GY/T 277-2019 English PDFUS$1779.00 ยท In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email. GY/T 277-2019: Technical specification of digital rights management for video audio content distribution Status: Valid GY/T 277: Historical versions
Basic dataStandard ID: GY/T 277-2019 (GY/T277-2019)Description (Translated English): Technical specification of digital rights management for video audio content distribution Sector / Industry: Radio, Film & TV Industry Standard (Recommended) Classification of Chinese Standard: M60 Word Count Estimation: 77,778 Date of Issue: 2019 Date of Implementation: 2019-07-05 Issuing agency(ies): State Administration of Radio and Television GY/T 277-2019: Technical specification of digital rights management for video audio content distribution---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Appendix D (Normative Appendix) DRM Client Operating Environment Interface ... 57 D.1 Constant definition ... 57 D.2 Data Structure Definition ... 60 D.3 Interface Definition ... 61 ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard replaces GY/T 277-2014 "Technical Specifications for Internet TV Digital Rights Management". Compared with GY/T 277-2014, The technical changes are as follows. -Revised scope (see Chapter 1, Chapter 1 of the.2014 edition); -Revised normative references (see Chapter 2, Chapter 2 of the.2014 edition); -Revised terms and definitions, changed DRM agent to DRM client (see Chapter 3, Chapter 3 of the.2014 edition); -Revised the overview (see Chapter 5.1, Chapter 5 of the.2014 edition); -Revised the logical architecture (see Chapter 5.2, Chapter 5 of the.2014 edition); -Added content authorization (see 5.3); -Added key management (see 5.4); -The security mechanism has been modified (see 5.5, 9.2 in the.2014 version); --Modified the trust model (see 5.6,.2014 version 9.1); -Added content encryption method (see 6.2); -Modified the content packaging format (see Chapter 6.3, Chapter 6 of the.2014 edition); -Revised license structure (see 7.1,.2014 version 7.1); -The license code has been modified (see 7.2,.2014 version 7.2); -Revised license acquisition agreement (see Chapter 8, Chapter 8 of the.2014 edition); -Added DRM server (see Chapter 9); -Added DRM client (see Chapter 10); -Added digital certificate format, online certificate authentication protocol and certificate revocation list format (see Appendix A); --Modified the cryptographic algorithm (see Appendix B, Appendix A of the.2014 edition); -Added DRM client functional interface (see Appendix C); -Added DRM client runtime environment interface (see Appendix D); -Removed the description of adding support for ChinaDRM in the streaming media based on the HLS protocol (see Appendix B of the.2014 edition). This standard is under the jurisdiction of the National Radio, Film and Television Standardization Technical Committee (SAC/TC 239). This standard was drafted. State Administration of Radio and Television, Academy of Radio and Television Science, China Central Radio and Television Station, Shenzhen Hisilicon Co., Ltd., Intel (China) Co., Ltd., Beijing Jiangnan Tianan Technology Co., Ltd., Beijing Digital Taihe Technology Co., Ltd., Beijing Yongxin Shibo Digital TV Technology Co., Ltd., Beijing Digital Video Technology Co., Ltd., Irdeto Technology (Beijing) Co., Ltd., Shanghai Guomao Digital Technology Co., Ltd., Huashu Digital TV Media Group Co., Ltd., Guangdong South New Media Co., Ltd., China Communications Media University, Beijing ATV Information Technology Co., Ltd., BesTV Network TV Technology Development Co., Ltd., Hunan Happy Sunshine Interactive Entertainment Music Media Co., Ltd., Beijing iQiyi Technology Co., Ltd., Alibaba (China) Co., Ltd., Liaoning Radio and Television Station, Shanghai Culture Radio and Television Group Co., Ltd., Beijing Radio and Television Station. The main drafters of this standard. Ding Wenhua, Guo Peiyu, Pan Xiaofei, Wang Lei, Tian Zhong, Liang Zhijian, Wu Di, Mei Xuelian, Zhao Yunhui, Zhao The patent holder has assured the publisher of this document that he is willing to work with any applicant on reasonable and non-discriminatory terms and conditions, Negotiating patent licenses. The patent holder's statement has been filed with the issuing agency of this document, and relevant information can be obtained through the following link Ways to get. Patent Owner Contact Address Contact Postcode Phone Email Radio and television science Institute Revival of Xicheng District, Beijing2 Menwai AvenueMeng Xiangkun 100866 010-86098010 mengxiangkun@abs.ac.cn Please note that in addition to the above patents, some content of this document may still involve patents. The issuer of this document is not responsible for identifying these patents Responsibility. Technical specifications for digital rights management of video and audio content distribution1 ScopeThis standard specifies the logical architecture, technical mechanism, content encryption, license format, and license for digital rights management of video and audio content