Methods, apparatus, and programs for video bitstream authentication

The method allows for secure and efficient authentication of media content within bitstreams by inserting verification information into specific data units, addressing the lack of authentication mechanisms in existing video coding standards.

WO2026147765A1PCT designated stage Publication Date: 2026-07-09DOLBY LABORATORIES LICENSING CORP +1

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
DOLBY LABORATORIES LICENSING CORP
Filing Date
2025-12-22
Publication Date
2026-07-09

Smart Images

  • Figure US2025060899_09072026_PF_FP_ABST
    Figure US2025060899_09072026_PF_FP_ABST
Patent Text Reader

Abstract

The disclosure relates to methods of generating or modifying a bitstream comprising a plurality of NAL units. These methods comprise providing (e.g., generating, or embedding into the bitstream) a first NAL unit and a second NAL unit. This is done in such manner that the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units, among them NAL units for which verification / authentication shall be provided. To this end, the second bitstream element includes verification information for a subset of intermediate NAL units among the one or more intermediate NAL units. The disclosure further relates to methods of decoding such bitstream, as well as corresponding apparatus, programs, and computer-readable storage media.
Need to check novelty before this filing date? Find Prior Art

Description

METHODS, APPARATUS, AND PROGRAMS FOR VIDEO BITSTREAM AUTHENTICATIONCross-Reference to Related Applications

[0001] This application claims the benefit of priority from European Patent Application No. 25153730.4, filed on January 24, 2025, and U.S. Provisional Application No.63 / 741,711, filed on January 3, 2025, which are incorporated by reference herein in their entirety7.Technical Field

[0002] The present disclosure relates to techniques for authentication of bitstreams, for example NAL (Network Abstraction Layer) unit-based bitstreams. In particular, the present disclosure relates to authentication of VVC (Versatile Video Coding) bitstreams.Background

[0003] Currently, media bitstreams, such as video bitstreams, do not offer for authentication or verification of the media content or parts thereof. In particular, the video bitstreams produced via standardized video coding algorithms do not offer mechanisms for authentication or verification. For example, standardized video coding algorithms are released and published by the MPEG group in the International Standardization Organization (ISO), jointly with the International Telecommunications Union (ITU), including the first version of the Versatile Video Coding (VVC) Standard, also known as H.266, HEVC, also known as H.265. and AVC, also known as H.264.

[0004] More recently, the MPEG group has been working on the development of the next generation coding standard that provides improved coding performance over existing video coding technologies. As part of this investigation, new coding techniques are also examined.There is thus need for techniques for allowing authentication (verification) of media content transported by bitstreams, for example at the decoder side.Summary

[0005] In view of this need, the present disclosure provides methods of generating or modifying bitstreams (e.g., unit-based bitstreams), as well as corresponding apparatus, computer programs, and computer-readable storage media, having the features of respective independent claims.

[0006] One aspect of the present disclosure relates to a method of generating or modifying a unit-based bitstream. The unit-based bitstream may be a media bitstream, for example. The method may include providing a first data unit, such as a first NAL (network abstraction layer) unit, and a second data unit, such as a second NAL unit. Providing units may relate to generating said units, and / or inserting said units into the bitstream (e.g., preexisting bitstream in case of modification of said bitstream). Therein, the first data unit and the second data unit may be separated in the bitstream by one or more intermediate data units (e.g., by one or more intermediate NAL unites). Further, the first data unit may include information (i.e., subset information) indicating a subset of intermediate data units among the one or more intermediate data units for which verification information is available in the bitstream for verify ing the subset of intermediate data units. The second data unit may include the verification information. This verification information may relate to an authentication signature, for example. Specifically, the verification information may comprise the authentication signature.

[0007] A NAL unit ty pically comprises a header which may indicate a type of the NAL unit and / or which may serve as a header for the payload of the NAL unit. The header may have a length of one or more bytes. The payload of the NAL unit typically immediately follows the header. A series of NAL units forms a NAL unit stream, i.e., a unit-based bitstream. A NAL unit may be a V CL unit or a non-V CL NAL unit. A V CL NAL unit comprises data that represents the samples of a video picture. A non-VCL NAL unit comprises associated additional information such as parameter sets (e.g., header data that applies to a plurality of VCL NAL units) and / or supplemental enhancement information (e.g., timing information and / or supplemental data that may enhance usability of the decoded video signal but that is not necessary for decoding the samples in the video picture). A NAL unit may have a format as specified in ITU-T H.264. ITU-T H.265, ITU-T H.266, ITU-T H.274 and / or corresponding ISO / IEC specifications.

[0008] The first NAL unit and / or the second NAL unit may comprise a SEI (supplemental enhancement information) message. As described in Annex D of the AVC andHEVC standards, or in ITU-T H.274 specification and / or ISO / IEC 23002-7 VSEI specification (also referred to as VSEI), Supplemental Enhancement Information (SEI) messages in a coded video bitstream assist in processes related to decoding, display, or other purposes in a video processing pipeline. While examples presented herein may refer to SEI messaging as it relates to MPEG-based video coding standards, a person of ordinary skill would appreciate that the techniques discussed herein are applicable to any such metadata messaging and any audio or video coding format (e.g., AVI, AVS, VC-1 and the like).

[0009] The first NAL unit may comprise a digitally signed content initialization SEI message and / or a digitally signed content selection SEI message, and / or the second NAL unit may comprise a digitally signed content verification SEI message.

[0010] The data unit-based bitstream may be a video bitstream that was encoded via a standardized video coding standard, including, according to the ITU-T H.266 and / or ISO / IEC 23090-3 specification (VVC), or according to the ITU-T H.265 and / or ISO / IEC 23008-2 specification (HEVC), or according to the ITU-T H.264 and / or ISO / IEC 14496-10 specification (AVC). Such data-unit bitstream may have been encoded and / or is compatible with such standardized specifications. The bitstream may have been encoded and / or may be compatible with any other standardized video coding format (e.g., AVI, AVS, VC-1 and the like).

