1、 ETSI TS 102 822-7 V1.1.1 (2003-10)Technical Specification Broadcast and On-line Services: Search, select andrightful use of content on personal storage systems(“TV-Anytime Phase 1“);Part 7: Bi-directional metadata delivery protectionETSI ETSI TS 102 822-7 V1.1.1 (2003-10) 2 Reference DTS/JTC-TVA-PH
2、1-07 Keywords broadcasting, content, TV, video ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice
3、Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Do
4、cument Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on th
5、e current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and
6、 the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being reg
7、istered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 822-7 V1.1.1 (2003-10) 3 Contents Intellectual Property Rights4 Foreword.4 Introduction 5 1 Scope 6 2 References 7 3 Defi
8、nitions and abbreviations.7 3.1 Definitions7 3.2 Abbreviations .8 4 Use of TLS to Protect Bi-directional Delivery of Metadata.8 4.1 TLS Protocol (informative) 9 4.1.1 Overview 9 4.1.2 Handshake.9 4.2 Advantages of TLS.10 5 TV-Anytime TLS Profile for Bi-directional Metadata Delivery Protection11 5.1
9、TLS Cipher suites.11 5.1.1 Pre-Master Key Delivery11 5.1.2 Digital Signature Algorithm .11 5.1.3 MAC (Message Authentication Code) Algorithm 11 5.1.4 Cipher Algorithm11 5.1.5 TLS Cipher suites .11 5.2 Certificate Profile .12 5.2.1 Certificate Trust Hierarchy .12 5.2.1.1 TV-Anytime X.509 Certificate
10、Profile Version12 5.2.1.2 Public Key Type12 5.2.1.3 RSA Public Keys 13 5.2.1.4 Extensions .13 5.2.1.4.1 subjectKeyIdentifier 13 5.2.1.4.2 authorityKeyIdentifier .13 5.2.1.4.3 keyUsage .13 5.2.1.4.4 basicConstraint 13 5.2.1.5 Signature Algorithm13 5.2.1.6 SubjectName and IssuerName 14 5.2.2 Certifica
11、te Chain Validation Requirements 14 5.2.3 (Metadata) Web Server Certificate Profile .14 5.2.4 Metadata Provider CA Certificate 15 5.2.5 TV-Anytime Root CA15 5.2.6 Certificate Revocation 15 5.3 Device requirements.16 Annex A (informative): Bibliography.17 List of figures18 History 19 ETSI ETSI TS 102
12、 822-7 V1.1.1 (2003-10) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 3
13、14: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy,
14、 no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technic
15、al Specification (TS) has been produced by Joint Technical Committee (JTC) Broadcast of the European Broadcasting Union (EBU), Comit Europen de Normalisation ELECtrotechnique (CENELEC) and the European Telecommunications Standards Institute (ETSI). The present document is part 7 of a multi-part deli
16、verable covering Broadcast and On-line Services: Search, select and rightful use of content on personal storage systems (“TV-Anytime Phase 1“), as identified below: Part 1: “Phase 1 Benchmark Features“ (Informative); Part 2: “System description“; Part 3: “Metadata“; Part 4: “Content referencing“; Pa
17、rt 5: Not currently applicable in TV-Anytime Phase 1; Part 6: “Delivery of metadata over a bi-directional network“; Part 7: “Bi-directional metadata delivery protection“. ETSI ETSI TS 102 822-7 V1.1.1 (2003-10) 5 Introduction The present document document is based on a submission by the TV-Anytime f
18、orum (http:/www.tv-anytime.org). TV-Anytime Phase 1 (TVA-1) is the first full and synchronized set of specifications established by the TV-Anytime Forum. TVA-1 features enable the search, selection, acquisition and rightful use of content on local and/or remote personal storage systems from both bro
19、adcast and online services. The features are supported and enabled by the specifications for Metadata, Content Referencing, and Bi-directional Metadata Delivery Protection, TS 102 822-3 sub-parts 1 1 and 2 2, TS 102 822-4 3, TS 102 822-6 4 and TS 102 822-7 (the present document) respectively. All Ph
20、ase 1 Features listed in TV035r6 are enabled by the normative TV-Anytime tools specifications. This list of Phase 1 Features is to be used as guidance to manufacturers, service providers and content providers regarding the implementation of the Phase 1 TV-Anytime specifications. There will be furthe
