BS ISO IEC 23001-7-2016 Information technology MPEG systems technologies Common encryption in ISO base media file format files《信息技术 MPEG系统技术 ISO基本媒介文件格式使用的通用加密》.pdf

1、BSI Standards Publication BS ISO/IEC 23001-7:2016 Information technology MPEG systems technologies Part 7: Common encryption in ISO base media file format filesBS ISO/IEC 23001-7:2016 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 23001-7:2016. It supers

2、edes BS ISO/IEC 23001-7:2015 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/37, Coding of picture, audio, multimedia and hypermedia information. A list of organizations represented on this committee can be obtained on request to its secretary. Th

3、is publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 89078 9 ICS 35.040 Compliance with a British Standard cannot confer

4、 immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 March 2016. Amendments issued since publication Date Text affectedBS ISO/IEC 23001-7:2016 Information technology MPEG systems technologies Part 7: Common enc

5、ryption in ISO base media file format files Technologies de linformation Technologies des systmes MPEG Partie 7: Cryptage commun des fichiers au format de fichier de mdias de la base ISO INTERNATIONAL STANDARD ISO/IEC 23001-7 Reference number ISO/IEC 23001-7:2016(E) Third edition 2016-02-15 ISO/IEC

6、2016 BS ISO/IEC 23001-7:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanic

7、al, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Swit

8、zerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 23001-7:2016(E)BS ISO/IEC 23001-7:2016ISO/IEC 23001-7:2016(E)Foreword v Introduction vi 1 Scope . 1 2 Normative references 1 3 Terms, definitions, and abbreviated terms . 1 3.1 Terms and definitions . 1 3.2 Abbre

9、viated terms . 2 4 Protection schemes 3 4.1 Scheme type signaling 3 4.2 Common encryption scheme types . 3 5 Overview of encryption metadata 3 6 Encryption parameters shared by groups of samples . 3 7 Common encryption sample auxiliary information 5 7.1 Definition . 5 7.2 Sample Encryption Informati

10、on box for storage of sample auxiliary information 6 7.2.1 Sample Encryption Box (senc) . 6 7.2.2 Syntax 6 7.2.3 Semantics . 6 8 Box definitions 7 8.1 Protection system specific header box . 7 8.1.1 Definition 7 8.1.2 Syntax 7 8.1.3 Semantics . 8 8.2 Track Encryption box 8 8.2.1 Definition 8 8.2.2 S

11、yntax 8 8.2.3 Semantics . 9 9 Encryption of media data 9 9.1 Field semantics . 9 9.2 Initialization Vectors .10 9.3 AES-CTR mode counter operation 11 9.4 Full sample encryption .12 9.4.1 General.12 9.4.2 Full sample encryption using AES-CTR mode .12 9.4.3 Full sample encryption using AES-CBC mode .1

12、2 9.5 Subsample encryption .13 9.5.1 Definition (normative) .13 9.5.2 Subsample encryption of NAL Structured Video tracks .14 9.6 Pattern encryption 18 9.6.1 Definition .18 9.6.2 Example of pattern encryption applied to a video NAL unit.19 9.7 Whole-block full sample encryption .19 10 Protection sch

13、eme definitions 19 10.1 cenc AES-CTR scheme 19 10.2 cbc1 AES-CBC scheme 20 10.3 cens AES-CTR subsample pattern encryption scheme 20 10.4 cbcs AES-CBC subsample pattern encryption scheme 21 10.4.1 Definition .21 10.4.2 cbcs AES-CBC mode pattern encryption scheme application (informative) .22 11 XML r

14、epresentation of Common Encryption parameters .22 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 23001-7:2016ISO/IEC 23001-7:2016(E)11.1 General 22 11.2 Definition of the XML cenc:default_KID attribute and cenc:pssh element .22 11.3 Use of the cenc:default_KID attribute and cenc:pssh e

