ETSI TS 103 544-14 V1.3.0 (2017-10)
DTS/ITS-88-14
General Information
Standards Content (sample)
ETSI TS 103 544-14 V1.3.0 (2017-10)
TECHNICAL SPECIFICATION
Publicly Available Specification (PAS);
Intelligent Transport Systems (ITS);
MirrorLink ;
Part 14: Application Certificates
CAUTION
The present document has been submitted to ETSI as a PAS produced by CCC and
approved by the ETSI Technical Committee Intelligent Transport Systems (ITS).
CCC is owner of the copyright of the document CCC-TS-036 and/or had all relevant rights and had assigned said rights to ETSI
on an "as is basis". Consequently, to the fullest extent permitted by law, ETSI disclaims all warranties whether express, implied,
statutory or otherwise including but not limited to merchantability, non-infringement of any intellectual property rights of third
parties. No warranty is given about the accuracy and the completeness of the content of the present document.
---------------------- Page: 1 ----------------------2 ETSI TS 103 544-14 V1.3.0 (2017-10)
Reference
DTS/ITS-88-14
Keywords
interface, ITS, PAS, smartphone
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspxIf you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspxCopyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm
except as authorized by written permission of ETSI.The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.©ETSI 2017.
© Car Connectivity Consortium 2011-2017.
All rights reserved.
ETSI logo is a Trade Mark of ETSI registered for the benefit of its Members.
MirrorLink® is a registered trademark of Car Connectivity Consortium LLC.
RFB® and VNC® are registered trademarks of RealVNC Ltd.
UPnP® is a registered trademark of UPnP Forum.
Other names or abbreviations used in the present document may be trademarks of their respective owners.
TM TM TMDECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
3GPP and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.oneM2M logo is protected for the benefit of its Members.
GSM® and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI---------------------- Page: 2 ----------------------
3 ETSI TS 103 544-14 V1.3.0 (2017-10)
Contents
Intellectual Property Rights ................................................................................................................................ 5
Foreword ............................................................................................................................................................. 5
Modal verbs terminology .................................................................................................................................... 5
1 Scope ........................................................................................................................................................ 6
2 References ................................................................................................................................................ 6
2.1 Normative references ......................................................................................................................................... 6
2.2 Informative references ........................................................................................................................................ 7
3 Abbreviations ........................................................................................................................................... 7
4 Application Certification Concept ............................................................................................................ 7
5 Application Certificate Structure .............................................................................................................. 8
5.1 X.509 Certificate ................................................................................................................................................ 8
5.1.1 Application Certificate .................................................................................................................................. 8
5.1.2 Intermediate Certificate ................................................................................................................................ 9
5.1.3 Root Certificate ............................................................................................................................................. 9
5.2 MirrorLink Extension ......................................................................................................................................... 9
5.2.1 Extension Header .......................................................................................................................................... 9
5.2.2 CCC-MirrorLink Extension Value ............................................................................................................... 9
5.2.3 Certificate Signing Entities ......................................................................................................................... 11
5.2.4 MirrorLink Server Platform Identifier ........................................................................................................ 12
5.2.5 MirrorLink Server Runtime Identifier ........................................................................................................ 13
5.2.6 Application identifier .................................................................................................................................. 13
5.2.7 Mapping of Locales .................................................................................................................................... 13
6 Application Certificate Life Cycle ......................................................................................................... 14
6.1 General ............................................................................................................................................................. 14
6.2 Certificate Retrieval and Validation ................................................................................................................. 14
6.2.1 Certificate Retrieval .................................................................................................................................... 14
6.2.2 Certificate Validation .................................................................................................................................. 16
6.2.3 Testing Considerations ............................................................................................................................... 17
6.3 Certificate Revocation Checks ......................................................................................................................... 18
6.3.1 Revocation Protocol .................................................................................................................................... 18
6.3.2 Certificate Valid .......................................................................................................................................... 21
6.3.3 Certificate Revoked .................................................................................................................................... 21
6.3.4 Certificate Updated ..................................................................................................................................... 21
6.3.5 Unchecked Certificates ............................................................................................................................... 22
6.3.6 Testing Consideration ................................................................................................................................. 22
6.4 Query and Grace Periods .................................................................................................................................. 23
6.4.1 Query Period ............................................................................................................................................... 23
6.4.2 Grace Period ............................................................................................................................................... 23
6.4.3 Period Update ............................................................................................................................................. 25
7 Handling of Applications with a Certificate distributed by CCC ........................................................... 25
7.1 Application Installation .................................................................................................................................... 25
7.2 Application Filtering ........................................................................................................................................ 26
7.3 Updating UPnP Application Server Services ................................................................................................... 27
7.3.1 Eventing ...................................................................................................................................................... 27
7.3.2 A_ARG_TYPE_AppList ............................................................................................................................ 27
7.3.3 A_ARG_TYPE_CertifiedAppList .............................................................................................................. 28
7.3.4 A_ARG_TYPE_AppCertificateInfo ........................................................................................................... 28
Annex A (normative): XSD MirrorLink Extension Value ............................................................... 29
Annex B (informative): OCSP Request & Response Example ........................................................... 32
Annex C (informative): Application Certificate Example .................................................................. 34
ETSI---------------------- Page: 3 ----------------------
4 ETSI TS 103 544-14 V1.3.0 (2017-10)
Annex D (informative): Authors and Contributors ............................................................................. 36
History .............................................................................................................................................................. 37
ETSI---------------------- Page: 4 ----------------------
5 ETSI TS 103 544-14 V1.3.0 (2017-10)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
ForewordThis Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems
(ITS).The present document is part 14 of a multi-part deliverable. Full details of the entire series can be found in part 1 [i.1].
