Rec. ITU-T J.1033 (08/2020) Downloadable conditional access system for bidirectional networks – The terminal
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview of the two-way DCAS terminal
7 Architecture of the two-way DCAS terminal
8 Two-way DCAS APIs
9 Terminal security chipset
     9.1 Terminal security chipset workflow
     9.2 The root key derivation module
     9.3 The key ladder module
          9.3.1 3-level key mechanism
          9.3.2 Challenge-response mechanism
          9.3.3 The OTP area
     9.4 Security implementation mechanism (SIM)
          9.4.1 SIM of the terminal security chipset
               9.4.1.1 OTP area
               9.4.1.2 The SCK De-obfuscation function
               9.4.1.3 Root key derivation module
               9.4.1.4 Key Ladder module
Annex A  Security mechanism of two-way DCAS client software downloading and bootloading
     A.1 Basic principles of chain of trust
     A.2 Bootup signature verification
     A.3 Downloading and replacing the DCAS client software
     A.4 Key management
     A.5 Security requirements of the bootloader
     A.6 Performance requirements of bootloader and terminal security chipset
Annex B  Two-way DCAS APIs
     B.1 Java APIs
          B.1.1 APIs type
               B.1.1.1 APIs for DCAS Manager
                    B.1.1.1.2 The bottom-layer APIs of the terminal software platform
                    B.1.1.1.3 Extension application APIs
                    B.1.1.1.4 Detachable security device APIs
               B.1.1.2 Network APIs
               B.1.1.3 MPEG section filter APIs
               B.1.1.4 Non-volatile storage APIs
          B.1.2 APIs invoking sequence
          B.1.3 APIs description
          B.1.4 Package org.ngb.net.cas.module
               B.1.4.1 Interface org.ngb.net.cas.module.CASModule
                    B.1.4.1.1 Methods
                         B.1.4.1.1.1 startDescrambling
                         B.1.4.1.1.2 updateDescrambling
                         B.1.4.1.1.3 stopDescrambling
                         B.1.4.1.1.4 getCAInfo
                         B.1.4.1.1.5 setCAInfo
               B.1.4.2 Interface org.ngb.net.cas.module.CASDataUtils
                    B.1.4.2.1 Description
                    B.1.4.2.2 Methods
                         B.1.4.2.2.1 getCAInfo
                         B.1.4.2.2.2 setCAInfo
                         B.1.4.2.2.3 getData
                         B.1.4.2.2.4 setData
               B.1.4.3 Interface org.ngb.net.cas.module.CADescriptor
                    B.1.4.3.1 Description
                    B.1.4.3.2 Methods
                         B.1.4.3.2.1 getCASystemId
                         B.1.4.3.2.2 getPid
                         B.1.4.3.2.3 getPrivateData
               B.1.4.4 Interface org.ngb.net.cas.module.CAServiceComponentInfo
                    B.1.4.4.1 Description
                    B.1.4.4.2 Methods
                         B.1.4.4.2.1 getDescramblerContext
                         B.1.4.4.2.2 getCADescriptor
                         B.1.4.4.2.3 getComponentStreamPIDs
                         B.1.4.4.2.4 getComponentStreamTypes
                         B.1.4.4.2.5 getServiceIdentifiers
               B.1.4.5 Interface org.ngb.net.cas.module.CASPacketListener
                    B.1.4.5.1 Description
                    B.1.4.5.2 Methods
                         B.1.4.5.2.1 casPacketArrived
               B.1.4.6 Interface org.ngb.net.cas.module.CASSession
                    B.1.4.6.1 Description
                    B.1.4.6.2 Constants – Session Types
                         B.1.4.6.2.1 TYPE_PRESENTATION
                         B.1.4.6.2.2 TYPE_RECORDING
                         B.1.4.6.2.3 TYPE_BUFFERING
                    B.1.4.6.3 Methods
                         B.1.4.6.3.1 getType
                         B.1.4.6.3.2 getNetworkInterface
