Authenticated encryption support in ISO/IEC 23009-4

摘要

A server apparatus supporting authenticated encryption in a network, comprising a receiver configured to receive an unencrypted segment, a processor configured to selecting an encryption key, an initialization vector, and an additional authentication data (AAD), encrypt the segment, configuring the segment for transfer in a Dynamic Adaptive Streaming over Hypertext Transfer Protocol (HTTP) (DASH) media, assign a segment number to the encrypted segment, append an authentication tag to the encrypted segment, store the encrypted segment with the appended authentication tag, and update a Media Presentation Description (MPD) associated with the encrypted segment with the appended authentication tag, wherein the MPD comprises an @aadBase attribute with an AAD base value, wherein the AAD value is the sum of the segment number and the @aadBase attribute value, and a transmitter configured to transmit the encrypted segment with the appended authentication tag to a destination.

主权项

1. A server apparatus supporting authenticated encryption in a network, comprising:
a receiver configured to receive an unencrypted media segment; a processor configured to: select an encryption key, an initialization vector, and an additional authentication data (AAD), wherein the AAD is derived by calculation at a client and specified by a CryptoPeriod attribute; encrypt the media segment; configure the media segment for transfer in a Dynamic Adaptive Streaming over Hypertext Transfer Protocol (HTTP) (DASH) media; assign a segment number to the encrypted media segment; append an authentication tag to the encrypted media segment; store the encrypted media segment with the appended authentication tag; and update a Media Presentation Description (MPD) associated with the encrypted media segment with the appended authentication tag, wherein the MPD comprises an AAD Base attribute with an AAD base value, wherein the AAD value is the sum of the segment number and the AAD Base attribute value; and a transmitter configured to transmit the encrypted media segment with the appended authentication tag to a destination, wherein the encrypted media segment with the appended authentication tag is one media segment in a Period, and wherein a single combination of the encryption key and the initialization vector is used only once during the Period.