Modal verbs terminologyIn the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions)."must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI---------------------- Page: 5 ----------------------
6 ETSI TS 103 544-14 V1.3.0 (2017-10)
1 Scope
The present document is part of the MirrorLink specification which specifies an interface for enabling remote user
interaction of a mobile device via another device. The present document is written having a vehicle head-unit to interact
with the mobile device in mind, but it will similarly apply for other devices, which provide a color display, audio
input/output and user input mechanisms.MirrorLink provides the ability to run certified applications on MirrorLink server devices that can be launched from the
MirrorLink client device. In order to improve safety and ensure a quality user experience, an application certification
program is implemented that will control, which applications can be used with MirrorLink in drive on in non-drive
situations.2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long-term validity.The following referenced documents are necessary for the application of the present document.
[1] IETF RFC 3281: "An Internet Attribute Certificate Profile for Authorization", April 2002.
NOTE: Available at http://www.ietf.org/rfc/rfc3281.txt.[2] IETF RFC 2459: "Internet X.509 Public Key Infrastructure Certificate and CRL Profile", January
1999.NOTE: Available at http://www.ietf.org/rfc/rfc2459.txt.
[3] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -
OCSP", June 2013.NOTE: Available at http://tools.ietf.org/html/rfc6960.
[4] ETSI TS 103 544-16 (V1.3.0): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 16: Application Developer Certificates".[5] ETSI TS 103 544-9 (V1.3.0): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 9: UPnP Application Server Service".ETSI
---------------------- Page: 6 ----------------------
7 ETSI TS 103 544-14 V1.3.0 (2017-10)
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long-term validity.The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.[i.1] ETSI TS 103 544-1 (V1.3.0): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 1: Connectivity".3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
ACMS Application Certification Management System
BT Bluetooth
CCC Car Connectivity Consortium
ML MirrorLink
OCSP Online Certificate Status Protocol
RFB Remote Framebuffer
UPnP Universal Plug and Play
USB Universal Serial Bus
VNC Virtual Network Computing
4 Application Certification Concept
MirrorLink distinguishes three main categories of applications:
1) A MirrorLink-Aware Application describes an application that implements software interfaces, which can
be used via MirrorLink. A MirrorLink-Aware Application does not have MirrorLink or CCC Member
certification, as described below.2) A MirrorLink-Certified Application describes the certification status of a MirrorLink-Aware Application,
which is additionally fulfilling CCC application certification criteria. This category comes in two sub
categories:a) A MirrorLink Base-Certified Application is fulfilling CCC application certification criteria for basic
MirrorLink Client and Server interoperability, usability and reliability.b) A MirrorLink Drive-Certified Application is a MirrorLink Base-Certified Application, which is
additionally approved by the CCC for use in a MirrorLink Client and Server system by a driver, while
the vehicle is in motion.3) A Member-certified Application describes the certification status of a MirrorLink-Aware Application, which
is additionally fulfilling CCC Member application certification criteria. This category comes in two sub-
categories:a) A Member Base-Certified Application is fulfilling the CCC Member's certification criteria for basic
MirrorLink Server and CCC Member's MirrorLink Client interoperability, usability and reliability.
