ETSI TS 104 002 V1.1.1 (2023-08)

ETSI TS 104 002 V1.1.1 (2023-08)






TECHNICAL SPECIFICATION
Publicly Available Specification (PAS);
DASH-IF Forensic A/B Watermarking
An interoperable watermarking integration schema




CAUTION
The present document has been submitted to ETSI as a PAS produced by DASH-IF and
approved by the Joint Technical Committee (JTC) Broadcast of the European Broadcasting Union (EBU), Comité Européen de
Normalisation ELECtrotechnique (CENELEC) and the European Telecommunications Standards Institute (ETSI).
DASH-IF is owner of the copyright of the document DASH-IF CPIX and/or had all relevant rights and had assigned said rights to
ETSI on an "as is basis". Consequently, to the fullest extent permitted by law, ETSI disclaims all warranties whether express,
implied, statutory or otherwise including but not limited to merchantability, non-infringement of any intellectual property rights of
third parties. No warranty is given about the accuracy and the completeness of the content of the present document.

---------------------- Page: 1 ----------------------
2 ETSI TS 104 002 V1.1.1 (2023-08)

Reference
DTS/JTC-118
Keywords
broadband, CDN, DASH, DRM, internet, PAS

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
and/or governmental
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2023.
© European Broadcasting Union 2023.
All rights reserved.

ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 104 002 V1.1.1 (2023-08)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 6
Executive summary . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definition of terms, symbols and abbreviations . 8
3.1 Terms . 8
3.2 Symbols . 8
3.3 Abbreviations . 8
4 OTT Watermarking Using Variants . 9
5 Server-Driven Architecture and Workflows . 10
5.1 Introduction . 10
5.2 Functional Architecture . 10
5.3 System Configuration . 11
5.4 WM Token . 12
5.5 WMPaceInfo . 14
5.5.1 Introduction. 14
5.5.2 WMPaceInfo Data . 14
5.5.3 Conveying WMPaceInfo . 14
5.5.3.1 Introduction . 14
5.5.3.2 Sidecar File . 15
5.5.3.3 HTTP Header . 16
5.5.3.4 ISOBMFF Box . 17
5.5.3.5 SEI Message . 18
5.5.3.6 TS Adaptation Field . 18
5.6 Content Preparation . 18
5.6.1 Introduction. 18
5.6.2 Encoding Recommendations . 19
5.6.3 Delivering Content and WMPaceInfo from the Encoder to the Packager . 19
5.6.4 Segment Ingress Path Structure on the Origin . 20
5.6.4.1 Introduction . 20
5.6.4.2 Locating the Variants . 20
5.6.4.3 Locating the Sidecar File . 23
5.6.5 Packaging Recommendations . 24
5.7 Content Playback . 25
5.7.1 Introduction. 25
5.7.2 Dynamic Ad Insertion . 25
5.7.3 WM Token, DASH Manifest and HLS Playlists Acquisition . 26
5.7.4 Initialization Segment Acquisition . 27
5.7.5 Media Segments and WMPaceInfo Acquisition . 27
5.7.5.1 General Requirements . 27
5.7.5.2 WMPaceInfo Acquisition . 28
5.7.5.3 Discrete Files. 28
5.7.5.4 Byterange . 31
5.8 Monitoring and Watermark Detection . 33
Annex A (normative): Vendor Specific Core API . 34
A.1 Introduction . 34
A.2 Edge-Vendor Specific API . 34
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 104 002 V1.1.1 (2023-08)
Annex B (informative): Examples of Workflows . 35
B.1 Introduction . 35
B.2 Live Content Flows . 35
B.3 VOD Content Flows . 37
Annex C (normative): Registration Requests . 38
C.1 General . 38
C.2 IANA Considerations . 38
C.3 MP4RA Registration . 40
Annex D (informative): Code for Web Sequence Diagram . 41
D.1 Introduction . 41
D.2 Figure 3 . 41
D.3 Figure 5 . 41
D.4 Figure 6 . 42
D.5 Figure 7 . 42
Annex E (informative): Change History . 44
History . 45


ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 104 002 V1.1.1 (2023-08)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the
®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This Technical Specification (TS) has been produced by Joint Technical Committee (JTC) Broadcast of the European
Broadcasting Union (EBU), Comité Européen de Normalisation ELECtrotechnique (CENELEC) and the European
Telecommunications Standards Institute (ETSI).
The present document had initially been prepared by DASH-IF (http://dashif.org) and was sent to ETSI under the PAS
agreement.
Comments on the present document may be provided at https://github.com/Dash-Industry-Forum/Watermarking/issues.
NOTE: The EBU/ETSI JTC Broadcast was established in 1990 to co-ordinate the drafting of standards in the
specific field of broadcasting and related fields. Since 1995 the JTC Broadcast became a tripartite body
by including in the Memorandum of Understanding also CENELEC, which is responsible for the
standardization of radio and television receivers. The EBU is a professional association of broadcasting
organizations whose work includes the co-ordination of its members' activities in the technical, legal,
programme-making and programme-exchange domains. The EBU has active members in about
60 countries in the European broadcasting area; its headquarters is in Geneva.
European Broadcasting Union
CH-1218 GRAND SACONNEX (Geneva)
Switzerland
Tel: +41 22 717 21 11
Fax: +41 22 717 24 81

ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 104 002 V1.1.1 (2023-08)
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Executive summary
The present document describes proposed architecture and API for supporting forensic watermarking for Over The Top
(OTT) on content that is delivered in an Adaptive Bit Rate (ABR) format. To the possible extend, the proposed
solutions do not make assumptions on the ABR technology that is being used, it can be for example, DASH or HLS.
While digital watermarking can be used for different use cases, the present document focuses on forensic use cases. In
this context, it is used to define the origin of content leakage. the watermarking technology modifies media content in a
robust and invisible way in order to encode a unique identifier, e.g. a unique session ID. The embedded watermark
provides means to identify where the media content, that has been redistributed without authorization, is coming from.
In other words, the watermark is used to forensically trace the origin of content leakage.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 104 002 V1.1.1 (2023-08)
1 Scope
The present document specifies DASH-IF Forensic A/B Watermarking.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long-term validity.
The following referenced documents are necessary for the application of the present document.
[1] ISO/IEC 23009-1:2022: "Information technology -- Dynamic adaptive streaming over HTTP
(DASH) -- Part 1: Media presentation description and segment formats".
[2] ISO/IEC 13818-1:2019: "Information technology -- Generic coding of moving pictures and
associated audio information -- Part 1: Systems".
[3] IETF Internet Draft draft-pantos-hls-rfc8216bis-12: "HTTP Live Streaming 2nd Edition",
R. Pantos.
[4] IETF RFC 8949: "Concise Binary Object Representation (CBOR)", C. Bormann, P. Hoffman,
December 2020.
[5] IETF RFC 8610: Concise Data Definition Language (CDDL): A Notational Convention to Express
Concise Binary Object Representation (CBOR) and JSON Data Structures", H. Birkholz, C.
Vigano, C. Bormann, June 2019.".
[6] IETF RFC 8392: "CBOR Web Token (CWT)", M. Jones, E. Wahlstroem, S. Erdtman, H.
Tschofenig. May 2018.
[7] IETF RFC 4648: "The Base16, Base32, and Base64 Data Encodings", S. Josefsson, October 2006.
[8] UHD Forum: "Watermarking API for Encoder Integration, version 1.0.1", March 2021.
[9] IEEE Std 1003.1™ 2018 Edition, The Open Group Base Specifications Issue 7, 31 January 2018.
[10] DASH-IF registry of watermarking technology vendors IDs.
[11] IETF RFC 9053: "CBOR Object Signing and Encryption (COSE): Initial Algorithms", J. Schaad,
August 2022.
[12] IANA: "CBOR Web Token (CWT) Claims".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 104 002 V1.1.1 (2023-08)
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] DASH-IF Live Media Ingest Protocol.
[i.2] Web Sequence Diagram.
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
client-driven watermarking: action of watermarking content when the user device is performing some actions
allowing it to make unique requests for content
NOTE: The user device embeds a watermarking agent that is integrated with the application.
client-side watermarking: action of watermarking when the user device is the sole responsible for doing the actual
watermarking of content
NOTE: The user device embeds a watermarking agent that is integrated with the audio-visual rendering engine.
server-driven watermarking: action of watermarking content when the user device is not performing any other
operation than conveying information such as tokens, between servers that are responsible for doing the actual
watermarking of content that is delivered to the user device
sequencing: action of returning a Variant of a segment when it is requested, based on a watermark token
NOTE: Typically, this action is performed on a CDN edge server and is thus referred to as "edge sequencing".
variant: alternative representation of a given segment of a multimedia asset
NOTE: Typically, a Variant is a pre-watermarked version of the segment.
