ETSI GS ECI 001-3-2017 Embedded Common Interface (ECI) for exchangeable CA DRM solutions Part 3 CA DRM Container Loader Interfaces Revocation (V1 1 1).pdf

1、 ETSI GS ECI 001-3 V1.1.1 (2017-07) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 3: CA/DRM Container, Loader, Interfaces, Revocation Disclaimer The present document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM solutions ETSI

2、 Industry Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 2 Reference DGS/ECI-001-3 Keywords CA, DRM, swapping ETSI

3、 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/

4、www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived dif

5、ference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or c

6、hange of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSuppor

7、tStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorizat

8、ion of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefi

9、t of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 3 Contents Intellectual Property Rights 21g3Foreword . 21g3Modal

10、 verbs terminology 21g3Introduction 22g31 Scope 23g32 References 24g32.1 Normative references . 24g32.2 Informative references 27g33 Definitions and abbreviations . 27g33.1 Definitions 27g33.2 Abbreviations . 31g34 Conceptual principles . 33g35 ECI Certificate System . 33g35.1 Introduction 33g35.1.1

11、 Scope 33g35.1.2 Notation and conventions of fields . 33g35.1.3 Extension Field . 34g35.2 ECI Certificates 34g35.3 ECI Revocation List . 37g35.4 Certificate Chains and Revocation List Trees 40g35.4.1 Data structure definitions 40g35.4.2 Processing rules for Certificate Chains . 42g35.5 Revocation tr

12、ee sets and revocation data files 43g35.6 Large data item signatures 45g35.7 Root Certificates . 45g35.7.1 Definition of a Root Certificate 45g35.7.2 ECI Host Root Certificate Management . 46g36 ECI Host Loader . 46g36.1 Introduction 46g36.2 Storage, verification and activation 47g36.2.1 Principles

13、of Operation . 47g36.2.2 Credential definition . 48g36.2.2.1 ECI Host Image related Certificates 48g36.2.2.2 ECI Host Image Signatures . 50g36.2.2.3 ECI Host Credentials. 51g36.2.3 Loading process of ECI Host Image file . 52g36.3 ECI Host related file formats 53g36.4 ECI Host Image transport protoco

14、ls . 55g36.4.1 Introduction. 55g36.4.2 ECI Host Broadcast Transport Protocol 56g36.4.2.1 General and Profiling 56g36.4.2.2 CPE Manufacturer to Operator handover 57g36.4.2.3 DVB SI Signalling 57g36.4.2.3.1 Download location signalling 57g36.4.2.3.2 Emergency Updates . 57g36.4.2.4 PSI signalling 59g36

15、.4.2.5 UNT option . 60g36.4.2.6 Carousel structure . 60g36.4.2.7 ECI Host downloading operation 61g36.4.2.8 Operator Carousel schedules . 61g36.4.2.9 User Interface Aspects 61g36.4.3 ECI Host Internet Transport Protocol . 62g3ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 4 6.4.3.1 IP Protocol. 62g36.4.3.2

16、 Online Loader Operation . 62g36.4.4 Alternative transport protocols . 62g37 ECI Client Loader 62g37.1 Introduction 62g37.2 Discovery of ECI Clients . 63g37.2.1 Introduction. 63g37.2.2 Transport stream based networks 64g37.2.2.1 Common signalling . 64g37.2.2.2 ECI_ platform_operation _descriptor 64g

17、37.2.2.3 ECI_base_url_descriptor . 65g37.2.2.4 Manual installation 66g37.2.2.5 Self-discovery installation . 67g37.2.2.6 ECI service tag descriptor . 67g37.2.2.7 ECI platform list descriptor . 67g37.2.3 IP network based client discovery 68g37.2.3.1 Manual installation 68g37.2.3.2 Web-page based inst

18、allation 68g37.3 Storage, Verification and Activation 68g37.3.1 General Update Policies 68g37.3.2 ECI Client Image download and storage 69g37.3.3 ECI Client Validation and Activation . 69g37.4 ECI Client Chain structure formats 69g37.4.1 Introduction to ECI Client Chain structure formats 69g37.4.2 S

19、ecurity Vendor Certificate 70g37.4.3 ECI Client series Certificate and series target id 70g37.4.4 ECI Client Image signature . 71g37.5 ECI Platform Operation Chain Formats . 72g37.5.1 Overview 72g37.5.2 Operator Certificate 72g37.5.3 Platform Operation Certificate 73g37.5.4 Platform Operation client

20、 revocation List . 73g37.5.5 Platform Operation client co-signature . 73g37.6 File formats 75g37.6.1 ECI Client Image File Format. 75g37.6.2 Platform Operation Chain Data 77g37.6.3 Revocation data files . 78g37.7 ECI Client resources transport protocols 78g37.7.1 General and profiling 78g37.7.2 Broa

21、dcast transport protocol . 78g37.7.2.1 Introduction . 78g37.7.2.2 Credential and revocation data handover to Operator . 79g37.7.2.3 Security Vendor to Operator handover . 79g37.7.2.4 PSI signalling 79g37.7.2.5 SI signalling 80g37.7.2.5.1 Data Carousel location Signalling via Data Location Linkage De

22、scriptor 80g37.7.2.5.2 ECI Client emergency download descriptor 81g37.7.2.6 Carousel compatibility descriptor . 83g37.7.2.7 Carousel DSI . 84g37.7.2.8 Carousel DDB . 85g37.7.2.9 Dynamic carousel behaviour . 85g37.7.3 Web transport protocols 85g37.7.3.1 Introduction . 85g37.7.3.2 ECI Web API overview

23、 85g37.7.3.3 Web API ECI Host related requests 86g37.7.3.4 Web API Platform Operation related requests 87g37.7.3.5 Web API client requests 88g37.7.3.6 Web API AS_setup requests . 90g37.8 Platform Operation ECI Client installation 90g37.8.1 Scope and Profiling . 90g37.8.2 ECI Client installation mode

24、 with unencrypted ECI Client Image file . 91g3ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 5 7.8.3 ECI Client installation mode with encrypted ECI Client Image file . 91g37.8.4 Transport Protocol 93g37.8.4.1 Broadcast protocol 93g37.8.4.2 Online protocol . 94g37.8.5 Target ID presentation to user. 94g38

25、Revocation 94g38.1 Introduction 94g38.2 CPE Revocation . 95g38.3 Generic Revocation Process . 95g38.4 Revocation Lists based ECI Host Revocation 96g38.5 ECI Platform Operation Revocation 96g38.6 ECI Client Revocation 96g39 ECI Client Interfaces 97g39.1 Introduction 97g39.1.1 Architecture of the ECI

26、Client interfaces 97g39.1.2 Media Handle 98g39.2 ECI Virtual Machine Interface . 98g39.2.1 Principles 98g39.2.2 Instructions and data (static resources) . 98g39.2.3 Interaction with ECI Host . 98g39.2.4 Dynamic Resources provided for ECI Clients . 100g39.2.5 API version management 100g39.2.6 Respons

27、iveness Monitoring 100g39.3 Mechanism for ECI Client APIs . 101g39.3.1 Asynchronous message syntax . 101g39.3.2 Asynchronous message layout definition convention . 102g39.3.2.1 Syntax of message definitions . 102g39.3.2.2 Basic message parameter types . 102g39.3.2.3 Message payload to message parame

28、ter mapping . 102g39.3.2.4 Naming convention for asynchronous messages . 103g39.3.3 Synchronous messages . 104g39.3.4 Error codes in Return 105g39.3.5 Secure Authenticated Channel (SAC). 105g39.3.6 Message Verification by ECI Host . 105g39.3.7 Message Processing by ECI Clients . 106g39.4 APIs for ge

29、neral ECI Host resources 106g39.4.1 List of APIs defined in clause 9.4 . 106g39.4.2 API for the access to the ECI Host interface discovery resource 107g39.4.2.1 Introduction . 107g39.4.2.2 getApis Message . 108g39.4.2.3 getApiVersions() Message 108g39.4.2.4 setApiVersion() Message 108g39.4.3 API for

30、 the access to the ECI Host user interface resource 109g39.4.3.1 Introduction . 109g39.4.3.2 User Interface environment . 109g39.4.3.2.1 Browser Profile 109g39.4.3.2.2 Constraints . 110g39.4.3.2.3 Browser Capabilities . 110g39.4.3.2.3.1 Display Model 110g39.4.3.2.3.2 Text and Fonts . 111g39.4.3.2.3.

