iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC FDIS 23001-7

(Main)

Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files

Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files

ISO/IEC 23001-7:2016 specifies common encryption formats for use in any file format based on ISO/IEC 14496‑12. File, track, and track fragment metadata is specified to enable multiple digital rights and key management systems (DRMs) to access the same common encrypted file or stream. This part of ISO/IEC 23001 does not define a DRM system. The AES-128 symmetric block cipher is incorporated by reference to encrypt elementary stream data contained in media samples. Both AES counter mode (CTR) and Cipher Block Chaining (CBC) are specified in separate protection schemes. Partial encryption using a pattern of encrypted and clear blocks is also specified in separate protection schemes. The identification of encryption keys, Initialization Vector storage and processing is specified for each scheme. Subsample encryption is specified for NAL structured video, such as AVC and HEVC, to enable normal processing and editing of video elementary streams prior to decryption. An XML representation is specified for important common encryption information so that it can be included in XML files as standard elements and attributes to enable interoperable license and key management prior to media file download.

Technologies de l'information — Technologies des systèmes MPEG — Partie 7: Cryptage commun des fichiers au format de fichier de médias de la base ISO

General Information

Status
Not Published
ICS
35.040.40 - Coding of audio, video, multimedia and hypermedia information
Technical Committee
ISO/IEC JTC 1/SC 29 - Coding of audio, picture, multimedia and hypermedia information
Drafting Committee
ISO/IEC JTC 1/SC 29 - Coding of audio, picture, multimedia and hypermedia information
Current Stage
5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Start Date
10-May-2023
Completion Date
10-May-2023
Ref Project

Relations

Revises
ISO/IEC 23001-7:2016 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files
Effective Date
06-Jun-2022
Revises
ISO/IEC 23001-7:2016/Amd 1:2019 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files — Amendment 1: AES-CBC-128 and key rotation
Effective Date
06-Jun-2022

Buy Standard

REDLINE ISO/IEC FDIS 23001-7 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files Released:26. 04. 2023REDLINE ISO/IEC FDIS 23001-7 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files Released:26. 04. 2023
PreviousNext
Draft
REDLINE ISO/IEC FDIS 23001-7 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files Released:26. 04. 2023
English language
42 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC FDIS 23001-7 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files Released:26. 04. 2023ISO/IEC FDIS 23001-7 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files Released:26. 04. 2023
PreviousNext
Draft
ISO/IEC FDIS 23001-7 - Information technology — MPEG systems technologies — Part 7: Common encryption in ISO base media file format files Released:26. 04. 2023
English language
42 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

ISO/IEC JTC 1/SC 29
Date: 2021-10-29
ISO/IEC 23001-7:2021(E)
ISO/IEC JTC 1/SC 29/WG 3
Date: 2023-02-08
ISO/IEC FDIS 23001-7:2023(E)
ISO/IEC JTC 1/SC 29/WG 3
Secretariat: JISCJISC
Information technology — MPEG systems technologies — Part 7: Common
encryption in ISO base media file format files
Élément introductif — Élément central — Partie 7: Titre de la partie
Document type:
Document subtype:
Document stage:
Document language:
---------------------- Page: 1 ----------------------

Information technology — MPEG systems technologies — Part 7: Common encryption in

ISO base media file format files
Élément introductif — Élément central — Partie 7: Titre de la partie
Document type:
Document subtype:
Document stage:
Document language:
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
© ISO 2023

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no

part of this publication may be reproduced or utilized otherwise in any form or by any means,

electronic or mechanical, including photocopying, or posting on the internet or an intranet, without

prior written permission. Permission can be requested from either ISO at the address below or

ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2023 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Contents Page

Foreword ............................................................................................................................................................... viivii

Introduction ............................................................................................................................................................... ix Field Code Changed

1 Scope .............................................................................................................................................................. 1x

2 Normative references ............................................................................................................................... 11

3 Terms, definitions and abbreviated terms ........................................................................................ 22

3.1 Terms and definitions .............................................................................................................................. 22

3.2 Abbreviated terms .................................................................................................................................... 33

4 Protection schemes ................................................................................................................................... 33

4.1 Scheme type signalling ............................................................................................................................. 33

4.2 Common encryption scheme types ...................................................................................................... 44

5 Overview of encryption metadata ........................................................................................................ 44

6 Encryption parameters shared by groups of samples ..................................................................... 5 Field Code Changed

7 Common encryption sample auxiliary information ....................................................................... 77

7.1 Definition ..................................................................................................................................................... 77

7.2 Sample encryption information box for storage of sample auxiliary information ................ 9 Field Code Changed

7.2.1 Sample encryption box ............................................................................................................................ 99

8 Box Definitionsdefinitions ................................................................................................................. 1212

Field Code Changed

8.1 Protection system specific header box ............................................................................................... 12

8.1.1 Definition ..................................................................................................................................................... 12

Field Code Changed

8.1.2 Syntax ............................................................................................................................................................ 13

Field Code Changed

8.1.3 Semantics ..................................................................................................................................................... 13

Field Code Changed

8.2 Track Encryption box ............................................................................................................................... 14

