1、 ETSI GS ECI 002 V1.1.1 (2018-04) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; System validation floppy3Disclaimer The present document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM solutions ETSI Industry Specification Group (ISG
2、) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 2 Reference DGS/ECI-002 Keywords CA, DRM, validation ETSI 650 Route des Lucioles F-06921 Soph
3、ia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The pr
4、esent document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such ver
5、sions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the
6、current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification N
7、o part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the f
8、oregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Or
9、ganizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 Refer
10、ences 6g32.1 Normative references . 6g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 9g34 Characteristics of ECI interfaces 10g34.1 General remarks . 10g34.2 General ECI Host resources . 10g34.3 ECI specific ECI Host resources 10g34.4 ECI H
11、ost decryption resources . 11g34.5 ECI re-encryption resources . 11g34.6 Content protection related resources 11g34.7 ECI Client Communication related resources 11g35 Installation of an ECI Host . 11g36 Installation of an ECI Client . 13g37 Installation of a 2nd ECI Client on the same device 14g38 D
12、ecryption of protected content . 15g39 Re-encryption of content 17g310 Play-out to an external device 19g311 Security aspects 21g311.1 Introduction 21g311.2 General description of an ECI Certificate Chain 23g311.3 Trust provisioning for an ECI Host 24g311.4 Trust Provisioning for an ECI Client 26g3H
13、istory 30g3ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 4 List of Figures Figure 4-1: API classification of the ECI architecture 10g3Figure 5-1: Flow diagram for the installation of an ECI Host .12g3Figure 6-1: Flow diagram for the installation of an ECI Client.13g3Figure 7-1: Flow diagram for the installa
14、tion of a second ECI Client 15g3Figure 8-1: Flow diagram for the decryption of content .16g3Figure 9-1: Flow diagram for the re-encryption of content .18g3Figure 10-1: Flow diagram for the play-out of content .20g3Figure 11-1: Example for a chain of trust in an ECI environment 22g3Figure 11-2: Signi
15、ng and verification of ECI Certificates .23g3Figure 11-3: Creation of certificates for an ECI Host image .24g3Figure 11-4: Activities for the publication of Revocation Lists for an ECI Host 25g3Figure 11-5: Verification of certificates for an ECI Host image .26g3Figure 11-6: Creation of certificates
16、 for an ECI Client .27g3Figure 11-7 Activities for the publication of Revocation Lists for an ECI Client .28g3Figure 11-8: Verification of certificates for the operation of an ECI Client .29g3ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 5 Intellectual Property Rights Essential patents IPRs essential or pot
17、entially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essent
18、ial, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee ca
19、n be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered
20、 by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, s
21、ervices or organizations associated with those trademarks. Foreword This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common Interface (ECI) for exchangeable CA/DRM solutions. The present document describes the validation of the ECI architecture that
22、 is specified in parts 1 to 6 of the ISG ECI multi-part document ETSI GS ECI 001 “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions“. The titles of these parts are listed below: Part 1: “Architecture, Definitions and Overview“; Part 2: “Use cases and requirements“; Part 3: “CA/DRM Co
23、ntainer, Loader, Interfaces, Revocation“; Part 4: “The Virtual Machine“; Part 5-1: “The Advanced Security System; ECI specific functionalities“; Part 5-2: “The Advanced Security System; Key Ladder Block“; Part 6: “Trust Environment“. Modal verbs terminology In the present document “shall“, “shall no
24、t“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct cit
25、ation. ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 6 1 Scope For implementations of an ECI Ecosystem as described in ETSI GS ECI 001-1 1 the evaluation of the system architecture is of high importance with respect to verifying the correctness of the features described in the multi-part standard. The requi
26、rements for such a system are given in ETSI GS ECI 001-2 2. The present document contains a set of life-cycle oriented use cases reflecting the usage of components of an ECI system from its installation via its usage for content-protected media up to playout to an external device. The ECI system aim
27、s at exchangeability of CA and DRM systems in the users end device by defining appropriate interfaces between such systems and the device. End-users are enabled to install security clients on their devices to ensure interoperability with the services and devices of their choice. The platform operato
28、r, in collaboration with the content provider, can select the most suitable technology for a chosen application and can offer the corresponding application to his customers for download. The following features are supported by an ECI system: Provisioning of a software container for a CA respectively
