1、 ETSI GS ECI 001-6 V1.1.1 (2018-02) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 6: Trust Environment Disclaimer The present document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM solutions ETSI Industry Specification Group (
2、ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 2 Reference DGS/ECI-001-6 Keywords CA, DRM, trust ETSI 650 Route des Lucioles F-06921 So
3、phia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The
4、present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such v
5、ersions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on th
6、e current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification
7、 No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the
8、 foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP
9、Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Introduction 5
10、g31 Scope 7g32 References 7g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 Overview 10g34.1 Introduction 10g34.2 Trust Environment and ecosystem . 10g34.3 ECI Certificates and trust . 10g34.4 ECI export gr
11、oups and trust 10g34.5 Stakeholders of the ECI-Ecosystem . 10g34.5.1 Definition 10g34.5.2 Obligations of the stakeholders . 11g34.5.3 Liabilities of the stakeholders . 11g35 Role of the ECI Trust Authority . 12g35.1 Introduction 12g35.2 Prerequisites . 12g35.3 Delegation of responsibility . 12g35.4
12、Creation and enforcement of mandatory rules and policies . 12g35.4.1 Introduction. 12g35.4.2 Conformance. 12g35.4.3 Certification 13g35.5 Ownership of critical components 13g35.6 Responsibility, accountability, and liability . 13g36 Tasks of the ECI Trust Authority . 13g36.1 Introduction 13g36.2 Con
13、trol and manage the root keys 13g36.3 Control and manage the Root Revocation List . 14g36.4 Define the process for creating certificates 14g36.5 Define the process for revoking certificates . 14g36.6 Provide a repository for Certificates and Revocation Lists 15g36.7 Create and manage the technical f
14、ramework of an ECI ecosystem 15g36.8 Create and manage the contractual framework of an ECI ecosystem. 15g36.9 Define the certification process 15g36.10 Ensure the conformance of ECI stakeholders . 16g36.11 Register, assign, and manage Id values and keys . 16g36.12 Create and update policies for secu
15、rity and robustness 16g36.13 Settle disputes between stakeholders (informative) . 16g36.14 Update the ECI specification(s) and develop future version (informative) 17g36.15 Serve as point-of-contact for third parties (informative) 17g37 Critical processes and workflows (Informative) 17g37.1 Introduc
16、tion 17g37.2 Certification 17g37.3 Revocation 17g37.4 Key generation and management . 18g3ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 4 Annex A (informative): Additional information on security aspects . 19g3A.1 Implementing security related processes 19g3A.2 The concept behind the three root keys 19g3A
17、nnex B (informative): Authors Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, includi
18、ng IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include tra
19、demarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present docu
20、ment does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions. The present
21、document is part 6 of a multi-part deliverable covering the Trust Environment for the Embedded Common Interface for exchangeable CA/DRM solutions specification, as identified below: Part 1: “Architecture, Definitions and Overview“; Part 2: “Use cases and requirements“; Part 3: “CA/DRM Container, Loa
22、der, Interfaces, Revocation“; Part 4: “The Virtual Machine“; Part 5: “The Advanced Security System“; Part 6: “Trust Environment“. The use of terms in bold and starting with capital characters in the present document shows that those terms are defined with an ECI specific meaning, which may deviate f
23、rom the common use of those terms. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of p
24、rovisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 6 Introduction The ECI system combines security with interoperability to provide a flexible and future-proof content protection system. It is an open, s
25、tandardized system, which allows CA/DRM vendors to implement a wide range of products and consumers to readily switch between vendors on ECI compliant CPEs. The openness of the ECI system requires specific security elements in a compliant CPE to be swappable. In addition to the technical aspects of
26、the standard there exist certain operational and commercial aspects which need to be handled in order for the security of the system, and the trustworthiness for all stakeholders to be provisioned and maintained. These aspects are addressed by creating a Trust Environment that consists of a contract
27、ual framework, policies, and technical specifications required for creating an ECI Ecosystem. ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 7 1 Scope The present document specifies the basic technical principles and tasks for defining an ECI compliant Trust Environment intended for establishing an ECI Eco
28、system as specified in 1, 2 and 3. The present document therefore also provides guidance for a party that intends to serve as an ECI Trust Authority for an ECI Ecosystem. The present document covers specification details in the following clauses: clause 4 addresses the Trust Environment and its stak
29、eholders, clause 5 addresses the role of the ECI Trust Authority, clause 6 describes the tasks of the ECI Trust Authority, and clause 7 deals with critical workflows within the ECI Ecosystem. An annex gives some additional background information on the security aspects. 2 References 2.1 Normative re
30、ferences References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies.