Field Code Changed

8.2.1 Definition ..................................................................................................................................................... 14

Field Code Changed

8.2.2 Syntax ............................................................................................................................................................ 14

8.2.3 Semantics ..................................................................................................................................................... 15 Field Code Changed

8.3 Item encryption box .................................................................................................................................. 15

Field Code Changed

8.3.1 Definition ..................................................................................................................................................... 15

Field Code Changed

8.3.2 Syntax ............................................................................................................................................................ 16

Field Code Changed

8.3.3 Semantics ..................................................................................................................................................... 17

Field Code Changed

8.4 Item auxiliary information box ............................................................................................................. 17

Field Code Changed

8.4.1 Definition ..................................................................................................................................................... 17

8.4.2 Syntax ............................................................................................................................................................ 18 Field Code Changed

8.4.3 Semantics ..................................................................................................................................................... 18

Field Code Changed
Field Code Changed

9 Encryption of media data ........................................................................................................................ 19

9.1 Field semantics ........................................................................................................................................... 19

Field Code Changed

9.2 Initialization vectors ................................................................................................................................ 20

Field Code Changed

9.3 AES-CTR mode counter operation ........................................................................................................ 21

Field Code Changed

9.4 Full sample encryption ............................................................................................................................ 21

Field Code Changed

9.4.1 General .......................................................................................................................................................... 21

Field Code Changed

9.4.2 Full sample encryption using AES-CTR mode ................................................................................... 22

Field Code Changed

9.4.3 Full sample encryption using AES-CBC mode ................................................................................... 22

9.5 Subsample encryption ........................................................................................................................ 2323

Field Code Changed

9.5.1 Definition (normative) ........................................................................................................................ 2323

Field Code Changed

9.5.2 Subsample encryption of NAL structured video tracks ............................................................ 2525

Field Code Changed

9.6 Pattern encryption ............................................................................................................................... 3131

9.6.1 Definition ................................................................................................................................................ 3131

9.6.2 Example of pattern encryption applied to a video NAL unit ........................................................ 32 Field Code Changed

iv © ISO/IEC 2023 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC FDIS 23001-7:2023(E)

9.7 Whole-block full sample encryption ................................................................................................... 33 Field Code Changed

9.8 Content sensitive encryption ................................................................................................................. 33

Field Code Changed

9.8.1 Definition ..................................................................................................................................................... 33

Field Code Changed

9.8.2 Content sensitive encryption applied to a video NAL unit ...................................................... 3333

10 Protection scheme definitions .............................................................................................................. 34 Field Code Changed

10.1 'cenc' AES-CTR scheme ............................................................................................................................. 34

Field Code Changed

10.2 'cbc1' AES-CBC scheme ............................................................................................................................. 35

Field Code Changed

10.3 'cens' AES-CTR subsample pattern encryption scheme ........................................................... 3636

10.4 'cbcs' AES-CBC subsample pattern encryption scheme ............................................................ 3636

10.4.1 Definition ................................................................................................................................................ 3636

10.4.2 'cbcs' AES-CBC mode pattern encryption scheme application (Informative) ............... 3737

10.5 'sve1' AES-CTR sensitive encryption scheme .......................................................................... 3838

11 XML representation of Common Encryption parameters ....................................................... 3838

11.1 IntroductionGeneral ............................................................................................................................ 3838

11.2 Definition of the XML cenc:default_KID attribute and cenc:pssh element ..................... 38 Field Code Changed

11.3 Use of the cenc:default_KID attribute and cenc:pssh element in DASH

ContentProtection Descriptor elements ............................................................................................ 39 Field Code Changed

11.3.1 IntroductionGeneral ............................................................................................................................ 3939

11.3.2 Addition of cenc:default_KID attributes in DASH ContentProtection Descriptors ............... 40 Field Code Changed

11.3.3 Addition of the cenc:pssh element in Protection System Specific UUID

ContentProtection Descriptors ............................................................................................................. 41 Field Code Changed

11.3.4 Example of two Content Protection Descriptors in an MPD ................................................... 4141

Annex A (normative) Content sensitive encryption scheme ................................................................. 4343

A.1 Code-words containing bits selected for encryption for MPEG-4/AVC CAVLC ...................... 43

A.1.1 General .......................................................................................................................................................... 43

A.1.2 Slice QP Delta .............................................................................................................................................. 43

A.1.3 Macroblock type ........................................................................................................................................ 43

A.1.4 PCM sample Luma and Chroma ............................................................................................................. 45

A.1.5 Macroblock QP Delta ................................................................................................................................ 45

A.1.6 Prediction Intra Luma .............................................................................................................................. 45

A.1.7 Prediction Intra Chroma ......................................................................................................................... 45

A.1.8 Motion prediction reference .................................................................................................................. 46

A.1.9 Motion prediction vector ........................................................................................................................ 47

A.1.10 Trailing ones ............................................................................................................................................... 47

A.1.11 Level Suffix ................................................................................................................................................... 47

A.1.12 Total zeros ................................................................................................................................................... 47