15、lement in DASH ContentProtection Descriptor elements 23 11.3.1 General 23 11.3.2 Addition of cenc:default_KID attributes in DASH ContentProtection Descriptors 23 11.3.3 Addition of the cenc:pssh element in Protection System Specific UUID ContentProtection Descriptors 24 11.3.4 Example of two Content

16、 Protection Descriptors in an MPD .24 Bibliography .26 iv ISO/IEC 2016 All rights reservedBS ISO/IEC 23001-7:2016ISO/IEC 23001-7:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide

17、 standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fie

18、lds of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this

19、document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directive

20、s, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the de

21、velopment of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of

22、ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, In

23、formation technology, Subcommittee SC 29, Coding of audio, picture, multimedia and hypermedia information. This third edition cancels and replaces the second edition (ISO/IEC 23001-7:2015), which has been technically revised. ISO/IEC 23001 consists of the following parts, under the general title Inf

24、ormation technology MPEG systems technologies: Part 1: Binary MPEG format for XML Part 2: Fragment request units Part 3: XML IPMP messages Part 4: Codec configuration representation Part 5: Bitstream Syntax Description Language (BSDL) Part 7: Common encryption in ISO base media file format files Par

25、t 8: Coding-independent code points Part 9: Common encryption of MPEG-2 transport streams Part 10: Carriage of timed metadata metrics of media in ISO base media file format Part 11: Energy-efficient media consumption (green metadata) Part 12: Sample variants in the ISO base media file format ISO/IEC

26、 2016 All rights reserved vBS ISO/IEC 23001-7:2016ISO/IEC 23001-7:2016(E) Introduction Common Encryption specifies standard encryption and key mapping methods that can be utilized to enable decryption of the same file using different Digital Rights Management (DRM) and key management systems. It ope

27、rates by defining encryption algorithms and encryption-related metadata necessary to decrypt the protected streams, yet it leaves the details of rights mappings, key acquisition and storage, DRM content protection compliance rules, etc., up to the DRM system or systems. For instance, DRM systems is

28、intended to support identifying the decryption key via stored key identifiers (KIDs), but how each DRM system protects and locates the KID identified decryption key is left to a DRM-specific method. DRM-specific information such as licenses, rights, and license acquisition information can be stored

29、in an ISO Base Media file using a Protection System Specific Header box (pssh). Each instance of this box stored in the file corresponds to one applicable DRM system identified by a well-known SystemID. DRM licenses or license acquisition information need not be stored in the file in order to look u

30、p a separately delivered key using a KID stored in the file and decrypt media samples using the encryption parameters stored in each track. The second edition of this part of ISO/IEC 23001 added XML representations of Common Encryption parameters for delivery in XML documents, such as an MPEG DASH M

31、edia Presentation Description Documents (MPD). The second edition also defined the cbc1 protection scheme using AES-CBC mode encryption. The third edition added cbcs and cens protection schemes for pattern encryption, which encrypt only a fraction of the data Blocks within each video Subsample prote

32、cted. Pattern encryption reduces the computational power required by devices to decrypt video tracks.vi ISO/IEC 2016 All rights reservedBS ISO/IEC 23001-7:2016Information technology MPEG systems technologies Part 7: Common encryption in ISO base media file format files 1 Scope This part of ISO/IEC 2

33、3001 specifies common encryption formats for use in any file format based on ISO/IEC 14496-12. File, track, and track fragment metadata is specified to enable multiple digital rights and key management systems (DRMs) to access the same common encrypted file or stream. This part of ISO/IEC 23001 does

34、 not define a DRM system. The AES-128 symmetric block cipher is incorporated by reference to encrypt elementary stream data contained in media samples. Both AES counter mode (CTR) and Cipher Block Chaining (CBC) are specified in separate protection schemes. Partial encryption using a pattern of encr

35、ypted and clear blocks is also specified in separate protection schemes. The identification of encryption keys, Initialization Vector storage and processing is specified for each scheme. Subsample encryption is specified for NAL structured video, such as AVC and HEVC, to enable normal processing and

