ISO Common Encryption Protection Scheme for ISO Base Media File Format Stream Format

W3C Editor's Draft

More details about this document
This version:
https://w3c.github.io/encrypted-media/format-registry/stream/mp4.html
Latest published version:
https://www.w3.org/TR/eme-stream-mp4/
Latest editor's draft:
https://w3c.github.io/encrypted-media/format-registry/stream/mp4.html
History:
https://www.w3.org/standards/history/eme-stream-mp4/
Commit history
Editors:
Joey Parrish (Google Inc.)
Greg Freedman (Netflix Inc.)
Former editors:
Mark Watson (Netflix Inc.) (Until September 2019)
David Dorwin (Google Inc.) (Until September 2017)
Jerry Smith (Microsoft Corporation) (Until September 2017)
Adrian Bateman (Microsoft Corporation) (Until May 2014)
Feedback:
GitHub w3c/encrypted-media (pull requests, new issue, open issues)
public-media-wg@w3.org with subject line [eme-stream-mp4] … message topic … (archives)
Repository
https://github.com/w3c/encrypted-media/

Abstract

This specification defines the stream format for using ISO Base Media File Format [ISOBMFF] content that uses the ISO Common Encryption protection schemes [CENC] with the Encrypted Media Extensions [ENCRYPTED-MEDIA].

Note

Although the ISO Base Media File Format [ISOBMFF] associated with this format's MIME type/subtype strings supports multiple protection schemes, when used with Encrypted Media Extensions, these strings refer specifically to content encrypted and packaged using the 'cenc' or 'cbcs' protection schemes, as defined by section 4.2 of [CENC].

Status of This Document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

This document was published by the Media Working Group as an Editor's Draft.

Publication as an Editor's Draft does not imply endorsement by W3C and its Members.

This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 03 November 2023 W3C Process Document.

1. Stream Format

ISO Base Media File Format [ISOBMFF] content that is encrypted using the ISO Common Encryption protection schemes [CENC] SHALL be encrypted at the sample level with either the 'cenc' (AES-128 CTR) or 'cbcs' (AES-128 CBC) encryption schemes, as defined in section 4.2 of [CENC]. These protection methods enable multiple Key Systems to decrypt the same media content.

Each key is identified by a key ID and each encrypted sample is associated with the key ID of the key needed to decrypt it. This association is signaled either through the specification of a default key ID in the track encryption box ('tenc') or by assigning the sample to a Sample Group, the definition of which specifies a key ID. Streams may contain a mixture of encrypted and unencrypted samples.

2. Detection

For a stream determined to be in the ISO Base Media File Format [ISOBMFF], the ISO Common Encryption protection schemes may be detected as follows.

Protection scheme signaling conforms with [ISOBMFF]. When protection has been applied, the stream type will be transformed to 'encv' for video or 'enca' for audio, with a Protection Scheme Information Box ('sinf') added to the sample entry in the Sample Description Box ('stsd'). The Protection Scheme Information Box ('sinf') will contain a Scheme Type Box ('schm') with a scheme_type field set to a value of 'cenc' or 'cbcs' [CENC].

3. Detecting Encrypted Blocks

For the purposes of the Encrypted Block Encountered algorithm, encrypted blocks are identified as follows.

The encrypted block is a sample. Determining whether a sample is encrypted depends on the corresponding Track Encryption Box ('tenc') and the sample group with grouping type 'seig' (CencSampleEncryption group), if any, associated with the sample. The default encryption state of a sample is defined by the IsEncrypted flag in the associated track encryption box ('tenc'). This default state may be modified by the IsEncrypted flag in the SampleGroupDescriptionBox ('sgpd'), pointed to by an index in the SampleToGroupBox ('sbgp').

Samples can be partially encrypted, specified by subsample information referenced by SampleAuxiliaryInformationSizesBox ('saiz') and SampleAuxiliaryInformationOffsetsBox ('saio') boxes.

For complete information, see [CENC].

4. Initialization Data Extraction

Streams may contain one or more Protection System Specific Header ('pssh') boxes [CENC], each for a unique SystemID, at each location where a 'pssh' box is necessary. Content using this stream format SHOULD include a box containing the Common SystemID and PSSH Box Format.

Initialization data is always one or more concatenated 'pssh' boxes as defined by the "cenc" Initialization Data Format [EME-INITDATA-REGISTRY].

Each time one or more 'pssh' boxes are encountered, the Initialization Data Encountered algorithm SHALL be invoked with initDataType = "cenc" [EME-INITDATA-REGISTRY] and initData = the 'pssh' box(es). Multiple 'pssh' boxes MUST be provided together if and only if they appear directly next to each other in the stream.

5. Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MUST, SHALL, and SHOULD in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

A. References

A.1 Normative references

[CENC]
ISO/IEC 23001-7:2016, Information technology — MPEG systems technologies — Part 7: Common encryption in ISO Base Media File Format files. ISO/IEC. International Standard. URL: https://www.iso.org/obp/ui/#iso:std:iso-iec:23001:-7:ed-3:v1:en
[eme-initdata-cenc]
"cenc" Initialization Data Format. Joey Parrish; Greg Freedman. W3C. 18 July 2024. W3C Working Group Note. URL: https://www.w3.org/TR/eme-initdata-cenc/
[EME-INITDATA-REGISTRY]
Encrypted Media Extensions Initialization Data Format Registry. David Dorwin; Adrian Bateman; Mark Watson. W3C. 15 September 2016. W3C Working Group Note. URL: https://www.w3.org/TR/eme-initdata-registry/
[ENCRYPTED-MEDIA]
Encrypted Media Extensions. David Dorwin; Jerry Smith; Mark Watson; Adrian Bateman. W3C. 18 September 2017. W3C Recommendation. URL: https://www.w3.org/TR/encrypted-media-1/
[ISOBMFF]
Information technology — Coding of audio-visual objects — Part 12: ISO base media file format. ISO/IEC. Under development. URL: https://www.iso.org/standard/85596.html
[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174