                         B.1.4.6.3.3 getAssociatedService
                         B.1.4.6.3.4 getServiceContext
               B.1.4.7 Interface org.ngb.net.cas.module.CAStatus
                    B.1.4.7.1 Description
                    B.1.4.7.2 Methods
                         B.1.4.7.2.1 isSuccess
                         B.1.4.7.2.2 getCAToken
               B.1.4.8 Interface org.ngb.net.cas.module.CATListener
                    B.1.4.8.1 Methods
                         B.1.4.8.1.1 catUpdate
               B.1.4.9 Interface org.ngb.net.cas.module.CATNotifier
                    B.1.4.9.1 Description
                    B.1.4.9.2 Methods
                         B.1.4.9.2.1 registerCATListener
                         B.1.4.9.2.2 unregisterCATListener
               B.1.4.10 Class org.ngb.net.cas.module.CASModuleManager
                    B.1.4.10.1  Description
                    B.1.4.10.2  Methods
                         B.1.4.10.2.1 getInstance
                         B.1.4.10.2.2 registerCASmodule
                         B.1.4.10.2.3 updateCASystemId
                         B.1.4.10.2.4 sendDescramblingEvent
                         B.1.4.10.2.5 unregisterCASModule
                         B.1.4.10.2.6 getChipControllers
                         B.1.4.10.2.7 setCurrentController
                         B.1.4.10.2.8 setCCIBits
                         B.1.4.10.2.9 setServiceListFilter
                         B.1.4.10.2.10 registerCASPacketListener
                         B.1.4.10.2.11 unregisterCASPacketListener
                         B.1.4.10.2.12 getDetachableSecurityDevices
                         B.1.4.10.2.13 receiveOsdMsg
                         B.1.4.10.2.14 showFingerMsg
                         B.1.4.10.2.15 receiveTuningAlert
                         B.1.4.10.2.16 getCATNotifier
               B.1.4.11 Class org.ngb.net.cas.module.CASPermission
                    B.1.4.11.1 Description
                    B.1.4.11.2 Methods
                         B.1.4.11.2.1 CASPermission
                         B.1.4.11.2.2 CASPermission
          B.1.5 Package org.ngb.net.cas.controller
               B.1.5.1 Interface org.ngb.net.cas.controller.DescramblerContext
                    B.1.5.1.1 Description
                    B.1.5.1.2 Methods
                         B.1.5.1.2.1 loadCW
                         B.1.5.1.2.2 overrideChipController
               B.1.5.2 Interface org.ngb.net.cas.controller.Chipcontroller
                    B.1.5.2.1 Description
                    B.1.5.2.2 Constants
                         B.1.5.2.2.1 SCHEME_TDES
                         B.1.5.2.2.2 SCHEME_AES
                         B.1.5.2.2.3 SCHEME_SM4
                         B.1.5.2.2.4 PROCESSING_MODE_REGULAR
                         B.1.5.2.2.5 PROCESSING_MODE_POST_PROCESSING
                    B.1.5.2.3 Methods
                         B.1.5.2.3.1 getPublicId
                         B.1.5.2.3.2 getChipType
                         B.1.5.2.3.3 getChipControllerProperty
                         B.1.5.2.3.4 authenticate
                         B.1.5.2.3.5 encryptData
                         B.1.5.2.3.6 decryptData
               B.1.5.3 Class org.ngb.net.cas.controller.Key
                    B.1.5.3.1 Description
                    B.1.5.3.2 Methods
                         B.1.5.3.2.1 Key
                         B.1.5.3.2.2 getKeyValue
                         B.1.5.3.2.3 isEncrypted
               B.1.5.4 Class org.ngb.net.cas.controller.CWKey
                    B.1.5.4.1 Description
                    B.1.5.4.2 Constant
                         B.1.5.4.2.1 PARITY_EVEN
                         B.1.5.4.2.2 PARITY_ODD
                    B.1.5.4.3 Methods
                         B.1.5.4.3.1 CWKey
                         B.1.5.4.3.2 getParity
               B.1.5.5 Class org.ngb.net.cas.controller.CASTEEManager
