3.1.5.2.7 MPEG-2 Transport Stream Content

  • Article

Encryption of content that is encapsulated in MPEG-2 Transport Stream (TS) [WMRTP] packets is achieved by encrypting the TS packet payloads with AES in counter mode, as defined in Counter Encryption for AES in Counter Mode [FIPS197], and using TAG packets that are inserted in the MPEG-2 TS.

A TAG packet is a single MPEG-2 TS packet with a Key Identifier (KID) that is inserted in front of each protected PES unit. Only PES units can be protected. The TAG packet is necessary to retrieve the matching DRM license when the content is delivered to the receiver.

The content protection layer consists of an AES 128-bit key in counter mode, where all the following requirements apply:

  • The 128-bit counter is divided in two 64-bit fields: The base_counter (MSB) and the minor_counter (LSB).

  • The base_counter and minor_counter are equivalent to the data segment ID and block ID, as shown in the following diagram.

Base and Minor Counter Encoding

Figure 12: Base and Minor Counter Encoding

The transmitter MUST scramble the selected program PID according to the following flowchart:

PID Obfuscation Flow

Figure 13: PID Obfuscation Flow

The following list describes the parts of the previous flowchart in more detail.

scr: This variable is set to "yes" if the current TS packet needs to be scrambled, or to "no" otherwise. The TS packet cannot be scrambled if any of the following conditions apply:

  • The key_sync field is set to "yes".

  • The TS packet includes whole or part of a PES header, which includes the 64 payload bytes that follow the detection of each start code, from 0xBC through 0xFF.

  • The TS packet includes all or part of one or more of the stream marks listed in the following table. A stream mark is composed of an MPEG start code and its subsequent data payload.

    Stream mark

    Start code

    Byte sequence

    Maximum data payload length

    Sequence header

    B3

    00 00 01 B3

    12 bytes

    GOP header

    B8

    00 00 01 B8

    8 bytes

    Picture header

    00

    00 00 01 00

    6 bytes

    Private data

    B2

    00 00 01 B2

    107 bytes

    Note Each MPEG-2 TS packet can only be scrambled or in the clear, but not partially scrambled.

    The last byte of the start code MUST also be in the clear.

key_sync: This variable is set to "yes" if the transmitter is renewing the AES key, or to "no" otherwise.

base_counter: This 64-bit field is uniquely defined by the transmitter throughout the lifetime of the transmitter, as shown in the following diagram.

PID Structure

Figure 14: PID Structure

PID (13-bit): The PID value of the selected elementary stream.

section_counter (51-bit): A cyclic counter that is incremented for each no-to-yes transition of the scr state variable.

minor_counter: A 64-bit counter that is incremented for each block of 16 scrambled bytes.

i: A 4-bit counter that is incremented for each scrambled byte.

scramble16: AESKEY [base_counter | minor_counter].

The transmitter MUST insert a TAG packet in front of any TS packet left in the clear. Two possible scenarios MAY occur, as detailed in the following diagram.

TAG Packet Scenarios

Figure 15: TAG Packet Scenarios

Case A: A TAG packet is inserted in front of a packet containing all or part of a PES header.

Case B: A TAG packet is inserted in front of a packet containing all or part of a stream mark.

A TAG packet has the following structure.

TAG Packet Structure

Figure 16: TAG Packet Structure

A TAG packet is a single MPEG-2 Transport Stream packet with a key identifier (KID) that is inserted in front of each protected PES unit. Only PES units can be protected. The TAG packet is necessary to retrieve the matching DRM license when the content is delivered to the receiver.

The adaptation_field_control bits (bits 27 and 28 in the TAG packet) are set to 10b; this indicates that the rest of the entirety of the TAG packet is for the adaptation field only, and includes no payload), so there is no requirement to increment the continuity counter.

  • The AF Header consists of four bytes to be compliant with MPEG specification:

    • 1st Byte = Adaptation Field length

    • 2nd Byte = Adaptation Field presence flag (Private data = 0x02)

    • 3rd Byte = Private data length (Length, in bytes, of the Private_DRM_parameters portion of the packet.  Values are variable based on the required length.)

    • 4th Byte = Version number (currently 0x00)

  • DrmGuid contains the GUID that MUST be set to {B0AA4966-3B39-400A-AC35-44F41B46C96B}.

  • The base_counter resynchronizes the AES counter for the encrypted packet that follows.

  • SM byte (stream mark) indicates that the following packet includes the beginning of a stream mark, from which the first few bytes might be missing.

    • SM = 0 -- Next packet carries the beginning of a PES header or an entire PES header.

    • SM = 1 -- Next packet includes the beginning of a stream mark.

    • SM = 2 -- Next packet includes the beginning of a stream mark, from which the first byte (00) is missing.

    • SM = 3 -- Next packet includes the beginning of a stream mark, from which the first two bytes (00 00) are missing.

    • SM = 4 -- Next packet includes the beginning of a stream mark, from which the first three bytes (00 00 01) are missing.

    • SM = other -- Reserved.

  • The Private_DRM_parameters MUST contain a license derivation data segment descriptor. The data segment descriptor MUST contain a Key ID extension set with the corresponding Key ID value. The AES128 initialization vector extension MUST not be present, since the data segment ID is already indicated in the base_counter section of the TAG packet.

  • The remaining transport stream packet is padded with bytes with the value of 0xFF.