1、 ETSI GS ECI 001-5-1 V1.1.1 (2017-07) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Security System; Sub-part 1: ECI specific functionalities Disclaimer The present document has been produced and approved by the Embedded Common Interface (ECI) ETSI Industry
2、Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 001-5-1 V1.1.1 (2017-07)2 Reference DGS/ECI-001-5-1 Keywords authentication, CA, DRM, encr
3、yption, swapping ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be do
4、wnloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any exis
5、ting or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be sub
6、ject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/
7、People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without t
8、he written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI re
9、gistered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI GS ECI 001-5-1 V1.1.1 (2017-07)3 Contents Intellectual Property Rights
10、7g3Foreword . 7g3Modal verbs terminology 7g3Introduction 8g31 Scope 9g32 References 9g32.1 Normative references . 9g32.2 Informative references 10g33 Definitions and abbreviations . 10g33.1 Definitions 10g33.2 Abbreviations . 12g34 Principles 12g34.1 Overview 12g34.2 System Robustness Model 14g34.3
11、Specification Principles 14g34.3.1 Implementation Freedom 14g34.3.2 Specification Style and relation to AS-API 15g35 Key Ladder Application and Associated Functions 15g35.1 General . 15g35.2 AS System and client data authentication 15g35.3 Asymmetrical Micro Server mode 15g35.4 Interface to Content
12、Processing System . 16g35.5 AS Key Ladder Block input output definition 17g35.6 ACF definition 19g36 Advanced Security Slot 20g36.1 Advanced Security Slot introduction 20g36.2 AS Slot Definition 20g36.2.1 General 20g36.2.2 AS Slot state definition . 21g36.2.2.1 Slot and session state . 21g36.2.2.2 D
13、ecryption configuration 22g36.2.2.3 Encryption Configuration 23g36.2.2.4 Random session Key control . 24g36.2.2.5 Total session configuration . 24g36.2.2.6 Random Session Key state 25g36.2.2.7 Import Export state 25g36.2.3 Content Property Authentication 26g36.2.4 AS Slot functions 29g36.2.4.1 Overv
14、iew . 29g36.2.4.2 AS Slot initialization . 30g36.2.4.3 AS Slot session and random key control. 30g36.2.4.4 AS Slot Export control 34g36.2.4.5 LK1 Key Ladder initialization . 35g36.2.4.6 Encryption Control Word calculation . 35g36.2.4.7 Decryption Control Word calculation . 37g36.2.4.8 Computing akCl
15、ient and its application 38g36.2.4.9 AS Slot Session Configuration Authentication . 39g36.2.4.10 Loading a Micro Server secret key 41g36.2.4.11 Generating MinitLk1 for Micro Clients . 42g36.2.4.12 Computing ECI Client image decryption key 42g36.2.4.13 Reading Advanced Security Information 43g36.2.4.
16、14 Generating Client Random Numbers 44g3ETSI ETSI GS ECI 001-5-1 V1.1.1 (2017-07)4 6.2.4.15 Error codes 44g37 Scrambling/descrambling and Content Export . 45g37.1 Basic Functionality . 45g37.2 Scrambler and Descrambler specifications . 45g37.3 Export Control 46g37.4 Output Control 46g37.5 Content Pr
17、operty Comparison on Coupled Sessions 46g37.6 Content Property Propagation on Export 46g37.7 Basic URI Enforcement on Export . 47g37.8 Content Property Application on Industry Standard Outputs . 47g37.9 Control Word Synchronization. 47g38 Certificate Processing Subsystem 49g38.1 Basic processing rul
18、es for Certificate Chains . 49g38.2 Specific rules for Host Image Chains . 50g38.3 Specific rules for Client Image Chains . 50g38.4 Specific rules for Platform Operation Certificates . 50g38.5 Specific rules for Export/Import chains 50g38.5.1 Export Authorization chain processing . 50g38.5.2 Export
19、Chain verification 51g38.5.3 Third Party Export Chain verification 51g38.5.4 Export System Certificate processing . 51g38.5.5 Target Client Chain Processing Rules 52g38.6 CPS ECI Root Key initialization . 52g39 Loader Core 52g39.1 Introduction 52g39.2 Host Loader Rules 52g39.3 Client Loader Rules 53
20、g39.4 Revocation enforcement . 53g39.5 Client Image decryption . 54g310 Timing requirements 54g310.1 Introduction 54g310.2 Administrative Functions . 54g310.3 Symmetrical Cryptography Functions 54g310.4 Asymmetrical Cryptography Functions 54g3Annex A (normative): Cryptography Function Definitions .