21、r TV-Anytime phases published and Business Models for Post-Phase 1 are currently being defined to include Private and public domains, portable recordable media, super distribution (legal sharing of content between consumers), peripheral device support and mobile devices, amongst others. ETSI ETSI TS
22、 102 822-7 V1.1.1 (2003-10) 6 1 Scope The present document is the seventh document of a series of “S-documents“ produced by the TV-Anytime Forum. These documents establish the fundamental specifications for the services, systems and devices that will conform to the TV-Anytime standard, to a level of
23、 detail that is implementable for compliant products and services. As is common practice in such standardization efforts, these specification documents were preceded by requirements documents (“R-series“), which define the requirements for the TV-Anytime services, systems, and devices. Congruent wit
24、h the structure defined in the initial TV-Anytime Call for Contributions (TV014r3), these specifications are parsed into three major areas: Metadata, Content Referencing and Rights Management and Protection. Within these general areas, four specifications have been developed to date: Metadata (S-3),
25、 Content Referencing (S-4), Bi-directional Metadata (S-6) and Metadata Protection (S-7). A specification for Rights Management and Protection (S-5) is still under development. See the several TV-Anytime Calls for Contributions for more detail on the derivation and background of these categories and
26、their respective roles in the TV-Anytime standardization process. Two documents in the TV-Anytime S-series are intended to define the context and system architecture in which the standards in S-3, S-4, S-6 and S-7 are to be implemented in “Phase 1“ of the TV-Anytime environment. The first document i
27、n the series (S-1) provides benchmark business models against which the TV-Anytime system architecture is evaluated to ensure that the specification enable key business applications. The next document in the series (S-2) presents the TV-Anytime System Architecture. These two documents are placed ahe
28、ad of the other three for their obvious introductory value. (Note that S-1 and S-2 are largely informative documents, while the remainder of the S-series is normative. Also note that a “Phase 2“ of the TV-Anytime process is currently underway, in which additional requirements and specifications that
29、 will build on Phase 1 are being developed. Readers are encouraged to check the TV-Anytime Forums website at www.tv-anytime.org for the most recent status of its specifications.) Although each of the S-series documents is intended to stand alone, a complete and coherent sense of the TV-Anytime syste
30、m standard can be gathered by reading all of the Phase 1 specification documents in numerical order. This scope of the present document, comprises the protection of metadata delivered via bi-directional networks. The requirements for this technology are outlined as follows: Provide message integrity
31、 Authenticate service provider (entity that delivers metadata) Support bi-directional transport models Optional encryption With the present document, TV-Anytime Forum mandates TLS as its baseline method of securing bi-directional delivery of metadata over point to point network connections. While th
32、e present document addresses metadata transport security during delivery, it does not address persistent protection of metadata within the consumer space. To ensure persistent protection of metadata additional means of protection have to be applied in conjunction with the present document. The basic
33、 aim of the present document is to provide means to enable the delivery of trusted metadata to end-users. However, end to end content protection is to be addressed in a separate specification (TS 102 822-5) as per the fundamental TV-Anytime RMP requirements: “TV-Anytime RMP-compliant systems, which
34、aim to securely manage content from creation to final consumption shall accommodate the various needs of the different players in the value chain, specially enabling content owners and distributors to persistently protect their intellectual property and enforce content usage rules within the full co