31、 Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following ref
32、erenced documents are necessary for the application of the present document. 1 ETSI GS ECI 001-1: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 1: Architecture, Definitions and Overview“. 2 ETSI GS ECI 001-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutio
33、ns; Part 2: Use Cases and Requirements“. 3 ETSI GS ECI 001-3: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 3: CA/DRM Container, Loader, Interfaces, Revocation“. 4 ETSI GS ECI 001-4: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 4: The Virtual Ma
34、chine“. 5 ETSI GS ECI 001-5-1: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Security System; Sub-part 1: ECI specific functionalities“. 6 ETSI GS ECI 001-5-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Security
35、 System; Sub-part 2: Key Ladder Block“. 7 ETSI GS ECI 002: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; System validation“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. Fo
36、r specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validi
37、ty. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 8 i.1 ETSI GR ECI 004: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; G
38、uidelines for the implementation of ECI“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions apply: Advanced Security System (AS System): function of an ECI compliant CPE, which provides enhanced security functions (hardware and softwa
39、re) for an ECI Client NOTE: The details are specified in ETSI GS ECI 001-5-1 5. certificate: data with a complementary secure digital signature that identifies an entity NOTE: The holder of the secret key of the signature attests to the correctness of the data - authenticates it - by signing it with
40、 its secret key. Its public key can be used to verify the data. certificate chains: list of certificates that authenticate each other up to and including a Root Revocation List Certificate Processing Subsystem (CPS): subsystem of the ECI Host that provides certificate verification processing and pro
41、viding additional robustness against tampering content protection system: systems that employs cryptographic techniques to manage access to content and services NOTE: The term may be interchanged frequently with the alternate Service Protection system. Typical systems of this sort are either Conditi
42、onal Access Systems, or Digital Rights Management systems. Customer Premises Equipment (CPE): media receiver which has implemented ECI, allowing the user to access digital media services CPE manufacturer: company that manufactures ECI compliant CPEs digital signature: data (byte sequence) that decry
43、pted with the public key of the signatory of another piece of data can be used to verify the integrity of that other piece of data by making a digest (hash) of the other piece of data and comparing it to the decrypted data Embedded Common Interface (ECI): architecture and the system specified in the
44、 ETSI ISG “Embedded CI“, which allows the development and implementation of software-based swappable ECI Clients in customer premises equipment (CPE) and thus provides interoperability of CPE devices with respect to ECI ECI chip manufacturer: company providing Systems on a Chip that implement ECI sp
45、ecified chipset functionality ECI client: implementation of a CA/DRM client which is compliant with the embedded CI specifications NOTE: It is the software module in a CPE which provides all means to receive, in a protected manner, and to control execution of a consumers entitlements and rights conc
46、erning the content that is distributed by a content distributor or Operator. It also receives the conditions under which a right or an entitlement can be used by the consumer, and the keys to decrypt the various messages and content. ECI ecosystem: real-world instantiation of a trust environment con
47、sisting of a TA and several platforms and ECI compliant CPEs in a commercial operation in the field ECI host: hardware and software system of a CPE, which covers ECI related functionalities and has interfaces to an ECI client NOTE: The ECI host is one part of the CPE firmware. ECI host image: file(s
48、) with software and initialization data for an ECI environment NOTE: An ECI host image may consist of a number of ECI host image files. ETSI ETSI GS ECI 001-6 V1.1.1 (2018-02) 9 ECI root certificate: certificate which issues to verify items approved by an ECI TA ECI Trust Authority (TA): organizatio
49、n governing all rules and regulations that apply to implementations of ECI and manages the interoperability and coexistence of CA and DRM systems within the ECI ecosystem entity, entities: organization(s) (e.g. manufacturer, operator or security vendor) or real world item(s) (e.g. ECI host, platform operation or ECI client) identified by an ID in a certificate manufacturer: entity which develops and sells CPEs, which accommodate an implementation of the ECI system and allow ECI hosts and ECI clients to be installed per software download operator: organ