36、 editing of video elementary streams prior to decryption. An XML representation is specified for important common encryption information so that it can be included in XML files as standard elements and attributes to enable interoperable license and key management prior to media file download. 2 Norm

37、ative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments)

38、 applies. ISO/IEC 1449612, Information technology Coding of audio-visual objects Part 12: ISO Base Media File Format ISO/IEC 1449615, Information technology Coding of audio-visual objects Part 15: Carriage of NAL unit structured video in the ISO Base Media File Format 3 Terms, definitions, and abbre

39、viated terms 3.1 Terms and definitions For the purposes of this document, the following terms and definitions apply. NOTE Words used as defined terms and normative terms (SHALL, SHOULD and MAY) are written in upper case to distinguish them from the same word intending its dictionary definition. 3.1.

40、1 constant IV initialization vector (3.1.3) specified in a sample entry or sample group description that applies to all samples and subsamples (3.1.8) under that sample entry or mapped to that sample group INTERNATIONAL ST ANDARD ISO/IEC 23001-7:2016(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 2

41、3001-7:2016ISO/IEC 23001-7:2016(E) 3.1.2 block 16-byte extent of sample data that may be encrypted or decrypted by the AES-128 block cipher, in which case, a cipher block 3.1.3 initialization vector 8-byte or 16-byte value used in combination with a key and a 16-byte block (3.1.2) of content to crea

42、te the first cipher block in a chain and derive subsequent cipher blocks in a cipher block chain 3.1.4 ISO Base Media File file conforming to the file format described in ISO/IEC 14496-12 in which the techniques in ISO/IEC 23001-7 may be used 3.1.5 NAL unit syntax structure containing an indication

43、of the type of data to follow and bytes containing that data in the form of an RBSP interspersed as necessary with emulation prevention bytes 3.1.6 NAL structured video video streams composed of NAL units (3.1.5) of which the carriage is specified by ISO/IEC 14496-15 3.1.7 protection scheme encrypti

44、on algorithm and information defined in this part of ISO/IEC 23001 and identified by a four character code in an ISO Media tracks Scheme Type Box (schm) 3.1.8 subsample byte range within a sample consisting of an unprotected byte range followed by a protected byte range 3.2 Abbreviated terms AES Adv

45、anced Encryption Standard as specified in Federal Information Processing Stand- ards Publication 197, FIPS-197 AES-CTR AES Counter Mode as specified in Recommendation of Block Cipher Modes of Operation, NIST, NIST Special Publication 800-38A AES-CBC AES Cipher-Block Chaining Mode as specified in Rec

46、ommendation of Block Cipher Modes of Operation, NIST, NIST Special Publication 800-38A AVC Advanced Video Coding as specified in ISO/IEC 14496-10 HEVC High Efficiency Video Coding as specified in ISO/IEC 23008-2 IV Initialization Vector NAL Network Abstraction Layer, as specified in ISO/IEC 14496-10

47、 and ISO/IEC 23008-2 URN Unique Resource Name UUID Universally Unique Identifier2 ISO/IEC 2016 All rights reservedBS ISO/IEC 23001-7:2016ISO/IEC 23001-7:2016(E) 4 Protection schemes 4.1 Scheme type signaling Scheme signaling SHALL conform to ISO/IEC 14496-12. As defined in ISO/IEC 14496-12, the samp

48、le entry is transformed and a Protection Scheme Information Box (sinf) is added to the standard sample entry in the Sample Description Box to denote that a stream is protected. The Protection Scheme Information Box SHALL contain a Scheme Type Box (schm) so that the scheme is identifiable. The Scheme

49、 Type Box SHALL have the following additional constraints: the scheme_type field SHALL be set to a value equal to a four character code defined in Clause 10; the scheme_version field SHALL be set to 0x00010000 (Major version 1, Minor version 0). The Protection Scheme Information Box SHALL also contain a Scheme Information Box (schi). The Scheme Information Box SHALL contain a Track Encryption Box (tenc), describing the default encryp