A.1.13 Run Before ................................................................................................................................................... 48

A.2 Code-words containing bins selected for encryption for MPEG-4/AVC CABAC ..................... 49

A.2.1 PCM sample Luma and Chroma ............................................................................................................. 49

A.2.2 Absolute value of coefficient level ........................................................................................................ 49

A.2.3 Motion prediction vector ........................................................................................................................ 50

A.2.4 Sign of coefficient level ............................................................................................................................ 51

A.3 Code-words containing bins selected for encryption MPEG-H/HEVC ...................................... 51

© ISO/IEC 2023 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC FDIS 23001-7:2023(E)

A.3.1 Motion vector difference ......................................................................................................................... 51

A.3.2 Motion vector difference sign ................................................................................................................ 52

A.3.3 Delta QP sign syntax element ................................................................................................................. 52

A.3.4 Transform coefficient sign ...................................................................................................................... 52

Bibliography ......................................................................................................................................................... 5353

vi © ISO/IEC 2023 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical activity.

ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work. In the field of information technology, ISO and IEC have established a joint technical committee,

ISO/IEC JTC 1.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of document should be noted. This document was drafted in accordance with the editorial

rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives Directives, Part 2 (see

www.iso.org/directives or www.iec.ch/members_experts/refdocs).

Attention is drawnISO and IEC draw attention to the possibility that some of the elementsimplementation

of this document may beinvolve the subjectuse of (a) patent rights. ISO and IEC (s). ISO and IEC take no

position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof.

As of the date of publication of this document, ISO and IEC had not received notice of (a) patent(s) which

may be required to implement this document. However, implementers are cautioned that this may not

represent the latest information, which may be obtained from the patent database available at

www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held responsible for identifying

any or all such patent rights. Details of any patent rights identified during the development of the

document will be in the Introduction and/or on the ISO list of patent declarations received (see

www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation onof the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the World

Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: Foreword - Supplementary informationwww.iso.org/iso/foreword.html. In the IEC, see

www.iec.ch/understanding-standards.

The committee responsible for thisThis document iswas prepared by Joint Technical Committee

ISO/IEC JTC 1, Information technology, Subcommittee SC 29, Coding of audio, picture, multimedia and

hypermedia information.

This thirdfourth edition cancels and replaces the secondthird edition (ISO/IEC 23001-7:20152016),

which has been technically revised.

It also incorporates the Amendment ISO/IEC 23001 consists of the following parts, under the general

title Information technology — MPEG systems technologies:-7:2016/Amd 1:2019.
— Part 1: Binary MPEG format for XML
— Part 2: Fragment request units
— Part 3: XML IPMP messages
— Part 4: Codec configuration representation
© ISO/IEC 2023 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
— Part 5: Bitstream Syntax Description Language (BSDL)
— Part 7: CommonThe main changes are as follows:
Addition of:

— item encryption in ISO base , which allows image items to use protection schemes defined for media

file format filestracks,
— Part 8: Coding-independent code points
— Part 9: Common encryption of MPEG-2 transport streams

— Part 10: Carriage of timed metadata metrics of media— support for multiple keys and IVs per

protected sample,

— 'sve1' sensitive encryption scheme, a codec-specific encryption scheme for which the encrypted

bitstream remains a valid decodable bitstream,
— improved selective encryption using sample groups
A list of all parts in the ISO base media file format
— Part 11: Energy-efficient media consumption (green metadata)

— Part 12: Sample variants in/IEC 23001 series can be found on the ISO base media file formatand IEC

websites.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-

committees.
viii © ISO/IEC 2023 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Introduction

Common Encryption specifies encryption and key mapping methods that enable decryption of the same

file using different Digital Rights Management (DRM) and key management systems. It defines encryption

algorithms and encryption related metadata necessary to decrypt the protected streams, yet it leaves the

details of rights mappings, key acquisition and storage, DRM content protection compliance rules, etc., up

to the DRM system or systems. For instance, DRM systems necessarily support identifying the decryption

key via stored key identifiers (KIDs), but how each DRM system protects and locates the KID identified

decryption key is left to a DRM-specific method.

DRM specific information such as licenses, rights, and license acquisition information can be stored in an

ISO Base Media file using a ProtectionSystemSpecificHeaderBox. Each instance of this box

stored in the file corresponds to one applicable DRM system identified by a well-known SystemID. DRM

licenses or license acquisition information need not be stored in the file in order to look up a separately

delivered key using a KID stored in the file and decrypt media samples using the encryption parameters

stored in each track.

The second edition of this document added XML representations of Common Encryption parameters for

delivery in XML documents, such as an MPEG DASH Media Presentation Description Documents (MPD).

The second edition also defined the 'cbc1' protection scheme using AES-CBC mode encryption.

