1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T J.1020 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2017) SERIES J: CABLE NETWORKS AND TRANSMISSION OF TELEVISION, SOUND PROGRAMME AND OTHER MULTIMEDIA SIGNALS Conditional access and protection Downloadable system fo
2、r multi-CA/DRM service of mobile broadcasting Service model and architecture of downloadable mobile multi-CA/DRM solutions for delivering CA/DRM client software to secondary devices Recommendation ITU-T J.1020 Rec. ITU-T J.1020 (10/2017) i Recommendation ITU-T J.1020 Service model and architecture o
3、f downloadable mobile multi-CA/DRM solutions for delivering CA/DRM client software to secondary devices Summary The purpose of Recommendation ITU-T J.1020 is to provide the reference service model, the architecture and the service operation protocols which are needed for multi-CA/DRM service based o
4、n a downloadable scheme. The downloadable scheme in this Recommendation means downloading CA/DRM client software images from the multichannel video programming distributor (MVPD) or broadcaster to a secondary device such as smart phone, tablet or laptop PC connected to a primary customer premises eq
5、uipment (CPE) such as a set-top box. Service providers can change CA/DRM solutions for the secondary device from one to the other using on-line methods as well as operate multiple CA/DRM solutions at the same time. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T J.1020 2017-
6、10-22 9 11.1002/1000/13286 Keywords Customer premises equipment, CPE, conditional access, digital rights management, DM, downloadable CA/DRM, downloadable mobile multi-CA/DRM, multi-CA/DRM, secondary device. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of y
7、our web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T J.1020 (10/2017) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and co
8、mmunication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis.
9、 The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resoluti
10、on 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and
11、 a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are me
12、t. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibi
13、lity that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Rec
14、ommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest informati
15、on and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T J.1020 (10/2017) iii Table of Contents
16、 Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 Reference model for a DM system . 3 7 Actors and roles 3 8 System architecture . 4 9 DM agent download and installation opera
17、tion 4 10 CA/DRM client software download and installation operation . 6 Bibliography. 9 Rec. ITU-T J.1020 (10/2017) 1 Recommendation ITU-T J.1020 Service model and architecture of downloadable mobile multi-CA/DRM solutions for delivering CA/DRM client software to secondary devices 1 Scope The objec
18、tive of this Recommendation is to specify a service model and architecture for downloadable mobile multi-CA/DRM (DM) solutions for delivering CA/DRM client software to a secondary device ITU-T J.1010, ITU-T J.1011 such as a smart phone, tablet or laptop PC connected to a primary CPE ITU-T J.1011 suc
19、h as a set-top box for cable television services. Note that the terminology of “secondary CPE“ is used in ITU-T J.1011 instead of “secondary device“ with the same meaning. The use cases, requirements and architecture of a downloadable multi-CA/DRM service are specified through ITU-T J.1010 and ITU-T
20、 J.1011 under the name of “exchangeable CA/DRM solutions“. The downloadable multi-CA/DRM service is part of a bigger family of services named the renewable CA system (RCAS), which are described in the Recommendations b-ITU-T J.1001, b-ITU-T J.1002, b-ITU-T J.1003 and b-ITU-T J.1004. Note that the us
21、e case related to this Recommendation is described in Annex A of ITU-T J.1010. A reference service model and architecture will include entities such as MVPD, a third-party authorization centre and secondary devices which are necessary for providing downloadable service of CA/DRM client software. Thi
22、s Recommendation also specifies the service operation protocol among the entities that are part of the reference service model and architecture. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of th
23、is Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and othe
24、r references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T J.1010 Recommendation ITU-T J.1010 (2016), Embedded common
25、interface for exchangeable CA/DRM solutions; Use cases and requirements. ITU-T J.1011 Recommendation ITU-T J.1011 (2016), Embedded common interface for exchangeable CA/DRM solutions; Architecture, definitions and overview. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the follow
26、ing term defined elsewhere: 3.1.1 conditional access (CA) b-ITU-T J.193: The conditional granting of access to cable services and content based upon what service suite has been purchased by the customer. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1
27、DM_ISS: One of the roles of a downloadable mobile (DM) system that consists in the personalization of a DM agent installed in a user secondary device. 2 Rec. ITU-T J.1020 (10/2017) 3.2.2 DM_MSS: One of roles of a downloadable mobile (DM) system that consists in the management of on-line or off-line
28、download. 3.2.3 CDCS_ISS: One of the roles of a downloadable mobile (DM) system that consists in the personalization of CA/DRM client software (CDCS) installed in a user secondary device. 3.2.4 CDCS_MSS: One of the roles of a downloadable mobile (DM) system that consists in the establishment of a se
29、cure channel between CDCS_MSS and a DM agent and management of CA/DRM client software (CDCS) download. 3.2.5 CDCS_PSS: One of the roles of a downloadable mobile (DM) system that consists in the management of content access entitlement policy, based on access rights, which differ according to the ent
