ISMA Encryption and Authentication is one of the three chosen technologies for service protection in DVB-H (Digital Video Broadcasting - Handheld), the TV system for portable handheld devices. In this article we'll first review the DVB-H TV transmission system, and then examine more closely the issue of service protection and how the new ISMACryp 1.1 standard works.
DVB-H System Architecture
DVB-T is the European consortium standard for the broadcast transmission of digital terrestrial television. DVB-H defines a new set of services for handheld devices. It uses the already established DVB-T (terrestrial) broadcast system and delivers its services over the Internet Protocol (IP). The IP packets are transported in MPEG-2 transport stream (MPEG2-TS), similar to MPEG-2 video.
Figure 1: DVB-H sender architecture
The example in Fig. 1 illustrates a possible DVB-H broadcast system consisting of two IP data sources, an IP-Encapsulator for putting IP packets in MPEG2-TS and a DVB-H modulator for the RF broadcast signal generation. The IP data sources consist of a Streaming Server which produces RTP media streams (containing AAC audio and AVC/H.264 video) and a source for other IP data, containing e.g. ESG (electronic service guide) data or MP4 files with media data, delivered with the FLUTE protocol.
Figure 2: DVB-H receiver architecture
The DVB-H broadcast signal is received by a handheld device with a DVB-H demodulator inside. This demodulator is a virtual network device for the operating system and decapsulates the IP packets from the MPEG2-TS for a selected service. A DVB-H application on the handheld device is usually built on top of the ESG, which controls the DVB-H demodulator and an A/V player for the RTP media stream consumption, as illustrated in Fig. 2.
For simplicity, only the A/V player component is covered in this article; the server side is out-of-scope.
View full size
Figure 3: Fraunhofer IIS DVB-H receiver architecture
The ESG, A/V player and KMS (key management system) interact closely in a typical DVB-H application suite on the handheld device as illustrated in Fig. 3. When the user selects a program after browsing the ESG, the device will tune on the right DVB-H stream. This stream is then received by the invoked A/V player component that consumes the packets, extracted from the broadcast signal by the DVB-H demodulator. If the stream is encrypted, encrypted keys are sent to the KMS. The KMS provides the keys to the player component which then can decrypt the received data.
Figure 4: MPEG-4 access units packetised according to RFC3640
In Fig. 4 the structure of a typical RTP packet with DVB-H media content is illustrated. RTP is a protocol which is generally built on top of UDP and IP to transport real-time data efficiently. It has different payload formats, depending on the transported data. The illustration assumes two concatenated MPEG-4 access units (AUs) as the transported data and RTP packetisation according to RFC3640, for e.g. transporting two HE-AAC-coded audio frames.
Next: DVB-H Content Protection