BS EN 62455:2011
$215.11
Internet protocol (IP) and transport stream (TS) based service access
| Published By | Publication Date | Number of Pages |
| BSI | 2011 | 414 |
IEC 62455:2010(E) specifies the terminal for a service purchase and protection system for digital broadcasts, called the 18Crypt system. It is applicable in all countries and regions with suitably compliant broadcasting and multimedia distribution systems. Guidelines for compatible broadcast services are given in this standard. The service purchase and protection functions operate in a pure broadcast environment that may be combined with a bi-directional interactivity channel. It is applicable to the following broadcast systems: – IP datacast over DVB-H systems; – DVB T/C/S systems; – MPEG2 TS-based IP systems; – Non-MPEG2 TS-based IP systems. This second edition cancels and replaces the first edition, published in 2007, and constitutes a technical revision. The main changes with respect to the previous edition are: – Recent developments in DVB and OMA standards caused some incompatibilities, which have been solved in the second edition. – Technical errors have been corrected, missing details added. – References have been updated to the newest available ones.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 7 | CONTENTS |
| 19 | 1 Scope 2 Normative references |
| 21 | 3 Terms, definitions and abbreviations 3.1 Terms and definitions |
| 26 | 3.2 Symbols |
| 27 | 3.3 Abbreviations |
| 31 | 3.4 Identifiers assigned by external entities 4 General 4.1 Overview |
| 32 | 4.2 General description of the system and elements Figures Figure 1 โ System overview |
| 34 | Figure 2 โ Service protection via four-layer model |
| 36 | 4.3 End-to-end system 4.4 Supported systems and device types Figure 3 โ Highly simplified view of the end-to-end system |
| 37 | Tables Table 1 โ Supported systems and device types |
| 38 | 4.5 Service protection versus content protection Figure 4 โ Service protection versus content protection |
| 39 | 5 General specifications 5.1 End-to-end architecture Figure 5 โ Service protection and purchase entities and names (broadcast architecture) |
| 40 | Figure 6 โ Public key infrastructure |
| 41 | 5.2 Special cases 5.3 Service guide and purchase |
| 42 | 5.4 Four-layer model โ Key hierarchy Figure 7 โ Overview of service guide and purchase |
| 44 | Figure 8 โ 4-layer key hierarchy โ Use of SEK only |
| 45 | Figure 9 โ 4-layer key hierarchy โ Use of PEK and SEK |
| 47 | Table 2 โ Keyset in the registration data |
| 49 | Figure 10 โ Authentication hierarchy |
| 50 | 5.5 Deployment for broadcast mode of operation |
| 51 | Figure 11 โ Explaining the concept of addressing |
| 52 | Figure 12 โ (Oversimplified) group BCRO Figure 13 โ (Oversimplified) subscriber group BCRO |
| 53 | Figure 14 โ (Oversimplified) unique device BCRO Figure 15 โ (Oversimplified) broadcast domain BCRO |
| 54 | Figure 16 โ Example of a zero message tree with three nodes (keys) |
| 56 | 6 Traffic layer 6.1 General 6.2 IPsec |
| 57 | Figure 17 โ IPsec security association elements |
| 58 | 6.3 ISMACryp |
| 60 | 6.4 SRTP Figure 18 โ ISMACryp Key Management |
| 62 | Figure 19 โ SRTP cryptographic context management |
| 63 | 6.5 MPEG2 TS crypt |
| 64 | Figure 20 โ MPEG2 transport stream cryptographic context management |
| 65 | Table 3 โ Definition of transport_scrambling_control bits Table 4 โ Definition of pes_scrambling_control field bits |
| 66 | Figure 21 โ Single-key versus dual-key TS over time |