29、 DRM kernel, called an ECI Client Implementation of multiple software containers in a device for the support of more than one protection scheme Installation of ECI Clients is separated from the installation of other CPE software Support for smartcard-less or smartcard-based protection systems Suppor
30、t for the user to discover and download the appropriate kernel Support for chip-set security, also known as Advanced Security Applicable to classical digital broadcasting, IPTV and OTT services The fulfilment of these features is done via defined interfaces that are available for an ECI Client. The
31、characteristics of these interfaces are described in clause 4 of the present document. Afterwards, several test cases are described in order to show the correctness and the completeness of the ECI architecture as described in ETSI GS ECI 001-3 3, ETSI GS ECI 001-4 4, ETSI GS ECI 001-5.1 5, ETSI GS E
32、CI 001-5.2 6 and ETSI GS ECI 001-6 7. Test cases described in clauses 5 to 8 include the installation of ECI Host and ECI Client, the installation of a second ECI Client and the decryption of protected content. Clause 9 shows the processing steps for a re-encryption of content whereas clause 10 desc
33、ribes the play-out of content to an external device. Besides these technically oriented tests cases the handling of security aspects and the provisioning of trust within an ECI Ecosystem is described in clause 11. 2 References 2.1 Normative references References are either specific (identified by da
34、te of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly a
35、vailable in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the
36、 present document. 1 ETSI GS ECI 001-1 (V1.2.1): “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 1: Architecture, Definitions and Overview“. 2 ETSI GS ECI 001-2 (V1.2.1): “Embedded Common Interface (ECI) for exchangeable CA/DR solutions; Part 2: Use cases and requirements“.
37、ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 7 3 ETSI GS ECI 001-3: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 3: CA/DRM Container, Loader, Interfaces, Revocation“. 4 ETSI GS ECI 001-4: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 4: The Virtual Mac
38、hine“. 5 ETSI GS ECI 001-5-1: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Security System; Sub-part 1: ECI specific functionalities“. 6 ETSI GS ECI 001-5-2: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 5: The Advanced Security
39、System; Sub-part 2: Key Ladder Block“. 7 ETSI GS ECI 001-6: “Embedded Common Interface (ECI) for exchangeable CA/DRM solutions; Part 6: Trust Environment“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-spe
40、cific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long ter
41、m validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ISO/IEC 13818-1: “Information technology - Generic coding of moving pictures and associated audio information - Part 1:
42、Systems“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: Advanced Security System: function of an ECI compliant CPE, which provides enhanced security functions (hardware and software) for an ECI Client NOTE: The de
43、tails are specified in ETSI GS ECI 001-5-1 5. AS Slot: resources of the Advanced Security System provided exclusively to an ECI Client by the ECI Host Chipset-ID: non-secret number that is used to identify a chipset Child, Children: entity (entities) referred to by a Certificate signed by a (common)
44、 Father NOTE: Father, Children, Brother are referring to entities that manage Certificates: initialization data and software that is used to start the SoC of a CPE. Certificate: data with a complementary secure digital signature that identifies an Entity NOTE: The holder of the secret key of the sig
45、nature attests to the correctness of the data - authenticates it - by signing it with its secret key. Its public key can be used to verify the data. Certificate Chain: list of certificates that authenticate each other including a Root Revocation List Certificate Processing Subsystem: subsystem of th
46、e ECI Host that provides certificate verification processing and providing additional robustness against tampering Control Word: secret key used to encrypt and decrypt content ETSI ETSI GS ECI 002 V1.1.1 (2018-04) 8 CPE Manufacturer: company that manufactures ECI compliant CPEs ECI (Embedded CI): ar
47、chitecture and the system specified in the ETSI ISG “Embedded CI“, which allows the development and implementation of software-based swappable ECI Clients in customer premises equipment (CPE) and thus provides interoperability of CPE devices with respect to ECI ECI Client (Embedded CI Client): imple
48、mentation of a CA/DRM client which is compliant with the Embedded CI specifications NOTE: It is the software module in a CPE which provides all means to receive, in a protected manner, and to control execution of a consumers entitlements and rights concerning the content that is distributed by a con
49、tent distributor or Operator. It also receives the conditions under which a right or an entitlement can be used by the consumer, and the keys to decrypt the various messages and content. ECI Client Image: file with software as VM code, and initialization data required by the ECI Client Loader ECI Client Loader: software module part of the ECI Host which allows to download, verify and install new ECI Client software in an ECI Container of the ECI Host ECI Ecosystem: real-world instantiation of a Trust Environment consisting of a