[0011] Configured as described above, the proposed method allows for efficient authentication (verification) of media content (or any content in general) that is transported in a unit-based bitstream. By defining the first and second data units, this can be done in a manner that does not affect the to-be- verified data units.

[0012] In some embodiments, the method may further include, e.g., as part of the step of providing the second data unit, applying a hashing algorithm to the subset of intermediate data units to generate a hash value. The method may further include generating an authentication signature based on the hash value and an encryption key, wherein the verification information relates to the authentication signature. The method may yet further include embedding the verification information into the second data unit. As a result of this, a second data unit may be provided which comprises the verification information.

[0013] In some embodiments, the method may further include embedding, into the first data unit, one or more of information identifying the hashing algorithm, information identifying the encryption key, and / or information identifying an authentication authority in relation to the encryption key.

[0014] In some embodiments, the encryption key may be a private key of a privatepublic key pair. Alternatively, the encryption key may be identical to a decryption key and may be exchanged in an appropriate manner between encoder side and decoder side before decoding.

[0015] In some embodiments, the method may further include, e.g., as part of the step of providing the first and / or second data unit, selecting, as the subset of intermediate data units, one or more data units for which verification should be provided. The method may yet further include, e.g., as part of the step of providing the first data unit, embedding information identifying the subset of intermediate data units into the first data unit. The subset of intermediate data units may relate to data units that should be verifiable. Without intended limitation, the embedded information identifying the subset of intermediate data units may relate to one or more of a substream identifier, identifier information, and unit type information, as outlined elsewhere in the disclosure.

[0016] In some embodiments, the subset of intermediate data units may include all intermediate data units in the bitstream between the first data unit and the second data unit. This case does not require any additional signaling.

[0017] In some embodiments, the first data unit may include a first substream identifier. A predefined value of the first substream identifier may indicate that the subset of intermediate data units includes all intermediate data units between the first data unit and the second data unit in the bitstream.

[0018] In some embodiments, the first data unit may include a first substream identifier. The subset of intermediate data units may include all intermediate data units that have a substream identifier identical to the first substream identifier. Alternatively, or in addition, the subset of intermediate NAL units may include all intermediate NAL units that are identified as belonging to the same substream as the first NAL unit using the first substream identifier.

[0019] Additionally, also the second data unit may have a substream identifier identical (e.g., equal) to the first substream identifier. A substream of the overall bitstream (and the corresponding subset of intermediate data units) may be identified using the first substream identifier and using additional information (e.g., a target highest Temporalld and / or a target layer identifier list) derived from the first data unit and / or derived from the second data unit.

[0020] In some embodiments, the first data unit may include identifier information indicating (i.e., the subset information may include identifier information) one or moresubstream identifiers that are to be included for verification. Then, the subset of intermediate data units may include all intermediate data units that have a substream identifier indicated by the identifier information. Here, the identifier information may relate to a whitelist of substream identifiers that are to be included for verification. Alternatively, also a blacklist of substream identifiers that are not to be included for verification may be defined. Whether a whitelist or a blacklist for substream identifiers is defined may be signaled by a bit flag in the first data unit, for example.

[0021] In some embodiments the first data unit may include (data) unit type information (i.e., the subset information may include data unit type information) indicating one or more (data) unit types that are to be included for verification. Then, the subset of intermediate data units may include all intermediate data units that have a unit type indicated by the unit type information. The unit type information may relate to a whitelist of unit types that are to be included for verification. Alternatively, also a blacklist of unit types that are not to be included for verification may be defined. Whether a whitelist or a blacklist for unit types is defined may be signaled by a bit flag in the first data unit, for example.

[0022] The data unit type information may be indicative of whether or not a default list of data unit types is to be included for verification. The default list of data unit types may be pre-defined and / or standardized. As a result of this, the default list of data unit types may not need to be indicated explicitly within the first data unit (e.g., with the first NAL unit).

[0023] Alternatively, or in addition, the data unit type information may be indicative of an alternative list of data unit types that are to be included for verification. The alternative list of data unit types may be explicitly provided within the first data unit (e.g., within the first NAL unit) and / or within the second data unit (e.g., within the second NAL unit). As a result of this, a particularly flexible selection of the one or more intermediate data units may be achieved.

[0024] Alternatively, or in addition, the data unit type information may be indicative of one or more data unit types, e.g., one or more data unit types from the (pre-defined and / or standardized) default list of data unit types, which are to be included and / or which are to be excluded for verification. As a result of this, a particularly flexible selection of the one or more intermediate data units may be achieved.

[0025] Alternatively, or in addition, the data unit type information may be indicative of one or more data unit types, which have to be added or removed from the (pre-defined and / or standardized) default list of data unit types, which are to be included and / or which are to be excluded for verification.

[0026] The one or more data unit types which are indicated by the data unit type information may comprise one or more SEI message payload types, the NAL unit type prefixSeiNut, and / or the NAL unit type suffixSeiNut.

[0027] In some embodiments, the first data unit and the second data unit may each include pairing information (e.g., a dsci_id parameter) for indicating that the second data unit includes the verification information for the subset of intermediate data units indicated by the first data unit. Then, the one or more intermediate data units may include a further second data unit that includes verification information for one or more data units in the bitstream preceding the first data unit. The further second data unit may include pairing information different from the pairing information of the first and second data units. The further second data unit may be among the subset of intermediate data units, so that the second data unit includes verification information also for the further second data unit.

[0028] With this, providing the pairing information allows to distinguish between different overlapping pairs of first and second data units, and thereby, to apply chained authentication for extended portions of the bitstream.

[0029] In some embodiments, the verification information may relate to a portion of an authentication signature. Then, the second data unit may include verification splitting information indicative of a relationship between the portion of the authentication signature and the complete authentication signature. For example, the verification splitting information may indicate storage locations of remaining / complementary portions of the authentication signature in the bitstream.

