UniSoft Corporation logo

ATSC Security File Generator

The UniSoft ATSC Signature File Generator (SFG) provides a graphical user interface that allows users to generate application and broadcast message signatures in the format specified in ATSC A/360 Security and Service Protection specification. The UniSoft ATSC SFG is available in the following variants:

The SFG is designed to integrate with certificate and certificate revocation services provided by an ATSC Certificate Authority. It also includes a minimal certificate authority that replicates these services to allow receiver testing independently from the authorized certificate authority.

SFG Application Signing

The SFG provides the means for an application author to add an S/MIME wrapper containing a signature to a MIME encapsulated application. The signature is encapsulated in a Cryptographic Message Syntax (CMS) Signed Data construct that includes: Similarly, the SFG provides a means for an application distributor to add a second S/MIME wrapper containing a signature to an application that already includes an application author signature. Before signing an application the SFG will check the format of the MIME package and ensure that author signatures and distributor signatures are not duplicated or omitted. The SFG also checks that the signers certificate is authorised to perform application author or application distributor signing.

SFG Broadcast Message Signing

The SFG provides a means for a broadcaster to add an S/MIME wrapper containing a signature to MIME encapsulated signalling packages, or to create a CMS Signed Data construct that can be included in a MMTP delivered table or a Low-Level Signaling Table. The CMS Signed Data construct for broadcast signalling messages includes: The SFG also provides a facility for the creation of the Certification Data Table (CDT) message as described in ATSC A/360. The CDT includes the following elements: The SFG uses the intermediate form of the CDT to separate those data elements that are expected to change infrequently from the final delivery format of the CDT which contains an up to date OCSP Response. This reduces the need to regularly use the CDT signing key which, in turn, reduces the risk of key compromise.

SFG General Features

The SFG provides the following set of features that can be used with the graphical user interface: The SFG is able to support the use of Hardware Security Modules (HSM) that conform to the standard PKCS11 interface. The use of HSM to store and limit access to keys significantly improves the security of the system.

SFG Streaming Service Interface

The SFG is able to support the immediate signing of applications and broadcast signaling messages that are created within the S&T ATCaster. In this mode, SFG runs as a service on a resilient server cluster that receives signing requests from the ATCaster. The service signs the supplied message data and, where necessary, interacts with the OCSP Responder to provide OCSP Responses into the message.

SFG Supported Operating System

The SFG is available on MAC OS X 10.10 and later and on Linux 3.10.0 (Centos 7.4) and later.

SFG Licensing

SFG is licensed on a per host computer basis. Licenses are available for each of the following four variants or for any combination thereof: