IEC TS 62224:2013

IEC/TS 62224 ®
Edition 2.0 2013-07
TECHNICAL
SPECIFICATION
colour
inside
Multimedia home server systems – Conceptual model for digital rights
management
IEC/TS 62224:2013(E)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

Useful links:
IEC publications search - www.iec.ch/searchpub Electropedia - www.electropedia.org
The advanced search enables you to find IEC publications The world's leading online dictionary of electronic and
by a variety of criteria (reference number, text, technical electrical terms containing more than 30 000 terms and
committee,…). definitions in English and French, with equivalent terms in
It also gives information on projects, replaced and additional languages. Also known as the International
withdrawn publications. Electrotechnical Vocabulary (IEV) on-line.

IEC Just Published - webstore.iec.ch/justpublished Customer Service Centre - webstore.iec.ch/csc
Stay up to date on all new IEC publications. Just Published If you wish to give us your feedback on this publication
details all new publications released. Available on-line and or need further assistance, please contact the
also once a month by email. Customer Service Centre: csc@iec.ch.

IEC/TS 62224 ®
Edition 2.0 2013-07
TECHNICAL
SPECIFICATION
colour
inside
Multimedia home server systems – Conceptual model for digital rights

management
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
U
ICS 33.160.60; 35.100.01 ISBN 978-2-8322-0927-1

– 2 – TS 62224 © IEC:2013(E)
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Abbreviations . 11
5 Notation. 12
5.1 Numerical values . 12
5.2 Notation list . 12
6 Requirements . 13
6.1 License service model . 13
6.1.1 General . 13
6.1.2 Threats and countermeasures . 15
6.1.3 Evaluation criteria . 16
7 Design considerations . 17
7.1 General . 17
7.2 Security model . 17
7.2.1 General . 17
7.2.2 Overview of security model . 17
7.2.3 TREM functions . 18
7.2.4 Secure license transaction protocol (SLTP) model . 18
7.2.5 Certification authority. 20
7.2.6 Key revocation and termination of the TREM . 21
7.3 Interconnection model . 21
7.3.1 Generic interconnection model . 21
7.3.2 License relay protocol (LRP) model . 22
7.3.3 Implementation model of inter-connection . 23
7.4 License information model . 24
7.4.1 General . 24
7.4.2 Digital rights permissions data . 24
8 Issues to be standardized . 25
Annex A (informative) Example of algorithms for cryptosystem and hash . 26
Annex B (informative) Example of conversion of rights information in DRM based upon
SLTP into that of existing DRM . 27
Bibliography . 29

Figure 1 – License service model to consider the threats . 15
Figure 2 – Security model of content protection . 18
Figure 3 – Basic procedure of SLTP model . 20
Figure 4 – Overview of issuing TREM class certificates . 21
Figure 5 – Generic interconnection model for content protection . 22
Figure 6 – Implementation model of interconnection . 24
Figure B.1 – Example of static conversion of rights information . 27
Figure B.2 – Example of dynamic conversion of rights information . 28

TS 62224 © IEC:2013(E) – 3 –
Table 1 – Expression of numerical values . 12
Table 2 – Notations used in this model . 12
Table 3 – Threats and countermeasures in the license service model . 16

– 4 – TS 62224 © IEC:2013(E)
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
MULTIMEDIA HOME SERVER SYSTEMS –
CONCEPTUAL MODEL FOR DIGITAL RIGHTS MANAGEMENT