35、ntent lifecycle.“ (RMP CFC section 3) ETSI ETSI TS 102 822-7 V1.1.1 (2003-10) 7 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or editi
36、on number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Refe
37、rence. 1 ETSI TS 102 822-3-1: “Broadcast and On-line Services: Search, select, and rightful use of content on personal storage systems (“TV-Anytime Phase 1“); Part 3: Metadata; Sub-part 1: Metadata schemas“. 2 ETSI TS 102 822-3-2: “Broadcast and On-line Services: Search, select, and rightful use of
38、content on personal storage systems (“TV-Anytime Phase 1“); Part 3: Metadata; Sub-part 2: System aspects in a uni-directional environment“. 3 ETSI TS 102 822-4: “Broadcast and On-line Services: Search, select, and rightful use of content on personal storage systems (“TV-Anytime Phase 1“); Part 4: Co
39、ntent Referencing“. 4 ETSI TS 102 822-6: “Broadcast and On-line Services: Search, select, and rightful use of content on personal storage systems (“TV-Anytime Phase 1“); Part 6: Delivery of metadata over a bi-directional network; Sub-part 1: Service and transport“. 5 IETF RFC 1750 - December 1994: “
40、Randomness Recommendations for Security“, D. Eastlake, S. Crocker and J. Schille. 6 IETF RFC 2104 - February 1997: “HMAC: Keyed-Hashing for Message Authentication“ H. Krawczyk, M. Bellare and R. Canetti. 7 IETF RFC 2246 - January 1999: “The TLS Protocol Version 1.0“, T. Dierks and C. Allen. 8 IETF R
41、FC 3268 - June 2002: “Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)“, P. Chown. 9 IETF RFC 3280 - April 2002: “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile“, R. Housley, W. Polk, W. Ford, and D. Solo. 10 S. Mo
42、riai, Addition of Camellia Ciphersuites to Transport Layer Security (TLS), Internet-Draft, August 2002. 11 E. Rescorla, SSL and TLS, Addison Wesley, 2001. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: baseline: mi
43、nimum set of functions that should be implemented to be compliant with TV-Anytime Forum specifications ETSI ETSI TS 102 822-7 V1.1.1 (2003-10) 8 bi-directional network: network that supports two way, point-to-point, one-to-many, and many-to-many data delivery NOTE: The Internet is an example of such
44、 a network. A PDR may access a bi-directional network using its return path. certificate: as part of the X.509 (a.k.a. ISO Authentication framework), certificates are assigned by a trusted Certificate Authority and provide a strong binding between a partys identity or some other attributes and its p
45、ublic key handshake: initial negotiation between client and server that establishes the parameters of their transactions metadata: generally, data about content, such as the title, genre and summary of a television programme. In the context of TV-Anytime, metadata also includes consumer profile and
46、history data service provider: aggregator and supplier of content which may include gateway and management roles 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AES Advanced Encryption Standard ASN.1 Abstract Syntax Notation. One CA Certificate Authorit
47、y CRL Certificate Revocation List DER Distinguished Encoding Rules DES Data Encryption Standard DH Diffie-HellmanDHE Ephemeral Diffie-Hellman DSS Digital Signature StandardF4 Fermats F4 prime HMAC Hash-based Message Authentication Code HTTP Hypertext Transfer Protocol IETF Internet Engineering Task
48、Force IP Internet Protocol MAC Message Authentication Code MD5 Message Digest version 5 OID Object Identifier PKI Public Key Infrastructure RC4 Rons Code 4 RDN Relatively Distinguished Name RFC Request For Comments RMP Rights Management and Protection RSA Rivest, Shamir, Adleman algorithm SHA-1 Secu
49、re Hash Algorithm version 1 SOAP Simple Object Access Protocol SSL Secure Socket Layer TCP Transmission Control Protocol TLS Transport Layer Security URN Uniform Resource Names XML Extensible Markup Language 4 Use of TLS to Protect Bi-directional Delivery of Metadata Secure Sockets Layer (SSL) and its IETF successor, Transport Layer Security (TLS), are the leading Internet security protocols, providing security for e-commerce, web services, and many other network functions. The primary goal of the TLS Protocol is to provide p