distribution. Certificate acquisition agreement, and related technical requirements of DRM server and DRM client. This standard applies to the copyright protection of digital TV, IPTV, Internet TV and other video and audio content distribution processes.2 Normative referencesThe following documents are essential for the application of this document. For dated references, only the dated version applies to this document. For undated references, the latest version (including all amendments) applies to this document. GB/T 17964-2008 Information security technology block cipher algorithm working mode GB/T 20518-2018 Information Security Technology Public Key Infrastructure Digital Certificate Format GB/T 32097-2016 Information Security Technology SM4 Block Cipher Algorithm GB/T 32905-2016 Information Security Technology SM3 Password Hash Algorithm GB/T 32918.2-2016 Information Security Technology SM2 Elliptic Curve Public Key Key Algorithm Part 2. Digital Signature Algorithm GB/T 32918.4-2016 Information Security Technology SM2 Elliptic Curve Public Key Key Algorithm Part 4. Public Key Encryption Algorithm GB/T 36322-2018 Information Security Technology Cryptographic Equipment Application Interface Specification GY/T 257.1-2012 Advanced Audio and Video Coding and Decoding for Radio and Television Part 1. Video GY/T 299.1-2016 High-efficiency audio and video coding Part 1. Video ISO 14496-12..2015 Information technology. Audio and video object coding. Part 12. ISO Basic Media File Format (Information technology-Coding of audio-visual objects-Part 12. ISO base media file format) ISO 23001-7..2016 Information Technology MPEG System Technology Part 7. ISO Basic Media File Format File General Encryption (Information technology-MPEG systems technologies-Part 7. Common encryption in ISO base media file format files) ISO 23009-4..2013 Information technology. HTTP-based dynamic adaptive streaming (DASH). Part 4. Segment encryption and authentication (Information technology-Dynamic adaptive streaming over HTTP (DASH)-Part 4. Segment encryption and authentication) IETF RFC 2045 Multi-Target Internet Mail Extensions Part 1. Internet Message Body Format (Multipurpose internet mail extensions-Part 1. Format of internet message bodies) IETF RFC 2104 HMAC. Keyed-Hashing for Message Authentication) IETF RFC 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP (X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP) IETF RFC 3279 Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List Algorithms and Identification (Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) IETF RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) ECMA 404 The JSON data interchange format3 terms and definitionsThe following terms and definitions apply to this document. 3.1 Content provider A functional entity that owns digital media content and provides digital media content with copyright information. 3.2 License Description of control information such as digital media content access rights, usage rules and keys. 3.3 Device An entity that consumes content with a DRM client installed. 3.4 DRM client A trusted entity in the device that enforces permissions and restrictions related to DRM content. 3.5 DRM server DRM server An entity that provides license services to DRM clients. 3.6 DRM content Digital media content managed with DRM technology. 3.7 Ciphertext Encrypted information. 3.8 Encryption In order to generate ciphertext, that is, the information content of hidden data, the data is (reversibly) transformed by a cryptographic algorithm. 3.9 Decryption The reverse process corresponding to the encryption process. That is, the ciphertext data is inversely transformed by a cryptographic algorithm. 3.10 Key A sequence of symbols that controls cryptographic transformation operations such as encryption, decryption, calculation of cryptographic check functions, signature generation, or signature verification. 3.11 Digital signature Some data attached to the data unit, or a cryptographic transformation made to the data unit, used to verify the authenticity of the source of digital information And data integrity.4 AcronymsThe following abbreviations apply to this document. CA Certification Authority CBC Cipher Block Chain CEI Content Encryption Information CEK Content Encryption Key CENC Common Encryption ChinaDRM China Digital Rights Management CRL Certification Revocation List DASH Dynamic Adaptive Streaming over HTTP Distinguished Encoding Rules of DER ASN.1 DRM Digital Rights Management HLS HTTP Live Streaming Protocol HMAC Hashed Message Authentication Code HTTP Hyper Text Transport Protocol ISO International Organization for Standardization IV Initialization Vector JSON JS Object Notation MPD Media Presentation Description NAL Network Abstract Layer OCSP Online Certificate Status Protocol PKI Public Key Infrastructure PMT Program Mapping Table SEI Supplemental Enhancement Information TS Transport Stream URI Uniform Resource Identifier URL Uniform Resource Locator UTC Coordinated Universal Time UUID Universally Unique Identifier uimsbf unsigned integer, most significant bit first5 Architecture5.1 Overview This standard defines the end-to-end logical architecture of digital rights management for video and audio content distribution based on cryptographic technology, PKI technology and authorization technology, Content authorization, key management, security mechanisms, and trust models. Adopt the logical architecture, technical mechanism, basic format and protocol defined in this standard, Can build an end-to-end digital rights management system for video and audio content distribution. 