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in
addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses
arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. In exceptional
circumstances, a technical committee may propose the publication of a technical specification
when
• the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts, or
• the subject is still under technical development or where, for any other reason, there is the
future but no immediate possibility of an agreement on an International Standard.
Technical specifications are subject to review within three years of publication to decide whether
they can be transformed into International Standards.
IEC 62224, which is a technical specification, has been prepared by technical area 8:
Multimedia home server systems of IEC technical committee 100: Audio, video and multimedia
systems and equipment.
This second edition cancels and replaces the first edition published in 2007 and constitutes a
technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
TS 62224 © IEC:2013(E) – 5 –
a) the Diffie-Hellman method concerning Secure license transaction protocol (SLTP) model has
been added,
b) the Protected Content Format (PCF) model which is dependent on each service has been
deleted,
c) a description related to IEC 62227 has been added,
d) the classification of certification authority has been added.
The text of this technical specification is based on the following documents:
Enquiry draft Report on voting
100/2005/DTS 100/2060/RVC
Full information on the voting for the approval of this technical specification can be found in the
report on voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until the
stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data related to
the specific publication. At this date, the publication will be
• transformed into an International Standard,
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – TS 62224 © IEC:2013(E)
INTRODUCTION
Due to the recent trends in the rapid popularization of mobile phones and the Internet as well as
the realization of high-speed data transmission and large-volume data recording media, a high
quality content distribution and ubiquitous information services are making progress and a new
type of information distribution and network sharing service has gradually emerged into the
market. It is capable of utilizing terabyte class home servers in private homes, also.
Under these circumstances, in distribution of content over shared networks, it is crucial to
establish digital rights management (DRM) technologies to protect the content from illegal
copying and usage. These matters have emerged as important social issues.
The targets of management by DRM technology are these digital licenses, such as copyrights.
Essentially, these licenses should not only be protected but also promote re-creativity and
should be broadly used as the property shared by the human race. Thus, the licenses with these
characteristics should be managed and protected by a DRM system that follows open
interoperable specifications shared throughout the world.
An open interoperable specification that follows this technical specification is able to construct
highly expandable PKI based DRM targeting usage between systems, considering the
expansion of recent content distribution services and clients (console type AV equipment, PC,
mobile phone terminal, automotive telematics terminal, and so on). This technical specification
gives protocol specifications for the exchange of license information between the DRM module,
the description of specifications for license information and encrypted contents format.
During the development of this model, much consideration was given to the usage of contents in
consumer electronics equipment connected with home servers. In addition, particular attention
was given to distribution, storage exchange and usage of content between distribution servers
and the client destination system, allowing for conditions approved by the rights holder, but
nevertheless without loss of convenience for the users. The standardization and its
popularization based on this model will enable inter-connection between DRM modules allowing
strong contents protection in various content network sharing systems or content distribution
services over the Internet and mobile phone networks.

TS 62224 © IEC:2013(E) – 7 –
MULTIMEDIA HOME SERVER SYSTEMS –
CONCEPTUAL MODEL FOR DIGITAL RIGHTS MANAGEMENT

1 Scope
This Technical Specification explains the conceptual model of the protocol specification to
exchange license information between DRM modules. This Technical Specification also outlines
which models should be defined as standard models as well as the standard meanings (mainly
from the viewpoint of information security in the environment, including home server systems).
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
IEC 62227:2008, Multimedia home server systems – Digital rights permission code
Amendment 1:2012
ISO/IEC 7498-1:1994, Information technology – Open Systems Interconnection – Basic
Reference Model: The Basic Model
ISO/IEC 9594-8:2008, Information technology – Open Systems Interconnection – The
Directory:Public-key and attribute certification framework
ISO/IEC 15408-1:2009, Information technology – Security techniques – Evaluation criteria for
IT security – Part 1: Introduction and general model
ITU-T Recommendation X.509:1997, Information technology – Open systems intercon-
nection – The Directory: Public-key and attribute certificate frameworks
RFC 3280 R. Housley (RSA Laboratories), W. Ford (VeriSign), W. Polk (NIST), D. Solo (Citicorp),
Request for Comments: 3280 – Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile, Category: Standards Track (April 2002),
http://rfc.slim.summitmedia.co.uk/rfc2380.html
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 9594-8:2008, as
well as the following apply.
3.1
access condition
information that describes the content usage conditions
Note 1 to entry: The access condition represents the conditional rules that restrict user ability to manipulate the
content information and is a part of authorization information in the license for the content.
3.2
certificate policy
named set of rules that indicates the applicability of a certificate to a particular community and/or
class of application with common security requirements