| 67 | Table 5 โ Descrambling possibility matrix Table 6 โ Supported ciphers for MPEG2 TS Crypt |
| 68 | 7 Key stream layer 7.1 General 7.2 Format of the key stream message (KSM) |
| 69 | Table 7 โ Format of key stream message |
| 71 | Table 8 โ Descriptors for access_criteria_descriptor_loop Table 9 โ Access_criteria_descriptors Table 10 โ Parental_rating access criteria descriptor |
| 72 | Table 11 โ Parental rating values for each parental rating type |
| 73 | Table 12 โ Copy_control_information access criteria descriptor |
| 74 | Table 13 โ Bit assignments of copy_control_information_byte Table 14 โ CCI bit assignments Table 15 โ EMI values and content Table 16 โ APS value definitions |
| 75 | Table 17 โ CIT values and application Table 18 โ RCT values and application |
| 76 | Table 19 โ Blackout_spotbeam access criteria descriptor Table 20 โ Operator field values and their meaning |
| 78 | Table 21 โ Constants in key stream message |
| 80 | Table 22 โ Content_key_index options |
| 81 | Table 23 โ cipher_mode options |
| 82 | Table 24 โ Obtaining the content key |
| 83 | Table 25 โ Traffic key lifetime |
| 84 | Tableย 26 โ Values of permissions_category and their meaning |
| 86 | 8 Rights management layer 8.1 General 8.2 Identification of rights objects |
| 87 | 8.3 Requirements for rights objects |
| 88 | 8.4 Format of rights objects Table 27 โ Format of BCRO |
| 90 | Table 28 โ Address_mode |
| 92 | Table 29 โ Asset format |
| 93 | Table 30 โ Asset_type Table 31 โ Mapping of address_mode to keys |
| 94 | Table 32 โ Mapping of address_mode to keys Table 33 โ Mapping of address_mode to keys |
| 95 | Table 34 โ Permission format |
| 96 | Table 35 โ Action format Table 36 โ Action_type |
| 97 | Table 37 โ Constraint format Table 38 โ Format of constraint_descriptor |
| 98 | Table 39 โ Constraint_tag Table 40 โ Format of count_constraint_descriptor Table 41 โ Format of timed_count_constraint_descriptor |
| 99 | Table 42 โ Format of datetime_constraint_descriptor |
| 100 | Table 43 โ Format of interval_constraint_descriptor Table 44 โ Format of accumulated_constraint_descriptor |
| 101 | Table 45 โ Format of individual_constraint_descriptor Table 46 โ Id_type Table 47 โ Format of system_constraint_descriptor |
| 102 | Table 48 โ Format of token_management_constraint_descriptor |
| 103 | 9 Registration layer 9.1 General 9.2 RI context |
| 104 | 9.3 Registration layer protocols and message specification Table 49 โ Registration types |
| 105 | Figure 22 โ Registration for broadcast mode of operation with one ROT |
| 106 | Figure 23 โ Offline NDD protocol |
| 107 | Figure 24 โ Samples of notification displays Figure 25 โ Off-line NSD protocol Figure 26 โ Action request code (ARC) Table 50 โ NSD action request code fields |
| 108 | Table 51 โ NSD action types |
| 109 | Figure 27 โ Samples of notification displays showing an ARC message |
| 110 | Figure 28 โ Sample of token consumption reporting notification display Table 52 โ Token consumption data |
| 111 | Figure 29 โ Sample of TAA report display Table 53 โ TAA report data |
| 112 | Figure 30 โ 1-pass PDR protocol โ (first) device registration Figure 31 โ 1-pass IRD protocol โ RI initiated message to device (here re-registration) |
| 113 | Table 54 โ Messages of the 1-pass IRD protocol |
| 115 | Figure 32 โ Unique device number Table 55 โ UDN explanation |
| 116 | Table 56 โ Major industry identifier Table 57 โ longform_udn |
| 117 | Table 58 โ Notify device data message parameters Table 59 โ Device data |
| 118 | Table 60 โ Message fields |