31、3 Graphic Formats 111g39.4.3.2.3.4 User Input 111g39.4.3.2.3.5 Persistence . 111g39.4.3.2.3.6 ECI Application access to static HTML resources 111g39.4.3.2.3.7 Communication between the ECI Client and ECI Applications 111g39.4.3.3 Application Lifecycle 112g39.4.3.3.1 Launch of an ECI Application . 11

32、2g39.4.3.3.2 Termination of an ECI Application . 113g39.4.3.4 APIs related to the User communication . 113g39.4.3.4.1 List of User communication API messages . 113g3ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 6 9.4.3.4.2 reqUiContainerMount Message . 113g39.4.3.4.3 setUiClientAttention Message . 115g39.

33、4.3.4.4 reqUiSessionCommence Message . 115g39.4.3.4.5 reqUiSessionOpen Message 116g39.4.3.4.6 reqUiSessionClose Message 117g39.4.3.4.7 reqUiSessionCancel Message 118g39.4.3.4.8 reqUIClientQuery Message . 118g39.4.3.4.9 Error codes for the User communication API . 119g39.4.4 API for the access to the

34、 ECI Host IP stack resource . 119g39.4.4.1 Introduction . 119g39.4.4.2 Basic Specifications 120g39.4.4.3 ECI IP Sockets 120g39.4.4.3.1 General 120g39.4.4.3.2 reqIpSocket Message . 121g39.4.4.3.3 reqIpClose Message . 122g39.4.4.3.4 reqIpAddrInfo Message . 122g39.4.4.4 ECI UDP/IP 123g39.4.4.4.1 Genera

35、l 123g39.4.4.4.2 reqIpUdpSendMsg Message 124g39.4.4.4.3 reqIpUdpRecvMsg Message 124g39.4.4.5 ECI TCP/IP. 125g39.4.4.5.1 General 125g39.4.4.5.2 reqIpTcpConnect Message 125g39.4.4.5.3 reqIpTCPSend Message 126g39.4.4.5.4 reqIpTCPRecv Message 127g39.4.4.5.5 reqIpTCPAccept Message . 127g39.4.4.6 API for

36、HTTP(S) get services . 128g39.4.4.6.1 General 128g39.4.4.6.2 Applicable Specifications 129g39.4.4.6.3 The reqHttpGetFile and reqHttpGetData Message 130g39.4.4.6.4 Error Codes for the HTTP Get API . 131g39.4.4.7 Error Codes for the IP Socket API 132g39.4.5 API for access to the file system . 132g39.4

37、.5.1 Introduction . 132g39.4.5.2 File Opening and Closing 133g39.4.5.2.1 General 133g39.4.5.2.2 reqFileOpen Message 133g39.4.5.2.3 reqFileClose Message 134g39.4.5.3 File Access 134g39.4.5.3.1 General 134g39.4.5.3.2 reqFileWrite Message 135g39.4.5.3.3 reqFileRead Message . 135g39.4.5.3.4 reqFileSeek

38、Message . 136g39.4.5.3.5 reqFileRemoveData Message 137g39.4.5.3.6 callFileDataLog Message 138g39.4.5.4 Directory services . 138g39.4.5.4.1 General 138g39.4.5.4.2 reqFileStat Message . 139g39.4.5.4.3 reqFileCreate Message 139g39.4.5.4.4 reqFileDelete Message 140g39.4.5.4.5 reqFileDir Message . 140g39

39、.4.5.5 Error Codes for the File System API 141g39.4.6 API for access to the Time/Clock resource . 141g39.4.6.1 Introduction . 141g39.4.6.2 Timer API . 141g39.4.6.2.1 General 141g39.4.6.2.2 reqTimerEvent Message 142g39.4.6.2.3 reqTimerCancel Message 142g39.4.6.3 Clock API 142g39.4.6.3.1 General 142g3

40、9.4.6.3.2 getTime Message . 143g39.4.6.3.3 callLocaltime Message 143g3ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 7 9.4.6.4 Error Codes for the Time and Clock API 143g39.4.7 API for access to the Power management . 144g39.4.7.1 Introduction . 144g39.4.7.2 Power Transition API messages definition . 145g3