5.2 Logical architecture Digital rights management system for digital distribution of video and audio content is logically divided into two parts, a DRM server and a DRM client, as shown in Figure 1. The DRM server system includes core modules such as content encryption, key management, key gateway, and content authorization. Content encryption module uses content plus The secret key (CEK) encrypts and protects the video and audio content; the key management module is responsible for synchronizing the key to the secret after receiving the content encryption key Key gateway; the key gateway module secretly stores the content encryption key after receiving the synchronized key, and receives the secret from the content authorization module Key query; the content authorization module receives the request from the DRM client and will send the license containing the content encryption key and key usage rules securely. To a legitimate DRM client. After the DRM client receives the license, it decrypts the content encryption key reasonably in accordance with the key usage rules and uses The content encryption key decrypts the content for playback. Each module of the DRM server, DRM client, etc. establish a trust relationship based on PKI technology, and based on this trust relationship, secure each other. Communication. Content encryption Key management key gateway content authorization Protected content license Protected CEK Rules of use Certificate management Client application DRM Client Live/on-demand CEK CEK DR M service CR OC SP DRM server DRM client CEK DRM Client certificate Figure 1 Digital rights management logic architecture for video and audio content distribution 5.3 Content authorization The audio and video content distribution digital rights management system implements the content authorization and authorization based on the mechanism of associating hierarchical keys with key usage rules. Logically, the keys can be divided into multiple levels according to the order of their encryption protection. The key that encrypts the current key is called the superior key. At every level Keys have corresponding key usage rules, and the current key can only be decrypted under the conditions specified by the superior key usage rules; each key There may also be multiple key usage rules. Keys can only be used if they meet all their usage rules. Key and key usage The mechanism of rule association is shown in Figure 2. Key1 Key2 ... KeyRules1 KeyRules2 ... KeyN KeyRulesN Figure 2 Key and key usage rule association mechanism Key usage rules generally include start time, deadline time, time period, number of times, cumulative time period, output rules, client security Level, etc. Different types of keys may also include special key usage rules. The start time indicates that the key is not allowed to be used until a certain time. The deadline indicates that the key is allowed to be used before a certain time. The time period indicates that the key is allowed to be used for a certain period of time after the first use. The number of times indicates the number of times the key was used. One successful decryption using the key counts as one. If the key is used to decrypt digital media, The body content key defaults to 1 successful decryption and playback count, that is, the DRM client completes 1 content decryption and exits securely. The cumulative time period is the accumulation of the client player's time from playing to stopping. Interval, this key is no longer allowed to be used; cumulative time periods are generally used for preview scenes, such as a movie with a duration of 90 minutes, cumulative playback is allowed After playing for 10 minutes, the user can choose to play the content anywhere in the movie, but the total cannot exceed 10 minutes. The output rules specify whether the decoded content data is allowed to be output to other devices after the content is decrypted using the content encryption key, and Allowable output range and method. Without output rules, the output method is not limited. The client security level requirement indicates that only DRM clients with a specific security level can access the content when using the content encryption key to decrypt the content. Decryption playback, client security level requirements are divided into software security level, hardware security level, enhanced hardware security level, client security The level requirement