21、55g3A.1 Hash Function 55g3A.2 Asymmetrical Cryptography 55g3A.3 Random Number Generation 55g3Annex B (informative): Sample Micro DRM system application 56g3B.1 Introduction 56g3B.2 Application scenario . 56g3B.3 Assumptions and notation 57g3B.4 Micro Server pseudo code 58g3B.5 Micro Client pseudo co
22、de . 61g3B.6 Micro DRM system cascading effect on ECM pre-delay 62g3B.7 Content property change timing interface convention . 62g3Annex C (informative): Authors Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Lat
23、est updates are available on the ETSI Web server (https:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI W
24、eb server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property
25、 of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Group Specification (GS) has been p
26、roduced by ETSI Industry Specification Group (ISG) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions. The present document is part 5, sub-part 1 of a multi-part deliverable covering the ECI specific functionalities of an advanced security system, as identified below: Part 1: “Archite
27、cture, Definitions and Overview“; Part 2: “Use cases and requirements“; Part 3: “CA/DRM Container, Loader, Interfaces, Revocation“; Part 4: “The Virtual Machine“; Part 5: “The Advanced Security System: Sub-part 1: “ECI specific functionalities“; Sub-part 2: “Key Ladder Block“. Part 6: “Trust Environ
28、ment“. The use of terms in bold and starting with capital characters in the present document shows that those terms are defined with an ECI specific meaning which may deviate from the common use of those terms. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should n
29、ot“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI GS ECI
30、 001-5-1 V1.1.1 (2017-07)8 Introduction Service and content protection realized by Conditional Access (CA) and Digital Rights Management (DRM) are essential in the rapidly developing area of digital Broadcast and Broadband, including content, services, networks and customer premises equipment (CPE),
31、 to protect business models of content owners, network operators and PayTVoperators. It is also essential for consumers that they are able to continue using the CPEs they bought e.g. after a move or a change of network provider or even utilize devices for services of different commercial video porta
32、ls. This can be achieved by the implementation of interoperable CA and DRM mechanisms inside CPEs, based on an appropriate security architecture. As part of a security architecture the present document defines a security processing system for the authentication and verification of protected media co
33、ntent and of software images to be processed inside an ECI-compliant CPE. The core of the security architecture is built by a Key Ladder Block that supports secure processing with secret keys, targeting of keys to specific chips and authentication of the origin of key material. Clause 4 gives an ove
34、rview about the system architecture, defines robustness rules to fight attacks and describes the relation between the elements of the security architecture, ECI Host and ECI Clients. Clause 5 describes the applications the Key Ladder Block can be used for, together with the associated functions. For
35、 proper operations, the security processing system needs information about the state of each loaded ECI Client. This state information, as some of it needs to be secret, is handled with the help of an advanced security slot. The ECI Host assigns to each ECI Client such a slot that needs to be protec
36、ted against malicious modifications. The definition of a slot and its configuration for several operations like decrypting or exporting content is described in clause 6. In an ECI-compliant CPE content can be decrypted, it can be forwarded to standard outputs if permitted and it can be re-encrypted
37、for export. The usage of an advanced security slot for these operations is specified in clause 7. A Certificate Processing Subsystem that is realized as a special function of an advanced security slot is responsible for the authentication of items. Clause 8 specifies the rules that are applied for a
38、uthentication. The ECI system uses a loader mechanism that permits ECI Clients to securely verify the version of the ECI Host and ECI Client credentials that are loaded so as to detect any known security issue. The loader mechanism relies on robustness principles that are described in clause 9. Clau
39、se 10 contains timing constraints for the operations described in the present document. ETSI ETSI GS ECI 001-5-1 V1.1.1 (2017-07)9 1 Scope The present document defines a robust security processing subsystem for ECI called the Advanced Security System. The Advanced Security System provides a secure b
40、asis for software elements to be authenticated and loaded, performs security computations and verifications, manages the encryption and decryption of content and the exchange of content with associated rights and obligations. As such the Advanced Security System is part of a “secure video path“ as i
41、t is referred to in contemporary specifications. The Advanced Security System applies the ECI Key Ladder Block 5 to perform secure calculations. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-spe
42、cific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.et
43、si.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI GS ECI 001-1: “Embedded Common Interface (E
44、CI) for exchangeable CA/DRM solutions; Part 1: Architecture, Definitions and Overview“. 2 ETSI GS ECI 001-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 2: Use cases and requirements“. 3 ETSI GS ECI 001-3: “Embedded Common Interface (ECI) for exchangeable CA/DRM solution
45、s; Part 3: CA/DRM Container, Loader, Interfaces, Revocation“. 4 ETSI GS ECI 001-4: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 4: The Virtual Machine“. 5 ETSI GS ECI 001-5-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Securit
46、y System; Sub-part 2: Key Ladder Block“. 6 ISO/IEC 9899:2011: “Information technology - Programming languages - C“. 7 NIST FIPS PUB 180-4: “Secure Hash Standard (SHS)“. 8 NIST Special Publication 800-90A revision 1: “Recommendation for Random Number Generation Using Deterministic Random Bit Generato
47、rs“, June 2015. NOTE: Available at http:/dx.doi.org/10.6028/NIST.SP.800-90Ar1. 9 ETSI ETR 289 (CSA1/2): “Digital Video Broadcasting (DVB); Support for use of scrambling and Conditional Access (CA) within digital broadcasting systems“. 10 ETSI TS 100 289 (V1.2.1) (CSA3): “Digital Video Broadcasting (
48、DVB); Support for use of the DVB Scrambling Algorithm version 3 within digital broadcasting systems“. 11 ETSI TS 103 127 (V1.1.1) (CISSA): “Digital Video Broadcasting (DVB); Content Scrambling Algorithms for DVB-IPTV Services using MPEG2 Transport Streams“. 12 ISO/IEC 23001-7 (2016) (CENC): “Informa
49、tion technology - MPEG systems technologies - Part 7: Common encryption in ISO base media file format files“. ETSI ETSI GS ECI 001-5-1 V1.1.1 (2017-07)10 13 ISO/IEC 23009-4 (2013): “Information technology - Dynamic adaptive streaming over HTTP (DASH) - Part 4: Segment encryption and authentication“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest vers
