1、 ETSI TS 103 544-16 V1.3.0 (2017-10) Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink; Part 16: Application Developer Certificates CAUTION The present document has been submitted to ETSI as a PAS produced by CCC and approved by the ETSI Technical Committee Inte
2、lligent Transport Systems (ITS). CCC is owner of the copyright of the document CCC-TS-044 and/or had all relevant rights and had assigned said rights to ETSI on an “as is basis“. Consequently, to the fullest extent permitted by law, ETSI disclaims all warranties whether express, implied, statutory o
3、r otherwise including but not limited to merchantability, non-infringement of any intellectual property rights of third parties. No warranty is given about the accuracy and the completeness of the content of the present document. TECHNICAL SPECIFICATION ETSI ETSI TS 103 544-16 V1.3.0 (2017-10)2 Refe
4、rence DTS/ITS-88-16 Keywords interface, ITS, PAS, smartphone ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Imp
5、ortant notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior writte
6、n authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document
7、should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the
8、 following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the
9、 PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2017. Car Connectivity Consortium 2011-2017. All rights reserved. ETSI logo is a Trade Mark of ETSI registered for the benefit of its Me
10、mbers. MirrorLink is a registered trademark of Car Connectivity Consortium LLC. RFB and VNC are registered trademarks of RealVNC Ltd. UPnP is a registered trademark of UPnP Forum. Other names or abbreviations used in the present document may be trademarks of their respective owners. DECTTM, PLUGTEST
11、STM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are tr
12、ademarks registered and owned by the GSM Association. ETSI ETSI TS 103 544-16 V1.3.0 (2017-10)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Abbreviations . 6g34 Developer Ap
13、plication Concept . 6g35 Application Developer Certificate Structure 7g35.1 Application Development Certificate . 7g35.1.1 General 7g35.1.2 Extension Header 7g35.1.3 Extension Values 8g35.1.3.1 CCC-MirrorLink-Developer-Id . 8g35.1.3.2 CCC-MirrorLink Extension Value 8g35.2 Developer Identification Ce
14、rtificate . 8g35.2.1 General 8g35.2.2 Extension Header 8g35.2.3 Extension Values 8g35.2.3.1 CCC-MirrorLink-Developer-Id . 8g35.2.3.2 CCC-MirrorLink-Developer-Server-Ids . 9g35.2.3.3 CCC-MirrorLink-Client-Manufacturer-Ids . 9g35.3 Root Certificate 9g36 Developer Identification Certificate Life Cycle
15、. 9g36.1 Certificate Retrieval and Validation . 9g36.1.1 Certificate Retrieval 9g36.1.2 Certificate Validation 10g36.1.3 Testing Considerations . 11g36.2 Certificate Revocation Checks . 11g36.2.1 Revocation Protocol 11g36.2.2 Certificate Valid 12g36.2.3 Certificate Revoked 12g36.2.4 Certificate Upda
16、ted . 12g36.2.5 Testing Consideration . 12g36.3 Query and Grace Periods 13g36.3.1 Query Period . 13g36.3.2 Grace Period . 13g37 Application Development Certificate Life Cycle . 13g37.1 Certificate Retrieval and Validation . 13g37.1.1 Certificate Retrieval 13g37.1.2 Certificate Validation 13g37.1.3 C
17、ertificate Update . 14g37.2 Certificate Revocation Checks . 14g3Annex A (informative): OCSP Request Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.
18、etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to
19、 the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trade
20、mark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transpor
21、t Systems (ITS). The present document is part 16 of a multi-part deliverable. Full details of the entire series can be found in part 1 i.1. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to b
22、e interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 544-16 V1.3.0 (2017-10)5 1 Scope The present document is part of the M
23、irrorLinkspecification which specifies an interface for enabling remote user interaction of a mobile device via another device. The present document is written having a vehicle head-unit to interact with the mobile device in mind, but it will similarly apply for other devices, which provide a colour
24、 display, audio input/output and user input mechanisms. MirrorLink provides the ability to run certified applications on MirrorLink server devices that can be launched from the MirrorLink Client device. In order to improve safety and ensure a quality user experience, an application certification pro
25、gram is implemented that will control which applications can be used with MirrorLink in drive on in non-drive situations. Application developers will be able to use specific application development certificates, which simplifies the development of applications on the one side, but which will be usab
26、le only on a small set of MirrorLink Server devices - as well as a potentially restricted set of MirrorLink Client devices. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific r
27、eferences, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference. NOT
28、E: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity. The following referenced documents are necessary for the application of the present document. 1 IETF RFC 3281: “An Internet Attribute Certificate Profile for Authori
29、zation“, April 2002, http:/www.ietf.org/rfc/rfc3281.txt. 2 IETF RFC 2459: “Internet X.509 Public Key Infrastructure Certificate and CRL Profile“, January 1999, http:/www.ietf.org/rfc/rfc2459.txt . 3 IETF RFC 2560: “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP“,
30、June 1999, http:/tools.ietf.org/html/rfc2560 . 4 ETSI TS 103 544-9 (V1.3.0): “Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink ; Part 9: UPnP Application Server Service“. 5 ETSI TS 103 544-14 (V1.3.0): “Publicly Available Specification (PAS); Intelligent Transp
