ETSI TS 103 544-16 V1.3.1 (2019-10)

TECHNICAL SPECIFICATION
Publicly Available Specification (PAS);
Intelligent Transport Systems (ITS); ®
MirrorLink ;
Part 16: Application Developer Certificates
CAUTION
The present document has been submitted to ETSI as a PAS produced by CCC and
approved by the ETSI Technical Committee Intelligent Transport Systems (ITS).
CCC is owner of the copyright of the document CCC-TS-044 and/or had all relevant rights and had assigned said rights to
ETSI on an "as is basis". Consequently, to the fullest extent permitted by law, ETSI disclaims all warranties whether express,
implied, statutory or otherwise including but not limited to merchantability, non-infringement of any intellectual property rights of
third parties. No warranty is given about the accuracy and the completeness of the content of the present document.

2 ETSI TS 103 544-16 V1.3.1 (2019-10)

Reference
RTS/ITS-98-16
Keywords
interface, ITS, PAS, smartphone

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm
except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
©ETSI 2019.
© Car Connectivity Consortium 2011-2019.
All rights reserved.
ETSI logo is a Trade Mark of ETSI registered for the benefit of its Members.
MirrorLink® is a registered trademark of Car Connectivity Consortium LLC.
RFB® and VNC® are registered trademarks of RealVNC Ltd.
UPnP® is a registered trademark of Open Connectivity Foundation, Inc.
Other names or abbreviations used in the present document may be trademarks of their respective owners.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners. ®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
3 ETSI TS 103 544-16 V1.3.1 (2019-10)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
1 Scope . 5
2 References . 5
2.1 Normative references . 5
2.2 Informative references . 6
3 Definition of terms, symbols and abbreviations . 6
3.1 Terms . 6
3.2 Symbols . 6
3.3 Abbreviations . 6
4 Developer Application Concept . 7
5 Application Developer Certificate Structure . 8
5.1 Application Development Certificate . 8
5.1.1 General . 8
5.1.2 Extension Header . 8
5.1.3 Extension Values . 8
5.1.3.1 CCC-MirrorLink-Developer-Id . 8
5.1.3.2 CCC-MirrorLink Extension Value . 8
5.2 Developer Identification Certificate . 8
5.2.1 General . 8
5.2.2 Extension Header . 9
5.2.3 Extension Values . 9
5.2.3.1 CCC-MirrorLink-Developer-Id . 9
5.2.3.2 CCC-MirrorLink-Developer-Server-Ids . 9
5.2.3.3 CCC-MirrorLink-Client-Manufacturer-Ids . 9
5.3 Root Certificate . 9
6 Developer Identification Certificate Life Cycle . 10
6.1 Certificate Retrieval and Validation . 10
6.1.1 Certificate Retrieval . 10
6.1.2 Certificate Validation . 11
6.1.3 Testing Considerations . 12
6.2 Certificate Revocation Checks . 12
6.2.1 Revocation Protocol . 12
6.2.2 Certificate Valid . 12
6.2.3 Certificate Revoked . 13
6.2.4 Certificate Updated . 13
6.2.5 Testing Consideration . 13
6.3 Query and Grace Periods . 13
6.3.1 Query Period . 13
6.3.2 Grace Period . 13
7 Application Development Certificate Life Cycle . 14
7.1 Certificate Retrieval and Validation . 14
7.1.1 Certificate Retrieval . 14
7.1.2 Certificate Validation . 14
7.1.3 Certificate Update . 14
7.2 Certificate Revocation Checks . 15
Annex A (informative): OCSP Request & Response Example . 16
Annex B (informative): Application Developer Certificate Example . 18
Annex C (informative): Authors and Contributors . 19
History . 20