The third edition added 'cbcs' and 'cens' protection schemes for pattern encryption, which encrypt

only a fraction of the data blocks within each video subsample protected. Pattern encryption reduces the

computational power required by devices to decrypt video tracks.
The additions in this fourth edition added:are listed in the Foreword.
item
© ISO/IEC 2023 – All rights reserved ix
---------------------- Page: 9 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Information technology — MPEG systems technologies — Part 7:
Common encryption, which allows image items to use protection
schemes defined for in ISO base media tracks,file format files
− support for multiple keys and IVs per protected sample,

− 'sve1' sensitive encryption scheme, a codec-specific encryption scheme for which the

encrypted bitstream remains a valid decodable bitstream,
− improved selective encryption using sample groups.
x © ISO/IEC 2023 – All rights reserved
---------------------- Page: 10 ----------------------
FINAL DRAFT INTERNATIONAL STANDARDFINAL ISO/IEC 23001-7:2021(E)ISO/IEC FDIS
DRAFT INTERNATIONAL STANDARD 23001-7:2023(E)
1 Scope

Part 7 of ISO/IEC 23001This document specifies common encryption formats for use in any file format

based on ISO/IEC 14496-12, ISO Base Media File Format. File, item, track, and track fragment metadata

is specified to enable multiple digital rights and key management systems (DRMs) to access the same

common encrypted file or stream. This document does not define a DRM system.

The AES-128 symmetric block cipher is used to encrypt elementary stream data contained in media

samples. Both AES counter mode (CTR) and Cipher Block Chaining (CBC) are specified in separate

protection schemes. Partial encryption using a pattern of encrypted and clear blocks is also specified in

separate protection schemes. The identification of encryption keys, initialization vector storage and

processing is specified for each scheme.

Subsample encryption is specified for NAL structured video, such as AVC and HEVC, to enable normal

processing and editing of video elementary streams prior to decryption.

An XML representation is specified for important common encryption information so that it can be

included in XML files as standard elements and attributes to enable interoperable license and key

management prior to media file download.
2 Normative references

The following documents, are referred to in wholethe text in such a way that some or in part, are

normatively referenced inall of their content constitutes requirements of this document and are

indispensable for its application. For dated references, only the edition cited applies. For undated

references, the latest edition of the referenced document (including any amendments) applies.

ITU-T Rec.H.264 | ISO/IEC 14496--10, Information technology — Coding of audio-visual objects — Part

10: Advanced Video Coding

ISO/IEC 14496--12, Information technology — Coding of audio-visual objects — Part 12: ISO Base Media

File Format

ISO/IEC 14496--15, Information technology — Coding of audio-visual objects — Part 15: Carriage of

network abstraction layer (NAL) unit structured video in the ISO Base Media File Formatbase media file

format

ISO/IEC 23008--2, Information technology – Coding of audio-visual objects – Part 2: High Efficiency Video

Coding (HEVC)

ISO/IEC 23008--12, Information technology –— High efficiency coding and media delivery in

heterogeneous environments –— Part 12: Image File Format (HEIF)
IETF RFC 4122, A Universally Unique IDentifier (UUID) URN Namespace

FIPS-197, Advanced Encryption Standard, Federal Information Processing Standards Publication 197,

FIPS-197, http://www.nist.gov/https://www.nist.gov/

NIST Special Publication 800-38A, Recommendation of Block Cipher Modes of Operation, NIST, NIST

Special Publication 800-38A, http://www.nist.gov/https://www.nist.gov/
IETF RFC 4122, A Universally Unique IDentifier (UUID) URN Namespace, July 2005
---------------------- Page: 11 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
3.1.1
block

16-byte extent of sample data that may be encrypted or decrypted by AES-128 block cipher

Note 1 to entry: This is commonly known as a cipher block.
3.1.2
CENC SAI

sample auxiliary information associated with a sample and containing cryptographic information such as

initialization vector or subsample information

Note 1 to entry: The sample auxiliary information is defined in ISO/IEC 14496-12, and is not part of the sample data.

3.1.3
constant IV

initialization vector specified in a sample entry or sample group description that applies to all samples

and subsamples under that sample entry or mapped to that sample group
3.1.4
initialization vector

8 or 16-byte value used in combination with a key and a block to create the first cipher block in a chain,

and derive subsequent cipher blocks in a cipher block chain
3.1.5
NAL unit

syntax structure containing an indication of the type of data to follow and bytes containing that data in

the form of an RBSP interspersed as necessary with emulation prevention bytes
3.1.6
NAL structured video
video streams composed of NAL Units
Note 1 to entry: The carriage of NAL Units is specified in ISO/IEC 14496-15
3.1.7
---------------------- Page: 12 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
protection scheme

encryption algorithm and information identified by the scheme_type in a SchemeTypeBox in a

ProtectionSchemeInfoBox
3.1.8
sample

media sample when the protection applies to media tracks, or the payload of an item when the protection

applies to items
Note 1 to entry: Media sample as defined in ISO/IEC 14496-12.
Note 2 to entry: Payload of an item as defined in ISO/IEC 14496-12.
3.1.9
selective encryption

change in the isProtected value of samples associated with the same sample description entry

Note 1 to entry: this This is achieved using CencSampleEncryptionInformationGroupEntry

sample groups.
3.1.10
subsample

byte range within a sample consisting of an unprotected part immediately followed by a protected part

3.2 Abbreviated terms

For the purposes of this International Standard, the following abbreviated terms apply.