WaterMark (WM) pattern: series of A/B decisions for every segment that is unique per user device
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
ABR Adaptive Bit Rate
AES Advanced Encryption Standard
AF Adaptation Field
API Application Programming Interface
AVC Advanced Video Codec
CBOR Concise Binary Object Representation
CDDL Concise Data Definition Language
CDN Content Delivery Network
CMAF Common Media Application Format
COSE CBOR Object Signing and Encryption
CPU Central Processing Unit
CWT CBOR Web Token
DAI Dynamic Ad Insertion
DASH Dynamic Adaptive Streaming over HTTP
DRM Digital Rights Management
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TS 104 002 V1.1.1 (2023-08)
ECDH Elliptic Curve Diffie-Hellman
HEVC High Efficiency Video Coding
HLS HTTP Live Streaming
HMAC keyed-Hashing for Message AuthentiCation
HTTP Hypertext Transfer Protocol
IANA Internet Assigned Numbers Authority
IOP InterOPerability
IP Internet Protocol
ISOBMFF ISO Base Media File Format
JITP Just In Time Packager
JSON JavaScript Object Notation
JWT JSON Web Token
MPD Media Presentation Description
NAL Network Abstraction Layer
OTT Over The Top
RIST Reliable Internet Stream Transport
RTMP Real-Time Messaging Protocol
RTP Real Time Protocol
SEI Supplemental Enhancement Information
SRT Secure Reliable Transport
TS Transport Stream
TV TeleVision
UDP User Datagram Protocol
UHD Ultra-High Definition
URI Uniform Resource Identifier
URL Uniform Resource Locator
UUID Universally Unique IDentifier
VOD Video On Demand
WM WaterMark
WMID WaterMark IDentifier
WMT WaterMark Token
4 OTT Watermarking Using Variants
The objective of forensic watermarking is to deliver a unique version of a media asset to the different users consuming
the asset. This is somewhat in opposition with media delivery mechanisms that aim at delivering the same asset to all
users for efficiency purposes. As a result, in the broadcast era, a typical approach was to perform the watermarking
operation at the very last step of the media delivery pipeline, within the end user device e.g. a set-top box. This solution
has the virtue of leaving the whole media delivery pipeline unaltered but raises security and interoperability challenges
when a large variety of devices owned and operated by the end user shall be supported. This is for instance the case
with Over The Top (OTT) media delivery where content is consumed on mobile phones, tablets, laptops, connected
TVs, etc. As a result, new forensic watermarking solutions have gained momentum that do not perform security-
sensitive and complex operations in the end user realm. While such approaches require minimal changes in the end-user
devices, they do mandate the media delivery pipeline to be modified accordingly.
A notable example of such network-side watermarking solutions is OTT watermarking using Variants for Adaptive Bit
Rate (ABR) content. In this case, the content is delivered by segments. The baseline idea is then to generate
pre-watermarked Variants of each segment and to modify the delivery protocol so that each end user receives a unique
sequence of Variants depending on a watermark pattern that has been assigned to the end user. The semantic of this
pattern is context dependent and can be, for instance, a device identifier, an account identifier, a session identifier, etc.
Figure 1 illustrates a particular case of this strategy, coined as A/B watermarking, where there are two Variants
generated for each segment, each Variant containing a watermark that either encodes the information '0' or '1'. As a
result, the watermarking system will require the transmission of a sequence of Variants as long as the length of the
pattern to successfully recover the whole unique identifier.
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TS 104 002 V1.1.1 (2023-08)
Alice
Ingest
Deliver
Bob
Charlie
Original asset
ABR segments at different
Sequence of ABR segments
bitrates
(a) received by three users
Alice
Ingest Deliver
Bob
Original asset Charlie
A/B Variants of ABR segments at
Unique sequence of A/B Variants
different bitrates
received by three users
(b)

Figure 1: A/B watermarking concept with (a) ABR content delivery and (b) A/B Variants delivery
When using Variants, the serialization process essentially boils down to delivering a unique sequence of Variants to
each individual end user. There are two main families of methods to achieve this:
1) Server-driven methods, wherein the client does perform no operation related to watermarking. It simply
fetches and forwards a token to the CDN that is responsible for delivering a unique sequence of Variants.
2) Client-driven methods, wherein the client is responsible for the serialization operation. For instance, it relies
on some session-based digital object to tamper the URI ABR segments and thereby directly query a unique
sequence of Variants from the CDN.
The present document is describing the server-driven methods. Client-driven methods are not part of the present
document.
5 Server-Driven Architecture and Workflows
5.1 Introduction
In the server-driven architecture, the device is unaware that content it consumes is watermarked. The device only
exchanges a token with servers allowing these servers, usually CDN edges, to make the decision on which A or B
Variant it delivers to the device. In the present document, an end-to-end system is presented. It includes the definition of
watermarking metadata that limits the need for naming conventions by allowing the encoder to send this metadata all
...