ATSC Security File Generator

The UniSoft ATSC Signature File Generator (SFG) provides a graphical user interface that allows users to generate application and broadcast message signatures in the format specified in ATSC A/360 Security and Service Protection specification. The UniSoft ATSC SFG is available in the following variants:

• An application signing interface for application authors.
• An application signing interface for application distributors.
• A broadcast signaling message signing interface for broadcasters.
• A streaming service interface integrated with S&T ATCaster that allows broadcast messages and applications to be signed at the time of delivery.

The SFG is designed to integrate with certificate and certificate revocation services provided by an ATSC Certificate Authority. It also includes a minimal certificate authority that replicates these services to allow receiver testing independently from the authorized certificate authority.

SFG Application Signing

The SFG provides the means for an application author to add an S/MIME wrapper containing a signature to a MIME encapsulated application. The signature is encapsulated in a Cryptographic Message Syntax (CMS) Signed Data construct that includes:

• A message digest (hash) of the application content.
• A time stamp at which the signature was applied.
• A signature over the message digest and time stamp.
• A chain of certificates that authenticate the signer to a trusted root certificate held in the receiver.
• A signed Online Certificate Status Protocol (OCSP) Response that provides the current revocation status for each of the certificates included in the CMS structure.

Similarly, the SFG provides a means for an application distributor to add a second S/MIME wrapper containing a signature to an application that already includes an application author signature. Before signing an application the SFG will check the format of the MIME package and ensure that author signatures and distributor signatures are not duplicated or omitted. The SFG also checks that the signers certificate is authorised to perform application author or application distributor signing.

SFG Broadcast Message Signing

The SFG provides a means for a broadcaster to add an S/MIME wrapper containing a signature to MIME encapsulated signalling packages, or to create a CMS Signed Data construct that can be included in a MMTP delivered table or a Low-Level Signaling Table. The CMS Signed Data construct for broadcast signalling messages includes:

• A message digest (hash) of the application content.
• A time stamp at which the signature was applied.
• A signature over the message digest and time stamp.

The SFG also provides a facility for the creation of the Certification Data Table (CDT) message as described in ATSC A/360. The CDT includes the following elements:

• A chain of certificates that authenticate the CDT signer and the broadcast message signer to a trusted root certificate in the receiver.
• Identifiers for the current broadcast message signing certificate, the CDT signing certificate, and (optionally) the next broadcast message signing certificate.
• Transition information for changes between the current and next broadcast message signing certificates.
• The validity period for the attached OCSP Response data.
• A CMS Signed Data construct that validates this information.
• Either an OCSP Request (for the intermediate form of the CDT), or an OCSP Response (for the final form of the CDT).

The SFG uses the intermediate form of the CDT to separate those data elements that are expected to change infrequently from the final delivery format of the CDT which contains an up to date OCSP Response. This reduces the need to regularly use the CDT signing key which, in turn, reduces the risk of key compromise.

SFG General Features

The SFG provides the following set of features that can be used with the graphical user interface:

• Key creation and encryption for each of the cryptographic key types specified in A/360.
• Certificate request creation to obtain a certificate from the authorized certificate authority.
• Certificate installation into a local database of certificates.
• Profile management that allows users to indicate which certificates they wish to use in author application, distributor application and broadcaster signalling message signing. The profile also allows users to define the folder location and file suffixes used to access and store their signed messages.
• An OCSP Responder profile that defines the URL that allows access to the responder and the certificates that are used to verify responses.
• An OCSP Request and Response check that allows the user to view the current status for each of their signing certificates.
• A CMS Signed Data and a CDT Table content viewer that allows the user to see the data that has been included in their signed messages.

The SFG is able to support the use of Hardware Security Modules (HSM) that conform to the standard PKCS11 interface. The use of HSM to store and limit access to keys significantly improves the security of the system.

SFG Streaming Service Interface

The SFG is able to support the immediate signing of applications and broadcast signaling messages that are created within the S&T ATCaster. In this mode, SFG runs as a service on a resilient server cluster that receives signing requests from the ATCaster. The service signs the supplied message data and, where necessary, interacts with the OCSP Responder to provide OCSP Responses into the message.

SFG Supported Operating System

The SFG is available on MAC OS X 10.10 and later and on Linux 3.10.0 (Centos 7.4) and later.

SFG Licensing

SFG is licensed on a per host computer basis. Licenses are available for each of the following four variants or for any combination thereof:

• ATSC SFG Application Author
• ATSC SFG Application Distributor
• ATSC SFG Broadcaster
• ATSC SFG Streaming Service