AES Advanced Encryption Standard
AES-CTR AES Counter
AES-CBC AES Cipher-Block Chaining
AVC Advanced Video Coding as
...

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
23001-7
ISO/IEC JTC 1/SC 29
Information technology — MPEG
Secretariat: JISC
systems technologies —
Voting begins on:
2023-05-10
Part 7:
Voting terminates on:
Common encryption in ISO base media
2023-07-05
file format files
Technologies de l'information — Technologies des systèmes MPEG —
Partie 7: Cryptage commun des fichiers au format de fichier de
médias de la base ISO
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 23001-7:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 1 ----------------------
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
23001-7
ISO/IEC JTC 1/SC 29
Information technology — MPEG
Secretariat: JISC
systems technologies —
Voting begins on:
Part 7:
Voting terminates on:
Common encryption in ISO base media
file format files
Technologies de l'information — Technologies des systèmes MPEG —
Partie 7: Cryptage commun des fichiers au format de fichier de
médias de la base ISO
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 23001­7:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
© ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction .............................................................................................................................................................................................................................. vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ..................................................................................................................................................................................... 1

3 Terms, definitions and abbreviated terms .............................................................................................................................. 2

3.1 Terms and definitions ...................................................................................................................................................................... 2

3.2 Abbreviated terms .............................................................................................................................................................................. 3

4 Protection schemes ........................................................................................................................................................................................... 3

4.1 Scheme type signalling ................................................................................................................................................................... 3

4.2 Common encryption scheme types ...................................................................................................................................... 4

5 Overview of encryption metadata .................................................................................................................................................... 4

6 Encryption parameters shared by groups of samples ................................................................................................. 4

7 Common encryption sample auxiliary information ...................................................................................................... 6

7.1 Definition ..................................................................................................................................................................................................... 6

7.2 Sample encryption information box for storage of sample auxiliary information .................... 7

7.2.1 Sample encryption box — Definition ............................................................................................................... 7

7.2.2 Syntax ........................................................................................................................................... ................................................ 8

7.2.3 Semantics .................................................................................................................................................................................. 8

8 Box definitions ....................................................................................................................................................................................................... 9

8.1 Protection system specific header box ............................................................................................................................. 9

8.1.1 Definition .................................................................................................................................................................................. 9

8.1.2 Syntax ........................................................................................................................................................................................ 10

8.1.3 Semantics ............................................................................................................................................................................... 10

8.2 Track Encryption box .................................................................................................................................................................... 10

8.2.1 Definition ............................................................................................................................................................................... 10

8.2.2 Syntax ........................................................................................................................................................................................ 11

8.2.3 Semantics ............................................................................................................................................................................... 11

8.3 Item encryption box........................................................................................................................................................................ 11

8.3.1 Definition ............................................................................................................................................................................... 11

8.3.2 Syntax ........................................................................................................................................... .............................................12

8.3.3 Semantics ............................................................................................................................................................................... 12

8.4 Item auxiliary information box.............................................................................................................................................13

8.4.1 Definition ...............................................................................................................................................................................13

8.4.2 Syntax ........................................................................................................................................... .............................................13

8.4.3 Semantics ............................................................................................................................................................................... 13

9 Encryption of media data ........................................................................................................................................................................14

9.1 Field semantics .................................................................................................................................................................................... 14

9.2 Initialization vectors ...................................................................................................................................................................... 15

9.3 AES­CTR mode counter operation ..................................................................................................................................... 16

9.4 Full sample encryption ................................................................................................................................................................ 16

9.4.1 General ..................................................................................................................................................................................... 16

9.4.2 Full sample encryption using AES-CTR mode ...................................................................................... 16

9.4.3 Full sample encryption using AES-CBC mode ....................................................................................... 17

9.5 Subsample encryption .................................................................................................................................................................. 17

9.5.1 Definition ............................................................................................................................................................................... 17

9.5.2 Subsample encryption of NAL structured video tracks ............................................................... 18

9.6 Pattern encryption .......................................................................................................................................................................... 23

9.6.1 Definition ...............................................................................................................................................................................23

9.6.2 Example of pattern encryption applied to a video NAL unit ................................................... 24

9.7 Whole-block full sample encryption ................................................................................................................................ 24

9.8 Content sensitive encryption .................................................................................................................................................. 24

iii
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 3 ----------------------
ISO/IEC FDIS 23001-7:2023(E)

9.8.1 Definition ............................................................................................................................................................................... 24

9.8.2 Content sensitive encryption applied to a video NAL unit ........................................................25

10 Protection scheme definitions ...........................................................................................................................................................26

10.1 'cenc' AES­CTR scheme ................................................................................................................................................................. 26

10.2 'cbc1' AES­CBC scheme .................................................................................................................................................................26

10.3 'cens' AES-CTR subsample pattern encryption scheme ................................................................................. 27

10.4 'cbcs' AES-CBC subsample pattern encryption scheme .................................................................................. 27

10.4.1 Definition ............................................................................................................................................................................... 27