[0030] The first NAL unit and / or the second NAL unit may include a verification indicator, wherein the verification indicator may indicate a pre-defined combination of a plurality of different parameters that have been used for determining the verification information. Different verification indicators may be associated with different pre-defined combinations of the plurality of different parameters that have been used for determining the verification information. Example parameters include the hash method that has been used for determining the verification information, the source URI that identifies the trust record and / or the key that has been used for determining the verification information and / or the number of substreams of the bitstream which have been used for determining the verification information. The encoder may use the pre-defined combination of the plurality of different parameters for determining the verification information, and / or the decoder may use the predefined combination of the plurality of different parameters for verifying the verification information. The use of a verification indicator enables a content producer to digitally signand verify content in several different ways to optimize interoperability across various services and / or receivers.

[0031] With this, the proposed method allows to avoid bitrate peaks that may otherw ise occur of large authentication signatures are transported in a single data unit.

[0032] In some embodiments, one or more of the intermediate data units (or of the subset of intermediate data units) may include authorization information. The authorization information may indicate an access restriction for (payload) data included in one or more of the remaining intermediate data units (or of the subset of intermediate data units) and / or indicative of a group of authorized recipients of the payload data. Depending on authorization values included in the authorization information, further operation to extract information from the remaining intermediate data units may be prevented. Alternatively, the authorization values may indicate an intended target audience that the content is targeting, or a group of intended / authorized recipients. The authorization values may be set by content creators or sendee providers, for example.

[0033] In some embodiments, the method may further include providing the information indicating the subset of intermediate data units to the core encoder using the predefined data format. The method may yet further include embedding, by the core encoder, the information indicating the subset of intermediate data units into the first data unit.

[0034] In some embodiments, the subset of intermediate data units may include a data unit that contains timestamp information. The timestamp information may be indicative of, for example, a number (count) of seconds that have elapsed after a predefined point in time. The timestamp information may be indicative of a point in time at which the bitstream has been generated or last modified, for example.

[0035] In some embodiments, the subset of intermediate data units may include a data unit that contains geolocation information. The geolocation information may be indicative of a geolocation at which the bitstream has been generated or last modified, for example.

[0036] In some embodiments, the subset of intermediate data units may include a data unit that contains identification information indicative of a Universally Unique Identifier, UUID. The UUID may be an identifier of a device or user that has generated (or modified) the bitstream, for example.

[0037] In some embodiments, the subset of intermediate data units may include a data unit that contains identification information indicative of a portion of a UUID and that further contains identification splitting information indicative of a relationship between the portionof the UUID and the complete UUID. The portion of the UUID may be a segment of the UUID, for example.

[0038] With this, the proposed method allows to avoid bitrate peaks that may otherw ise occur of large UUIDs are transported in a single data unit.

[0039] Another aspect of the present disclosure relates to a method of decoding a unit-based bitstream. The method may include decoding, from the bitstream, a first data unit (e.g., a first NAL unit) and a second data unit (e.g., a second NAL unit), and one or more intermediate data units (e g., one or more intermediate NAL units) separating the first data unit and the second data unit in the bitstream. Therein, the first data unit may include information (i.e., subset information) indicating a subset of intermediate data units among the one or more intermediate data units for which verification information for verifying the subset of intermediate data units is available in the second data unit. The method may further include verifying the subset of intermediate data units using the verification information. This verification information may relate to an authentication signature. Specifically, the verification information may comprise the authentication signature verifying the subset of intermediate data units may use the authentication signature.

[0040] The first NAL unit and / or the second NAL unit may comprise a SEI (supplemental enhancement information) message, for example, according to the ITU-T H.274 and / or ISO / IEC 23002-7 VSEI specification. In particular, the first NAL unit may comprise a digitally signed content initialization SEI message and / or a digitally signed content selection SEI message, and / or the second NAL unit may comprise a digitally signed content verification SEI message. The data unit-based bitstream may be a video bitstream, for example, a VVC (Versatile Video Coding) bitstream, e.g., according to the ITU-T H.266 and / or ISO / IEC 23090-3 specification, or a HEVC (High Efficiency Video Coding) bitstream, e.g., according to the ITU-T H.265 and / or ISO / IEC 23008-2 specification, or a AVC (Advanced Video Coding) bitstream, e.g., according to the ITU-I H.264 and / or ISO / IEC 14496-10 specification.

[0041] In some embodiments, the method may further include applying a hashing algorithm to the subset of intermediate data units to generate a hash value. The hashing algorithm may have been agreed upon previously with the encoder side or may be indicated by the first data unit. The method may further include extracting the verification information from the second data unit, wherein the verification information relates to an authentication signature. The method may yet further include verifying the subset of intermediate data units based on the authentication signature, the generated hash value, and a decryption key.

[0042] In some embodiments, the method may further include extracting, from the first data unit, one or more of information identifying the hashing algorithm, information identifying the encryption key, and / or information identifying an authentication authority in relation to the encryption key.

[0043] In some embodiments, the decryption key may be a public key of a privatepublic key pair. The private-public key pair may be a key pair including a private key that has been used for generating the authentication signature. The public key may be obtainable from a trusted authority, or directly from the encoder side. Alternatively, the decryption key may be identical to the encryption key and may have been exchanged in an appropriate manner between the encoder side and the decoder side before decoding.

[0044] In some embodiments, the method may further include extracting the information identifying the subset of intermediate data units from the first data unit. The method may yet further include selecting, as the subset of intermediate data units, one or more data units among the intermediate data units based on the information identifying the subset of intermediate data units.

[0045] In some embodiments, the subset of intermediate data units may include all intermediate data units in the bitstream between the first data unit and the second data unit.

[0046] In some embodiments, the first data unit may include a first substream identifier. Then, a predefined value of the first substream identifier may indicate that the subset of intermediate data units includes all intermediate data units between the first data unit and the second data unit in the bitstream.

[0047] In some embodiments, the first data unit may include a first substream identifier. The subset of intermediate data units may include all intermediate data units that have a substream identifier identical to the first substream identifier. Alternatively, or in addition, the subset of intermediate NAL units may include all intermediate NAL units that are identified as belonging to the same substream as the first NAL unit using the first substream identifier.

