This article is amended from “Intelligent digital TV terminal technology and implementation questions and answers” published by China Radio and Television Press.
1. Downloadable CA develop interface based on NGB middleware In “Downloadable Conditional Access System Technical Specifications”, CA client is Xlet appliance run at Java platform; CA has been downloaded to the user running support this terminal software platform on the end of the network equipment, Network transmission can be realized for the content descrambling. The terminal software needs a group of CAS API. Taixin DTVOS has already expanded these interfaces based on Android platform. This article will introduce how to develop CA application under Android platform and Taixin DTVOS.
Terminal which provides CA application download should include function module as below: hardware, OS, drive, terminal software platform and EPG etc. Upper application should include DCAS client software module and EPG. Ø Application Programming Interface Type 1、open to other Java CA client API CA client software opens API, this situation depends on Operator’s business mode and progress. CA client should provide API to the other Java application through Java IXC. API as above is a private pattern in CA structure, should only be defined in CA client appointed by Operator. Therefore, every business Operator could be different from each other through expansion 2、application expansion API Expand the CA application API, the terminal software CAS management module could transmit basic CA information, and not limited to use IXC in Java and CA application. CA client software needs Java terminal software platform to accomplish CA expansion API. 3、Terminal software platform upper layer API CA terminal software upper layer API defines CA module controller, this will accomplish the request of business descrambling. A CA client software application must register CA module in CA controller, descrambling the received request from the network terminal apparatus given terminal software platform. CA client software needs Java terminal software to accomplish CA terminal software upper layer API. 4、Terminal software platform bottom API CA Java client software requires the following types of terminal software platform API set, which in addition to the existing Java API, the chip also includes access to the required security for the terminal extension API, and may also include access to the necessary safety equipment detachable extension API. 1)、network API CA client software can use the Java Network API to access network resources, such as servers and front-end interconnect CA。 CA software requires Java client terminal software platform based on existing Java network API defined in Java.net. 2)、Section filter API CA client software uses MPEG Section to filter API and then load MPEG Section. CA related data include ECM, EMM and CAT chart. According to org.davic.mpeg.sections, org.davic.mpeg.TransportStreamh and org.davic.net.tuning.NetworkInterface, CA client software needs Java terminal software platform to filter API. 3)、Terminal security chip and descrambler API Descrambler chip and terminal security API extensions for standard terminal security chip. CA terminal security chip client software provides a standard way to authenticate the terminal equipment hardware or chip. API endpoint security chip client software applications for the CA provides the key loading terminal security chip descrambling key mechanism to provide network security (control word) to the descrambler module terminal equipment. CA terminal client software requires Java software platform to deploy endpoint security chip and descrambling API. 4)、Permanent storage API CA client software could use Java API to visit permanent storage, including to save data in nonvolatile memory. CA client software needs Java terminal software platform to accomplish permanent storage API. CA client software can be permanently stored in the file system to use a specific directory to save the data. Terminal software platform needs to provide the appropriate function to read the name of the root directory of the file system is stored. 5)、Separable security equipment API CA client software can use detachable safety equipment. Because communication CA client software and secure devices will be separated according to different CA systems are different, so the terminal software platform needs to provide the most basic set of functions in the API,for example: open() close() send_data(length, buffer) read_data(length, buffer) Detachable safety equipment recommended by the standard USB interface to connect to the set-top box. 5、Other API CA client software core needs Java terminal software platform to accomplish API as below: 1)Class Loader API CA client software core could use Class Loader API, loading additional run-time execution environment objects. At the launch of the security policy platform, CA application must be authorized a java.lang.RuntimePermission(“createClassLoader”). Ø Timing with interface calls Tow situations as below: CASModule provides CAAPI, registration and channel selection switch. Chart2 CA module registered in CASModule Manager Chart3 channel selection switch
Application Program Interface Description Application Program Interface Description in Chart1 chart1 Application Program Interface Description | | The upper terminal software platform API | | Application extension API | | Descrambler / terminal security chip API | org.ngb.net.cas.controller | | | | | | | Separable security equipment API | org.ngb.net.cas.detachable | | |
Among which The upper terminal software platform API, Application extension API, Descrambler / terminal security chip API, Network API, Section filter API, Permanent storage API, Class Loader API interfaces can be referenced in “Downloadable Conditional Access System Technical Specifications”.
