Security Hardening Requirements

The requirements and recommendations below are targeted on the following:

• Protecting the integrity of the whole client application, including APIs, against tampering.
• Linking the authorization entity, which registers the user at the content provider, token handling of the client and DRM client securely.
• Protection of the certificate store is needed for establishing a secure connection.
• Having a secure link to the content provider authorizing the end user for receiving the token.

To achieve this, the integrator of the client must comply with the following requirements:

• The Authorization entity, the client handling the token, and the DRM client must be bundled to be one application that is protected against debugging and tampering as a whole.
• Sensitive pieces of Java code should be obfuscated, for instance with obfuscation tools, to hide the symbol names of the Java classes and methods.
• The whole application needs to be protected with tools, granting integrity of the binary, integrity of the API, and debugging protection.
• The links to transport the login and authentication to the content provider as well as links transporting tokens must use TLS 1.2 or higher.
• The certificates for these connections must be stored in the devices certificate store and be protected against manipulation by other applications or deletion. You can achieve this by using strong passwords and additional anti-tampering (for example, verification of hashes) for the certificate store.
• Access to the token generator must be gated using operator-issued credentials (authorization entity).
• Content policies and DRM rules should not pass unsigned through the client application. The signatures must be verified shortly before they are processed. The token generator must retrieve the signatures from the Subscriber Management or Asset Management system as it builds the DRM token.