[0048] In some embodiments, the first data unit may include identifier information (i. e. , the subset information may include identifier information) indicating one or more data substream identifiers that are to be included for verification. Then, the subset of intermediate data units may include all intermediate data units that have a substream identifier indicated by the identifier information.

[0049] In some embodiments, the first data unit may include unit type information (i. e. , the subset information may include unit type information) indicating one or more dataunit ty pes that are to be included for verification. Then, the subset of intermediate data units may include all intermediate data units that have a unit type indicated by the unit t pe information.

[0050] The data unit ty pe information may be indicative of whether or not a default list of data unit ty pes is to be included for verification. The default list of data unit types may be pre-defined and / or standardized. As a result of this, the default list of data unit types may not need to be indicated explicitly within the first data unit (e.g., with the first NAL unit).

[0051] Alternatively, or in addition, the data unit type information may be indicative of an alternative list of data unit ty pes that are to be included for verification. The alternative list of data unit ty pes may be explicitly provided within the first data unit (e.g., within the first NAL unit) and / or within the second data unit (e.g., within the second NAL unit). As a result of this, a particularly flexible selection of the one or more intermediate data units may be achieved.

[0052] Alternatively, or in addition, the data unit type information may be indicative of one or more data unit types, e.g., one or more data unit types from the (pre-defined and / or standardized) default list of data unit types, which are to be included and / or which are to be excluded for verification. As a result of this, a particularly flexible selection of the one or more intermediate data units may be achieved. It should be noted that the one or more excluded data unit types may be selected from the default list of data unit types or may be selected freely from the complete set of data unit types. In addition, it should be noted that the one or more included data unit types may be selected from the complete set of data unit ty pes except the default list of data unit types. This may result in a more efficient transmission of information on included or excluded data unit ty pes.

[0053] Hence, the data unit type information may indicate• one or more data unit types that are to be included and / or that are to be excluded for verification; and / or• one or more data unit types from a default list of data unit types that are to be excluded for verification; and / or• one or more data unit types that are to be included in addition to a default list of data unit t pes for verification; and / or• one or more data unit types that are to be included and / or that are to be exclude for verification, which are not compnsed within the default list of data unit types; and / oran alternative list of data unit types that are to be included or that are to be excluded for verification.

[0054] The one or more data unit types which are indicated by the data unit type information may comprise one or more SEI message payload types, one or more NAL unit ty pes (in particular, the NAL unit type prefixSeiNut, and / or the NAL unit type suffixSeiNut) or a combination of one or more SEI message payload types and one or more NAL unit types.

[0055] In some embodiments, the first data unit and the second data unit may each include pairing information for indicating that the second data unit includes the verification information for the subset of intermediate data units indicated by the first data unit. In this case, the one or more intermediate data units may include a further second data unit that includes verification information for one or more data units in the bitstream preceding the first data unit. This further second data unit may include pairing information different from the pairing information of the first and second data units.

[0056] In some embodiments, the verification information may relate to a portion of an authentication signature. Then, the second data unit may include verification splitting information indicative of a relationship betw een the portion of the authentication signature and the complete authentication signature. The method may further include extracting the verification information and the verification splitting information. The method may yet further include reconstructing the authentication signature based at least in part on the verification information and the verification splitting information. For example, the verification splitting information may indicate storage locations of remaining / complementary portions of the authentication signature in the bitstream.

[0057] In some embodiments, the method may further include, upon detection of the second data unit in the bitstream, outputting, by a core decoder, the verification information and the subset of intermediate data units for subsequent verification of the subset of intermediate data units, using a predefined data format. In other words, a predefined interface may be used for providing this information by the core decoder.

[0058] In some embodiments, the verification information and the subset of intermediate data units may be output, using the predefined data format, separately for different pairing information.

[0059] In some embodiments, the subset of intermediate data units may include a data unit that contains timestamp information. Then, the method may further include extracting the timestamp information.

[0060] In some embodiments, the subset of intermediate data units may include a data unit that contains geolocation information. Then, the method may further include extracting the geolocation information.

[0061] In some embodiments, the subset of intermediate data units may include a data unit that contains identification information indicative of a Universally Unique Identifier, UUID. Then, the method may further include extracting the identification information.

[0062] In some embodiments, the subset of intermediate data units may include a data unit that contains identification information indicative of a portion of a UUID and that further contains identification splitting information indicative of a relationship between the portion of the UUID and the complete UUID. Then, the method may further include extracting the identification information and the identification splitting information. The method may yet further include reconstructing the UUID based at least in part on the identification information and the identification splitting information.

[0063] In some embodiments, one or more of the intermediate data units (or of the subset of intermediate data units) may include authorization information. The authorization information may indicate an access restriction for (payload) data included in one or more of the remaining intermediate data units (or of the subset of intermediate data units) and / or indicative of a group of authorized recipients of the payload data. Depending on authorization values included in the authorization information, further operation to extract information from the remaining intermediate data units may be prevented. Alternatively, the authorization values may indicate an intended target audience that the content is targeting, or a group of intended / authorized recipients. The authorization values may be set by content creators or service providers, for example. Then, the method may further include extracting the authorization information.

[0064] According to a further aspect, a method of generating or modifying a data unit-based bitstream is described. The method comprises providing a first NAL unit and a second NAL unit, wherein the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units, wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available for verify ing the subset of intermediate NAL units, and wherein the second NAL unit includes the verification information. The features which are described in the present document are also applicable to this method.

[0065] According to another aspect, a method of decoding a data unit-based bitstream. The method comprises decoding, from the bitstream, a first NAL unit and a second NAL unit, and one or more intermediate NAL units separating the first NAL unit and the second NAL unit in the bitstream, wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available in the second NAL unit for verifying the subset of intermediate NAL units.Furthermore, the method comprises verifying the subset of intermediate NAL units using the verification information. The features which are described in the present document are also applicable to this method.

