ETSI GS ECI 001-5-1 V1.1.1 (2017-07)

ETSI GS ECI 001-5-1 V1.1.1 (2017-07)






GROUP SPECIFICATION
Embedded Common Interface (ECI)
for exchangeable CA/DRM solutions;
Part 5: The Advanced Security System;
Sub-part 1: ECI specific functionalities
Disclaimer
The present document has been produced and approved by the Embedded Common Interface (ECI) ETSI Industry
Specification Group (ISG) and represents the views of those members who participated in this ISG.
It does not necessarily represent the views of the entire ETSI membership.

---------------------- Page: 1 ----------------------
2 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)



Reference
DGS/ECI-001-5-1
Keywords
authentication, CA, DRM, encryption, swapping

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2017.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
Introduction . 8
1 Scope . 9
2 References . 9
2.1 Normative references . 9
2.2 Informative references . 10
3 Definitions and abbreviations . 10
3.1 Definitions . 10
3.2 Abbreviations . 12
4 Principles . 12
4.1 Overview . 12
4.2 System Robustness Model . 14
4.3 Specification Principles . 14
4.3.1 Implementation Freedom . 14
4.3.2 Specification Style and relation to AS-API . 15
5 Key Ladder Application and Associated Functions . 15
5.1 General . 15
5.2 AS System and client data authentication . 15
5.3 Asymmetrical Micro Server mode . 15
5.4 Interface to Content Processing System . 16
5.5 AS Key Ladder Block input output definition . 17
5.6 ACF definition . 19
6 Advanced Security Slot . 20
6.1 Advanced Security Slot introduction . 20
6.2 AS Slot Definition . 20
6.2.1 General . 20
6.2.2 AS Slot state definition . 21
6.2.2.1 Slot and session state . 21
6.2.2.2 Decryption configuration . 22
6.2.2.3 Encryption Configuration . 23
6.2.2.4 Random session Key control . 24
6.2.2.5 Total session configuration . 24
6.2.2.6 Random Session Key state . 25
6.2.2.7 Import Export state . 25
6.2.3 Content Property Authentication . 26
6.2.4 AS Slot functions . 29
6.2.4.1 Overview . 29
6.2.4.2 AS Slot initialization . 30
6.2.4.3 AS Slot session and random key control. 30
6.2.4.4 AS Slot Export control . 34
6.2.4.5 LK1 Key Ladder initialization . 35
6.2.4.6 Encryption Control Word calculation . 35
6.2.4.7 Decryption Control Word calculation . 37
6.2.4.8 Computing akClient and its application . 38
6.2.4.9 AS Slot Session Configuration Authentication . 39
6.2.4.10 Loading a Micro Server secret key . 41
6.2.4.11 Generating MinitLk1 for Micro Clients . 42
6.2.4.12 Computing ECI Client image decryption key . 42
6.2.4.13 Reading Advanced Security Information . 43
6.2.4.14 Generating Client Random Numbers . 44
ETSI

---------------------- Page: 3 ----------------------
4 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
6.2.4.15 Error codes . 44
7 Scrambling/descrambling and Content Export . 45
7.1 Basic Functionality . 45
7.2 Scrambler and Descrambler specifications . 45
7.3 Export Control . 46
7.4 Output Control . 46
7.5 Content Property Comparison on Coupled Sessions . 46
7.6 Content Property Propagation on Export . 46
7.7 Basic URI Enforcement on Export . 47
7.8 Content Property Application on Industry Standard Outputs . 47
7.9 Control Word Synchronization. 47
8 Certificate Processing Subsystem . 49
8.1 Basic processing rules for Certificate Chains . 49
8.2 Specific rules for Host Image Chains . 50
8.3 Specific rules for Client Image Chains . 50
8.4 Specific rules for Platform Operation Certificates . 50
8.5 Specific rules for Export/Import chains. 50
8.5.1 Export Authorization chain processing . 50
8.5.2 Export Chain verification . 51
8.5.3 Third Party Export Chain verification . 51
8.5.4 Export System Certificate processing . 51
8.5.5 Target Client Chain Processing Rules . 52
8.6 CPS ECI Root Key initialization . 52
9 Loader Core . 52
9.1 Introduction . 52
9.2 Host Loader Rules . 52
9.3 Client Loader Rules . 53
9.4 Revocation enforcement . 53
9.5 Client Image decryption . 54
10 Timing requirements . 54
10.1 Introduction . 54
10.2 Administrative Functions . 54
10.3 Symmetrical Cryptography Functions . 54
10.4 Asymmetrical Cryptography Functions . 54
Annex A (normative): Cryptography Function Definitions . 55
A.1 Hash Function . 55
A.2 Asymmetrical Cryptography . 55
A.3 Random Number Generation . 55
Annex B (informative): Sample Micro DRM system application . 56
B.1 Introduction . 56
B.2 Application scenario . 56
B.3 Assumptions and notation . 57
B.4 Micro Server pseudo code . 58
B.5 Micro Client pseudo code . 61
B.6 Micro DRM system cascading effect on ECM pre-delay . 62
B.7 Content property change timing interface convention . 62
Annex C (informative): Authors & contributors . 64
Annex D (informative): Change History . 65
History . 66
ETSI

---------------------- Page: 4 ----------------------
5 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
List of Figures
Figure 4.1-1: Block diagram of Advanced Security System .13
Figure 4.2-1: System robustness premise for ECI .14
Figure 5.3-1: Computation of the Asymmetrical Micro Server mode .16
Figure B.2-1: Example of control word computation key hierarchy evolution .56
Figure B.6-1: Temporal relations for pre-delay and optional delay compensation .62


