpose, software-based, embedded and exchangeable CA/DRM systems which would be the most appropriate and future-proof solution for overcoming market fragmentation and enabling interoperability. Key benefits of the envisaged approach for con
29、tent security are: Flexibility and scalability due to software-based implementation Exchangeability fostering future-proof solution and enabling innovation Applicability to content distributed via broadcast and broadband, including OTT Support of multi-screen environment Stimulation of the market fo
30、r platform operators, network/service providers, and consumers by avoiding “Lock-in“ The specification of an open eco-system fostering market development The ECI system aims at exchangeability of CA and DRM systems in CPEs on all relevant levels and aspects, at lowest possible costs for the consumer
31、s and at minimal restrictions for CA or DRM vendors to develop their target products for the PayTV market. The core element of ECI is to specify the interface between the software-based CA/DRM client and the host system. Therefore, amongst others, the ECI has the following functionalities: A softwar
32、e container for the CA respectively the DRM kernel hereafter called ECI Client - with: - standardized interfaces to all relevant functionalities of the CPE - a standardized Virtual Machine (VM) to run upon Support of smartcard-less systems as well as use in smartcard-based systems Inclusion of a mul
33、titude of such software containers in a CPE, each container running on its own instance of the VM Installation of the ECI Client independently from other CPE software by a secure and standardized loader concept Advanced Security, also known as Chip Set Security, to support state-of-the-art content p
34、rotection Provisions to leverage hardware-assisted security functionalities Methods for the user to discover the right ECI Client to download Methods for revocation of (parts of) the ECI Clients functionality and CPEs functionality Suited for classical digital broadcasting, IPTV or modern OTT-based
35、systems Although ECI shows some similarity with already deployed solutions, there are substantial differences: 1) The CA/DRM client module is in software and no longer in hardware. Hence, no costs are incurred at the consumer side to swap a CA or DRM system. 2) Several parallel ECI Clients can be im
36、plemented in one and the same CPE, without adding relevant cost. 3) These clients can run concurrently in the one device. As a result, a CA or DRM component can be exchanged much easier, allowing the end-user to change operator or get services from a variety of operators on his CPE, without having t
37、o exchange expensive modules. ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 7The complete multi-part standard consists of a group of specifications, including a Framework specification (the present document), in combination with the underlying specifications: Part 1: Architecture, Definitions and Overview
38、 (the present document) Part 2: Use cases and requirements 1 Part 3: CA/DRM Container, Loader, Interfaces, Revocation i.1 Part 4: The Virtual Machine (VM) i.2 Part 5: The Advanced Security System i.3 Part 6: Trust Environment i.4 Part 7: Extended Requirements i.5 which together describe a solution a
39、llowing replacement of ECI Clients at any time by just downloading the ECI Clients requested by an end customer. The ECI Clients are installed in a standard software container in the CPE by a separate loader, with separate security algorithms and keys to protect the ECI Clients against integrity and
40、 substitution attacks independently from all other software in the CPE. The containers interfaces with the CPE are generic and defined in GS ECI 001-3 i.1, enabling the ECI Client to interact with the various functions in the CPE and beyond. The ECI Clients run upon a virtual machine instance that i
41、s defined in GS ECI 001-4 i.2. GS ECI 001-5 i.3 specifies an Advanced Security mechanism to protect the key to the content during its travel into the CPE processor chips content decryption facility. The present document addresses an architecture and an overview of the relevant interface specificatio
42、ns for the implementation of interoperable CA/DRM systems in CPEs. The ECI specification only applies to the reception and further processing of content which is controlled by a Conditional Access and/or Digital Rights Management system and has been scrambled by the service provider. Content that is
43、 not controlled by a Conditional Access and/or DRM system is not covered by the present document. The ECI Group Specification is intended to be used in combination with a contractual framework (license agreement), compliance and robustness rules, and appropriate certification process (see note), und
44、er control of a Trust Authority, GS ECI 001-6 i.4. NOTE: Contractual framework (license agreement), compliance and robustness rules, and appropriate certification process are not subject to the standardization work in ISG ECI. 2 References References are either specific (identified by date of public
45、ation and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in
46、 the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the applic
47、ation of the present document. 1 ETSI GS ECI 001-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 2: Use cases and requirements“. ETSI ETSI GS ECI 001-1 V1.1.1 (2014-09) 82.2 Informative references The following referenced documents are not necessary for the application of
48、 the present document but they assist the user with regard to a particular subject area. NOTE: The following references are intended to become normative references once these Group Specifications are completed. i.1 ETSI GS ECI 001-3: “Embedded Common Interface for exchangeable CA/DRM solutions (ECI)
49、; Part 3: CA/DRM Container, Loader, Interfaces, Revocation“. i.2 ETSI GS ECI 001-4: “Embedded Common Interface for exchangeable CA/DRM solutions (ECI); Part 4: The Virtual Machine“. i.3 ETSI GS ECI 001-5: “Embedded Common Interface for exchangeable CA/DRM solutions (ECI); Part 5: The Advanced Security System“. i.4 ETSI GS ECI 001-6: “Embedded Common Interface for exchangeable CA/DRM solutions (ECI); Part 6: Trust Environment“. i.5 ETSI GS ECI 001-7: “Embedded Common Interface for exchangeable CA/DRM soluti