b) A Member Drive-Certified Application is a Member Base-Certified Application and is approved by
the CCC Member for use in a MirrorLink Server and CCC Member's MirrorLink Client system by a
driver, while the vehicle in in motion.ETSI
---------------------- Page: 7 ----------------------
8 ETSI TS 103 544-14 V1.3.0 (2017-10)
Certified applications will have an Application Certificate containing information about the application, relevant for
allowing it in drive or non-drive mode (App Info), along with information (App ID) how the application can be securely
identified on the MirrorLink Server device.As shown in Figure 1, an application is downloaded from any application store and installed on the MirrorLink Server
device. The application may come with a self-signed application certificate, which provides necessary information for
the application advertisements as a MirrorLink-Aware Application.In addition, the MirrorLink Server will retrieve the Application's associated MirrorLink or Member Certificate from the
Application Certificate Management System (ACMS). The application identification information is used to securely
link the application certificate to the downloaded and installed application. The MirrorLink Server device will be able to
validate with the ACMS, whether the available application certificate is still valid.
Figure 1: Application Certification Architecture (MirrorLink Server View)The MirrorLink Server device will take the application information out of the validated application certificate and
present the information to the MirrorLink Client devices.Within the present document, we use the term restricted mode, to refer to the condition, when driver distraction rules
have to be followed (e.g. while driving). The term non- restricted mode is used to refer to the condition, when driver
distraction rules have not to be followed (e.g. while being parked).5 Application Certificate Structure
5.1 X.509 Certificate
5.1.1 Application Certificate
Application Certificates shall be a public key X.509 version 3 certificate as specified in [1].
MirrorLink uses long-lived Application Certificates. The signing Certification Authority should set an expiration date of
10 years from the date of signing, but it shall not be longer than the expiration date of the signing root or intermediate
certificate.Application Certificates shall use 2048-bit RSA keys with SHA-256 or SHA-512 signature algorithms.
ETSI---------------------- Page: 8 ----------------------
9 ETSI TS 103 544-14 V1.3.0 (2017-10)
5.1.2 Intermediate Certificate
Hierarchy of certification authorities (CAs) may be used for application certification. In case intermediate CAs are used,
the entire certificate chain up to the root CA shall be provided to the MirrorLink Server together with the application
certificate.The Intermediate certificate, which signed by the CCC root CA, shall have a Common Name (CN) in the issuer
information, identical to "ACMS CA"; otherwise the certificate shall not be accepted. A valid example issuer
information is given below:Issuer: O=Car Connectivity Consortium, CN=ACMS CA
An Intermediate Certificate should have an expiration date of 20 years from the date of signing, but it shall not be
longer than the expiration date of the signing root certificate.Any Intermediate Certificate shall use 4096-bit RSA keys with SHA-512 signature algorithms.
5.1.3 Root CertificateThe signing certification authority's Root Certificate, a hash of it or a hash of its public key shall be stored in the
MirrorLink Server. Access to the certificate's public key shall be read-only.Expiration date of the root certificate shall be 20 years from the date of signing.
Root Certificate shall use 4096-bit RSA keys with SHA-512 signature algorithms.The Root Certificate shall be identical to the DAP Root Certificate.
5.2 MirrorLink Extension
5.2.1 Extension Header
The X.509 extension header shall have the following format. The CCC-MirrorLink Extension Id is provided from
IANA. The identifier shall be provided without any "<>" delimiter. Its value is outside the scope of the present
document:X509v3 extensions:
CCC-MirrorLink Extension:
extnId: 1.3.6.1.4.1.41577.2.1
critical: no
extnValue: DER:
The CCC-MirrorLink-OCSP extensions for queryPeriod, driveGrace and baseGrace are defined later on clause 6.4.3.
5.2.2 CCC-MirrorLink Extension ValueThe DER encoded XML shall follow the format below. Detailed description of the elements can be found in Table 1.
Table 1: MirrorLink Extension Header extnValue XMLElement Description Parent Availability
certificate MirrorLink Application Certificate - Required
Version of the certificate
Note: This version corresponds to the Certificate Version,
version certificate Optional
mainly the structure of this XML. It does not
correspond to the MirrorLink specification version.
Major Version (it shall be 1)
majorVersion Type: Unsigned integer version Optional
Default: 1
ETSI
---------------------- Page: 9 ----------------------
10 ETSI TS 103 544-14 V1.3.0 (2017-10)
Element Description Parent Availability
Minor Version
minorVersion Type: Unsigned integer version Optional
Default: 0
appIdentifier Platform specific application identifier (defined in Annex B) certificate Required
Application entry for the UPnP Application Server ServiceappListEntry certificate Required
A_ARG_TYPE_AppList listing
name Application name appListEntry Required
provider
Name of the application provider appListEntry Optional
Name
providerURL URL of the application provider's website appListEntry Optional
description Text description of application appListEntry Optional
Platform
iconList List of available application icons appListEntry
specific
Describes an application icon
Platform
icon* iconList
The MirrorLink server shall include an icon for all
specific
applications with = VNC.
mimetype Type of icon image (A_ARG_TYPE_String) icon Required
width Width of icon (A_ARG_TYPE_INT) icon Required
height Height of icon (A_ARG_TYPE_INT) icon Required
Color depth of icon
depth icon Required
(A_ARG_TYPE_INT)
URL where icon is available within the install package
(platform specific).
url icon Required
(A_ARG_TYPE_URI)
appInfo Information about the listed application appListEntry Optional
appCategory Application category appInfo Optional
displayInfo Information about display content appListEntry Optional
content
Visual content categories used displayInfo Optional
Category
audioInfo Information about audio content appListEntry Optional
audioType Audio type audioInfo Optional
content
Audio content categories used audioInfo Optional
Category
appCert Application entry for the UPnP Application Server Srevice
certificate Required
InfoEntry A_ARG_TYPE_AppCertificateInfo listing
UUID of the application
appCert
appUUID Optional
The UUID shall be unique across all mobile device
InfoEntry
platform variants and application versions.
appCert
entity* Certifying entity Optional
InfoEntry
Entity name
name entity Required
Unique identifier of the entity certifying the application.
Allowed values are specified in Table 2.
targetList Target entity Optional
Target name
Entry is undefined in case of the CCC entity and shall be
ignored from the MirrorLink Client.
target* targetList Required
Otherwise the format is OEM specific. The OEM may use
this entry to implement a white and/or black list of
supported targets.
restricted List of locales for restricted use entity Required
non
List of locales for non-restricted use entity Required
Restricted
ETSI
---------------------- Page: 10 ----------------------
11 ETSI TS 103 544-14 V1.3.0 (2017-10)
Element Description Parent Availability
serviceList List of used data services entity Required
service* Service name serviceList Required
Application properties
appCert
Contains an UTF-8 XML representation of certified
properties
Optional
InfoEntry
application properties. The XML representation is out-of-
scope of the present document.
server
MirrorLink Server Properties certificate Required
Properties
Platform supported from application
A separate certificate is provided for each server
platform Required
platform/runtime. Properties
platformID Platform identifier, as defined in Table 3. platform Required
Comma separated list of black-listed platform versions.
Version information is platform specific. Version
blacklisted
information shall be complete.
Platform platform Required
An empty version tag indicates that the application
Versions
certificate is not dependent on a specific version of the
host OS in question.
runtimeID Runtime identifier, as defined in Table 4 platform Required
Comma separated list of black-listed runtime versions.
Version information is runtime specific. Version
blacklisted
information shall be complete.
RuntimeVersi platform Required
ons
An empty version tag indicates that the application
certificate is not dependent on a specific runtime version.
Elements marked with a (*) can have multiple instances.
In case the entity is missing from the Application Certificate, the application shall be treated as a MirrorLink-Aware
application.5.2.3 Certificate Signing Entities
The following entity names are currently registered with CCC. The MirrorLink Client shall ignore any unknown entries.
Table 2: Certificate Signing EntitiesEntity Name Description
CCC Car Connectivity Consortium
The application follows application guidelines, as specified from CCC, for the
certified regions.
DEVELOPER MirrorLink Developer Application
The application is a developer self-signed MirrorLink aware application, as
specified in [4].
The application need not follow any application guidelines, as specified from
the CCC.
ACMS MirrorLink Aware Application
The application is a self-signed MirrorLink aware application.
The MirrorLink Server shall check with the ACMS for a CCC or Member-
signed certificate.
OR MirrorLink Aware Application
Tag missing OR The application is a self-signed MirrorLink aware application.
Unknown entity name The MirrorLink Server shall not check with the ACMS for a CCC or Member-
signed certificate.ETSI
---------------------- Page: 11 ----------------------
12 ETSI TS 103 544-14 V1.3.0 (2017-10)
Entity Name Description
CCC Member
It is the member's responsibility that the application is following all necessary
application guidelines. The unique list of CCC member names is maintainedseparately from the present document.
The CCC member name shall be identical to the manufacturer entry in
A_ARG_TYPE_ClientProfile structure as provided in the
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.