| 119 | Table 61 โ Status values Table 62 โ Fields of certificate_version parameter |
| 120 | Table 63 โ Allowed values for ri_certificate_counter |
| 121 | Table 64 โ Allowed values for ocsp_response_counter Table 65 โ Values for flags signalling data absent/data present |
| 122 | Table 66 โ Allowed values for subscriber_group_key_flag Table 67 โ Values and their meaning for signature_type_flag |
| 125 | Figure 33 โ Device_registration_response() message |
| 126 | Figure 34 โ Structure of device_registration_response() message |
| 127 | Table 68 โ Message syntax |
| 129 | Table 69 โ Message fields |
| 130 | Table 70 โ Status values Table 71 โ Fields of certificate_version parameter |
| 132 | Table 72 โ Message syntax |
| 133 | Table 73 โ Message fields Table 74 โ Status values |
| 134 | Table 75 โ Message syntax |
| 135 | Table 76 โ Message fields Table 77 โ Status values |
| 136 | Table 78 โ Fields of certificate_version parameter |
| 137 | Table 79 โ Message syntax |
| 138 | Table 80 โ Format of contact object Table 81 โ Contact_type |
| 139 | Table 82 โ Encoding rules for contactdata |
| 140 | Table 83 โ Off-line protocols (from device to RI) Table 84 โ 1-pass protocols (from RI to device) Table 85 โ Protocol interrelation |
| 141 | Table 86 โ Message fields |
| 142 | Table 87 โ Status values Table 88 โ Fields of certificate_version parameter |
| 145 | Figure 35 โ Domain_registration_response() message |
| 146 | Figure 36 โ Structure of domain_registration_response() message |
| 147 | Table 89 โ Message syntax |
| 148 | Table 90 โ Message fields |
| 149 | Table 91 โ Status values Table 92 โ Fields of certificate_version parameter |
| 151 | Table 93 โ Message syntax |
| 153 | Table 94 โ Message syntax |
| 154 | Table 95 โ Offline protocols (from device to RI) Table 96 โ 1-pass protocols (from RI to device) Table 97 โ Protocol interrelation |
| 155 | Table 98 โ Fields of token delivery response message |
| 156 | Table 99 โ Address_mode for token delivery response message |
| 157 | Table 100 โ Message error codes |
| 159 | Table 101 โ Mapping of address_mode to keys for the token delivery response message Table 102 โ Mapping of address_mode to keys for the token delivery response message |
| 160 | Table 103 โ Syntax of token delivery response message |
| 162 | 10 Signalling and service guide 10.1 General Figure 37 โ Registration for mixed-mode operation with one ROT |
| 163 | 10.2 Signalling requirements 10.3 Service guide requirements 10.4 Service guide recommendations |
| 164 | 11 Rights issuer services and rights issuer streams 11.1 General 11.2 Rights issuer services Table 104 โ Requirements for the support of RI services and streams by IPDC over DVBH devices |
| 165 | 11.3 Usage of rights issuer streams and services Table 105 โ Requirements for the support of rights issuer services and streams by service providers in IPDC over DVB-H systems |
| 166 | Figure 38 โ Relationship between RI service and RI streamsand other services and RI streams |
| 168 | 12 Service subscription and purchase 12.1 General Figure 39 โ Message flows for service subscription and purchase for the connected mode of operation |
| 169 | 12.2 Purchase over an interactivity channel Figure 40 โ Message flows for service subscription and purchase for the unconnected mode of operation |
| 171 | Figure 41 โ Interactions for bulk download of service and programme keys |
| 172 | Figure 42 โ Interactions for bulk download of purchase information |