Downloadable CA development cases based on Android In this part, we will introduce how to develop downloadable CA based on Android platform. 1 Environment to build: Recommendations based on the Android platform, online tutorials, build Android development environment under eclipse, download Yasunobu DTVOS development package and configured in eclipse. 2 CA application principle: CA application implement include: CA application structure, ECM data receiving and handling, CW set-up and CA interface. 1) CA application structure: Under Android platform, CA adopted service function to replace Xlet. Every CA is a single application, that is APK file, and it has its own interface. CA adopts Android basic module service to manage its life circle. CA application monitors “android .intent. action. BOOT_COMPLETED” radio and set up own service, accomplished the same function at service:Initialize itself after descrambling service is available to complete the registration of the CASModuleManager. CA applications using the Android Activity to achieve its graphical management features, such as authorization information display, message display television, read, delete, and so on. Also CA applications, platforms and other applications by Binder Android provide cross-process communication mechanism to achieve interaction. 2) ECM data receiving and handling: Recommends using SimpleSectionFilter receiving data according to ECM ECM attributes here, please refer to the detailed reasons for the use of davic interface。ECM data receiving begins at public void startDescrambling (CASSession casSession, CAServiceComponentInfo casci[])The interface is invoked,set filtert to receive TransportStream from the index of casSession,CA system id and ECM pid message is coming from casci. ECM, analysis processing to obtain the encrypted control word ECW. 3) EMM data receiving and handling: Receiving unidirectional case EMM data used according to the different characteristics of each CA filter types, here are recommended RingSectionFilter, size is set according to the actual situation. EMM data began receiving CAT data received and resolved to the corresponding CA descriptors, for which standards are given public void catUpdate (CADescriptor desc, org.davic.net.tuning.NetworkInterface ni); interface, but to facilitate processing, we recommend the upper CA apply their application CAT, CAT's own grasp the opportunity to apply for, receive the CAT parse out the EMM PID after setting the filter to receive EMM EMM data. Bidirectional environment can create socket or http (s) the client application to the server timed authorized CA data information. After receiving the EMM data, depending on the circumstances of each CA parsing get EK1, EK2 and other information used to decrypt descrambling. 4) CW set up: Interface are:loadCW,original type: public void loadCW(int VendorID, CWKey cwKey, Key[] levelKeys, int schemeId) throws CADriverException; This method is used to notify the terminal software platform to mount the control word descrambler, to the terminal security chip loaded with the desired key. @ Param cwKey control word which, if the control word is explicit, levelKeys parameter is ignored if cwKey is null,, CA applications that do not provide effective control word. Multi-level key @ param levelKeys into the terminal for safety of the chip. index key array is equal to the terminal security chip in the absolute position of a particular element in the array is Null indicates that the corresponding terminal security chip into the secret location should not be key. @ param schemeId encryption algorithm is used to specify the schemeId terminal security chip (eg, AES, TDES) @ ChipController list of values defines the interface mode (scheme). If the controller supports only one way, then the value is ignored. As already mentioned ECW General ECM obtained by parsing, EK1, EK2 generally obtained by parsing the EMM is defined with reference to the Key and CWKey: /** * basic cryptographic key performance */ public class Key {
/** * @param value Value of the key * @param marker whether the key is encrypted,true means that the key has been encrypted,false identifies key is expressly */ public Key(byte[] value, boolean encrypted)
/** * This method returns the value of the key * @return Value of the key */ public byte[] getKeyValue()
/** * This method returns true identity key is encrypted, false value means that the key is not encrypted * @return True value identifies the key is encrypted, false value means that the key is not encrypted. */ public boolean is Encrypted()
/** * Performance descramble key or control word */ public class CWKey extends Key {
public static final int PARITY_EVEN = 0; public static final int PARITY_ODD = 1;
/* * @param value Value of the key * @paramTrue value identifies the key is encrypted, false value means that the key is not encrypted. * @param Parity value, indicating the control word parity. */ public CWKey(byte[] value, boolean encrypted, int parity)
/** * This method returns the control word parity. * @return The parity of the control word. */ public int getParity()
}
public class CWKey extends Key {
public static final int PARITY_EVEN = 0; public static final int PARITY_ODD = 1;
/* * @param value Value of the key * @paramTrue value identifies the key is encrypted, false value means that the key is not encrypted. * @param Parity value, indicating the control word parity. */ public CWKey(byte[] value, boolean encrypted, int parity)
/** * This method returns the control word parity. * @return The parity of the control word. */ public int getParity()
}
Even assuming that the array are odd CW:evencw、oddcw,Correspondence CWKey is ECW[0]、ECW[1],CA VendorID is 0x1234, Level key information is EK1、EK2,Algorithm for 3DES,so ECW[0] = new CWKey(evencw, false, 0); ECW[1] = new CWKey(oddcw, false, 1); Key[] levelKeys = new Key[2]; levelKeys[0] = new Key(EK1,true); levelKeys[1] = new Key(EK2,true); Set CW code is: try { descramblerContext.loadCW(0x1234, ECW [0], levelKeys, ChipController.SCHEME_3DES); } catch (CADriverException ex) { }
try { descramblerContext.loadCW(0x1234, ECW [1], levelKeys, ChipController.SCHEME_3DES); } catch (CADriverException ex) { } 6)CA interface: CA also needs to provide some UI interfaces for authorization information display, message display television, read, delete, and so on. Under the recommendations of the Android platform, interactive interface and the corresponding application by the CA that comes with Android Activity to achieve, the next figure is based on a simple renderings Android Activity realization CA interface, refer to the specific implementations subsequent introduction forum DTVOS module.
3 compilation, confusion Android platform applications can be compiled with reference to Eclipse for use, with special attention to replace Android.jar NGB middleware interface. For the purposes of intellectual property and information security protection, it is recommended to do obfuscated applications developed, such as the use of tools such as Proguard. 4 Signature If the STB terminal platform above application needs to run its signature verification, please ask for a signature tools corresponding to the platform provider, after the signature was applied before normal operation. 5 Download and install If the platform supports online download applications, refer to its use instructions; If the platform does not support these functions, it can be uploaded via tftp, adb and other tools to develop applications to the terminal installation. 6 Verification debugging Use Android debugging tools Log print debugging Android platform.
|