– 8 – TS 62224 © IEC:2013(E)
EXAMPLE A particular certificate policy might indicate applicability of a type of certificate to the authentication of
electronic data interchange transactions for the trading of goods within a given price range.
[SOURCE: ISO/IEC 9594-8:2008, 3.4.10, modified, i.e. aligned to new requirements for terms
and definitions.]
3.3
certification authority
CA
authority trusted by one or more users to create and assign public-key certificates
Note 1 to entry: Optionally the certification authority may create the users' keys.
[SOURCE: ISO/IEC 9594-8:2008, 3.4.17, modified, i.e. aligned to new requirements for terms
and definitions.]
3.4
certificate revocation list
certification authority revocation list
CARL
revocation list containing a list of public-key certificates issued to certification authorities that
are no longer considered valid by the certificate issuer
[SOURCE: ISO/IEC 9594-8:2008, 3.4.18]
3.5
content identifier
identifier which is a unique value assigned to each content that is a unit of information provided
by the content holder
3.6
content key
content encryption key unique to each content
Note 1 to entry: A content key is a key under the symmetric key cryptosystem.
3.7
data concatenation
concatenation of two bit-streams into a single bit-stream
Note 1 to entry: The first bit of the second original stream is next to the last bit of the first original stream.
3.8
decoder TREM
TREM in which encrypted content can be decrypted and played
3.9
destination TREM
TREM receiving a license
3.10
digital rights management
technology or functions to protect rights relating with digital content, for example, copyright, or
system, or module that provide these functions
Note 1 to entry: Inside this system or module it manages content access conditions and behaves under these
conditions.
TS 62224 © IEC:2013(E) – 9 –
3.11
encrypted content
encrypted content data with its related meta data, such as broadcasting content, download
content, streaming content, and so on
3.12
entry TREM
TREM that has the function of generating a new license according to indication from outside and
behaves as a source TREM
Note 1 to entry: An entry TREM is inside the license distribution server, and so on.
3.13
hash function
mathematical function which maps values from a large (possibly very large) domain into a
smaller range
Note 1 to entry: A "good" hash function is such that the results of applying the function to a (large) set of values in the
domain will be evenly distributed (and apparently at random) over the range.
[SOURCE: ISO/IEC 9594-8:2008, 3.4.35, modified, i.e. aligned to new requirements for terms
and definitions]
3.14
license
information including one or more content keys and authorization information like access
conditions, etc.
Note 1 to entry: If it is outside a TREM, it shall be a protected license, which is protected with session key generated
in accordance with SLTP.
3.15
license identifier
identifier which is a unique value assigned to each license
3.16
license move
moving of a license from one TREM to another
Note 1 to entry: Once the license is moved, the license is deleted from the source TREM. A license move with the
encrypted content copy equals a content move.
3.17
license relay module
LRM
system or module that relays a protected license between TREMs through an SLTP session
Note 1 to entry: LRM is an endpoint of an LRP connection and has the function of controlling internal bus and network
in order to relay the protected license via the LRP connection.
3.18
license relay protocol
LRP
protocol between LRMs
Note 1 to entry: Over this protocol, secure license transaction protocol (SLTP) is realized for the Internet environment.
For the SLTP, the LRP provides functions of transaction management, restart of disconnected SLTP session, protocol
negotiation, and transfer of information relating with user authentication or accounting management.

– 10 – TS 62224 © IEC:2013(E)
3.19
license server
server system that has a TREM and the LRM which mediates the transmission of a license
issued by the TREM
3.20
license transaction
unit of processing to distribute, move or copy a license
Note 1 to entry: For each transaction, the different resources are assigned and managed.
3.21
license transfer
moving or copying a license from the TREM to the other TREM
3.22
mediator TREM
TREM that mediates license transfer as a main role
Note 1 to entry: It has both roles as destination and source TREMs.
3.23
protected license
license information protected to transfer between TREMs
Note 1 to entry: A protected license includes encrypted content keys and protected authorization information.
3.24
public key cryptosystem
cryptosystem in which encryption key and decryption key are different
Note 1 to entry: When concealing the data, the key used for encryption is publicly distributed. RSA and elliptic curve
cryptosystem are well known as public key cryptosystems.
3.25
secure license transaction protocol
SLTP
protocol to transfer license information securely between TREMs
Note 1 to entry: This protocol consists of formats of the information exchanged between TREMs and a state transition
specification of the TREM, which shall be implemented.
3.26
session private key
temporary private key which is used to share a session symmetric key between TREMs at each
SLTP session
3.27
session public key
temporary public key which is used to share session symmetric key between TREMs at each
SLTP session
3.28
session symmetric key
temporary symmetric key shared between TREMs at each SLTP session
3.29
SLTP session
secure session generated between TREMs according to the SLTP in order to transfer license
Note 1 to entry: Each SLTP session has a session symmetric key shared by both sides of the TREMs.