                    B.1.5.5.1 Description
                    B.1.5.5.2 Methods
                         B.1.5.5.2.1 sendCommandToTEE
          B.1.6 Package org.ngb.net.cas.event
               B.1.6.1 Interface org.ngb.net.cas.event.CASEventListener
                    B.1.6.1.1 Description
                    B.1.6.1.2 Methods
                         B.1.6.1.2.1 receiveCASEvent
                         B.1.6.1.2.2 receiveCASOSDEvent
                         B.1.6.1.2.3 receiveCASFingerEvent
               B.1.6.2 Interface org.ngb.net.cas.event.CASAppInfo
                    B.1.6.2.1 Description
                    B.1.6.2.2 Methods
                         B.1.6.2.2.1 getAID
                         B.1.6.2.2.2 getOID
               B.1.6.3 Interface org.ngb.net.cas.event.CASEventInfo
                    B.1.6.3.1 Description
                    B.1.6.3.2 Constant
                         B.1.6.3.2.1 TYPE_PRESENTATION
                         B.1.6.3.2.2 TYPE_RECORDING
                         B.1.6.3.2.3 TYPE_BUFFERING
                    B.1.6.3.3 Methods
                         B.1.6.3.3.1 getType
                         B.1.6.3.3.2 getNetworkInterface
                         B.1.6.3.3.3 getAssociatedService
                         B.1.6.3.3.4 getServiceContext
               B.1.6.4 Class org.ngb.net.cas.event.CASEventManager
                    B.1.6.4.1 Description
                    B.1.6.4.2 Methods
                         B.1.6.4.2.1 getInstance
                         B.1.6.4.2.2 addListener
                         B.1.6.4.2.3 removeListener
          B.1.7 Package org.ngb.net.cas.detachable
               B.1.7.1 Interface DetachableSecurityDevice
                    B.1.7.1.1 Description
                    B.1.7.1.2 Methods
                         B.1.7.1.2.1 open
                         B.1.7.1.2.2 close
                         B.1.7.1.2.3 reset
                         B.1.7.1.2.4 sendData
                         B.1.7.1.2.5 registerListener
                         B.1.7.1.2.6 removeListener
               B.1.7.2 Interface DetachableSecurityDeviceListener
                    B.1.7.2.1 Description
                    B.1.7.2.2 Constant
                         B.1.7.2.2.1 DEVICE_IN
                         B.1.7.2.2.2 DEVICE_OUT
                         B.1.7.2.2.3 DEVICE_ERROR
                    B.1.7.2.3 Methods
                         B.1.7.2.3.1 receiveDeviceStatus
                         B.1.7.2.3.2 receiveData
     B.2 Javascript APIs
          B.2.1 Overview
          B.2.2 API calling sequence
          B.2.3 Class JSDCAS.CASDescriptor
               B.2.3.1 getCasId
               B.2.3.2 getPid
          B.2.3.3 getPrivateData
          B.2.4 Class JSDCAS.CASEcmEvent
               B.2.4.1 getEcmData
               B.2.4.2 getError
               B.2.4.3 getTableId
               B.2.4.4 isTimeout
          B.2.5 Class JSDCAS.CASEmmEvent
               B.2.5.1 getEmmData
               B.2.5.2 getError
               B.2.5.3 getTableId
               B.2.5.4 isCatUpdateNotification
          B.2.6 Class JSDCAS.CASFilter
               B.2.6.1 getBitmapMask
               B.2.6.2 getBitmapValue
               B.2.6.3 getOffset
          B.2.7 Class JSDCAS.CASM
               B.2.7.1 getCASModuleManager
               B.2.7.2 getTeeController
          B.2.8 Class JSDCAS.CASModule
               B.2.8.1 getCasId
               B.2.8.2 onCasPacketEvent
               B.2.8.3 onEcmEvent
               B.2.8.4 onInbandEmmEvent
               B.2.8.5 onStartDescrambling
               B.2.8.6 onStopDescrambling
          B.2.9 Class JSDCAS.CASModuleManager
               B.2.9.1 Enums
               B.2.9.2 Methods
                    B.2.9.2.1 disableDescramblingRequests
                    B.2.9.2.2 enableDescramblingRequests
                    B.2.9.2.3 fetchDataFromCasHeadend