41、9.4.7.2.1 General 145g39.4.7.2.2 getPwrStatus Message . 145g39.4.7.2.3 setPwrInfo Message . 145g39.4.7.2.4 reqPwrChange Message 146g39.4.7.3 Wakeup from Standby Messages definition 146g39.4.7.3.1 General 146g39.4.7.3.2 setPwrWakeup Message 147g39.4.7.3.3 reqPwrWakeupEvent Message 147g39.4.7.4 Error

42、codes for the Power Transitions API . 147g39.4.8 API for access to the Country/Language setting resource 148g39.4.8.1 Introduction . 148g39.4.8.2 Country/Language API Message Definitions 148g39.4.8.2.1 reqHCountry setting Message . 148g39.4.8.2.2 reqCCountry setting Message 148g39.4.8.2.3 reqHLangua

43、ge setting Message . 149g39.4.8.2.4 reqCLanguage setting Message . 149g39.4.8.2.5 Error codes for the Country/Language setting API . 149g39.5 APIs for ECI specific ECI Host resources 150g39.5.1 List of APIs for ECI specific ECI Host resources . 150g39.5.2 Advanced Security API 151g39.5.2.1 Introduct

44、ion . 151g39.5.2.2 Advanced Security General API Message Definitions 152g39.5.2.2.1 General 152g39.5.2.2.2 reqAsInitSlot Message . 152g39.5.2.2.3 callAsNextKeySession Message . 153g39.5.2.2.4 reqAsStopSession Message . 153g39.5.2.2.5 reqAsLoadSlotLk Message 153g39.5.2.2.6 reqAsComputeAkClient Messag

45、e . 154g39.5.2.2.7 reqAsClientChalResp Message . 154g39.5.2.2.8 getAsSlotRk Message 155g39.5.2.2.9 getAsSessionRk Message 155g39.5.2.2.10 getAsSessionLimitCounter Message . 155g39.5.2.2.11 setAsSessionLimitEvent Message . 155g39.5.2.2.12 reqAsEventSessionLimit Message 156g39.5.2.2.13 getAsClientRnd

46、Message 156g39.5.2.2.14 getAsSC Message 156g39.5.2.2.15 reqAsEventSC Message 156g39.5.2.3 Advanced Security Decryption API Message Definitions 157g39.5.2.3.1 General 157g39.5.2.3.2 reqAsStartDecryptSession Message 157g39.5.2.3.3 reqAsComputeDecrCw Message . 158g39.5.2.3.4 reqAsAuthDecrSlotConfig Mes

47、sage . 159g39.5.2.4 Advanced Security Export API . 160g39.5.2.4.1 General 160g39.5.2.4.2 reqAsExportConnSetup Message 160g39.5.2.4.3 reqAsExportConnEnd Message . 160g39.5.2.5 Advanced Security Encryption API 161g39.5.2.5.1 General 161g39.5.2.5.2 Target Client Chain Definition 161g39.5.2.5.3 reqAsSta

48、rtEncryptSession Message 162g39.5.2.5.4 reqAsComputeEncrCw Message . 162g39.5.2.5.5 reqAsAuthEncrSlotConfig Message 163g39.5.2.5.6 eqAsLdUssk Message . 163g39.5.2.5.7 reqAsMInikLk1 Message 164g39.5.2.5.8 reqAsEventCpChange Message 164g39.5.2.5.9 setAsPermitCPChange Message 165g39.5.2.5.10 setAsSC Me

49、ssage 165g39.5.2.5.11 Error Codes for the Advanced Security (AS) API . 165g3ETSI ETSI GS ECI 001-3 V1.1.1 (2017-07) 8 9.5.3 Smart Card API . 165g39.5.3.1 Introduction . 165g39.5.3.2 Base specifications 166g39.5.3.3 Smart Card access management 166g39.5.3.4 Smart Card reader contention management 167g39.5.3.5 Smart Card session management API . 167g39.5.3.5.1 General 167g39.5.3.5.2 setCardMatch Message 168g39.5.3.5.3 callCardSessionPrio Message 169g39.5.3.5.4 getCardConnStatus Message . 170g39.5.3.5.5 reqCCardConOpen Message . 170g39.5.3.5.6 reqCCardConClose Message . 170g39.5.