10.4.2 'cbcs' AES-CBC mode pattern encryption scheme application ...........................................28

10.5 'sve1' AES-CTR sensitive encryption scheme .......................................................................................................29

11 XML representation of Common Encryption parameters .....................................................................................29

11.1 General ........................................................................................................................................................................................................29

11.2 Definition of the XML cenc:default_KID attribute and cenc:pssh element...................................29

11.3 Use of the cenc:default_KID attribute and cenc:pssh element in DASH

ContentProtection Descriptor elements .......................................................................................................................30

11.3.1 General .....................................................................................................................................................................................30

11.3.2 Addition of cenc:default_KID attributes in DASH ContentProtection

Descriptors ........................................................................................................................................................................... 30

11.3.3 Addition of the cenc:pssh element in Protection System Specific UUID

ContentProtection Descriptors .......................................................................................................................... 31

11.3.4 Example of two Content Protection Descriptors in an MPD .................................................... 31

Annex A (normative) Content sensitive encryption scheme ..................................................................................................33

Bibliography .............................................................................................................................................................................................................................42

© ISO/IEC 2023 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non­governmental, in liaison with ISO and IEC, also take part in the

work.

The procedures used to develop this document and those intended for its further maintenance

are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria

needed for the different types of document should be noted. This document was drafted in

accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or

www.iec.ch/members_experts/refdocs).

ISO and IEC draw attention to the possibility that the implementation of this document may involve the

use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of

any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC

had not received notice of (a) patent(s) which may be required to implement this document. However,

implementers are cautioned that this may not represent the latest information, which may be obtained

from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall

not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see

www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding­standards.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 29, Coding of audio, picture, multimedia and hypermedia information.

This fourth edition cancels and replaces the third edition (ISO/IEC 23001­7:2016), which has been

technically revised. It also incorporates the Amendment ISO/IEC 23001-7:2016/Amd 1:2019.

The main changes are as follows:
Addition of:

— item encryption, which allows image items to use protection schemes defined for media tracks,

— support for multiple keys and IVs per protected sample,

— 'sve1' sensitive encryption scheme, a codec-specific encryption scheme for which the encrypted

bitstream remains a valid decodable bitstream,
— improved selective encryption using sample groups

A list of all parts in the ISO/IEC 23001 series can be found on the ISO and IEC websites.

Any feedback or questions on this document should be directed to the user’s national standards

body. A complete listing of these bodies can be found at www.iso.org/members.html and

www.iec.ch/national­committees.
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
Introduction

Common Encryption specifies encryption and key mapping methods that enable decryption of the

same file using different Digital Rights Management (DRM) and key management systems. It defines

encryption algorithms and encryption related metadata necessary to decrypt the protected streams,

yet it leaves the details of rights mappings, key acquisition and storage, DRM content protection

compliance rules, etc., up to the DRM system or systems. For instance, DRM systems necessarily support

identifying the decryption key via stored key identifiers (KIDs), but how each DRM system protects and

locates the KID identified decryption key is left to a DRM-specific method.

DRM specific information such as licenses, rights, and license acquisition information can be stored in

an ISO Base Media file using a ProtectionSystemSpecificHeaderBox. Each instance of this box stored in

the file corresponds to one applicable DRM system identified by a well-known SystemID. DRM licenses

or license acquisition information need not be stored in the file in order to look up a separately delivered

key using a KID stored in the file and decrypt media samples using the encryption parameters stored in

each track.

The second edition of this document added XML representations of Common Encryption parameters

for delivery in XML documents, such as an MPEG DASH Media Presentation Description Documents

(MPD). The second edition also defined the 'cbc1' protection scheme using AES-CBC mode encryption.

The third edition added 'cbcs' and 'cens' protection schemes for pattern encryption, which encrypt

only a fraction of the data blocks within each video subsample protected. Pattern encryption reduces

the computational power required by devices to decrypt video tracks.
The additions in this fourth edition are listed in the Foreword.
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 6 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/IEC FDIS 23001-7:2023(E)
Information technology — MPEG systems technologies —
Part 7:
Common encryption in ISO base media file format files
1 Scope

This document specifies common encryption formats for use in any file format based on

ISO/IEC 14496-12. File, item, track, and track fragment metadata is specified to enable multiple digital

rights and key management systems (DRMs) to access the same common encrypted file or stream. This

document does not define a DRM system.

The AES-128 symmetric block cipher is used to encrypt elementary stream data contained in media

samples. Both AES counter mode (CTR) and Cipher Block Chaining (CBC) are specified in separate

protection schemes. Partial encryption using a pattern of encrypted and clear blocks is also specified

in separate protection schemes. The identification of encryption keys, initialization vector storage and

processing is specified for each scheme.

Subsample encryption is specified for NAL structured video, such as AVC and HEVC, to enable normal

processing and editing of video elementary streams prior to decryption.