30、itlement levels and hardware capability of the secondary device considered. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: CA Conditional Access CDCS CA/DRM Client Software CPE Customer Premises Equipment DM Downloadable Mobile multi-CA/DRM DRM Digita
31、l Rights Management ISS Initialization Personalization Sub-System MSS Management Sub-System MVPD Multichannel Video Programming Distributor PSS Policy Sub-System RCAS Renewable Conditional Access System SD Secondary Device 5 Conventions The keywords “is required to“ indicate a requirement which must
32、 be strictly followed and from which no deviation is permitted if conformance to this document is to be claimed. The keywords “is recommended“ indicate a requirement which is recommended but which is not absolutely required. Thus this requirement need not be present to claim conformance. The keyword
33、s “is prohibited from“ indicate a requirement which must be strictly followed and from which no deviation is permitted if conformance to this document is to be claimed. The keywords “can optionally“ indicate an optional requirement which is permissible, without implying any sense of being recommende
34、d. This term is not intended to imply that the vendors implementation must provide the option and the feature can be optionally enabled by the network operator/service provider. Rather, it means the vendor may optionally provide the feature and still claim conformance with the specification. In the
35、body of this document and its annexes, the words “shall“, “shall not“, “should“ and “may“ sometimes appear, in which case they are to be interpreted, respectively, as “is required to“, “is prohibited from“, “is recommended“ and “can optionally“. The appearance of such phrases or keywords in an appen
36、dix or in material explicitly marked as informative are to be interpreted as having no normative intent. Rec. ITU-T J.1020 (10/2017) 3 6 Reference model for a DM system A reference model for DM service for secondary devices is shown in Figure 1. It consists of three parts, a third party authorizatio
37、n centre, a multichannel video programming distributor (MVPD) and the secondary device. The third party authorization centre is called a downloadable mobile multi-CA/DRM (DM) centre and it includes an entitlement control server and entitlement information. The MVPD is connected with a secondary devi
38、ce. CA/DRM client software (CDCS) images are supposed to be delivered in these networks and users can watch pay-television contents using a secondary device. To securely download CDCS image, a secondary device should be equipped with a DM agent in advance. The DM agent is located inside the secondar
39、y device and provides initialization and download functions of CDCS. The DM agent can be loaded into a secondary device using online or offline methods. If the online method is used, the DM centre and the secondary device must use a pre-defined secure communication protocol such as RCAS network prot
40、ocol b-ITU-T J.1003. On the other hand, if the offline method is used, a user who has a secondary device should visit a third party commissioned from the MVPD. Figure 1 Reference model for downloadable mobile multi-CA/DRM system 7 Actors and roles A system for DM service has actors and roles which a
41、re shown in Figure 2. The detailed descriptions for major roles are as follows: DM_MSS is for managing on-line or off-line downloads. DM_ISS is for DM agent personalization. Application is for playing video contents and providing a user interface. A HTML5 web application or an android application co
42、uld be examples. CDCS_ISS is for CDCS personalization. CDCS_MSS is for establishment of a secure channel between CDCS_MSS and the DM agent and for managing CDCS download. CDCS_PSS is for managing content access entitlement policy based on access rights which differ according to entitlement levels an
43、d the hardware capability of the secondary device. It should be noted that CP in Figure 2 means that the content provider is directly operated by MVPD. Finally, the SD I/F agent has a role of not only relaying messages between head-end and a secondary device, but also of establishing a secure link b
44、etween a primary CPE and a secondary device. 4 Rec. ITU-T J.1020 (10/2017) Figure 2 Relationship between actors and roles 8 System architecture A system architecture for DM service is shown in Figure 3. The basic operation flows are as follows: Firstly, a secondary device deploys a DM agent through
45、DM_MSS in the DM centre via an SD I/F agent. At this moment, on-line or off-line methods can be used for downloading the DM agent. Secondly, the application performs as a DM agent when a user wants to access mobile pay TV cable television services. If the DM agent is not personalized at this time, i
46、t must be personalized prior to being run by the application. Thirdly, the application downloads the CDCS via the SD I/F agent and installs it to a secondary device. In this step, the types of downloaded CDCS are variously based on access entitlement or hardware capabilities. MVPD has to perform the
47、 CDCS download process via the SD I/F agent only after the DM centre has authorized the secondary device. The CDCS should be personalized after downloading. Finally, a user watches pay TV contents through the downloaded CDCS. Figure 3 Architecture for a DM system 9 DM agent download and installation
48、 operation The DM agent download and installation operation is shown in Figure 4. A detailed description for each step is provided as follows: Rec. ITU-T J.1020 (10/2017) 5 In step 1, the application recognizes that the DM agent is not loaded in a secondary device and requests the DM agent download
49、request message from the DM_MSS. The access information for the DM_MSS could be found in the application. The request message should include authentication and secondary device information. In step 2, the DM_MSS performs secondary device authentication based on the authentication and the secondary device information delivered via a request message from the application. In step 3, the DM_MSS sets up a secure channel for the DM agent download. The secure channel should provide the DM agent, the application authentication and the message authe
