IEC 62766-7-2017 Consumer terminal function for access to IPTV and open internet multimedia services - Part 7 Authentication content protection and service prot.pdf

1、 IEC 62766-7 Edition 1.0 2017-07 INTERNATIONAL STANDARD Consumer terminal function for access to IPTV and open internet multimedia services Part 7: Authentication, content protection and service protection IEC 62766-7:2017-07(en) colour inside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2017 I

2、EC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Commit

3、tee in the country of the requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. IEC Central Office Tel.: +41 22 919 02 11

4、 3, rue de Varemb Fax: +41 22 919 03 00 CH-1211 Geneva 20 infoiec.ch Switzerland www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies

5、. About IEC publications The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have been published. IEC Catalogue - webstore.iec.ch/catalogue The stand-alone application for consulting

6、 the entire bibliographical information on IEC International Standards, Technical Specifications, Technical Reports and other documents. Available for PC, Mac OS, Android Tablets and iPad. IEC publications search - www.iec.ch/searchpub The advanced search enables to find IEC publications by a variet

7、y of criteria (reference number, text, technical committee,). It also gives information on projects, replaced and withdrawn publications. IEC Just Published - webstore.iec.ch/justpublished Stay up to date on all new IEC publications. Just Published details all new publications released. Available on

8、line and also once a month by email. Electropedia - www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing 20 000 terms and definitions in English and French, with equivalent terms in 16 additional languages. Also known as the International Electrotec

9、hnical Vocabulary (IEV) online. IEC Glossary - std.iec.ch/glossary 65 000 electrotechnical terminology entries in English and French extracted from the Terms and Definitions clause of IEC publications issued since 2002. Some entries have been collected from earlier publications of IEC TC 37, 77, 86

10、and CISPR. IEC Customer Service Centre - webstore.iec.ch/csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Service Centre: csciec.ch. IEC 62766-7 Edition 1.0 2017-07 INTERNATIONAL STANDARD Consumer terminal function for access to IPT

11、V and open internet multimedia services Part 7: Authentication, content protection and service protection INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 33.170 35.240.95 ISBN 978-2-8322-4555-2 Registered trademark of the International Electrotechnical Commission Warning! Make sure that you obtained t

12、his publication from an authorized distributor. colour inside 2 IEC 62766-7:2017 IEC 2017 CONTENTS FOREWORD . 6 INTRODUCTION . 8 1 Scope 9 2 Normative references 9 3 Terms, definitions and abbreviated terms 11 3.1 Terms and definitions 11 3.2 Abbreviated terms . 13 4 Content and service protection 1

13、5 4.1 General . 15 4.2 Terminal-centric approach 15 4.2.1 General . 15 4.2.2 Interfaces for CSP and CSP-T server 16 4.2.3 Protected content usages 25 4.2.4 Content encryption 28 4.2.5 Protected file formats. 29 4.2.6 Protection of MPEG-2 transport streams 30 4.2.7 Operation of Marlin technologies .

14、34 4.2.8 DRM data 35 4.3 Gateway-centric approach 39 4.3.1 General . 39 4.3.2 Capabilities 39 4.3.3 CSPG-DAE interface . 39 4.3.4 CI+ based gateway 40 4.3.5 DTCP-IP based gateway 55 5 User identification, authentication, authorisation and service access protection . 60 5.1 General principles . 60 5.