[0066] The data unit type information may be indicative of a list of data unit types which is included for verification. In particular, the list of data unit types, such as a list referred to as digitallySignedSeiPayloadTypeList, may comprise SEI message payload types with payloadType values 3, 4, 5, 19, 45, 47, 137, 142, 144, 147, 148, 149, 150, 153, 155, 165, 177, 202. 204, 210, 211, 217, and / or 218. Alternatively, or in addition, the list of data unit types, (e.g., a list referred to as nonVclDigitallySignedNalUnitsList) may comprise the NAL unit types with nal_unit_type values 15, 16, 17, 18, 19, 23, and / or 24.

[0067] Alternatively, or in addition, the data unit type information is indicative of SEI NAL unit types (i.e., the SEI message payload types) prefixSeiNut and / or suffixSeiNut (e.g., as part of the list nonVclDigitallySignedNalUnitsList.

[0068] The data unit type information may be indicative of one or more SEI message payloadTypes for one or more SEI messages that enable a receiver to correctly display or otherwise use video in the way intended by a content provider of the data unit-based bitstream.

[0069] The data unit type information may be indicative of a first list of data unit types, e.g., a list referred to as nonVclDigitallySignedNalUnitsList. If the first list of data unit types does not comprise the SEI NAL unit types prefixSeiNut and / or suffixSeiNut, a second list of data unit types, e.g., the list referred to as digitallySignedSeiPayloadTypeList, may be set to be an empty list.

[0070] The data unit type information may be indicative of• VCL NAL units present in a coded video sequence comprised within the data unitbased bitstream;• non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values comprised within a first list, e.g., a list referred to as nonVclDigitallySignedNalUnitsList; and / or• SEI messages present in the coded video sequence with a payloadType value among the values comprised within a second list, e.g., a list referred to asdigitally SignedSeiPayloadTypeList.

[0071] According to a further aspect, a method of generating or modifying a data unit-based bitstream. The method comprises providing a first NAL unit and a second NAL unit, wherein the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units, wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available for verifying the subset of intermediate NAL units, wherein the data unit type information is indicative of at least one default list of data unit types which is included for verification, and wherein the second NAL unit includes the verification information. The features which are described in the present document are also applicable to this method.

[0072] According to another aspect, a method of decoding a data unit-based bitstream is described. The method comprises decoding, from the bitstream, a first NAL unit and a second NAL unit, and one or more intermediate NAL units separating the first NAL unit and the second NAL unit in the bitstream, wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available in the second NAL unit for verifying the subset of intermediate NAL units, and wherein the data unit type information is indicative of at least one default list of data unit types which is included for verification. Furthermore, the method comprises verifying the subset of intermediate NAL units using the verification information. The features which are described in the present document are also applicable to this method.

[0073] The default list of data unit ty pes, e.g., a list referred to as defaultDigitallySignedSeiPayloadTypeList, may comprise SEI message payload types with payloadType values 3, 4, 5, 19, 45, 47, 137, 142, 144, 147, 148, 149, 150, 153, 155, 165, 177, 202, 204, 210, 211, 217, and / or 218. Alternatively, or in addition, the default list of data unit types, e.g., a list referred to as defaultNonVclDigitallySignedNalUnitsList, may comprise the NAL unit types with nal unit type values 15, 16, 17, 18, 19, 23, and / or 24.

[0074] The data unit type information may be indicative of SEI NAL unit ty pes (i. e. , the SEI message payload types) prefixSeiNut and / or suffixSeiNut.

[0075] The data unit type information may be indicative of a first default list of data unit types, e.g., a default list referred to as defaultNonVclDigitallySignedNalUnitsList. If the first default list of data unit ty pes does not comprise the SEI NAL unit types (i.e., the SEI message payload t pes) prefixSeiNut and / or suffixSeiNut, a second default list of data unit types, e.g., a default list referred to as defaultDigitallySignedSeiPayloadTypeList, may be set to be an empty list.

[0076] The data unit ty pe information may comprise a syntax element, e.g., a syntax element referred to as dsci_use_default_nonvcl_nalu_list_flag, which is indicative of whether or not, a list of data unit types which is included for verification, e.g.. a list referred to as nonVclDigitallySignedNalUnitsList, is equal to the default list of data unit types, e.g., to a default list referred to as defaultNonVclDigitallySignedNalUnitsList. Alternatively, or in addition, the data unit type information may comprise a syntax element, e.g., a syntax element referred to as dsci_use_default_sei_payload_type_flag. which is indicative of whether or not, a list of SEI payload data unit types (i.e., the SEI message payload types) which is included for verification, e.g., a list referred to as digitallySignedSeiPayloadTypeList, is equal to the default list of SEI payload data unit types, e.g., to a default list referred to as defaultDigitallySignedSeiPayloadTypeList.

[0077] The data unit type information may comprise an alternative list of data unit ty pes which replaces the default list of data unit types. Alternatively, the data unit type information may comprise a list of data unit ty pes which is added to and / or excluded from the default list of data unit ty pes.

[0078] The data unit type information may be indicative of• VCL NAL units present in a coded video sequence comprised within the data unitbased bitstream;• non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values comprised within a first list, e.g., a list referred to as nonVclDigitallySignedNalUnitsList; and / or• SEI messages present in the coded video sequence with a payloadType value among the values comprised within a second list, e.g., a list referred to asdigitally SignedSeiPayloadTypeList.

[0079] According to another aspect, an apparatus is provided. The apparatus may include one or more processors, and a memory coupled thereto and storing instructions for the one or more processors. The one or more processors may be configured to perform the methods or method steps outlined throughout the present disclosure. This apparatus may relate to an encoder, encoding apparatus, or encoding system, or to a decoder, decoding apparatus, or decoding system, as the case may be.

[0080] According to a further aspect, a computer program is described. The computer program may comprise executable instructions for performing the methods or method steps outlined throughout the present disclosure when executed by a computing device (e.g., one or more processors).