                    B.2.9.2.4 registerCASModule
                    B.2.9.2.5 removeCASModule
                    B.2.9.2.6 sendCommandToSTB
                    B.2.9.2.7 sendDataToHeadend
                    B.2.9.2.8 sendDescramblingEvent
                    B.2.9.2.9 sendFreeTextOSD
                    B.2.9.2.10  setCCIBits
                    B.2.9.2.11  setData
                    B.2.9.2.12  setPinCode
                    B.2.9.2.13  setServiceListFilter
                    B.2.9.2.14  startCasPacketLoading
                    B.2.9.2.15  startEcmLoading
                    B.2.9.2.16  startInbandEmmLoading
                    B.2.9.2.17  stopCasPacketLoading
                    B.2.9.2.18  stopEcmLoading
                    B.2.9.2.19  stopInbandEmmLoading
          B.2.10 Class JSDCAS.CASPacketEvent
               B.2.10.1 getCableModemFilter
               B.2.10.2 getPacketData
               B.2.10.3 getPacketHeader
               B.2.10.4 getSourceURL
          B.2.11 Class JSDCAS.CASSession
               B.2.11.1 GetCasDescriptor
               B.2.11.2 getChannelNumber
               B.2.11.3 getNetworkId
               B.2.11.4 getOperationType
               B.2.11.5 getProgramNumber
               B.2.11.6 getServiceIdentifier
               B.2.11.7 getSessionId
               B.2.11.8 getStreamPath
               B.2.11.9 getStreamPIDs
               B.2.11.10  getStreamTypes
               B.2.11.11  getTransmitterScrambingMode
               B.2.11.12  getTransportStreamId
               B.2.11.13  getTunerId
          B.2.12 Class JSDCAS.CASStatus
               B.2.12.1 Status Value List
               B.2.12.2 Methods
                    B.2.12.2.1  getCasToken
                    B.2.12.2.2  getMajorContentProblem
                    B.2.12.2.3  getStatusData
                    B.2.12.2.4  isSuccess
          B.2.13 Class JSDCAS.TeeController
               B.2.13.1 Methods
                    B.2.13.1.1  sendCommandToTEE
          B.2.14 Class JSDCAS.TeeRetVal
               B.2.14.1 Returned Value List
               B.2.14.2 Method
                    B.2.14.2.1  getOriginCode
                    B.2.14.2.2  getResponseData
                    B.2.14.2.3  getReturnCode
     B.3 Other GP extension APIs
          B.3.1 Cryptography and signature verification APIs
               B.3.1.1 Data types and structures
                    B.3.1.1.1 Basic data types
                    B.3.1.1.2 Enums Returned
               B.3.1.2 APIs definitions
                    B.3.1.2.1 TEE_SM2_Verify
                    B.3.1.2.2 TEE_Perform_SM3
                    B.3.1.2.3 TEE_SM2_Encrypt
                    B.3.1.2.4 TEE_Perform_CRC
                    B.3.1.2.5 TEE_GenerateRandom
                    B.3.1.2.6 TEE_SM4_Encrypt
                    B.3.1.2.7 TEE_SM4_Decrypt
          B.3.2 Memory management APIs
               B.3.2.1 Data types and structures
                    B.3.2.1.1 Basic data types
                    B.3.2.1.2 Enums returned
               B.3.2.2 API definitions
                    B.3.2.2.1 TEE_MemFill
                    B.3.2.2.2 TEE_MemMove
          B.3.3 Miscellaneous APIs
               B.3.3.1 Data types and structures
                    B.3.3.1.1 Basic data types
                    B.3.3.1.2 Enums returned
               B.3.3.2 API definitions
                    B.3.3.2.1 TEE_Printf_Func
     B.4 Security chipset key ladder driver APIs
          B.4.1 B.3 data types and structures
               B.4.1.1 Basic data types
               B.4.1.2 Enums returned
          B.4.2 API definitions
               B.4.2.1 TEE_KLAD_Init
               B.4.2.2 TEE_KLAD_Delnit
               B.4.2.3 TEE_KLAD_GetChipId
               B.4.2.4 TEE_KLAD_GetResponseToChallenge
               B.4.2.5 TEE_KLAD_SetDescrambler
               B.4.2.6 TEE_KLAD_StopDescrambler
Bibliography