Multicast Content Protection

SmartMEDIA allows you to encrypt MPEG-TS content in real time according to the ISO/IEC 23001-9 (Common encryption of MPEG-2 transport streams) standard. The SmartCETS service allows you to encrypt multiple multicast streams simultaneously; the cets utility can be used to encrypt a single stream or MPEG2-TS files.

After receiving the list of input multicast streams, SmartCETS/cets requests keys for encryption from the key server over the SmartLabs UDRM protocol. Encrypted content is either written to a file or broadcast to another multicast group using the UDP protocol. For the SmartCETS service, the list of input streams for encryption along with other parameters must be specified in the configuration file. For the cets utility, all parameters must be passed as command-line arguments.

The following formats are supported:

• Video: H.262/MPEG2, H.264/AVC, H.265/HEVC;
• Audio: AAC/ADTS, AC3, DTS.

The utility also stores information about its work in the log, e.g. obtaining keys, stream errors, keys retrieval errors, etc.

Features of the Encryption Algorithm

Encryption is performed according to the ISO/IEC 23001-9 (Common encryption of MPEG-2 transport streams) standard, namely:

• the original MPEG-TS container is saved (except PMT), unknown tracks are not encrypted;
• in the PMT of the source stream, the descriptors described in ISO/IEC 23001-9 are added for each encrypted track;
• the payload of each video/audio track found is encrypted;
• the utility complies with ISO/IEC 23001-9 recommendations regarding the H.264/H.265 and AAC payload encryption (i.e., the payload of TS packets containing VPS/SPS/PPS/SliceHeader and ADTS Fixed header is not encrypted);
• for H.262, AC3 and DTS, the payload of TS packets containing PES-headers (Packetized Elementary Stream) is not encrypted;
• before each PES header, packets containing PSSH received from the key server for that track are inserted into the stream;
• before each PES header, ECM (Entitlement Control Messages) with content corresponding to ISO/IEC 23001-9, pertaining to this PES, is inserted into the stream. If the ECM content does not fit into the payload of one TS packet, the next ECM packet will be inserted where its contents begin to act (and not at the beginning of the next PES packet).