[0081] According to another aspect, a computer-readable storage medium is described. The storage medium may store a computer program adapted for execution on a computing device (e.g., one or more processors) and for performing the methods or method steps outlined throughout the present disclosure when carried out on the computing device.

[0082] As described in Annex D of the AVC and HEVC standards, or in ITU-T H.274 (also referred to as VSEI), Supplemental Enhancement Information (SEI) messages in a coded video bitstream may assist in processes related to decoding, display, or other purposes in a video processing pipeline.

[0083] SEI messages are typically prefixed with (or otherwise associated with) a payload type code that identifies the purpose of the SEI message and a payload length value that identifies the amount of data (e.g., in units of bytes) that is sent for the SEI message. In some cases, there also is an extension mechanism that provides extensibility for individual SEI messages, either by indications sent within the syntax of the SEI message or by appending additional data after the specified syntax, the presence of which can be detected using some mechanism. For example, there are special provisions for detecting appended additional data in the HEVC and VVC standards that can enable a decoder to detect the precise number of bits of such appended data, although the payload length value for conveying SEI messages in the context of these standards is sent in units of bytes.

[0084] The present disclosure describes signaling to indicate which NAL units, e.g., which types of NAL units, should be included in verification information, in particular in the hash calculation. This enables a secure and flexible provision of media, in particular of video, content. Furthermore, this enables explicitly excluding NAL units which may be modified later by the system. Such a modified bitstream can still be verified, even if altered.

[0085] Hence, the present disclosure describes an authentication method on bitstream level for NAL-based media bitstreams. Furthermore, a mechanism for including and / or excluding certain information for the calculation of authentication information is described.

[0086] It should be noted that the methods and apparatus including its preferred embodiments as outlined in the present disclosure may be used stand-alone or in combination with the other methods and apparatus disclosed in this document. Furthermore, all aspects of the methods and apparatus outlined in the present disclosure may be arbitrarily combined. In particular, the features of the claims may be combined with one another in an arbitrary manner.

[0087] It will be appreciated that apparatus features and method steps may be interchanged in many ways. In particular, the details of the disclosed method(s) can be realized by the corresponding apparatus, and vice versa, as the skilled person will appreciate. Moreover, any of the above statements made with respect to the method(s) (and, e.g., their steps) are understood to likewise apply to the corresponding apparatus (and, e.g., their blocks, stages, units), and vice versa.Brief Description of the Drawings

[0088] The invention is explained below in an exemplary manner with reference to the accompanying drawings, whereinFIG. 1 schematically illustrates an example framew ork for bitstream authentication according to embodiments of the disclosure;FIG. 2A to FIG. 2D are flowcharts schematically illustrating methods of encoding or decoding bitstreams, or steps thereof, according to embodiments of the disclosure;FIG. 3A to FIG. 3E schematically illustrate example mechanisms for data unit selection according to embodiments of the disclosure; andFIG. 4 schematically illustrates an apparatus suitable for implementing techniques according to embodiments of the disclosure.Detailed Description

[0089] In the following, example embodiments of the disclosure will be described with reference to the appended figures. Identical elements in the figures may be indicated by identical reference numbers, and repeated description thereof may be omitted.Overview

[0090] In general, the present disclosure relates to techniques applied to the encoder or decoder side of a codec for embedding verification / authenti cation information into a bitstream or extracting the verification / authentication information from the bitstream, respectively.

[0091] At the encoder side, these techniques may involve methods of generating or modifying a bitstream comprising a plurality of data units (e.g., data packets or bitstream elements or NAL (Network Abstraction Layer) units), as well as corresponding apparatus, programs, and computer-readable storage media. These methods comprise providing (e.g., generating, or embedding into the bitstream) a first data unit (e.g., a first NAL unit) and a second data unit (e.g., a second NAL unit). This is done in such manner that the first data unit and the second data unit are separated in the bitstream by one or more intermediate data units (e.g., one or more intermediate NAL units), among them data units for which verification / authentication shall be provided. To this end, the second data unit includes verification information for a subset of intermediate data units among the one or more intermediate data units.

[0092] The bitstream may be a media bitstream, in particular, a video bitstream (e.g., an AVC bitstream, an HEVC bitstream, or a VVC bitstream), or a combination thereof. Nonlimiting examples of feasible bitstream configurations will be described in the remainder of this disclosure.

[0093] At the decoder side, techniques according to the present disclosure may involve methods of decoding a bitstream comprising a plurality of data units (e.g., data packets or bitstream elements or NAL units), as well as corresponding apparatus, programs, and computer-readable storage media. These methods comprise decoding, from the bitstream, a first data unit (e.g., a first NAL unit) and a second data unit (e.g., a second NAL unit), and one or more intermediate data units (e.g., one or more intermediate NAL units) separating the first data unit and the second data unit in the bitstream. The second data unit includes verification information for a subset of intermediate data units among the one or moreintermediate data units. The methods further include verifying the subset of intermediate bitstream elements using the verification information.

[0094] Fig. 1 schematically illustrates an example framework for techniques according to the present disclosure.

[0095] As shown in the figure, a content provider may register their public key with a trusted authority and authenticate a media bitstream including media content using the corresponding private key. This may include, as shown at the bottom left of the figure, calculating a hash value for the media content and generating an authentication signature for the media content based on the generated hash value and the private key. This authentication signature is embedded into the bitstream and provided to a customer / user shown at the bottom right of the figure. The user may then obtain the public key from the trusted authority and use this key to verify the authentication signature extracted from the bitstream, using their own local calculation of the hash value.

[0096] Specific examples relating to different bitstream configurations and codec standards, such as VVC, will be described in the following.VVC Digital Media Authentication

[0097] This section describes mechanisms to efficiently transport digital signatures and other related information (e.g., time stamps, geolocation information, authorization and user identifiers) in a Versatile Video Coding (VVC) audio bitstream, e.g., according to H.266 and / or ISO / IEC 23090-3.

