IEC 62766-7:2017

IEC 62766-7 ®
Edition 1.0 2017-07
INTERNATIONAL
STANDARD
colour
inside
Consumer terminal function for access to IPTV and open internet
multimedia services –
Part 7: Authentication, content protection and service protection
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC 62766-7 ®
Edition 1.0 2017-07
INTERNATIONAL
STANDARD
colour
inside
Consumer terminal function for access to IPTV and open internet

multimedia services –
Part 7: Authentication, content protection and service protection

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ISBN 978-2-8322-4555-2
ICS 33.170 35.240.95
– 2 – IEC 62766-7:2017 © IEC 2017
CONTENTS
FOREWORD . 6
INTRODUCTION . 8
1 Scope . 9
2 Normative references . 9
3 Terms, definitions and abbreviated terms . 11
3.1 Terms and definitions . 11
3.2 Abbreviated terms . 13
4 Content and service protection . 15
4.1 General . 15
4.2 Terminal-centric approach . 15
4.2.1 General . 15
4.2.2 Interfaces for CSP and CSP-T server . 16
4.2.3 Protected content usages . 25
4.2.4 Content encryption . 28
4.2.5 Protected file formats. 29
4.2.6 Protection of MPEG-2 transport streams . 30
4.2.7 Operation of Marlin technologies . 34
4.2.8 DRM data . 35
4.3 Gateway-centric approach . 39
4.3.1 General . 39
4.3.2 Capabilities. 39
4.3.3 CSPG-DAE interface . 39
4.3.4 CI+ based gateway . 40
4.3.5 DTCP-IP based gateway . 55
5 User identification, authentication, authorisation and service access protection . 60
5.1 General principles . 60
5.2 Interfaces . 61
5.2.1 General . 61
5.2.2 HNI-INI . 61
5.2.3 HNI-IGI . 62
5.2.4 Common requirements . 62
5.3 Service access protection . 62
5.3.1 SAA co-located with service . 62
5.3.2 SAA standalone . 63
5.4 OITF authentication mechanisms . 64
5.4.1 HTTP basic and digest authentication . 64
5.4.2 Network-based authentication . 65
5.4.3 Web-based authentication . 65
5.4.4 HTTP digest authentication – Using IMS gateway . 67
5.4.5 GBA authentication – Using IMS gateway . 72
5.5 IMS registration – OITF . 75
5.5.1 General . 75
5.5.2 Relevant functional entities and reference points . 75
5.5.3 Prerequisites . 76
5.5.4 SIP digest message flows . 77
5.5.5 IMS AKA message flows . 78

5.6 Session management and single sign on . 80
5.6.1 General . 80
5.6.2 Cookie session . 80
5.6.3 URL parameters . 81
5.6.4 HTTP authentication session . 82
5.6.5 SAML Web-based SSO . 83
6 Forced play-out using media zones . 84
Annex A (informative) Link of user authentication and DRM device authentication . 86
Annex B (normative) XML schemas . 88
B.1 General . 88
B.2 XML schema for MarlinPrivateDataType structure . 88
B.3 XML schema for MIPPVControlMessage format . 89
B.4 XML schema for HexBinaryPrivateDataType structure . 89
Annex C (informative) DRM messages used in DAE. 90
Annex D (informative) CSPG-CI+ usage examples . 91
D.1 General . 91
D.2 CSPG-CI+ initial power-on . 91
D.3 CSPG-CI+ normal power-on . 91
D.4 Live session example . 92
D.5 Parental control management example . 93
D.6 No-rights event and purchase example . 94
D.7 VoD session example . 95
Annex E (informative) CSPG-DTCP session setup sequence examples . 96
E.1 General . 96
E.2 Multicast streaming with SIP session management . 96
E.3 Unicast streaming with SIP session management . 98
E.4 Unicast streaming with RTSP session management . 99
E.5 HTTP streaming and download . 100
Annex F (informative) Embedded CSPG . 101
F.1 General . 101
F.2 Application to simple and secure streaming . 103
Bibliography . 105

Figure 1 – CSP-T system overview . 16
Figure 2 – Node acquisition sequence . 18
Figure 3 – Link acquisition sequence . 20
Figure 4 – Deregistration sequence . 22
Figure 5 – Licence acquisition sequence . 24
Figure 6 – Licence evaluation sequence . 26
Figure 7 – Scramble key decryption sequence . 27
Figure 8 – Content on demand encryption sequence using content key (for (P)DCF
OMArlin or Marlin IPMP Marlin FF) . 28
Figure 9 – Content on demand encryption sequence using content key (for MPEG-2
TS) 28
Figure 10 – Scheduled content encryption sequence using scramble key (for MPEG-2
TS) 29
Figure 11 – Conditional access descriptors signalling ECM and EMM messages . 30

– 4 – IEC 62766-7:2017 © IEC 2017
Figure 12 – Outline of DRMControlInformationtype with MarlinPrivateData . 37
Figure 13 – Outline of MIPPVControlMessage . 38
Figure 14 – CSPG-CI+ overview . 40
Figure 15 – CSPG-CI+ context . 41
Figure 16 – C
...