ISO/IEC INTERNATIONAL STANDARD 16500-7 First edition 1999-12-15 Information technology Generic digital audio-visual systems Part 7: Basic security tools Technologies de I'information - Systemes audiovisuels numeriques géneriques Partie 7: Outils de sécurité de base Reference number ISO/IEC 16500-7:1999(E) E( @ISO/IEC1999 ISO/IEC 16500-7:1999(E) PDFdisclaimer This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The IsO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event ?ISO/IEC1999 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic in the country of the requester. ISO copyright office Case postale 56: CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 734 10 79 E-mail [email protected] Web www.iso.ch Printed in Switzerland @ ISO/IEC 1999 - All riahts reserved ISO/IEC 16500-7:1999(E) Contents Page Foreword vii Introduction. .viii 1. Scope. 2. Normative references .. 3. Definitions 4. Acronyms and abbreviations . 5. Conventions 6. Overview of Security System .. 7. Security Tools .. 7.1 S1 Scrambling... 7.1.1 Scrambled Elements . 7.1.2 Control Word Synchronization 7.2 S2/S3 Authentication .. 7.2.1 Authentication Protocol.. 7.2.2 Syntax of Authentication Messages... 7.2.3 Key Use... 7.2.4 Certificates ... 7.2.5 Integration with Protocols for S2 7.3 S2/S3 Confidentiality and Integrity 7.3.1 Negotiation of Confidentiality and Integrity Algorithms.. 10 7.3.2 Definition of the SPI value. 10 7.3.3 Signaling ...... 7.3.4 Replay Protection on S2.. 10 7.4 S2 Digital Signatures 7.5 DSM-CC Commands for S1 Security Management, 10 7.5.1 Security Association Configuration. 10 7.5.2 Key Retrieval .. 7.6 Secure Download 13 7.6.1 Format of Security DownloadInfoRequest. 13 7.6.2 Format of Security DownloadInfoResponse. 7.6.3 Format of Security Module .... 14 7.6.4 Download Reasons in DownloadDataResponse. ..15 7.7 Parental Control . 15 7.7.1 Introduction... 15 7.7.2 Retrieval Services 7.7.3 Distribution Services . 8. Flows and Protocol Stacks... 8.1 Sample Flow: Scrambled Video on Demand (Informative). .16 @ ISO/IEC 1999 - All rights reserved DAVIC 1.3.1a Part 10 (1999) ili ISO/IEC 16500-7:1999(E) 9. Security Interfaces . 19 10. Security Interface CAO ... .20 10.1 Introduction .20 10.2 Additional DAVIC Requirements for CAO.. 20 10.2.1 Host to Security Device Authentication .. 10.2.2 Security Services .... ..20 11. Profiles/Contours... 12. Security Interface CA1 ... ..21 12.1 Introduction and scope 12.1.1 Introduction... 12.1.2 CAl reference model ... ..21 12.2 Notation.. .23 12.3 Physical characteristics of the CA1 security device.. ..23 12.4 Electronic signals and transmission protocols on the CA1 interface... .23 12.4.1 Additions and restrictions to ISO/IEC 7816-3 . 12.4.2 Logical channels... 12.5 CA message format and filter specification .... .24 12.5.1 CA message mechanism and format ..24 12.5.2 Filtering of a CA message . .24 12.5.3 Filter specification... .25 12.5.4 Filter programming ... .25 12.5.5 12.5.6 Response objects from smart card.. 12.5.7 Filter conditions .. 32 12.5.8 Further filter requirements.. 32 12.6 Initialization of the smart card and application. .33 12.6.1 Answer-to-Reset.... .33 12.6.2 Conditional PTS procedure .. 12.6.3 The ATR and/or DIR file.... 12.6.4 Card identificat