| 173 | Figure 43 โ Interactions for announcement of purchase items in service guide |
| 174 | Figure 44 โ Interactions for pricing inquiry |
| 178 | Figure 45 โ Interactions for unsuccessful purchase |
| 182 | Figure 46 โ Interactions for successful purchase |
| 186 | Figure 47 โ Interactions for subscription RO renewal and asynchronous charging |
| 187 | Figure 48 โ Interactions for asynchronous charging and cancellation of open-ended subscriptions |
| 191 | Figure 49 โ Interactions for acquisition and charging of tokens |
| 193 | Table 106 โ Definition of mandatory SOC attributes in request/response messages |
| 195 | Table 107 โ Occurrence of error codes in response messages |
| 210 | 12.3 Purchase for mixed-mode devices |
| 211 | 12.4 Out-of-band purchase |
| 212 | Figure 50 โ Samples of out-of-band purchase information displaysfor a registered device Table 108 โ Data to be provided to the customer operation centre |
| 213 | 12.5 Required service guide information Figure 51 โ Sample of out-of-band purchase informationdisplays for an unregistered device |
| 217 | 13 Protection of IPDC over DVB-H systems 13.1 General |
| 218 | 13.2 Delivery of traffic layer data in IPDC over DVB-H systems 13.3 Delivery of key stream data in IPDC over DVB-H systems 13.4 Delivery of rights management data in IPDC over DVB-H systems 13.5 Delivery of registration data in IPDC over DVB-H systems Table 109 โ Traffic layer options for transmission over IPDC over DVB-H |
| 219 | 13.6 Signalling and service guides in IPDC over DVB-H systems |
| 220 | 13.7 Format and use of RI streams over IPDC over DVB-H systems |
| 221 | Figure 52 โ Example mapping of objects to RI stream packets |
| 222 | Table 110 โ Format of the rights issuer stream |
| 227 | 14 Protection of DVB T/C/S systems 14.1 General |
| 228 | 14.2 Delivery of traffic layer data in DVB T/C/S systems 14.3 Delivery of key stream data in DVB T/C/S systems Table 111 โ Traffic layer options for transmission over MPEG2 TS-based networks Table 112 โ KSM table |
| 229 | 14.4 Delivery of rights management data in DVB T/C/S systems |
| 230 | 14.5 Delivery of registration data in DVB T/C/S systems Table 113 โ BCRO table |
| 231 | Table 114 โ Carrying registration layer messages via MPEG sections in T/C/S system |
| 232 | Table 115 โ Syntax of registration message table (RMT) |
| 233 | 14.6 Signalling and service guide in DVB T/C/S systems |
| 235 | Figure 53 โ Signalling of encrypted services and their associated key streams |
| 236 | Figure 54 โ Signalling of encrypted services in the SDT |
| 237 | Figure 55 โ Signalling of the rights issuer service in the SDT Figure 56 โ Addressing of a rights issuer service |
| 238 | Figure 57 โ Signalling of purchase information via the SDT |
| 239 | Figure 58 โ Signalling of purchase information via the CA_descriptor in the CAT |
| 240 | Figure 59 โ Signalling of purchase information via the private data blockof the CA_descriptor in the CAT |
| 241 | Figure 60 โ Relationship between PCT, PIT, SBT and SDT |
| 242 | Figure 61 โ Alternative usage of the purchase_item_descriptor in the SDT and EIT |
| 243 | Table 116 โ Purchase channel table |
| 247 | Table 117 โ Service bundle table |
| 250 | Table 118 โ Purchase item table |
| 251 | Table 119 โ Private descriptor tags used for 18Crypt |
| 252 | Table 120 โ Possible locations of descriptors Table 121 โ Service_ID_descriptor |
| 253 | Table 122 โ Right issuer ID descriptor |
| 254 | Table 123 โ Purchase info location descriptor |
| 256 | Table 124 โ Purchase item descriptor |