[0098] While this section makes frequent reference to data units and processes of operating on data units, it is understood that the present disclosure is not so limited and is likewise applicable to other bitstream formats and codecs. The data units may be NAL units.

[0099] An example method 210 of generating or modifying a unit-based bitstream (in an VVC framework, for example) is illustrated by the flowchart of Fig. 2A. The unit-based bitstream may be a media bitstream, for example. In particular, the unit-based bitstream may be an VVC bitstream.

[0100] At step S211, a first data unit (e.g., a first NAL unit) and a second data unit (e.g., a second NAL unit) are provided. Providing data units may include and / or consist of generating said units, and / or inserting said units into the bitstream.

[0101] The first data unit and the second data unit are provided such that they are separated in the bitstream by one or more intermediate data units (e.g., one or more intermediate NAL units). Therein, the first data unit includes information (i.e., subsetinformation) indicating a subset of intermediate data units among the one or more intermediate data units for which verification information is available in the bitstream for verifying the subset of intermediate data units. Accordingly, the first data unit may be seen as an indication that the bitstream includes the subset of intermediate data units after the first data unit and before the second data unit that shall be verifiable. The first and second data units thus serve as a form of “bracket" for the data units that shall be verifiable. The second data unit includes the aforementioned verification information. This verification information may relate to an authentication signature, for example. Specifically, the verification information may comprise the authentication signature, or at least a portion thereof.

[0102] Method 220 illustrated in Fig. 2B includes example details of method 210 for providing the first and second data units. It is understood that the steps of method 220 may be performed in orders different from the one show n in Fig. 2B.

[0103] At step S221, one or more data units for which verification / authentication should be provided are selected as the subset of intermediate data units.

[0104] As noted above, the subset of intermediate data units may relate to data units that should be verifiable.

[0105] At step S222, information identifying the subset of intermediate data units is embedded into the first data unit.

[0106] Without intended limitation, the embedded information (i.e., the subset information) identifying the subset of intermediate data units may relate to one or more of a substream identifier, identifier information, and / or unit type information, as outlined below.

[0107] At step S223, a hashing algorithm is applied to the subset of intermediate data units to generate a hash value.

[0108] Any suitable hashing algorithm may be used for this purpose, including, standardized hashing algorithms, such as “Secure Hash Standard’’, published by the National Institute of Standards and Technology, FIPS PUB 180-4 (published Aug 2015), including without intended limitation, SHA-256, SHA, 384, and SHA-512.

[0109] At step S224, an authentication signature is generated based on the hash value and an encryption key. The aforementioned verification information may relate to this authentication signature. In particular, it may comprise the authentication signature, or at least a portion thereof.

[0110] The encry ption key used for this purpose may be a private key of a privatepublic key pair. Alternatively, the encryption key may be identical to a decryption key andmay be exchanged in an appropriate manner between the encoder side and the decoder side before decoding.

[0111] At step S225. the verification information is embedded into the second data unit.

[0112] In some implementations, the hash value generated at step S223 may be directly embedded into the second data unit at step S225, instead of the authentication signature. In this case, step S224 may be omitted.

[0113] An example method 240 of decoding a unit-based bitstream (in a VVC framework, for example) is illustrated by the flowchart of Fig. 2C. The unit-based bitstream may be a media bitstream, for example. In particular, the unit-based bitstream may be a VVC bitstream.

[0114] It is noted that methods of decoding bitstreams as described throughout the disclosure may operate on bitstreams output by corresponding methods of encoding, and that these methods may include corresponding steps, unless indicated otherwise. Detailed description of corresponding steps at decoding may be omitted, for reasons of conciseness.

[0115] At step S241. a first data unit and a second data unit, and one or more intermediate data units separating the first data unit and the second data unit in the bitstream are decoded from the bitstream. Therein, the first data unit includes information (i.e., subset information) indicating a subset of intermediate data units among the one or more intermediate data units for which verification information for verifying / authenticating the subset of intermediate data units is available in the second data unit.

[0116] At step S242, the subset of intermediate data units is verified / authenticated using the verification information.

[0117] The verification information may relate to an authentication signature, as noted above. Specifically, the verification information may comprise the authentication signature or part thereof. Verifying the subset of intermediate data units may use the authentication signature.

[0118] Method 250 illustrated in Fig. 2D includes example details of step S242 of method 240 for verifying / authenticating the subset of intermediate data units. It is understood that the steps of method 2 0 may be performed in orders different from the one shown in Fig. 2D

[0119] At step S251, the information identifying the subset of intermediate data units is extracted from the first data unit.

[0120] At step S252, one or more data units among the intermediate data units are selected, as the subset of intermediate data units, based on the information identifying the subset of intermediate data units.

[0121] At step S253. a hashing algorithm is applied to the subset of intermediate data units to generate a hash value.

[0122] The hashing algorithm used for this purpose may have been agreed upon previously with the encoder side or may be indicated by the first data unit. It is understood that this hashing algorithm is identical to (or yields identical results as) the hashing algorithm used at step S223 above.

[0123] At step S254, the verification information is extracted from the second data unit. This verification information may relate to an authentication signature, as described above.

[0124] At step S255, the subset of intermediate data units is verified / authenticated based on the authentication signature, the generated hash value, and a decryption key.

[0125] If the hash value instead of the authentication signature had been embedded into the second data unit at step S225 of method 220, instead of the authentication signature, the subset of intermediate data units may be verified at step S255 based on the hash value generated at step S253 and the hash value extracted from the second data unit.

[0126] The decry ption key used at step S255 may be a public key of a private-public key pair. The private-public key pair may be a key pair including a private key that has been used for generating the authentication signature, e.g., at step S224. The public key may be obtainable from a trusted authority, or directly from the encoder side. Alternatively, the decryption key may be identical to the encryption key and may have been exchanged in an appropriate manner between the encoder side and the decoder side before decoding.Data Unit Selection -frame types

[0127] Next, mechanisms for signaling which data units shall be included into verification / authenti cation (i.e., shall be hashed for purposes of generating an authentication signature) will be described.