15、2 Interfaces 61 5.2.1 General . 61 5.2.2 HNI-INI 61 5.2.3 HNI-IGI 62 5.2.4 Common requirements . 62 5.3 Service access protection . 62 5.3.1 SAA co-located with service 62 5.3.2 SAA standalone . 63 5.4 OITF authentication mechanisms 64 5.4.1 HTTP basic and digest authentication 64 5.4.2 Network-base

16、d authentication 65 5.4.3 Web-based authentication . 65 5.4.4 HTTP digest authentication Using IMS gateway 67 5.4.5 GBA authentication Using IMS gateway 72 5.5 IMS registration OITF . 75 5.5.1 General . 75 5.5.2 Relevant functional entities and reference points . 75 5.5.3 Prerequisites . 76 5.5.4 SI

17、P digest message flows 77 5.5.5 IMS AKA message flows 78 IEC 62766-7:2017 IEC 2017 3 5.6 Session management and single sign on 80 5.6.1 General . 80 5.6.2 Cookie session 80 5.6.3 URL parameters 81 5.6.4 HTTP authentication session . 82 5.6.5 SAML Web-based SSO 83 6 Forced play-out using media zones

18、. 84 Annex A (informative) Link of user authentication and DRM device authentication . 86 Annex B (normative) XML schemas . 88 B.1 General . 88 B.2 XML schema for MarlinPrivateDataType structure . 88 B.3 XML schema for MIPPVControlMessage format 89 B.4 XML schema for HexBinaryPrivateDataType structu

19、re 89 Annex C (informative) DRM messages used in DAE. 90 Annex D (informative) CSPG-CI+ usage examples . 91 D.1 General . 91 D.2 CSPG-CI+ initial power-on 91 D.3 CSPG-CI+ normal power-on 91 D.4 Live session example 92 D.5 Parental control management example . 93 D.6 No-rights event and purchase exam

20、ple . 94 D.7 VoD session example . 95 Annex E (informative) CSPG-DTCP session setup sequence examples . 96 E.1 General . 96 E.2 Multicast streaming with SIP session management . 96 E.3 Unicast streaming with SIP session management . 98 E.4 Unicast streaming with RTSP session management 99 E.5 HTTP s

21、treaming and download . 100 Annex F (informative) Embedded CSPG 101 F.1 General . 101 F.2 Application to simple and secure streaming 103 Bibliography 105 Figure 1 CSP-T system overview . 16 Figure 2 Node acquisition sequence 18 Figure 3 Link acquisition sequence 20 Figure 4 Deregistration sequence 2

22、2 Figure 5 Licence acquisition sequence . 24 Figure 6 Licence evaluation sequence . 26 Figure 7 Scramble key decryption sequence 27 Figure 8 Content on demand encryption sequence using content key (for (P)DCF OMArlin or Marlin IPMP Marlin FF) . 28 Figure 9 Content on demand encryption sequence using

23、 content key (for MPEG-2 TS) 28 Figure 10 Scheduled content encryption sequence using scramble key (for MPEG-2 TS) 29 Figure 11 Conditional access descriptors signalling ECM and EMM messages 30 4 IEC 62766-7:2017 IEC 2017 Figure 12 Outline of DRMControlInformationtype with MarlinPrivateData . 37 Fig

24、ure 13 Outline of MIPPVControlMessage 38 Figure 14 CSPG-CI+ overview . 40 Figure 15 CSPG-CI+ context 41 Figure 16 CSPG-DTCP overview . 56 Figure 17 Overview of involved reference points 56 Figure 18 General message flow for service access protection and user authentication . 60 Figure 19 SAA co-loca

25、ted with requested service . 63 Figure 20 Standalone SAA, redirection mode . 63 Figure 21 HTTP basic and digest authentication 64 Figure 22 Network-based authentication 65 Figure 23 Web-based authentication with form . 66 Figure 24 Initial procedure . 68 Figure 25 Authentication between an OITF and

26、an SAA based on HTTP credentials stored in IG . 69 Figure 26 Authentication between an OITF and an SAA based on GBA credentials 71 Figure 27 Initial GBA registration . 73 Figure 28 Authentication between an OITF and an SAA based on GBA keys . 74 Figure 29 OIPF functional entities and reference point

27、s involved in IMS registration 76 Figure 30 SIP digest message flow interlaced into IMS registration 77 Figure 31 User identification and authentication based on the IMS AKA procedure 79 Figure 32 Session management using cookie. 81 Figure 33 Session management using URL parameters . 82 Figure 34 HT