31、ort Systems (ITS); MirrorLink; Part 14: Application Certificates“ . 6 ETSI TS 103 544-10 (V1.3.0): “Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink; Part 10: UPnP Client Profile Service“ . 2.2 Informative references References are either specific (identified b
32、y date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause w
33、ere valid at the time of publication, ETSI cannot guarantee their long-term validity. ETSI ETSI TS 103 544-16 V1.3.0 (2017-10)6 The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI
34、 TS 103 544-1 (V1.3.0): “Publicly Available Specification (PAS); Intelligent Transport Systems (ITS); MirrorLink; Part 1: Connectivity“. 3 Abbreviations For the purposes of the present document, the following abbreviations apply: ACMS Application Certification Management System BT Bluetooth ML Mirro
35、rLink OCSP Online Certificate Status Protocol RFB Remote Framebuffer UPnP Universal Plug and Play USB Universal Serial Bus VNC Virtual Network Computing 4 Developer Application Concept MirrorLink provides the ability to run certified applications on MirrorLink server devices that can be launched fro
36、m the MirrorLink client device. In order to improve safety and ensure a quality user experience, an application certification program is implemented that will control which applications can be used with MirrorLink in drive on in non-drive situations. Application developers will be able to use specif
37、ic application development certificates, which simplifies the development of applications on the one side, but which will be usable only on a small set of MirrorLink Server devices - as well as a potentially restricted set of MirrorLink Client devices. Each application under development, which can b
38、e uniquely identified by a platform specific application identifier (App ID), will come with an Application Development Certificate (App Dev Certificate), which contains the App ID; necessary application information, provided to the MirrorLink Client (App Info); and the Developer ID (Dev ID). The Ap
39、plication Development Certificate is self-signed by either the application developer or the MirrorLink Servers software development kit. The MirrorLink Server will use the information from the App Development Certificate to validate the MirrorLink Application, and to link it to the Developer Identif
40、ier Certificate (Dev ID Certificate). The Dev ID Certificate contains a unique Developer Identifier (Dev ID), and one or more Server Device Identifiers (Server Device IDs) for which the Dev ID Certificate is valid. An optional list of Client Device Identifiers (Client Device IDs) defines a black lis
41、t of client devices, for which the Dev ID Certificate is not valid. As shown in Figure 1, the App Dev and the Dev ID Certificates are stored on the MirrorLink Server Device. It is the responsibility of the MirrorLink Server to check, whether the Dev ID Certificate has not been revoked and whether it
42、 is valid for the MirrorLink Server and Client combination. In case the App Dev Certificate is valid, the corresponding MirrorLink application will be presented to the MirrorLink Client Device as an application coming with a certificate distributed by CCC. ETSI ETSI TS 103 544-16 V1.3.0 (2017-10)7 F
43、igure 1: Application Developer Certification Architecture (MirrorLink Server View) A MirrorLink Client will not see the difference from any regular non-development version, besides a different signing entity name and an additional X.509 v3 extension. Support for development applications as described
44、 above may be restricted to specific MirrorLink Server Developer devices; those shall be made available to application developers. Therefore, a regular MirrorLink Server device may NOT be able to run development applications as certified applications. 5 Application Developer Certificate Structure 5.
45、1 Application Development Certificate 5.1.1 General MirrorLink Application Development Certificates shall be a public key X.509 version 3 certificate as specified in 1. The certificate is a self-signed certificate. The signing authority shall not set an expiration date of longer than 1 month from th
46、e date of signing. Application Development Certificate shall use 2048-bit RSA keys with SHA-256 or SHA-512 signature algorithms. 5.1.2 Extension Header The X.509 extension header shall have the following format: X509v3 extensions: CCC-MirrorLink-Developer-Id Extension: extnId: 1.3.6.1.4.1.41577.3.1
47、critical: no extnValue: DER:OCTET STRING CCC-MirrorLink Extension: extnId: 1.3.6.1.4.1.41577.2.1 ETSI ETSI TS 103 544-16 V1.3.0 (2017-10)8 critical: no extnValue: DER: 5.1.3 Extension Values 5.1.3.1 CCC-MirrorLink-Developer-Id Developer Id, as provided from the Application Certification Management S
48、ystem (ACMS), shall be formatted as a character string of up to 40 alphanumeric characters (a-z, 0-9). 5.1.3.2 CCC-MirrorLink Extension Value The DER encoded XML of the application information, as specified in 5. The Signing Entity Name of application development certificates shall be “DEVELOPER“. 5
49、.2 Developer Identification Certificate 5.2.1 General The MirrorLink Dev ID Certificate shall be a public key X.509 version 3 certificate as specified in 1. The certificate shall be signed by the CCCs Root Certificate. A hierarchy of certification authorities (CAs) may be used for Dev ID certificates. In case intermediate CAs are used, the entire certificate chain up to the root CA shall be provided to the MirrorLink Server together with the Dev ID certificate. Any intermediate certificate shall not have an expiration date of mo