如何结合NGB下载CA技术规范开发独立的智能卡CA应用 How to develop independent smart card CA application referring to the DCAS for Next Generation Broadcasting Cable Network 泰信推出的T1智能数字机顶盒有一个智能卡的读卡器,可以支持传统的有线电视智能卡,但需要对应的APK应用。可参考2012年3月国家广电总局发布的NGB下载CA标准(《GY/T 255-2012 可下载条件接收系统技术规范》),智能卡操作部分我们结合标准在DTVOS中做了完善和扩展(详见泰信官方网站)。 Taixin T1 smart STB inserts a card reader for smart card, which can support traditional cable TV samrt card, but it needs a corresponding APK application. Taixin develops the smart card operation in DTVOS according to the GY/T255-2012 (downloadable Conditional Access System for Next Generation Broadcasting Cable Network) (more information please visit www.taixin.cn) 智能卡CA应用的工作流程和下载CA应用没有本质的区别(见下图),希望对智能卡厂家和第三方开发者有所帮助。 There is no distinctive difference between the working process of the smart card CA application and DCAS (see figure). 智能卡CA应用的开发主要包括几个方面: The development process of smart card CA application: 1 接口: 应用开发使用的接口主要包括以下几个部分: 1.interface The interfaces used in development process: | | Top layer API of terminal software | | | | Descrambler/terminal security chip API | org.ngb.net.cas.controller | | | | | | | separable security devices API | org.ngb.net.cas.detachable | | |
接口的原型及使用说明请参考下载CA标准及泰信官方网站。 To learn the interface prototype and use description, please read the DCAS for Next Generation Broadcasting Cable Network and www.taixin.cn. 2 实现: 2. Operation system 智能卡CA应用的实现主要包含以下内容:CA应用的框架、ECM数据的接收处理、EMM数据的接收处理、CW的设置等。 The operation system is as follow: the CA application fram, ECM data receiving process, EMM data receiving process, CW setting, etc. 1) CA应用框架: 1) CA application frame Android平台下,CA采用service组件功能来代替Xlet。每个CA是一个单独的应用,即一个APK文件,并且自己拥有界面。CA采用android应用基本组件service来管理自己的生命周期。CA应用通过监听“android.intent.action.BOOT_COMPLETED”广播,并在广播后启动自身的service,在service启动中完成如startXlet相同的功能:完成自身的初始化,解扰服务可用后,完成向CASModuleManager的注册。CA应用采用Android的Activity来实现其图形化的管理功能,像授权信息显示,电视邮件显示、阅读、删除等。另外CA应用、平台和其他应用通过Android提供的Binder跨进程通讯机制实现交互。 The CA applies service element other than Xlet on the Android platform. Each CA is a independent application, namely a APK file which has its own interface.CA applies Android application service element to manage its own life cycle. CA application monitors “android.intent.action.BOOT_COMPLETED” broadcast, and start its own service after broadcast, and finish the functions like startXlet when starting service: after initialized, and the descrambling working, it will finish the CASModuleManager registration. Through Android’ Activity, CA application can realize the graphical management, such as displaying the authorized information and TV mail’s displaying, reading and deleting information. In addition, CA application, platform and other applications interact with each other through binder in Android. 2)ECM数据的接收处理: 根据ECM的属性此处建议使用SimpleSectionFilter接收ECM数据,详细原因请参照davic接口的使用。ECM数据的接收始于public void startDescrambling(CASSession casSession,CAServiceComponentInfo casci[])接口被调用,设置filter接收数据用到的TransportStream来自于参数casSession,CA system id及ECM pid的信息来自于参数casci. ECM数据被接收后,送往智能卡中解析处理得到加密的控制字CW。 2)ECM data receiving process: According to the nature of ECM, we suggest using SimpleSectionFilter to receive ECM data. The detailed reason reveals in the davic interface information. When public void startDescrambling(CASSession casSession,CAServiceComponentInfo casci[]) is calling, the EC, data process starts. The TransportStream comes from casSession for setting filter to receive data and the CA system id and ECM pid information come from the parameter casci. After receiving data, then sending the data to smart card to analysis to get the encrypted control word. 3)EMM数据的接收处理: 单向情况下EMM数据的接收根据各CA的特点使用不同的filter类型,此处建议使用RingSectionFilter,大小根据实际情况设定。EMM数据的接收始于接收到CAT数据,并解析到对应的CA描述符,为此标准中给出了public void catUpdate(CADescriptor desc, org.davic.net.tuning.NetworkInterface ni);的接口,但为处理方便,我们建议上层CA应用自己申请CAT,自己把握申请CAT的时机,接收到CAT解析出EMM PID后,设置EMM的filter接收EMM数据。双向环境下可创建socket或者http(s)客户端定时向服务器申请授权信息的CA数据。接收到EMM数据后,根据各CA的情况解析得到授权、反授权等信息。 3)How to receive and process EMM data: In single condition, according to the different CA we use different filter to receive EMM data, and we suggest taking RingSectionFilter,and its value defined by the real condition. When receiving CAT data, the EMM data receiving starts, and it will be analysis-ed to corresponding CA descriptor. The specification defines the public void catUpdate (CADescriptor desc, org. davic.net.tuning.Networklnterface ni) interface, but to simplify processing, we suggest applying CAT in the up-layer CA, the application time can be decided by the developer. After receiving the EMM PID ayalysis-ed by CAT, then setting the filter of EMM to receive EMM data. In bi-directional conditional it is good to set socket or http(s) client-side to apply authorized CA data timely from server. When receiving EMM data, obtain authorized and anti-authorized information according to different CA. 4)CW的设置: 标准中提供的设置CW的接口为:loadCW,其接口原型为: public void loadCW(int VendorID, CWKey cwKey, Key[] levelKeys, int schemeId) throws CADriverException;将智能卡解出的CW通过这个接口设置到底层,这个周期的节目就可以正常解扰播放了。循环上述的ECM接收处理和CW设置的过程就可以完成节目的正常播放了。 4) Setting CW The CW interface given by the specification: loadCW, the interface prototype is: public void loadCW(int VendorID, CWKey cwKey, Key[]levelKeys, int schemeld) throws CADriverException; setting the CW worked out by smart card to the bottom layer through the interface, and then the programs of this period will play without scrambling. All in all, to recycling the upper analysis and processing course, the program can play. 3 界面
CA应用同时需要UI提供一定接口用于智能卡信息显示、授权信息显示、电视邮件显示、阅读、删除等。Android平台下建议该界面及相应交互由CA应用采用Android自带的Activity来实现。 3.User Interface CA application needs certain interface given by UI for displaying the smart card information and the authorized information,displaying, reading and deleting the TV mail. It is suggest that on the Android platform, it is better to use Activity build-in Android to set the UI and finish the corresponding interaction.
4 和下载CA应用的区别
我们知道NGB下载CA标准中规定的下载CA是无卡设计,所以智能卡CA应用同下载CA应用开发最大的区别是智能卡通讯部分,包括智能卡的复位、初始化、CA信息的获取以及ECM、EMM数据的解密处理以及机卡配对功能等,泰信DTVOS在NGB标准接口的基础上扩展了智能卡设备的接口,通过设备接口结合各CA的具体通讯协议,比如采用什么样的协议T0、T1、T14?各指令的格式是什么,如何打包,收到指令后智能卡多长时间回应,回应的格式是什么,要不要校验,要不要解密,如何解析等,就可以在CA应用中完成传统CA库中同智能卡通讯部分的功能。 4.Distinction to DCAS application 传统智能卡CA应用开发同下载CA应用开发的最大区别是智能卡通讯部分,包括智能卡的复位、初始化、CA信息的获取以及ECM、EMM数据的解密处理以及机卡配对功能等,DTVOS在NGB标准接口的基础上扩展了智能卡设备的接口,通过设备接口结合各CA的具体通讯协议,比如采用什么样的协议T0、T1、T14?各指令的格式是什么,如何打包,收到指令后智能卡多长时间回应,回应的格式是什么,要不要校验,要不要解密,如何解析等,就可以在CA应用中完成传统CA库中同智能卡通讯部分的功能了。 The key difference between them is the smart card communication, including the reset, initiation of smart card, CA information acquisition, the ECM and EMM data decryption and STB & SC Binding, etc. DTVOS extends the interface of smart devices according to the NGB standard interface, and through the device interface combining the communication protocol of different CA, such as wether applying protocol T0, T1 or T14, the order’s form, the packaging measure, the smart card’s response time after receiving the order,the response form, etc,and thus it can accomplish the smart card communication function of traditional CA base in CA application.