TS 62224 © IEC:2013(E) – 11 –
3.30
source TREM
role of a TREM as a TREM issuing a license
3.31
symmetric key cryptosystem
cryptosystem in which the same key is used to encrypt and decrypt the data
Note 1 to entry: Advanced Encryption Standard (AES) standardized by NIST in the U.S.A. is a well-known symmetric
key cryptosystem.
3.32
tamper resistant module
TRM
module to protect from analysis or modification of information and its processing
Note 1 to entry: See [FIPS 140-2].
3.33
tamper resistant rights enforcement module
TREM
system or module which has functions of digital rights management
Note 1 to entry: TREM is structured as a tamper resistant module. TREM has functions to enforce rights, manage
license and process the license transfer according to SLTP.
3.34
transaction identifier
identifier that is assigned to each license transaction
3.35
transaction log
log data representing the status of a license transfer transaction and the license issued in that
transaction
Note 1 to entry: It is securely stored in the TREM.
3.36
TREM private key
TREM individual private key
key kept privately by each TREM individually
3.37
TREM public key
TREM individual public key
public key corresponding to a TREM (individual) private key
4 Abbreviations
AES Advanced Encryption Standard
CA Certification Authority
CCI Copy Control Information
CRL Certificate Revocation List
DES Data Encryption Standard
DRM Digital Rights Management
EC-DH Elliptic Curve key agreement scheme, Diffie-Hellman
EC-DSA Elliptic Curve verification primitive, DSA version

– 12 – TS 62224 © IEC:2013(E)
ID IDentifier
LRM License Relay Module
LRP License Relay Protocol
PCF Protected Content Format
SLTP Secure License Transaction Protocol
T-DES Triple DES
TID Transaction IDentifier
TREM Tamper-resistant Rights Enforcement Module
TRM Tamper Resistant Module
5 Notation
5.1 Numerical values
In this Technical Specification, the following expressions of numerical values are used as shown
in Table 1.
Table 1 – Expression of numerical values
Binary (BIN) Decimal (DEC) Hexadecimal (HEX)
Letters used for value '0' ∼ '1' '0' ∼ '9' '0' ∼ '9', 'A' ∼ 'F'
Appended letter Nothing (or 'b') nothing 'h'
Example 200 C8h
(or 11001000b)
5.2 Notation list
This Technical Specification uses the following notations as shown in Table 2.
Table 2 – Notations used in this model
Name Expression Description
Encryption E (K, D) The result of encryption of information ‘D’ with a key ‘K’
Hash H (D) The result of hash of information ‘D’
Concatenation A || B The result of data concatenation of ‘A’ and ‘B’
Content key Kc A content encryption key associated with each content
Root private key KR A private key securely maintained by root CA
Root public key KPR The public key corresponding to KR
Private key of CA KCi A private key securely maintained by CA ”i” which is the issuer
of the certificate of lower tier CA or the certificate of TREM
public key
(This does not include root private key.)
Public key of CA KPCi The public key corresponding to KCi
(This does not include root public key.)
TREM private key for KTdk A key that the TREM “k” keeps individually and secretly.
detecting SLTP
This key is used to generate digital signature for detecting
message tampering
SLTP message tampering.
TREM public key for KPTdk The public key corresponding to KTdk.
detecting SLTP
This key is used to verify the digital signature that is
message tampering
generated by using KTdk.
TS 62224 © IEC:2013(E) – 13 –
Name Expression Description
TREM private key for KTsk A key that the TREM “k” keeps individually and secretly.
sharing session
This key is used to share a session symmetric key with other
symmetric key with other
TREM.
TREM
TREM public key for KPTsk The public key corresponding to KTsk.
sharing session
This key is used to share a session symmetric key with other
symmetric key with other
TREM.
TREM
Relevant information Ir The information relating to root CA
Ici The information relating to CA “i” other than root CA
Itxx The information relating to the public key of TREM KPTxx
Certificate C (KR, KPR || Ir) A certificate of a root public key KPR
KPR || Ir || E( KR, H(KPR || Ir) )
C (KR, KPCi || Ici) A certificate of a public key KPCi issued by root CA whose
private key is KR
KPCi || Ici || E( KR, H(KPCi || Ici) )
C (KCi, KPCj || Icj) A certificate of a public key KPCj issued by CA “i” whose
private key is KCi
KPCj || Icj || E( KCi, H(KPCj || Icj) )
C (KCj, KPTxx || Itxx) A certificate of a public key KPTxx issued by CA “j” whose
private key is KCj
KPTxx || Itxx || E( KCj, H(KPTxx || Itxx) )
Session private key KTTkn A temporary private key generated in TREM “k” per each
SLTP session “n”.
This is used to share session symmetric key between TREMs
at SLTP session “n”.
Session public key KPTTkn A temporary public key corresponding to KTTkn.
This is used to share session symmetric key between TREMs
at SLTP session “n”.
...