1、 ETSI TS 103 544-14 V1.3.0 (2017-10) Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink; Part 14: Application Certificates CAUTION The present document has been submitted to ETSI as a PAS produced by CCC and approved by the ETSI Technical Committee Intelligent Tr
2、ansport Systems (ITS). CCC is owner of the copyright of the document CCC-TS-036 and/or had all relevant rights and had assigned said rights to ETSI on an “as is basis“. Consequently, to the fullest extent permitted by law, ETSI disclaims all warranties whether express, implied, statutory or otherwis
3、e including but not limited to merchantability, non-infringement of any intellectual property rights of third parties. No warranty is given about the accuracy and the completeness of the content of the present document. TECHNICAL SPECIFICATION ETSI ETSI TS 103 544-14 V1.3.0 (2017-10)2 Reference DTS/
4、ITS-88-14 Keywords interface, ITS, PAS, smartphone ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important not
5、ice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authoriz
6、ation of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be
7、aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following
8、 services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF versi
9、on shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2017. Car Connectivity Consortium 2011-2017. All rights reserved. ETSI logo is a Trade Mark of ETSI registered for the benefit of its Members. Mir
10、rorLink is a registered trademark of Car Connectivity Consortium LLC. RFB and VNC are registered trademarks of RealVNC Ltd. UPnP is a registered trademark of UPnP Forum. Other names or abbreviations used in the present document may be trademarks of their respective owners. DECTTM, PLUGTESTSTM, UMTST
11、Mand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks r
12、egistered and owned by the GSM Association. ETSI ETSI TS 103 544-14 V1.3.0 (2017-10)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 7g33 Abbreviations . 7g34 Application Certificat
13、ion Concept 7g35 Application Certificate Structure 8g35.1 X.509 Certificate 8g35.1.1 Application Certificate 8g35.1.2 Intermediate Certificate 9g35.1.3 Root Certificate . 9g35.2 MirrorLink Extension . 9g35.2.1 Extension Header 9g35.2.2 CCC-MirrorLink Extension Value . 9g35.2.3 Certificate Signing En
14、tities . 11g35.2.4 MirrorLink Server Platform Identifier 12g35.2.5 MirrorLink Server Runtime Identifier 13g35.2.6 Application identifier 13g35.2.7 Mapping of Locales 13g36 Application Certificate Life Cycle . 14g36.1 General . 14g36.2 Certificate Retrieval and Validation . 14g36.2.1 Certificate Retr
15、ieval 14g36.2.2 Certificate Validation 16g36.2.3 Testing Considerations . 17g36.3 Certificate Revocation Checks . 18g36.3.1 Revocation Protocol 18g36.3.2 Certificate Valid 21g36.3.3 Certificate Revoked 21g36.3.4 Certificate Updated . 21g36.3.5 Unchecked Certificates . 22g36.3.6 Testing Consideration
16、 . 22g36.4 Query and Grace Periods 23g36.4.1 Query Period . 23g36.4.2 Grace Period . 23g36.4.3 Period Update . 25g37 Handling of Applications with a Certificate distributed by CCC . 25g37.1 Application Installation 25g37.2 Application Filtering 26g37.3 Updating UPnP Application Server Services . 27g
17、37.3.1 Eventing 27g37.3.2 A_ARG_TYPE_AppList 27g37.3.3 A_ARG_TYPE_CertifiedAppList 28g37.3.4 A_ARG_TYPE_AppCertificateInfo. 28g3Annex A (normative): XSD MirrorLink Extension Value . 29g3Annex B (informative): OCSP Request Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI
18、standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs n
19、ot referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of
20、these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those
21、 trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems (ITS). The present document is part 14 of a multi-part deliverable. Full details of the entire series can be found in part 1 i.1. Modal verbs terminology In the present
22、 document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables ex
23、cept when used in direct citation. ETSI ETSI TS 103 544-14 V1.3.0 (2017-10)6 1 Scope The present document is part of the MirrorLinkspecification which specifies an interface for enabling remote user interaction of a mobile device via another device. The present document is written having a vehicle h
24、ead-unit to interact with the mobile device in mind, but it will similarly apply for other devices, which provide a color display, audio input/output and user input mechanisms. MirrorLink provides the ability to run certified applications on MirrorLink server devices that can be launched from the Mi
25、rrorLink client device. In order to improve safety and ensure a quality user experience, an application certification program is implemented that will control, which applications can be used with MirrorLink in drive on in non-drive situations. 2 References 2.1 Normative references References are eit
26、her specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which
27、 are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity. The following referenced documents are necess
28、ary for the application of the present document. 1 IETF RFC 3281: “An Internet Attribute Certificate Profile for Authorization“, April 2002. NOTE: Available at http:/www.ietf.org/rfc/rfc3281.txt. 2 IETF RFC 2459: “Internet X.509 Public Key Infrastructure Certificate and CRL Profile“, January 1999. N
29、OTE: Available at http:/www.ietf.org/rfc/rfc2459.txt. 3 IETF RFC 6960: “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP“, June 2013. NOTE: Available at http:/tools.ietf.org/html/rfc6960. 4 ETSI TS 103 544-16 (V1.3.0): “Publicly Available Specification (PAS); Intell
