1、 ETSI GS ECI 001-1 V1.2.1 (2018-03) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 1: Architecture, Definitions and Overview Disclaimer The present document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM solutions ETSI Industry
2、Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 001-1 V1.2.1 (2018-03) 2 Reference RGS/ECI-001-1 Ed2 Keywords CA, DRM, swapping ETSI 650 R
3、oute des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.et
4、si.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived differenc
5、e in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change
6、of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff
7、.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of
8、 ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of
9、its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI GS ECI 001-1 V1.2.1 (2018-03) 3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs t
10、erminology 4g3Introduction 5g31 Scope 6g32 References 7g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 8g34 The technical concept of the ECI System 9g34.1 Basic considerations . 9g34.2 Architectural overview .
11、10g34.3 Mandatory functionality of ECI compliant devices . 11g34.4 Necessary Interfaces between ECI-Host and ECI-Client 12g34.5 A minimum User Interface and Display functionality 12g34.6 The Virtual Machine 12g34.7 The “Advanced Security“ facility . 12g34.8 Re-scrambling 13g34.9 The ECI loader funct
12、ionalities . 13g34.10 Revocation 14g35 Trust Environment 14g35.1 General principles. 14g35.1 Necessary operational workflows . 15g3Annex A (informative): Implementation of an ECI-compliant Trust Environment 18g3Annex B (informative): Bibliography . 20g3History 21g3ETSI ETSI GS ECI 001-1 V1.2.1 (2018
13、-03) 4 Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000
14、314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investiga
15、tion, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document ma
16、y include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the
17、 present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions.
18、 The present document is part 1 of a multi-part deliverable covering the Architecture, Definitions and Overview for the Embedded Common Interface for exchangeable CA/DRM solutions specification, as identified below: Part 1: “Architecture, Definitions and Overview“; Part 2: “Use cases and requirement
19、s“; Part 3: “CA/DRM Container, Loader, Interfaces, Revocation“; Part 4: “The Virtual Machine“; Part 5: “The Advanced Security System“; Part 6: “Trust Environment“. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “ca
20、n“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI GS ECI 001-1 V1.2.1 (2018-03) 5 Introduction Service
21、and content protection realized by Conditional Access (CA) and Digital Rights Management (DRM) are essential in the rapidly developing area of digital broadcast and broadband services. This includes the distribution of HD and UHD content to various types of customer premises equipment (CPE) in order
22、 to protect business models of content owners and service providers, including broadcasters and PayTV operators. While CA systems primarily focus on the protection of content distributed via unidirectional networks as usually used in broadcast environment, DRM systems originate from bidirectional ne
23、twork environments and permit access to content on certified devices for authenticated users, with typically rich content rights expressions. In practice, a clear distinction between CA and DRM functionalities is not feasible in all cases and therefore within the present document the term CA/DRM sys
24、tems is used. Currently implemented CA/DRM solutions, whether embedded or as detachable hardware, often result in usage restrictions for service/platform providers on one side and consumers on the other. The consequences for consumers are dependencies with regard to the applicable network, service a
25、nd content providers and the applied CPE suited for classical digital broadcasting, IPTV or OTT (over-the-top) services. While CPEs with embedded platform-proprietary CA or DRM functionality bind a customer to a specific platform operator, detachable hardware modules allow using retail CPE as e.g. S
26、et-Top-Boxes (STB) and integrated TV sets (iDTV). Due to their form factor and cost, detachable hardware modules do not fulfil future demands, especially those with regard to consumption of protected content on tablets and mobile devices and for cost-critical deployments. Existing technologies thus
27、limit the freedom of many players in digital multimedia content markets. Due to technological progress, innovative, software-based CA/DRM solutions become feasible. Maximizing interoperability while maintaining a high level of security, these solutions promise to meet upcoming demands in the market,
28、 allow for new businesses, and broaden consumer choice with respect to content consumption via broadcast and broadband connections. It is in consumers interest that bought and owned CPEs are available for further use after a move or a change of the network provider and that those devices can be util
29、ized for services of different commercial video portals. This can be achieved by the implementation of interoperable CA and DRM mechanisms inside CPEs based on appropriate security architecture. Further fragmentation of the market for CPEs can only be prevented and competition encouraged by ensuring
