Dynamic adaptive streaming over hypertext transfer protocol (HTTP) (DASH) defines a manifest format, media presentation description (MPD), and segment formats for International Organization for Standardization (ISO) Base Media File Format (ISO-BMFF) and Moving Picture Expert Group (MPEG) Transport Stream under the family of standards MPEG-2, as described in ISO/International Electrotechnical Commission (IEC) 13818-1, titled “Information Technology—Generic Coding of Moving Pictures and Associated Audio Information: Systems.”
In order to provide data content protection, data content may be protected or encrypted via a digital rights management (DRM) scheme. DASH is agnostic to DRM and supports DRM signaling schemes and its properties within the MPD. A DRM scheme can be signaled via the ContentProtection descriptor, and an opaque value can be passed within it. MPEG developed two content protection frameworks, Common Encryption (CENC) for ISO-BMFF (ISO/IEC 23001-7) and Segment Encryption and Authentication (draft ISO/IEC 23009-4); also see ISO/IEC 23009-1, titled “Information Technology—Dynamic Adaptive Streaming over HTTP (DASH)—part 1: Media Presentation Description and Segment Formats,” all of which are incorporated herein by reference. CENC standardizes which parts of a sample that may be encrypted and how encryption metadata is signaled within a track. This means that, when providing encrypted data content, the DRM module is responsible for delivering the keys to the client, depending on the encryption metadata in the segment. Decryption may be implemented using standard Advanced Encryption Standard (AES) Counter Mode (AES-CTR) or AES-Cipher Block Chaining (AES-CBC) modes. DASH Segment Encryption (DASH-SEA) is agnostic to the segment format and passes encryption metadata via the MPD. For example, the MPD contains information that indicates the key used for decryption of a given segment and how to obtain this key. The baseline system is equivalent to the one defined in HTTP Live Streaming (HLS), with AES-CBC encryption and key transport using HTTP secure (HTTPS).
In order to provide service-level protection, conventional DASH systems may employ HTTPS to provide service-level protection. However, such conventional systems may impose delays due to the full handshake required for each session. Additionally, HTTPS cannot be cached and encryption may need to be done at each content delivery network (CDN) node, rather than at some head-end from which segments are pushed to the CDN nodes. As such, there is a need for a means that improves service-level protection.