30、igent Transport Systems (ITS); MirrorLink; Part 16: Application Developer Certificates“. 5 ETSI TS 103 544-9 (V1.3.0): “Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink; Part 9: UPnP Application Server Service“. ETSI ETSI TS 103 544-14 V1.3.0 (2017-10)7 2.2 Inf
31、ormative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendment
32、s) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular
33、subject area. i.1 ETSI TS 103 544-1 (V1.3.0): “Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink; Part 1: Connectivity“. 3 Abbreviations For the purposes of the present document, the following abbreviations apply: ACMS Application Certification Management System
34、 BT Bluetooth CCC Car Connectivity Consortium ML MirrorLink OCSP Online Certificate Status Protocol RFB Remote Framebuffer UPnP Universal Plug and Play USB Universal Serial Bus VNC Virtual Network Computing 4 Application Certification Concept MirrorLink distinguishes three main categories of applica
35、tions: 1) A MirrorLink-Aware Application describes an application that implements software interfaces, which can be used via MirrorLink. A MirrorLink-Aware Application does not have MirrorLink or CCC Member certification, as described below. 2) A MirrorLink-Certified Application describes the certif
36、ication status of a MirrorLink-Aware Application, which is additionally fulfilling CCC application certification criteria. This category comes in two sub categories: a) A MirrorLink Base-Certified Application is fulfilling CCC application certification criteria for basic MirrorLink Client and Server
37、 interoperability, usability and reliability. b) A MirrorLink Drive-Certified Application is a MirrorLink Base-Certified Application, which is additionally approved by the CCC for use in a MirrorLink Client and Server system by a driver, while the vehicle is in motion. 3) A Member-certified Applicat
38、ion describes the certification status of a MirrorLink-Aware Application, which is additionally fulfilling CCC Member application certification criteria. This category comes in two sub-categories: a) A Member Base-Certified Application is fulfilling the CCC Members certification criteria for basic M
39、irrorLink Server and CCC Members MirrorLink Client interoperability, usability and reliability. b) A Member Drive-Certified Application is a Member Base-Certified Application and is approved by the CCC Member for use in a MirrorLink Server and CCC Members MirrorLink Client system by a driver, while
40、the vehicle in in motion. ETSI ETSI TS 103 544-14 V1.3.0 (2017-10)8 Certified applications will have an Application Certificate containing information about the application, relevant for allowing it in drive or non-drive mode (App Info), along with information (App ID) how the application can be sec
41、urely identified on the MirrorLink Server device. As shown in Figure 1, an application is downloaded from any application store and installed on the MirrorLink Server device. The application may come with a self-signed application certificate, which provides necessary information for the application
42、 advertisements as a MirrorLink-Aware Application. In addition, the MirrorLink Server will retrieve the Applications associated MirrorLink or Member Certificate from the Application Certificate Management System (ACMS). The application identification information is used to securely link the applicat
43、ion certificate to the downloaded and installed application. The MirrorLink Server device will be able to validate with the ACMS, whether the available application certificate is still valid. Figure 1: Application Certification Architecture (MirrorLink Server View) The MirrorLink Server device will
44、take the application information out of the validated application certificate and present the information to the MirrorLink Client devices. Within the present document, we use the term restricted mode, to refer to the condition, when driver distraction rules have to be followed (e.g. while driving).
45、 The term non- restricted mode is used to refer to the condition, when driver distraction rules have not to be followed (e.g. while being parked). 5 Application Certificate Structure 5.1 X.509 Certificate 5.1.1 Application Certificate Application Certificates shall be a public key X.509 version 3 ce
46、rtificate as specified in 1. MirrorLink uses long-lived Application Certificates. The signing Certification Authority should set an expiration date of 10 years from the date of signing, but it shall not be longer than the expiration date of the signing root or intermediate certificate. Application C
47、ertificates shall use 2048-bit RSA keys with SHA-256 or SHA-512 signature algorithms. ETSI ETSI TS 103 544-14 V1.3.0 (2017-10)9 5.1.2 Intermediate Certificate Hierarchy of certification authorities (CAs) may be used for application certification. In case intermediate CAs are used, the entire certifi
48、cate chain up to the root CA shall be provided to the MirrorLink Server together with the application certificate. The Intermediate certificate, which signed by the CCC root CA, shall have a Common Name (CN) in the issuer information, identical to “ACMS CA“; otherwise the certificate shall not be ac
49、cepted. A valid example issuer information is given below: Issuer: O=Car Connectivity Consortium, CN=ACMS CA An Intermediate Certificate should have an expiration date of 20 years from the date of signing, but it shall not be longer than the expiration date of the signing root certificate. Any Intermediate Certificate shall use 4096-bit RSA keys with SHA-512 signature algorithms. 5.1.3 Root Certificate The signing certification authoritys Root Certificate, a hash of it or a hash of its public key shall be stored in the MirrorLink Server. Acce
