1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS A ISO 26430 3 (D- ) 3: KS A ISO 26430 3:2011 2011 12 27 http:/www.kats.go.krKS A ISO 26430 3:2011 : ( ) ( ) ( ) : (http:/www.standard.go.kr) : :2011 12 27 2011-0632 : : ( 02-509-7278) (http:/www.kats.go.kr). 10 5 , . KS A ISO 26430 3:2011 i . ii 1 1 2 1 3
2、 2 4 (ETM) ( ) 3 5 ( ) 4 5.1 MessageId 5 5.2 MessageType .5 5.3 AnnotationText5 5.4 IssueDate5 5.5 Signer .5 5.6 RequiredExtentions ( ) 6 5.7 NonCriticalExtensions ( ).6 6 ( ) .6 6.1 EncryptedKey .7 6.2 EncryptedData ( )8 7 .9 7.1 XML 10 7.2 SignedInfo.11 7.3 SignatureValue .12 7.4 KeyInfo 12 7.5 Ob
3、ject 12 A( ) .13 B( ) 15 C( ) ETM XML 16 D( ) XML 18 KS A ISO 26430 3:2011 ii 2008 1 ISO 26430 3, Digital cinema(D-cinema) operations Part 3:Generic extra-theater message format . KS A ISO 26430 3:2011 (D- ) 3: Digital cinema(D-cinema) operations Part 3: Generic extra-theater message format 1 ETM(Ex
4、tra-Theatre Message) , (D- ) . ETM XML , ( , (Key Delivery Message, KDM) ). ETM W3C XML(XML ) . XML . “.” . 2 . . ( ) . D-Cinema Digital Certificate SMPTE 430-2-2006, D-Cinema Operation Digital Certificate FIPS-180-2 “Secure Hash Standard” Version 2. August 1, 2002. FIPS-180-2. : http:/csrc.nist.gov
5、/publications/fips/fips180-2/fips180-2.pdf FIPS-197 “Advanced Encryption Standard(AES)” November 26, 2001. FIPS-197. : http:/csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS-198 “The Keyed-Hash Message Authentication Code(HMAC)” March 6, 2002. File updated April 8, 2002. http:/csrc.nist.gov
6、/publications/fips/fips198/fips-198a.pdf PKCS1 “PKCS #1: RSA Cryptography Specifications Version 2.1” By B. Kaliski. February 2003. RFC 3447 : http:/www.ietf.org/rfc/rfc3447.txt RFC2253 “Lightweight Directory Access Protocol(v3): UTF-8 String Representation of Distinguished Names” December 1997. : h
7、ttp:/www.ietf.org/rfc/rfc2253.txt RFC4051 ”Additional XML Security Uniform Resource Identifiers(URIs)” April 2005. : http:/www.ietf.org/rfc/rfc4051.txt KS A ISO 26430 3:2011 2 Time UTC, RFC 3339: Date and Time on the Internet: Timestamps. G. Klyne and C. Newman. Informational, July 2002. : http:/iet
8、f.org/rfc/rfc3339.txt UUID “A Universially Unique Identifier(UUID) URN Namespace” July 2005. : http:/www.ietf.org/rfc/rfc4122.txt XML “XML Schema Part 1: Structures” World Wide Web Consortium May 2001. : http:/www.w3.org/TR/2001/REC-xmlschema-1-20010502 XML-Encrypt ”XML Encryption Syntax and Process
9、ing” World Wide Web Consortium December 2002. : http:/www.w3.org/TR/2002/REC-xmlenc-core-20021210/ XML-Sign ”XML-Signature Syntax and Processing” World Wide Web Consortium February 2002. : http:/www.w3.org/TR/2002/REC-xmldsig-core-20020212/ 3 . AES: Advanced Encryption Standard, . FIPS-197 . ASN.1:
10、Abstract Syntax Notation 1 Base64: . Base64 FIPS: Federal Information Processing Standard, NIST HMAC-SHA-1: SHA-1 . FIPS-198 . IETF: Internet Engineering Task Force IP: Internet Protocol. IETF ISO: International Standards Organization, KDM: Key Delivery Message, ETM . SMPTE 430-1 LE: Link Encrypter,
11、 LD: Link Decrypter, MD: Media Decrypter, NIST: National Institute of Standards and Technologies, . OAEP: Optimal Asymmetric Encryption Pattern. PKCS1 . RO: Rights Owner, RSA: Rivest Shamir Adleman . PKCS1 . KS A ISO 26430 3:2011 3 SE: Security Entity, SHA-1: Secure Hash Algorithm revision 1, 1. FIP
12、S-180-2 . SHA-256: Secure Hash Algorithm, . FIPS-180-2 . SM: Security Manager, S/MIME: Secure Multipurpose Internet Mail Extensions SPB: Secure Processing Block, SSL: Secure Socket Layer . TLS TCP: Control Protocol. IETF TLS: Transport Layer Security . Rescorla TMS: Theater Management System, X.509:
13、 . D-Cinema Digital Certificate XML: Extensible Markup Language 4 (ETM) ( ) (Extra-Theater Messages, ETM) D- (SE) . , . ETM . D- . . XML D- . 3 . , 1) ( ), 2) ( ), 3) ( ) . 1 XML AuthenticatedPublic , KS A ISO 26430 3:2011 4 . ETM AuthenticatedPublic , AuthenticatedPublic . AuthenticatedPrivate ETM
14、, ( ) AuthenticatedPrivate EncryptedKey (KeyInfo) . , AuthenticatedPublic . AuthenticatedPrivate RSA 0 (EncryptedKey ) AES (EncryptedData ) . EncryptedKey EncryptedData . , KDM RSA , AES . ETM AuthenticatedPrivate . (EncryptedData ) AES , AES EncryptedKey AES . RSA AES . Signature 1) ( Authenticated
15、Public ), 2) AuthenticatedPublic AuthenticatedPrivate SignedInfo ( , ), 3) AuthenticatedPublic AuthenticatedPrivate SignedInfo RSA . Signature , Signature , . , ETM UTF-8 . UTF-8 . - UTC . XML . 5 ( ) ETM , Signature . . XML “ (public)” . XML C . 2 . KS A ISO 26430 3:2011 5 2 ETM ( ) 5.1 MessageId M
16、essageId ETM . , Id . ETM (logging), (tracking) (indexing) . D- “urn:uuid” . 5.2 MessageType MessageType . ETM URI . 5.3 AnnotationText AnnotationText . , . xml:lang , en . ETM , AnnotationText IssueDate ETM . MessageId . 5.4 IssueDate IssueDate . . UTC Time . 5.5 Signer X509IssueerNameKS A ISO 2643
17、0 3:2011 6 Signer . X.509 (CA) (IssuerName) CA (SerialNumber) . ETM Signature (7. ). X509IssuerName Distinguished Name RFC 2253 RFC2253. 5.6 RequiredExtentions ( ) RequiredExtentions ETM 0 (opaque) . . ETM . KDM . 5.7 NonCriticalExtensions ( ) , NonCriticalExtensions ETM 0 (opaque) . . . 6 ( ) ETM ,
18、 Signature . . XML “ (private)” . XML C . 3 . ETM . , . 0 EncryptedKey EncryptedData . EncryptedKey RSA (AES ) , ( ) Encrypted Data AES . RSA AES (RSA AES) . KS A ISO 26430 3:2011 7 3 ETM ( ) 6.1 EncryptedKey ( PKCS1 RSA ) . 6.1.1 EncryptionMethod EncryptedKey . URI . , . rsa-oaep-mgf1p . ETM RSA ,
19、OAEP(Optimal Asymmetric Encryption Padding) PKCS1 . , OAEP , OAEP . , . 6.1.2 KeyInfo KS A ISO 26430 3:2011 8 EncryptedKey, CipherData RSA . RSA . IssuerName Issuer SerialNumber . D-Cinema Digital Certificate . KeyInfo X509IssuerSerial X509Data . 6.1.3 CipherData RSA , KeyInfo . CipherData . 128-bit
20、 AES . AES KDM . D- 2048-bit RSA 256- . OAEP 42- PKCS1 , 214- . 6.1.4 EncryptionProperties . XML RSA EncryptedData . . 6.1.5 ReferenceList . XML EncryptedKey EncryptedData . ETM EncryptedData . . 6.1.6 CarriedKeyName EncryptedData ETM , . EncryptedKey AES . EncryptedData , KeyInfo KeyName . Referenc
21、eList CarriedKeyName EncryptedKey EncryptedData . EncryptedData , ETM EncryptedData “EncryptedDataKeyName” EncryptedKey CarriedKeyName . EncryptedKey . 6.2 EncryptedData ( ) ETM EncryptedData . . EncryptedKey . KS A ISO 26430 3:2011 9 4 ETM EncryptedData ( ) EncryptionMethod CBC 128-bit AES . XML XM
22、L-Encrypt CBC (16-bytes) , CipherData . KeyInfo KeyName AES . EncryptedKey CarriedKeyName . EncryptionProperties . CipherData . EncryptedData Type , XML . XML PKCS#5 CBC . CBC (1 255 ) , . , CBC . 7 ETM XML XML-Sign . D- D- X.509 . Signature . XML Signature . ETM . KS A ISO 26430 3:2011 10 5 ETM Sig
23、nature ( ) 7.1 XML XML XML . XML . XML , . D- CPL XML . , XML ( , (security assertion) SOAP ) . , REC-xml-c14n-20010315 , . D- . ( , CPL) “ (native)” “ (original)” . ( ) . , . , “ (de-embedding)”, . , . 7.3 xmldsig-core 1 . , “ ( ) .” XML-Sign . “XML- , W3C , 2002 2 “ “XML 2: , W3C , 2001 5 ” base64Binary KS A ISO 26430 3:2011 11