30、 solutions for consumer-friendly and flexible exchangeability of CA and DRM systems, associated with a state-of-the-art security environment. It is in the platform operators interest that security technology can be deployed flexibly and managed easily across various networks and on all kinds of devi
31、ces. The advantage of updating existing devices with the latest security systems in a seamless way provides unparalleled business opportunity. ETSI ETSI GS ECI 001-1 V1.2.1 (2018-03) 6 1 Scope The present document specifies the architecture of an ECI Ecosystem. A major advantage and innovation of th
32、e ECI Ecosystem, compared with currently deployed systems, is a complete software-based architecture for the loading and exchange of CA/DRM systems, avoiding any detachable hardware modules. Software containers provide a secure (“Sandbox“) environment for either CA or DRM kernels, hereafter named as
33、 ECI Clients, together with their individual Virtual Machine instances. Necessary and relevant Application Programming Interfaces (API) between ECI Clients and ECI Host ensure that multiple ECI Clients can be operated in a secure operation environment and completely isolated from the rest of the CPE
34、 firmware and are specified in full detail. The installation, verification, and exchange of an ECI Host as well as multiple ECI Clients is the task of the corresponding ECI loaders. ECI Host and ECI Clients are downloaded via the DVB data carousel for broadcast services and/or via IP-based mechanism
35、s from a server in case of broadband access. This process is embedded in a secure and trusted environment, providing a trust hierarchy for installation and exchange of ECI Host and ECI Clients and thus enabling an efficient protection against integrity- and substitution attacks. For this reason, the
36、 ECI Ecosystem integrates an advanced security mechanism, which relies on an efficient and advanced processing of control words, specified as “Key Ladder Block“ and integrated in a System-on-chip (SoC) hardware in order to provide the utmost security necessary for ECI compliance. ECI-specific advanc
37、ed security functions play also a key role in a re-encryption process in case of stored protected content and/or associated with export of protected content to an ECI-compliant or non-compliant external device. An advanced Micro DRM system provides the necessary functionality and forms an integral p
38、art of such a concept. Advanced security functionality is relevant also in case of revocation of a CPE or a specific ECI Client. Related APIs are specified within the present document, while advanced security is covered in detail by ETSI GS ECI 001-5-1 4 and ETSI GS ECI 001-5-2 5. A number of APIs c
39、haracterize the ECI Ecosystem, guaranteeing communication with relevant entities associated e.g. with ECI Loaders, import and export of protected content, advanced security, decryption and encryption, local storage facilities and watermarking. Additional APIs are available for ECI Client Man-Machine
40、-Interface (MMI) or for an optional Smart Card reader. Exchange of ECI Clients is initiated by the user or may be requested by a platform operator in case of necessary updates. A minimum of two ECI Clients are supported, with two additional ECI Clients as far as local storage on a Personal Video Rec
41、order (PVR) is available or for export reasons. Guidance and recommendations on how to implement the ECI system are given in ETSI GR ECI 004 i.1. The present document covers the ECI architecture in the following clauses: Clause 4 covers the technical concept, core functionalities, and security aspec
42、ts of the ECI system. Clause 5 addresses the basic requirements and structure for an ECI Trust Environment. Annex A gives an exemplary overview of the operational workflows of an ECI Trust Environment. The ECI specification only applies to the reception and further processing of content which is con
43、trolled by a Conditional Access and/or Digital Rights Management system and has been encrypted by the service provider. Content that is not controlled by a Conditional Access and/or DRM system is not covered by the present document. The ECI Group Specification is intended to be used in combination w
44、ith a contractual framework (license agreement), compliance and robustness rules, and appropriate certification process (see note), under control of a Trust Authority, ETSI GS ECI 001-6 6. NOTE: Contractual framework (license agreement), compliance and robustness rules, and appropriate certification
45、 process are not subject to the standardization work in ISG ECI. ETSI ETSI GS ECI 001-1 V1.2.1 (2018-03) 7 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only t
46、he cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference. NOTE: While any hype
47、rlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI GS ECI 001-2 (V1.2.1): “Embedded Common Interface (ECI) for exchangeable CA/DRM s
48、olutions; Part 2: Use cases and requirements“. 2 ETSI GS ECI 001-3: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 3: CA/DRM Container, Loader, Interfaces, Revocation“. 3 ETSI GS ECI 001-4: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 4: The Virt
49、ual Machine“. 4 ETSI GS ECI 001-5-1: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions Part 5: The Advanced Security System Sub-part 1: ECI specific functionalities“. 5 ETSI GS ECI 001-5-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Security System; Sub-part 2: Key Ladder Block“. . 6 ETSI GS ECI 001-6: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 6: Trust Environment“. 2.2 Informative references References are either specific (identified by date of publication
