Open in app

Sign in

Write

Sign in

Pattern Encryption Glossary

Poby’s Home
3 min readMar 16, 2022

--

An efficient way of encrypting media

All terms are from ISO IEC 23001–7

Partial encryption vs Subsample encryption

Partial encryption

Pattern encryption reduces the computational power required by devices to decrypt video tracks.

Partial encryption using a pattern of encrypted and clear blocks is also specified in separate protection schemes. The identification of encryption keys, Initialization Vector storage and processing is specified for each scheme.

Subsample encryption

Subsample is a byte range within a sample consisting of an unprotected byte range followed by a protected byte range. Subsample encryption is specified for NAL structured video, such as AVC and HEVC, to enable normal processing and editing of video elementary streams prior to decryption.

constant IV

An initialization vector specified in a sample entry or sample group description that applies to all samples and subsamples under that sample entry or mapped to that sample group

block

16-byte extent of sample data that may be encrypted or decrypted by the AES-128 block cipher, in which case, a cipher block

initialization vector

8-byte or 16-byte value used in combination with a key and a 16-byte block of content to create the first cipher block in a chain and derive subsequent cipher blocks in a cipher block chain

protection scheme

  1. When we want to protect the stream:
  • the sample entry is transformed and a Protection Scheme Information Box (‘sinf’) is added to the standard sample entry in the Sample Description Box to denote that a stream is protected.
  • The Protection Scheme Information Box SHALL contain a Scheme Type Box (‘schm’) so that the scheme is identifiable.

2. common encryption scheme type

  • cenc: AES-CTR mode full sample and video NAL Subsample encryption
  • cbc1: AES-CBC mode full sample and video NAL Subsample encryption
  • cens: AES-CTR mode partial video NAL pattern encryption
  • cbcs: AES-CBC mode partial video NAL pattern encryption

Encryptions meta data

  • pssh: Opaque Protection System Specific Data
  • tenc: KID, IV, vector size, protection pattern, protection flag
  • sgpd referenced by sbgp: override information for the group of samples within the track to use different keys, a mix of clear and protected content, share a constant IV and etc.
  • saiz, saio: Encryption information for individual media sample such as IV, subsample encryption data.

Encryption parameters shared by groups of samples

When specifying the parameters by sample group, the Sample To Group Box (‘sbgp’) in the sample table or track fragment specifies which samples use which sample group description from the Sample Group Description Box (‘sgpd’).

The format of the sample group description is uniform across all track types (as indicated by the handler type for the track).

For fragmented files, it may be necessary to store both the Sample To Group Box and Sample Group Description Box in each track fragment to make them
accessible for decryption of the samples they describe, e.g. when movie fragments are separately stored and delivered by streaming.

Tracks of all types SHALL use the CencSampleEncryptionInformationGroupEntry sample
group description structure, which has the following syntax.

Encryption
Streaming
Software
Security
Drm

--

--

Poby’s Home
Poby’s Home

Written by Poby’s Home

26 Followers
12 Following

Software Engineer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams