1、 International Telecommunication Union ITU-T X.1196TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services IPTV security Framework for the downloadable service and content protection system in the mob
2、ile Internet Protocol television environment Recommendation ITU-T X.1196 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400
3、X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security manag
4、ement X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1
5、179 IPTV security X.1180X.1199CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overvie
6、w of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, ple
7、ase refer to the list of ITU-T Recommendations. Rec. ITU-T X.1196 (10/2012) i Recommendation ITU-T X.1196 Framework for the downloadable service and content protection system in the mobile Internet Protocol television environment Summary Recommendation ITU-T X.1196 provides a framework for the downl
8、oadable service and content protection (SCP) scheme in the mobile Internet Protocol television (IPTV) environment. It also describes functional architecture and requirements for the downloadable service and content protection (SCP) scheme for roaming in the mobile IPTV environment. History Edition R
9、ecommendation Approval Study Group 1.0 ITU-T X.1196 2012-10-14 17 Keywords Downloadable SCP, SCP interoperability, security requirement. ii Rec. ITU-T X.1196 (10/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications
10、, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications o
11、n a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid d
12、own in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunicatio
13、n administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandato
14、ry provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws att
15、ention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or othe
16、rs outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent
17、 the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1196 (10/2012)
18、iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview 3 7 Requirements for the downloadable SCP scheme 4 7.1 General requirements for the downloadable S
19、CP scheme in ITU-T X.1191 4 7.2 Functional requirements for the downloadable SCP scheme . 5 8 Security framework for a downloadable SCP system in a roaming environment 5 8.1 Overview 6 8.2 Requirements for key management of a downloadable service and content protection (SCP) system architecture in t
20、he roaming environment 8 8.3 Architecture and procedure of downloadable service and content protection (SCP) system in the roaming environment . 9 9 Security framework for a downloadable service and content protection (SCP) system in the broker environment. 12 9.1 Overview 12 9.2 Security requiremen
21、ts for a web-based IPTV brokering service 13 9.3 Security requirement for a downloadable SCP system in a broker environment 16 Bibliography. 19 Rec. ITU-T X.1196 (10/2012) 1 Recommendation ITU-T X.1196 Framework for the downloadable service and content protection system in the mobile Internet Protoc
22、ol television environment 1 Scope Recommendation ITU-T X.1196 provides a framework for the downloadable service and content protection (SCP) scheme in the mobile Internet Protocol television (IPTV) environment. It also describes the functional architecture and requirements for the downloadable SCP s
23、cheme for roaming in the mobile IPTV environment. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommend
24、ations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly pub
25、lished. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.509 Recommendation ITU-T X.509 (2008) | ISO/IEC 9594-8:2008, Information technology Open systems interconnection The Directory: Public-key and attribute
26、 certificate frameworks. ITU-T X.1191 Recommendation ITU-T X.1191 (2009), Functional requirements and architecture for IPTV security aspects. ITU-T X.1193 Recommendation ITU-T X.1193 (2011), Key management framework for secure Internet protocol television (IPTV) services. ITU-T X.1195 Recommendation
27、 ITU-T X.1195 (2011), Service and content protection interoperability scheme. ITU-T Y.1910 Recommendation ITU-T Y.1910 (2008), IPTV functional architecture. ITU-T Y.1911 Recommendation ITU-T Y.1911 (2010), IPTV services and nomadism: Scenarios and functional architecture for unicast delivery. IETF R
28、FC 2315 IETF RFC 2315 (1998), PKCS #7: Cryptographic Message Syntax Version 1.5. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 certificate b-ITU-T X.1252: A set of security-relevant data issued by a security authority or a trusted thi
29、rd party that, together with security information, is used to provide the integrity and data origin authentication services for the data. 3.1.2 content protection ITU-T X.1191: Ensuring that an end user can only use the content that he/she has already acquired in accordance with the rights granted t
30、o him/her by the rights holder; content protection involves protecting contents from illegal copying and distribution, interception, tampering, unauthorized use, etc. 2 Rec. ITU-T X.1196 (10/2012) 3.1.3 key hierarchy b-NIST SP 800-120: A tree structure that represents the relationship of different k
31、eys. In a key hierarchy, a node represents a key used to derive the keys represented by the descendent nodes. A key can only have one precedent, but may have multiple descendent nodes. 3.1.4 roaming b-ITU-T Q.1706: The ability for a user to function in a serving network different from the home netwo