ETSI

---------------------- Page: 5 ----------------------
6 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
List of Tables
Table 5.5-1: C-variable naming convention for Key Ladder interface .18
Table 5.6-1: ACF[0] for Key Ladder application .19
Table 5.6-2: AkModeField definition for AcfAk1Mode .19
Table 6.2-1: AS Slot state structure definition .21
Table 6.2-2: DecryptConfig structure definition .22
Table 6.2-3: EncryptConfig structure definition .23
Table 6.2-4: CpCtrl definition .23
Table 6.2-5: BasicUriTrfr values and description .24
Table 6.2-6: Random Key structure for decryption and encryption session .24
Table 6.2-7: EciRootState structure field description.25
Table 6.2-8: The RkState Random Key State field description .25
Table 6.2-9: ImportExportState structure definition .26
Table 6.2-10: field1 structure definition .27
Table 6.2-11: FieldControl structure definition .27
Table 6.2-12: largeProperty tag field values and meaning .28
Table 6.2-13: Overview of Advanced Security Functions .29
Table 6.2-14: Error return code definition .45


ETSI

---------------------- Page: 6 ----------------------
7 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common
Interface (ECI) for exchangeable CA/DRM solutions.
The present document is part 5, sub-part 1 of a multi-part deliverable covering the ECI specific functionalities of an
advanced security system, as identified below:
Part 1: "Architecture, Definitions and Overview";
Part 2: "Use cases and requirements";
Part 3: "CA/DRM Container, Loader, Interfaces, Revocation";
Part 4: "The Virtual Machine";
Part 5: "The Advanced Security System:
Sub-part 1: "ECI specific functionalities";
Sub-part 2: "Key Ladder Block".
Part 6: "Trust Environment".
The use of terms in bold and starting with capital characters in the present document shows that those terms are defined
with an ECI specific meaning which may deviate from the common use of those terms.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI

---------------------- Page: 7 ----------------------
8 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
Introduction
Service and content protection realized by Conditional Access (CA) and Digital Rights Management (DRM) are
essential in the rapidly developing area of digital Broadcast and Broadband, including content, services, networks and
customer premises equipment (CPE), to protect business models of content owners, network operators and
PayTVoperators. It is also essential for consumers that they are able to continue using the CPEs they bought e.g. after a
move or a change of network provider or even utilize devices for services of different commercial video portals. This
can be achieved by the implementation of interoperable CA and DRM mechanisms inside CPEs, based on an
appropriate security architecture.
As part of a security architecture the present document defines a security processing system for the authentication and
verification of protected media content and of software images to be processed inside an ECI-compliant CPE. The core
of the security architecture is built by a Key Ladder Block that supports secure processing with secret keys, targeting
of keys to specific chips and authentication of the origin of key material.
Clause 4 gives an overview about the system architecture, defines robustness rules to fight attacks and describes the
relation between the elements of the security architecture, ECI Host and ECI Clients.
Clause 5 describes the applications the Key Ladder Block can be used for, together with the associated functions.
For proper operations, the security processing system needs information about the state of each loaded ECI Client. This
state information, as some of it needs to be secret, is handled with the help of an advanced security slot. The ECI Host
assigns to each ECI Client such a slot that needs to be protected against malicious modifications. The definition of a
slot and its configuration for several operations like decrypting or exporting content is described in clause 6.
In an ECI-compliant CPE content can be decrypted, it can be forwarded to standard outputs if permitted and it can be
re-encrypted for export. The usage of an advanced security slot for these operations is specified in clause 7.
A Certificate Processing Subsystem that is realized as a special function of an advanced security slot is responsible for
the authentication of items. Clause 8 specifies the rules that are applied for authentication.
The ECI system uses a loader mechanism that permits ECI Clients to securely verify the version of the ECI Host and
ECI Client credentials that are loaded so as to detect any known security issue. The loader mechanism relies on
robustness principles that are described in clause 9.
Clause 10 contains timing constraints for the operations described in the present document.

ETSI

---------------------- Page: 8 ----------------------
9 ETSI GS ECI 001-5-1 V1.1.1 (2017-07)
1 Scope
The present document defines a robust security processing subsystem for ECI called the Advanced Security System.
The Advanced Security System provides a secure basis for software elements to be authenticated and loaded, performs
security computations and verifications, manages the encryption and decryption of content and the exchange of content
with associated rights and obligations. As such the Advanced Security System is part of a "secure video path" as it is
referred to in contemporary specifications. The Advanced Security System applies the ECI Key Ladder Block [5] to
perform secure calculations.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or non-
specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI GS ECI 001-1: "Embedded Common Interface (ECI) for exchangeable CA/DRM solutions;
Part 1: Architecture, Definitions and Overview".
[2] ETSI GS ECI 001-2: "Embedded Common Interface (ECI) for exchangeable CA/DRM solutions;
Part 2: Use cases and requirements".
[3] ETSI GS ECI 001-3: "Embedded Common Interface (ECI) for exchangeable CA/DRM solutions;
Part 3: CA/DRM Container, Loader, Interfaces, Revocation".
[4] ETSI GS ECI 001-4: "Embedded Common Interface (ECI) for exchangeable CA/DRM solutions;
Part 4: The Virtual
...