An XML representation is specified for important common encryption information so that it can be

included in XML files as standard elements and attributes to enable interoperable license and key

management prior to media file download.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ITU­T Rec.H.264 | ISO/IEC 14496­10, Information technology — Coding of audio-visual objects — Part 10:

Advanced Video Coding

ISO/IEC 14496­12, Information technology — Coding of audio-visual objects — Part 12: ISO Base Media

File Format

ISO/IEC 14496­15, Information technology — Coding of audio-visual objects — Part 15: Carriage of

network abstraction layer (NAL) unit structured video in the ISO base media file format

ISO/IEC 23008­2, Information technology – Coding of audio-visual objects – Part 2: High Efficiency Video

Coding (HEVC)

ISO/IEC 23008­12, Information technology — High efficiency coding and media delivery in heterogeneous

— Part 12: Image File Format (HEIF)
IETF RFC 4122, A Universally Unique IDentifier (UUID) URN Namespace

FIPS­197, Advanced Encryption Standard, Federal Information Processing Standards Publication 197,

https:// www .nist .gov/

NIST Special Publication 800­38A, Recommendation of Block Cipher Modes of Operation, https:// www

.nist .gov/
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1.1
block

16-byte extent of sample data that may be encrypted or decrypted by AES-128 block cipher

Note 1 to entry: This is commonly known as a cipher block.
3.1.2
CENC SAI

sample auxiliary information associated with a sample and containing cryptographic information such

as initialization vector or subsample information

Note 1 to entry: The sample auxiliary information is defined in ISO/IEC 14496-12, and is not part of the sample

data.
3.1.3
constant IV

initialization vector specified in a sample entry or sample group description that applies to all samples

and subsamples under that sample entry or mapped to that sample group
3.1.4
initialization vector

8 or 16-byte value used in combination with a key and a block to create the first cipher block in a chain,

and derive subsequent cipher blocks in a cipher block chain
3.1.5
NAL unit

syntax structure containing an indication of the type of data to follow and bytes containing that data in

the form of an RBSP interspersed as necessary with emulation prevention bytes
3.1.6
NAL structured video
video streams composed of NAL Units
Note 1 to entry: The carriage of NAL Units is specified in ISO/IEC 14496-15
3.1.7
protection scheme

encryption algorithm and information identified by the scheme_type in a SchemeTypeBox in a

ProtectionSchemeInfoBox
3.1.8
sample

media sample when the protection applies to media tracks, or the payload of an item when the

protection applies to items
Note 1 to entry: Media sample as defined in ISO/IEC 14496-12.
Note 2 to entry: Payload of an item as defined in ISO/IEC 14496-12.
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
3.1.9
selective encryption

change in the isProtected value of samples associated with the same sample description entry

Note 1 to entry: This is achieved using CencSampleEncryptionInformationGroupEntry sample groups.

3.1.10
subsample

byte range within a sample consisting of an unprotected part immediately followed by a protected part

3.2 Abbreviated terms
AES Advanced Encryption Standard
AES­CTR AES Counter
AES­CBC AES Cipher­Block Chaining
AVC Advanced Video Coding as specified in ISO/IEC 14496-10
CENC Common ENCryption
DRM Digital Rights Management
HEVC High Efficiency Video Coding as specified in ISO/IEC 23008-2
IV Initialization vector

NAL Network Abstraction Layer, as specified in ISO/IEC 14496-10 and ISO/IEC 23008-2

UUID Universally Unique Identifier
4 Protection schemes
4.1 Scheme type signalling

Scheme signalling shall conform to ISO/IEC 14496-12. For media tracks, as defined in ISO/IEC 14496-12,

the sample entry is transformed and a ProtectionSchemeInfoBox is added to the standard sample entry

in the SampleDescriptionBox to denote that a stream is protected. The ProtectionSchemeInfoBox shall

contain a SchemeTypeBox so that the scheme is identifiable. The SchemeTypeBox shall obey the following

additional constraints:

— The scheme_type field shall be set to a value equal to a four-character code defined in Clause 10.

— The scheme_version field shall be set to 0x00010000 (Major version 1, Minor version 0).

The ProtectionSchemeInfoBox shall also contain a SchemeInformationBox. For media tracks, the

SchemeInformationBox shall contain a TrackEncryptionBox, describing the default encryption

parameters for the track.

The schemes identify general classes of algorithms used to encrypt data. Implementations should not

rely solely on scheme_type and scheme_version to determine if they can process a file and should also

take into account:

— parameters associated with the scheme (e.g. the pattern in case of pattern encryption, or the size of

initialization vectors),

— use of CencSampleEncryptionInformationGroupEntry and the associated parameters (e.g. change in

isProtected, change in number and/or values of keys, change in size of initialization vectors),

© ISO/IEC 2023 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC FDIS 23001-7:2023(E)
— value of the field aux_info_type_parameter associated with CENC SAI,
— versions and flags of the SampleEncryptionBox box if present,
— versions of the ProtectionSystemSpecificHeaderBox and TrackEncryptionBox,

— support for, and values of versions and flags, of ItemEncryptionBox and ItemAuxiliaryInformationBox.