ETSI
4 ETSI TS 103 544-16 V1.3.1 (2019-10)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems
(ITS).
The present document is part 16 of a multi-part deliverable. Full details of the entire series can be found in part 1 [i.1].
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
5 ETSI TS 103 544-16 V1.3.1 (2019-10)
1 Scope ®
The present document is part of the MirrorLink specification which specifies an interface for enabling remote user
interaction of a mobile device via another device. The present document is written having a vehicle head-unit to interact
with the mobile device in mind, but it will similarly apply for other devices, which provide a colour display, audio
input/output and user input mechanisms.
MirrorLink provides the ability to run certified applications on MirrorLink server devices that can be launched from the
MirrorLink Client device. In order to improve safety and ensure a quality user experience, an application certification
program is implemented that will control which applications can be used with MirrorLink in drive on in non-drive
situations. Application developers will be able to use specific application development certificates, which simplifies the
development of applications on the one side, but which will be usable only on a small set of MirrorLink Server devices
- as well as a potentially restricted set of MirrorLink Client devices.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long-term validity.
The following referenced documents are necessary for the application of the present document.
[1] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate", May 2008.
NOTE: Available at http://tools.ietf.org/html/rfc5280.
[2] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -
OCSP", June 2013.
NOTE: Available at https://tools.ietf.org/html/rfc6960.
[3] ETSI TS 103 544-9 (V1.3.1): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 9: UPnP Application Server Service".
[4] ETSI TS 103 544-14 (V1.3.1): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 14: Application Certificates".
[5] ETSI TS 103 544-10 (V1.3.1): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 10: UPnP Client Profile Service".
ETSI
6 ETSI TS 103 544-16 V1.3.1 (2019-10)
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long-term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI TS 103 544-1 (V1.3.1): "Publicly Available Specification (PAS); Intelligent Transport
Systems (ITS); MirrorLink®; Part 1: Connectivity".
3 Definition of terms, symbols and abbreviations
3.1 Terms
Void.
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
ACMS Application Certification Management System
AIA Authority Information Access
CA Certificate Authority
CN Common Name
CTS Conformance Test System
DAP Device Attestation Protocol
DER Distinguished Encoding Rules
HTTP HyperText Transfer Protocol
OCPS Online Certificate Status Protocol
OCSP Online Certificate Status Protocol
RFB Remote Framebuffer
RSA Rivest-Shamir-Adleman
UPnP Universal Plug and Play
URI Uniform Resource Identifier
URL Universal Resource Locator
UUID Universally Unique IDentifier
VNC Virtual Network Computing
XML eXtensible Markup Language
ETSI
7 ETSI TS 103 544-16 V1.3.1 (2019-10)
4 Developer Application Concept
MirrorLink provides the ability to run certified applications on MirrorLink server devices that can be launched from the
MirrorLink client device. In order to improve safety and ensure a quality user experience, an application certification
program is implemented that will control which applications can be used with MirrorLink in drive on in non-drive
situations. Application developers will be able to use specific application development certificates, which simplifies the
development of applications on the one side, but which will be usable only on a small set of MirrorLink Server devices
- as well as a potentially restricted set of MirrorLink Client devices.
Each application under development, which can be uniquely identified by a platform specific application identifier
(App ID), will come with an Application Development Certificate (App Dev Certificate), which contains the App ID;
necessary application information, provided to the MirrorLink Client (App Info); and the Developer ID (Dev ID). The
Application Development Certificate is self-signed by either the application developer or the MirrorLink Server's
software development kit.
The MirrorLink Server will use the information from the App Development Certificate to validate the MirrorLink
Application, and to link it to the Developer Identifier Certificate (Dev ID Certificate). The Dev ID Certificate contains a
unique Developer Identifier (Dev ID), and one or more Server Device Identifiers (Server Device IDs) for which the Dev
ID Certificate is valid. An optional list of Client Device Identifiers (Client Device IDs) defines a black list of client
devices, for which the Dev ID Certificate is not valid.
As shown in Figure 1, the App Dev and the Dev ID Certificates are stored on the MirrorLink Server Device. It is the
responsibility of the MirrorLink Server to check, whether the Dev ID Certificate has not been revoked and whether it is
valid for the MirrorLink Server and Client combination. In case the App Dev Certificate is valid, the corresponding
MirrorLink application will be presented to the MirrorLink Client Device as an application coming with a certificate
distributed by CCC.
Figure 1: Application Developer Certification Architecture (MirrorLink Server View)
A MirrorLink Client will not see the difference from any regular non-development version, besides a different signing
entity name and an additional X.509 v3 extension as specified in [1].
ETSI
8 ETSI TS 103 544-16 V1.3.1 (2019-10)
Support for development applications as described above may be restricted to specific MirrorLink Server Developer
devices; those shall be made available to application developers. Therefore, a regular MirrorLink Server device may
NOT be able to run development applications as certified applications.
5 Application Developer Certificate Structure
5.1 Application Development Certificate
5.1.1 General
MirrorLink Application Development Certificates shall be a public key X.509 version 3 certificate as specified in [1].
The certificate is a self-signed certificate. The signing authority shall not set an expiration date of longer than 1 month
from the date of signing.
Application Development Certificate shall use 2048-bit RSA keys with SHA-256 or SHA-512 signature algorithms.
5.1.2 Extension Header
The X.509 extension header shall have the following format:
X509v3 extensions:
CCC-MirrorLink-Developer-Id Extension:
extnId:  1.3.6.1.4.1.41577.3.1
critical: no
extnValue: DER:OCTET STRING
CCC-MirrorLink Extension:
extnId:  1.3.6.1.4.1.41577.2.1
critical: no
extnValue: DER:

5.1.3 Extension Values
5.1.3.1 CCC-MirrorLink-Developer-Id
Developer Id, as provided from the Application Certification Management System (ACMS), shall be formatted as a
character string of up to 40 alphanumeric characters (‘a’-‘z’, ‘0’-‘9’).
5.1.3.2 CCC-MirrorLink Extension Value
The DER encoded XML of the application information, as specified in [4].
The Signing Entity Name of application development certificates shall be "DEVELOPER".
5.2 Developer Identification Certificate
5.2.1 General
The MirrorLink Dev ID Certificate shall be a public key X.509 version 3 certificate as specified in [1].
The certificate shall be signed by the CCC's Root Certificate. A hierarchy of Certification Authorities (CAs) may be
used for Dev ID certificates. In case intermediate CAs are used, the entire certificate chain up to the root CA shall be
provided to the MirrorLink Server together with the Dev ID certificate. Any intermediate certificate shall not have an
expiration date of more than 1 year from the date of signing.
ETSI
9 ETSI TS 103 544-16 V1.3.1 (2019-10)
The Intermediate certificate, which is sig
...