| 257 | Table 125 โ Subscription_type values |
| 258 | Table 126 โ Example price with different decimal point location values |
| 259 | Table 127 โ Provider name descriptor Table 128 โ Eurocrypt addressing descriptor |
| 260 | Table 129 โ Address_mode |
| 261 | Table 130 โ Info URL descriptor Table 131 โ Key URL descriptor |
| 262 | Table 132 โ Linkage descriptor |
| 263 | Table 133 โ Linkage type coding Table 134 โ IP linkage descriptor |
| 265 | 14.7 User-defined identifiers used in DVB-SI tables 14.8 Scope of identifiers used in DVB-SI tables Table 135 โ User defined IDs |
| 266 | 14.9 Format of RI services over DVB-T/C/S systems 15 Protection of MPEG2 TS-based IP systems 15.1 General |
| 267 | 15.2 Encapsulation of an MPEG2 TS in IP 15.3 Delivery of traffic layer data in MPEG2 TS-based IP systems 15.4 Delivery of key stream data in MPEG2 TS-based IP systems 15.5 Delivery of rights management data in MPEG2 TS-based IP systems 15.6 Delivery of registration data in MPEG2 TS-based IP systems 15.7 Signalling and service guides in MPEG2 TS-based IP systems |
| 268 | Table 136 โ Additions to the broadcast discovery record |
| 269 | Table 137 โ Additions to the content-on-demand discovery record |
| 270 | 15.8 Format of RI services over MPEG2 TS-based IP systems 15.9 Content-on-demand support |
| 271 | 15.10 Use of server-side purchase interfaces Table 138 โ Sequence of events for purchase and supply of a content-on-demand item |
| 272 | 16 Protection of non-MPEG2 TS-based IP systems 16.1 General 16.2 Delivery of traffic layer data in non-MPEG2 TS-based IP systems Table 139 โ Traffic layer options for transmission overnon-MPEG2 TS based IP networks |
| 273 | 16.3 Delivery of key stream data in non-MPEG2 TS-based IP systems 16.4 Delivery of rights management data in non-MPEG2 TS-based IP systems 16.5 Delivery of registration data in non-MPEG2 TS-based IP systems 16.6 Signalling and service guides in non-MPEG2 TS-based IP systems 16.7 Format of RI services over non-MPEG2 TS-based IP systems 16.8 Content-on-demand support |
| 274 | Annex A (normative) Supporting specifications |
| 275 | Figure A.1 โ Sample notification display |
| 276 | Table A.1 โ Status/error codes |
| 278 | Figure A.2 โ Conversion routes between modified julian date (MJD) and coordinated universal time (UTC) |
| 280 | Table A.2 โ Local time offset coding |
| 281 | Table A.3 โ Standard keyset with RSA block size 1024 |
| 282 | Table A.4 โ Standard keyset with other RSA block sizes Table A.5 โ Extended keyset with RSA block size 1024 |
| 283 | Figure A.3 โ Node numbering Table A.6 โ Extended keyset with other RSA block sizes |
| 284 | Figure A.4 โ AES for key derivation |
| 286 | Figure A.5 โ Sample tree with correct node and device numbering |
| 291 | Figure A.6 โ Computation of the TAA_report_code Table A.7 โ Error likelihood in human communication |
| 295 | Table A.8 โ Defined tag values |
| 296 | Figure A.7 โ Node numbering |
| 297 | Table A.9 โ Defined length values Table A.10 โ Correct usage of length values |
| 299 | Table A.11 โ TAA descriptor syntax Table A.12 โ TAA algorithm values |
| 300 | Table A.13 โ Message_tag overview Table A.14 โ Table ID overview |
| 301 | Table A.15 โ Multilingual text structure |
| 302 | Figure A.8 โ Computation of the report_authentication_code |
| 312 | Table A.16 โ Mapping of required service guide data to the IPDC ESG |
| 314 | Table A.17 โ Mapping of required service guide data to DVB PSI/SI tables |
| 315 | Figure A.9 โ Relationship between DVB-T/C/S PSI/SI tables |