This document does not define brands nor profiles to restrict or recommend combinations of these

parameters. Derived specifications may restrict some of these aspects.
4.2 Common encryption scheme types

Five protection schemes are specified in this edition of Common Encryption. Each scheme uses syntax

and algorithms specified in Clause 5 to Clause 9, as constrained in Clause 10. They are the following:

a) 'cenc' – AES-CTR mode full sample and video NAL subsample encryption; see 10.1.

b) 'cbc1' – AES-CBC mode full sample and video NAL subsample encryption; see 10.2.

c) 'cens' – AES-CTR mode partial video NAL pattern encryption; see 10.3.
d) 'cbcs' – AES-CBC mode partial video NAL pattern encryption; see 10.4.
e) 'sve1' – AES-CTR content sensitive encryption, as defined in Annex A.
5 Overview of encryption metadata
The encryption metadata defined by Common Encryption can be categorized as fo
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 23090-10:2022/Cor 1:2023(Corrigendum)
Information technology — Coded representation of immersive media — Part 10: Carriage of visual volumetric video-based coding data — Technical Corrigendum 1
  • Standard
    5 pages
    English language
    sale 15% off
ISO
ISO/IEC 13818-1:2022/Cor 1:2023(Corrigendum)
Information technology — Generic coding of moving pictures and associated audio information — Part 1: Systems — Technical Corrigendum 1: Adding missing field compatibleProfileSetsPresent
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC 13818-1:2022/Amd 1:2023(Amendment)
Information technology — Generic coding of moving pictures and associated audio information — Part 1: Systems — Amendment 1: Carriage of LCEVC and other improvements
  • Standard
    12 pages
    English language
    sale 15% off
  • Draft
    13 pages
    English language
    sale 15% off
ISO
ISO/IEC DIS 23090-9(Main)
Information technology -- Coded representation of immersive media
  • Standard
    185 pages
    English language
    sale 15% off
  • Draft
    186 pages
    English language
    sale 15% off
  • Draft
    186 pages
    English language
    sale 15% off
ISO
ISO/IEC 23001-11:2023(Main)
Information technology — MPEG systems technologies — Part 11: Energy-efficient media consumption (green metadata)

This document specifies metadata for energy-efficient decoding, encoding, presentation, and selection of media.

  • Standard
    83 pages
    English language
    sale 15% off
  • Draft
    83 pages
    English language
    sale 15% off
  • Draft
    83 pages
    English language
    sale 15% off
ISO
ISO/IEC 23090-19:2023(Main)
Information technology — Coded representation of immersive media — Part 19: Reference Software for V-PCC

This document provides reference software for ISO/IEC 23090-5.

  • Standard
    2 pages
    English language
    sale 15% off
ISO
ISO/IEC 14496-22:2019/Amd 2:2023(Amendment)
Information technology — Coding of audio-visual objects — Part 22: Open Font Format — Amendment 2: Extending colour font functionality and other updates
  • Standard
    89 pages
    English language
    sale 15% off
ISO
ISO/IEC 23008-1:2023(Main)
Information technology — High efficiency coding and media delivery in heterogeneous environments — Part 1: MPEG media transport (MMT)

This document specifies MPEG media transport (MMT) technologies, which include a single encapsulation format, delivery protocols and signalling messages for transport and delivery of multimedia data over heterogeneous packet-switched networks for multimedia services. Types of packet-switched networks supported by this document include bidirectional networks such as Internet Protocol (IP) networks and unidirectional networks such as digital broadcast networks (which may or may not use the IP). The technologies specified by this document belong to one of three functional areas of MMT: media processing unit (MPU) format, signalling messages and delivery protocol. The MPU format specifies the “mpuf” branded ISO-based media file format (ISOBMFF) encapsulating both timed and non-timed media contents. The MPU format is a self-contained ISOBMFF structure enabling independent consumption of media data, which hides codec-specific details from the delivery function. The signalling functional area specifies the formats of signalling messages carrying information for managing media content delivery and consumption, e.g. specific media locations and delivery configuration of media contents. The delivery functional area specifies the payload formats that are independent of media and codec types, which allow fragmentation and aggregation of contents encapsulated as specified by this document for delivery using packet-switched oriented transport protocols. The delivery functional area also provides an application layer transport protocol that allows for advanced delivery of media contents.

  • Standard
    234 pages
    English language
    sale 15% off
ISO
ISO/IEC 23090-15:2022(Main)
Information technology — Coded representation of immersive media — Part 15: Conformance testing for versatile video coding

This document specifies a set of tests and procedures designed to indicate whether encoders or decoders meet the requirements specified in Rec. ITU‑T H.266 | ISO/IEC 23090-3.

  • Standard
    69 pages
    English language
    sale 15% off
ISO
ISO/IEC 21000-23:2022(Main)
Information technology — Multimedia framework (MPEG-21) — Part 23: Smart Contracts for Media

This document specifies the means (e.g. protocols and application programming interfaces) for converting MPEG-21 XML and RDF media contracts (ISO/IEC 21000-19, ISO/IEC 21000-20, and ISO/IEC 21000-21) to smart contracts executable on existing DLT environments.

  • Standard
    78 pages
    English language
    sale 15% off