is stored in the DRM client certificate. Only the security level in the DRM client certificate is equal to or higher than that specified in the key usage rules. When the security level of the client is required, the content encryption key can be used to decrypt and play or output the content. If there is no corresponding key usage rule, it means that there are no restrictions on the use of the key. Video and audio content distribution digital rights management systems may contain multiple types of keys, such as content encryption keys, device keys, sessions Key, message verification code key. a) Content encryption key A content encryption key is a key that encrypts digital media content; a content may have multiple content encryption keys. Content encryption The key usage rules of the key include. start time, deadline time, time period, number of times, cumulative time period, output rules, customers Security level requirements. b) session key The session key is a temporary key generated when the client applies for a license. This key is used to encrypt and protect the content encryption key. c) Message verification code key The message captcha key is a temporary key that generates a message captcha to protect the integrity of the license. d) device key The device key refers to the key pair of the DRM client. The device key should be an asymmetric key. The data encrypted by the device public key is only A DRM client can decrypt it. The DRM server uses the content encryption key to encrypt digital media content, and the content encryption key and other content-related keys (such as Key, message verification code key, etc.) are encrypted with hierarchical key encryption method and packaged with the key usage rules corresponding to each key The content authorization license is sent to the DRM client, and the DRM client uses the key in accordance with the usage rules of the key at each level in the hierarchical key system to implement Decrypted playback of digital media content. The content authorization mechanism of the digital rights management system for video and audio content distribution is shown in Figure 3. Protected content Protected CEK usage rules license CEK protected Session key Rules of use Content information DRM Client Public key is authorized Object digital signaturecontentFigure 3 Content authorization mechanism 5.4 Key Management Video and audio content distribution digital rights management system DRM server and DRM client have their own asymmetric key pairs Code algorithm for license acquisition. The DRM server uses a symmetric cryptographic algorithm to encrypt the content. The certificate can be sent to the DRM client. The key management mechanism of digital rights management system for video and audio content distribution is shown in Figure 4. DRM Client Private key License acquisition DRM Client Public key Session key Content key Content content encrypt and decode encrypt and decode encrypt and decode DRM client DRM server license Figure 4 Key management mechanism The DRM server and DRM client certificates contain their own public keys. The DRM server and DRM client securely protect their own private certificates. key. Video and audio content is encrypted using a symmetric cryptographic algorithm; the DRM server generates a session key, and uses the session key to encrypt the content encryption key; The DRM server uses the DRM client public key to encrypt the session key. If the content encryption key needs to be synchronized to the key gateway, the key gateway public is used. Key encryption; the DRM server encapsulates the encrypted session key and encrypted content encryption key in a license and sends it to the DRM client; It can be proved that the integrity of the license is guaranteed by the message verification code. After receiving the license, the DRM client uses the private key of the DRM client to decrypt the session key, and then uses the decrypted session key to decrypt the content Encryption key. After the DRM client decrypts the content encryption key, it uses the content encryption key to decrypt the content to achieve content decoding and playback. 5.5 Security Mechanism The digital rights management security mechanism for video and audio content distribution specified in this standard is as follows. a) Data confidentiality Data confidentiality should be protected by encryption. Sensitive data includes at least protected content and content encryption keys. b) identification Identity authentication shall be implemented by verifying the validity......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GY/T 277-2019_English be delivered?Answer: Upon your order, we will start to translate GY/T 277-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GY/T 277-2019_English with my colleagues?Answer: Yes. The purchased PDF of GY/T 277-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GY/T 277-2019?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GY/T 277-2019 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
