Protection of digital media has become very important to content owners as a copy of a digital media is the same as its original in every aspect. At present, television content is encrypted at the source of origin, and thereafter is decrypted and re-encrypted one or more times on its way from source of origin (studio) to the end-user. In some cases, the studio's distribution system may be different from an encryption system used in a delivery network of a service provider. As a result, for example with respect to television, most television content is decrypted, goes through minimal processing, and then is re-encrypted before delivery to subscriber user devices.
The process of decryption and re-encryption at the service providers' end or at any other point in distribution/delivery chain, other than the end-user's device, is a concern for the owner of the content as it becomes vulnerable to illegal copying and distribution in the consumer market place by rogue businesses. However, if the content can be encrypted only once at the source of origin and decrypted only at the end-user devices, and no decryption and re-encryption takes place in the middle of distribution/delivery network, the process may alleviate content owner concerns with the distribution/delivery chain. In addition, the process may also save some cost associated with decryption and re-encryption equipment used at the service provider's facilities.
To alleviate the need for decryption at any point in the distribution/delivery chain other than at the end-user device, storage and distribution of partially encrypted advanced video coding (AVC) video access units have been proposed in Microsoft's Protected Interoperable File Format (PIFF). It may be necessary to store and distribute partially encrypted video as opposed to encryption of entire video access unit or all bytes of slice NAL units, such as to adapt the video content to various video applications, particularly broadcast applications, where some information about video characteristics may be necessary at the service provider's plant before being delivered to consumers.
In the case of AVC video, this information may be available at a beginning of each packet within bytes (from a few bytes to 100 bytes) of the video access unit including the slice header. The bytes at the start of a video access unit may be kept in a clear (unencrypted) state while some or all of the rest of the slice may be encrypted. The small number of clear bytes at the start of an access unit may not be sufficient for an AVC decoder to identify the portions of the packet that are encrypted and the portions that are not. This may make it difficult for the decoder to decode the entire compressed slice and generate a continuous video experience. By keeping the video slices partially encrypted, it ensures that at no point in the delivery chain do the media need decryption and re-encryption. The decryption only happens at the consumer's devices.
To deal with partially encrypted slices, additional information related to how many bytes are in clear in each slice or the location of starting bytes of the encrypted part of the slice has to be available to the decoder. This information related to the starting point of encryption for each slice can be sent in-band or out of band (OOB). The delivery of such information to the decryption system adds some complexity. In addition, the decryption system needs additional resources to process this extra information and perform decryption.