28、TP authentication session 83 Figure 35 SAML Web-based SSO 84 Figure A.1 User authentication for CSP, CSP-T server communication 86 Figure D.1 CSPG-CI+ first power-on 91 Figure D.2 CSPG-CI+ normal power-on . 92 Figure D.3 CSPG-CI+ live session example . 92 Figure D.4 Parental control management examp

29、le . 93 Figure D.5 No-rights event and purchase example . 94 Figure D.6 VoD session example . 95 Figure E.1 Session setup sequence for multicast streaming with SIP session management . 97 Figure E.2 CSPG-DTCP initiated teardown sequence for multicast streaming with SIP session management 98 Figure E

30、.3 Session setup sequence for unicast streaming with SIP session management . 99 Figure E.4 Session setup sequence for unicast streaming with RTSP session management . 100 Figure E.5 Session setup sequence for HTTP streaming and download . 100 Figure F.1 Possible CSPG deployments . 101 Figure F.2 CS

31、PG embedded in the same device as OITF . 102 Figure F.3 Simple and secure streaming with CSPG 103 IEC 62766-7:2017 IEC 2017 5 Table 1 Recording Control access_criteria_descriptor 32 Table 2 Bit assignments of recording_control_information_byte . 32 Table 3 DNR and DNTS combinations 32 Table 4 Parent

32、al_Control_URL parameter syntax . 33 Table 5 DRMControlInformation mapping for Marlin . 35 Table 6 DRMControlInformation mapping for Marlin simple secure streaming 36 Table 7 MarlinPrivateData structure . 37 Table 8 MIPPVControlMessage format . 39 Table 9 OIPF private_host_application_ID . 42 Table

33、10 SAS_async_msg() APDU syntax . 42 Table 11 Generic message_byte() syntax 42 Table 12 OIPF specific messages and command_id values 43 Table 13 OIPF specific datatype_id values . 43 Table 14 Mapping to DAE API or events 44 Table 15 send_msg message data types 45 Table 16 reply_msg message data types

34、 . 45 Table 17 resultCode and oipf_status mapping 46 Table 18 parental_control_info message data types . 47 Table 19 oipf_access_status field and blocked attribute mapping . 48 Table 20 rights_info message data types . 48 Table 21 oipf_access_status field and errorStatte attribute mapping 49 Table 2

35、2 system_info message data types . 49 Table 23 can_play_content_req message data types . 50 Table 24 can_play_content_reply message data types . 50 Table 25 can_record_content_req message data types 51 Table 26 can_record_content_reply message data types . 51 Table 27 Scrambling modes . 53 Table 28

36、DRMControlInformation mapping for CSPG-CI+ 54 Table 29 HexBinaryPrivateData structure . 55 Table 30 CA_descriptor . 58 Table C.1 DRM messages used in the DAE . 90 6 IEC 62766-7:2017 IEC 2017 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ CONSUMER TERMINAL FUNCTION FOR ACCESS TO IPTV AND OPEN INTERNET M

37、ULTIMEDIA SERVICES Part 7: Authentication, content protection and service protection FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to

38、promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Gui

39、des (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non- governmental organizations liaising with the IEC

40、 also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as p

41、ossible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense.

42、 While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undert

43、ake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attes

44、tation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition o

45、f this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct o

46、r indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable

47、for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 62766 has been

48、prepared by IEC technical committee 100: Audio, video and multimedia systems and equipment. The text of this standard is based on the following documents: CDV Report on voting 100/2551/CDV 100/2665/RVC Full information on the voting for the approval of this standard can be found in the report on vot

49、ing indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. IEC 62766-7:2017 IEC 2017 7 A list of all parts in the IEC 62766 series, published under the general title Consumer terminal function for access to IPTV and open Internet multimedia services, can be found on the IEC website. The committee has dec