另外传统智能卡CA应用开发同下载CA应用开发的区别在CW的设置上,由于下载CA采用了层级密钥机制,所以在设置CW时候设置的是加密的CW,同时又设置了各加密的层级密钥,而目前的智能卡CA由于不具备这个机制所以设置时有所区别,结合标准中提供的设置CW的接口:loadCW, In addition, there is another difference between the development of traditional smart card CA application and DCAS and that is the set of CW. Because the DCAS uses hierarchy key system, we set the encrypted CW when setting CW, and at the same time we set various encrypted hierarchy key. But as for the current smart card CA is short of the system, there is a difference when setting CW. According to the CW interface given by the specification which is: loadCW,
其接口原型为: The interface Prototype is:
public void loadCW(int VendorID, CWKey cwKey, Key[] levelKeys, int schemeId) throws CADriverException;
本方法用于通知终端软件平台向解扰器装入控制字,并向终端安全芯片装入所需密钥。 The way can be used to inform the terminal software platform to insert control word to the descrambler, and insert the needed key to the terminal security chip.
其中@param cwKey 控制字,如果控制字是明文,levelKeys参数被忽略,如果cwKey为null,,即CA应用没有提供有效的控制字。 And for @param cwKey control word, if the control word is plaintext, the LevelKeys parameter being ignored. And if the cwKey is null, that means the CA application doesn’t provide the valid control word.
@param levelKeys 用于置入终端安全芯片的多级密钥.密钥数组的索引等于终端安全芯片中的绝对位置,在数组中特定元素值为Null表明终端安全芯片中相应位置不应装入密钥. @param levelKeys is the multilevel key imbedding in the terminal security chip. The key group’s index is equal to the absolute position of terminal security chip, in the group the special element value is null, which indicates that the key shouldn’t be insert into the specified position in the terminal security chip.
@param schemeId 本schemeId用于指定终端安全芯片的加密算法(例如,AES,TDES) @param schemeId the schemeId is used to the specified terminal security chip’s encryption algorithm (such as AES, TDES)
@ChipController接口中定义了方式(scheme)值的列表。如果控制器只支持一种方式,则该值被忽略。 @ChipController interface giving the scheme list. If the controller only support one form then the scheme value should be ignored.
如果不考虑高级安全的环境,智能卡解出CW后设置的CW将是提到的控制字是明文的情况,参考CWKey的定义。 If we take no account of advanced security environment, after the smart card decoding the cw, the setting cw is set when the control word is plaintext, referring to the conception of CWKey.
public class CWKey extends Key
{
public static final int PARITY_EVEN = 0;
public static final int PARITY_ODD = 1;
/*
* @param value 密钥的值 *@param value key value
* @param真值标识密钥是加密的,假值表示密钥未加密. *@param true-value indicates the key is encrypted and false value means the key is unencrypted.
* @param 奇偶值,表明控制字的奇偶性. *@param odd-even value, indicating the parity of the control word.
*/
public CWKey(byte[] value, boolean encrypted, int parity)
/**
* 本方法返回控制字的奇偶性. *return to the control word’s parity
* @return 控制字的奇偶性. *@return control word’s parity
*/
public int getParity()
}
假定偶奇CW数组分别是:evencw、oddcw,对应CWKey是ECW[0]、ECW[1],那么
ECW[0] = new CWKey(evencw, false, 0);
ECW[1] = new CWKey(oddcw, false, 1);
设置CW的代码为: Let’s assume the odd-even CW group respectively are: evencw, oddcw, the corresponding cwkey are ECW[0] and ECW[1], so ECW[0]=new CWKey (evencw, false, 0); ECW[1]=new CWKey (oddcw, false, 1);
try {
descramblerContext.loadCW(0x1234, ECW [0], null, ChipController.SCHEME_3DES);
} catch (CADriverException ex) {
}
try {
descramblerContext.loadCW(0x1234, ECW [1], null, ChipController.SCHEME_3DES);
} catch (CADriverException ex) {
}
完成这两点结合下载CA应用的开发实例,开发一个通用的智能卡CA的应用难度就不大了。 After we finished the two programs according to the case of DCAS application development, it is relatively easy to develop a commonly used smart card CA application. |