32、rk. NOTE This is the ability of the users to access services according to their user profile while moving outside of their subscribed home network, i.e., by using an access point of a visited network. This requires the ability of the user to get access to the visited network, the existence of an int
33、erface between home network and visited network, as well as a roaming agreement between the respective network operators. 3.1.5 security policy b-ITU-T X.800: The set of criteria for the provision of security services. 3.1.6 service and content protection ITU-T X.1191: A combination of service prote
34、ction and content protection or the system or implementation thereof. 3.1.7 service protection ITU-T X.1191: Ensuring that an end user can only acquire a service and the content hosted therein by extension as to what he/she is entitled to receive; service protection includes protecting service from
35、unauthorized access as IPTV contents traverse through the IPTV service connections. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 certificate hierarchy: A tree structure of certificates that represent the relationships of different certificates to al
36、low individuals to verify the validity of a certificates issuer. In a certificate hierarchy, a node represents a certificate that is issued and signed by the corresponding private key in the certificate that resides at a higher node in the certificate hierarchy. A certificate can only have one prece
37、dent, but may have multiple descendent nodes. The validity and trustworthiness of a given certificate is determined by the corresponding validity of the certificate that signed it. 3.2.2 certificate chain: An ordered list of certificates, containing an end-user subscribers certificate, intermediate
38、certificates, which represents the intermediate certification authority (CA), and a root certificate, which allows the receiver of the certificate to verify that the certificate of the sender and all intermediates certificates are trustworthy. 3.2.3 coordinator model: A model in which the brokering
39、service provider acts as a negotiator or a connector between the service providers and the end users for the service. 3.2.4 delegator model: A model in which the brokering service provider acts as an intermediary between the service provider and the end user during the entire process of the service.
40、 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: BSP Brokering Service Provider CA Certification Authority CP Content Protection CVC Code Verification Certificate CVS Code Verification Signature DoS Denial-of-Service EAP Extensible Authentication Proto
41、col Rec. ITU-T X.1196 (10/2012) 3 EK Encryption Key HN Home Network IMS IP Multimedia Subsystem IPTV Internet Protocol Television NACF Network Access Control Function NGN Next Generation Network OAM Operations, Administration and Maintenance OSP Original Service Provider RACF Resource Access Control
42、 Function SCF Service Control Function SCP Service and Content Protection SP Service Protection SSL Secure Sockets Layer TA Trusted Authority TD Terminal Device TLS Transport Layer Security TLV Type/Length/Value WM Watermark Metadata 5 Conventions In this Recommendation: The keywords “is required to
43、“ indicate a requirement which must be strictly followed and from which no deviation is permitted, if conformance to this Recommendation is to be claimed. The keywords “is recommended“ indicate a requirement which is recommended but which is not absolutely required. Thus, this requirement need not b
44、e present to claim conformance. The keywords “is prohibited from“ indicate a requirement which must be strictly followed and from which no deviation is permitted, if conformance to this Recommendation is to be claimed. The keywords “can optionally“ indicate an optional requirement which is permissib
45、le, without implying any sense of being recommended. This term is not intended to imply that the vendors implementation must provide the option, and the feature can be optionally enabled by the network operator/service provider. Rather, it means the vendor may optionally provide the feature and stil
46、l claim conformance with this Recommendation. 6 Overview The downloadable SCP system for the mobile environment gives great benefits to both IPTV service providers and IPTV users, in terms of enabling convenient and portable IPTV service. The IPTV service in the mobile environment is different from
47、the existing one in that the former provides more mobility since it is based on a mobile IPTV terminal device (TD), e.g., smartphone. Therefore, in order to provide a downloadable SCP system in the mobile IPTV service, the mobility of a TD and a user shall be taken into account. The downloadable SCP
48、 for all IPTV services may be considered as an optional requirement, rather than mandatory. 4 Rec. ITU-T X.1196 (10/2012) It may be necessary to use downloadable SCP from an IPTV service provider to a users TD in the following situations: when the new users TD is attached to the service providers ne
49、twork; when the new users TD changes its IPTV service provider; when the users TD is replaced; or when the users TD is requested to change the SCP operation code by the service provider (e.g., SCP security update). If the new users TD is attached to the service providers network, and the new TD requires upgrading of SCP codes, three downloadable features should be performed to meet the different environments: upgrading of firmware, service protection (SP) software code, and/or conte
