220.127.116.11.7 Delivering encrypted MPEG-2 ES payloads
The RTP Payload Format for Windows Media Audio and Video [WMRTP] allows for a single MAU to be encrypted according to different encryption parameters. That includes the ability to have fragments of a single MAU that are encrypted while others may be left in the clear.
In such cases, a single RTP packet can carry multiple payloads of the same MAU, each with different encryption parameters. For details, please refer to sections 3.2 and 3.3 of the RTP Payload Format for Windows Media Audio and Video specification [WMRTP].
An MAU or a fragment of an MAU that is encrypted MUST have the following values and fields set according to the specification:
The Bit Field 2 Present bit (B2P) in the Packet Info section MUST be set to 1, to indicate that a Bit Field 2 is present.
The Encryption bit (E) in the MAU Properties section MUST be set to 1, to indicate that the payload is encrypted.
The Extension Present bit (X) in the "MAU Timing" section MUST be set to 1, to indicate the presence of Extension fields.
The "Encrypted Payload Boundary" extension MUST NOT be present.
A "WMDRM Initialization Vector" extension MUST be included.
The following values MUST be set:
The Extension Type MUST be set to 2.
The Extension Length MUST be set to 8 (meaning 64 bits) if the Extension Data field contains only a data segment ID, or 16 (meaning 128 bits) if the Extension Data field contains both a data segment ID and a block ID.
The Extension Data MUST be set with the data segment ID value as defined in section 18.104.22.168.1 in case the initial block ID is zero. If the initial block ID is different from zero, then the Extension Data MUST be set to the data segment ID followed by the initial block ID.
This extension MUST be included for each encrypted payload of a MAU.
A "WMDRM Key ID" extension MUST be included. The following values MUST be set:
The Extension Type MUST be set to 3.
The Extension Length MUST be set to 16 (meaning 128 bits).
The Extension Data MUST be set with the key ID value from the license that corresponds to this MAU.
The "WMDRM Initialization Vector" and "WMDRM Key ID" extensions MUST be included for the first payload of a new MAU in each multiple-payload RTP packet that contains multiple MAUs. This ensures that the receiver always knows about the current key ID even if some RTP packets are lost.