Cisco Headend System Release 2.7 Références techniques
1-4
Introducing OCAP
738184 Rev B
OCAP Applications,
Continued
Applications Security
CableLabs is considered the trusted security source that verifies the OCAP
middleware. CableLabs is responsible for supplying the core verification root
certificate. This certificate is used to authenticate OCAP applications that have a
security certificate. Certain privileges are only available for authenticated OCAP
applications.
Monitor Application Functionality
The monitor application is an OCAP unbound application using standard OCAP
interfaces. Much like the resident application in set-tops, the monitor application
negotiates security requirements for premium applications, manages application life
cycles, and referees when multiple applications request the same resource at the
same time.
The monitor application is an optional OCAP component with the highest level of
The monitor application is an optional OCAP component with the highest level of
security. It ultimately determines which applications may run in the OCAP system.
Like all unbound applications, the monitor application is signaled using the
Like all unbound applications, the monitor application is signaled using the
Extended Application Information Table (XAIT). The monitor application is
distinguished in the priority and permissions given to it by the XAIT. These
permissions allow the application to “call” OCAP functions that influence the
operation of other applications.
The cable service provider or the application vendor may sign a certificate to an
The cable service provider or the application vendor may sign a certificate to an
application. Based on the presence of a signature, the application receives or is
denied security privileges, subject to additional restrictions placed by the monitor
application. The OCAP object carousel is responsible for carrying the application
signatures.
Note: For more information, refer to Section 6 of the OpenCable Security Specification,
Note: For more information, refer to Section 6 of the OpenCable Security Specification,
OC-SP-SEC-I05-040831 (Available from CableLabs).