| 317 | Figure A.10 โ Relationships between the defined types Table A.18 โ Mapping of required service guide data to IPI BCG/TV anytime |
| 319 | Figure A.11 โ XML fragment for SOC identifier Figure A.12 โ XML fragment for serviceBaseCID |
| 320 | Figure A.13 โ Definition of UniversalPurchaseItemType Figure A.14 โ Definition of the ServiceBundleType |
| 321 | Figure A.15 โ Definition of UniversalServiceInformationType Figure A.16 โ Definition of UniversalOnDemandServiceType |
| 322 | Figure A.17 โ Definition of UniversalPurchaseType |
| 329 | Table A.19 โ Updated permission element |
| 331 | Table A.20 โ Access element |
| 332 | Figure A.18 โ Recording and super-distributing the recorded asset |
| 333 | Table A.21 โ Semantics of the save element Table A.22 โ Use of programme and service keys |
| 334 | Table A.23 โ Fields in the GroupID box Table A.24 โ CommonHeaders box fields |
| 335 | Figure A.19 โ Format of the OMADRMRecordingTimestamp. |
| 336 | Figure A.20 โ Format of the OMADRMRecordingInformationBlock |
| 337 | Figure A.21 โ 18Crypt namespace declaration |
| 346 | Table A.25 โ Conformance table for IPDC over DVB-H systems |
| 350 | Table A.26 โ Conformance table for DVB-T/C/S systems |
| 353 | Table A.27 โ Conformance table for IPTV systems |
| 357 | Annex B (informative) Deployment considerations |
| 359 | Figure B.1 โ Rights issuer communication with various types of devices in IPDC over DVB-H systems |
| 362 | Figure B.2 โ Rights issuer communication with various typesof devices in DVB-T/C/S systems |
| 364 | Figure B.3 โ Rights issuer communication with various types of devices in IP systems |
| 365 | Figure B.4 โ Purchase steps in case of an interactive device |
| 367 | Figure B.5 โ Purchase steps in case of a broadcast device |
| 369 | Figure B.6 โ Consumption steps from the broadcaster point of view |
| 370 | Figure B.7 โ Consumption steps from the device point of view |
| 379 | Figure B.8 โ Function blocks of service protection head-end |
| 381 | Figure B.9 โ Systems and network elements of service protection head-end |
| 382 | Tableย B.1 โ Messages involved in IEC T/C/S systems |
| 383 | Figure B.10 โ IEC T/C/S components integrated into DVB SimulCrypt head-end. |
| 385 | Figure B.11 โ Locating 18Crypt KSM & BCRO as well as EMM & ECM |
| 386 | Table B.2 โ Reference overview information |
| 387 | Figure B.13 โ Sample network set-ups using the location descriptors |
| 388 | Figure B.14 โ Expanding the IEC T/C/S head-end components |
| 392 | Figure B.15 โ Deployment option A (combining DIST Mgmt and RI in SOC) โ Local scenario |
| 394 | Figure B.16 โ Deployment option A (combining DIST Mgmt and RI in SOC) โ Roaming scenario |
| 396 | Figure B.17 โ Deployment option B (combining SUB Mgmt and RI in COC) โ Local scenario |
| 397 | Figure B.18 โ Deployment option B (combining SUB Mgmt and RI in COC) โ Roaming scenario |
| 400 | Table B.3 โ Example 1: CGF with cities and regions Table B.4 โ Example 2: CGF with sports and regions (independent) |
| 401 | Figure B.19 โ Scenarios 1 and 2 for bosb_masks |
| 402 | Table B.5 โ Example 3: CGF with sports and regions (overlapping) |
| 403 | Figure B.20 โ Scenarios 3 and 4 for bosb_masks |
| 404 | Figure B.21 โ Scenarios 5 and 6 for bosb_masks |
| 405 | Figure B.22 โ Scenarios 7 and 8 for bosb_masks |
| 406 | Figure B.23 โ Scenarios 9 and 10 for bosb_masks (precedence) |
| 408 | Figure B.24 โ Diagram of keyset_block, sessionkey_block and surplus_block Table B.6 โ Category of references |
| 410 | Bibliography |