[0128] In one implementation, all data units between the first data unit and the second data unit may be hashed. Or in other words, the aforementioned subset of intermediate data units may include all intermediate data units in the bitstream between the first data unit and the second data unit.

[0129] This is schematically illustrated in the example of Fig. 3A, in which four intermediate data units 330 are ‘“enveloped” between the first data unit 310 and the second data unit 320, and all four of the intermediate data units 330 are included in the subset of intermediate data units 340 for hashing.

[0130] Alternatively, the first data unit may include a first substream identifier (or any other suitable syntax element for signaling this information), and a predefined value of the first substream identifier may indicate that the subset of intermediate data units includes all intermediate data units between the first data unit and the second data unit in the bitstream. For example, the predefined value of the first substream identifier may be 0x0. In this case, all intermediate data units may be included into the hashing, independently of their own substream identifiers.

[0131] This is schematically illustrated in the example of Fig. 3B, in which four intermediate data units 330 are “enveloped” between the first data unit 310 and the second data unit 320, and all four of the intermediate data units 330 are included in the subset of intermediate data units 340 for hashing, even though they have different substream identifiers (and different unit types).

[0132] Further, the first data unit may include a bit flag for toggling between different options for indicating the one or more intermediate data units for hashing.Subslream Identifier-Based Data Unit Selection

[0133] The data units for which verification is available in the bitstream (i.e., the subset of intermediate data units) may be signaled using substream identifiers. For example, the first data unit may include a first substream identifier, and the subset of intermediate data units may include all intermediate data units that have a substream identifier identical to the first substream identifier. The second data unit may also have a substream identifier identical (e.g., equal) to the first substream identifier.

[0134] This is schematically illustrated in the example of Fig. 3C, in which four intermediate data units 330 are “enveloped” between the first data unit 310 and the second data unit 320, but only the first, second, and fourth of these intermediate data units 330 are included in the subset of intermediate data units 340 for hashing. The third intermediate data unit 330 is not included because it is determined based on the substream identifier that this intermediate data unit 330 does not belong to the target set of intermediate data units 330. As outlined above, a substream of the overall bitstream (and the corresponding subset of intermediate data units 330) may be identified using the first substream identifier of the firstdata unit 310 and using additional information (e.g., a target highest Temporalld and / or a target layer identifier list) derived from the first data unit 310 and / or derived from the second data unit 320. Based on this, it can be determined that the third intermediate data unit 330 does not belong to the identified substream.

[0135] In some implementations, the first data unit may additionally include identifier information indicating one or more substream identifiers that are to be included for verification. Then, the subset of intermediate data units may include all intermediate data units that have a substream identifier which is indicated by the identifier information. The identifier information may relate to a whitelist of substream identifiers that are to be included for verification. Alternatively, or in addition, a blacklist of substream identifiers that are not to be included for verification may be defined. Whether a whitelist or a blacklist is defined may be initially agreed on between encoder side and decoder side or may be signaled by a bitflag in the first data unit.

[0136] Adding to the above implementation, the subset of intermediate data units may include all intermediate data units that have a substream identifier identical to the substream identifier of the first data unit (i.e., the first substream identifier), and additionally, all intermediate data units that have a substream identifier indicated by the identifier information.Unit Type Selection - inclusion

[0137] As noted above, unit selection for verification (i.e., hashing for purposes of calculating the authentication signature) may be based on unit types.

[0138] To this end, in one implementation, the first data unit may include unit type information (i.e., the subset information may include unit type information) indicating one or more (data) unit ty pes that are to be included for verification (e.g., hashing), Then, the subset of intermediate data units may include all intermediate data units that have a unit type which is indicated by the unit type information.

[0139] In general, the aforementioned unit type information included in the first data unit may relate to a whitelist of unit types that are to be included for verification.Alternatively, or in addition, a blacklist of unit types that are not to be included for verification may be defined. Whether a whitelist or a blacklist is defined may be initially agreed on between encoder side and decoder side or may be signaled by a bitflag in the first data unit.

[0140] This inclusion or exclusion of unit types may be used in the context of an identifier-based selection, so that all intermediate data units with the same substream identifier as the first data unit are included into the subset of intermediate data units for hashing, but certain data units are still included or excluded depending on their unit types.

[0141] This is schematically illustrated in the example of Fig. 3D, in which four intermediate data units 330 are ‘“enveloped” between the first data unit 310 and the second data unit 320, but only the first, second, and fourth of these intermediate data units 330 are included in the subset of intermediate data units 340 for hashing. The third intermediate data unit 330 is not included because its unit type is indicated by the unit type information comprised within the first data unit to be excluded from hashing.

[0142] The example of Fig. 3D corresponds to the aforementioned blacklist case. In an alternative implementation, which corresponds to the whitelist case, a certain intermediate data unit may be included into the subset of intermediate data units for hashing, even though its substream identifier may not match the first substream identifier of the first data unit, as long as its unit type is indicated by the unit type information comprised within the first data unit to be included for hashing.

[0143] As indicated above, the first data unit 310 and the second data unit 320 may each include pairing information (e.g., a dsci id parameter) for indicating that the second data unit 320 includes the verification information for the subset of intermediate data units 340 indicated by the first data unit 310. This may be used by different authorization authorities to provide verification information independently from one another. By way of example, as illustrated in Fig. 3E, a first authorization authority may provide a first set of first and second data units 310, 320 for a subset of intermediate data units 340 and a second authorization authority may provide a second set of first and second data units 310. 320 for the subset of intermediate data units 340. The first set of first and second data units 310 may make use of a first pairing parameter (e.g., a first value of the dsci id parameter), and the second set of first and second data units 310, 320 may make use of a second pairing parameter (e.g., a second value of the dsci_id parameter) which differs from the first pairing parameter. A decoder may make use of the verification information comprised within the second data unit 320 of the first set to verify the subset of intermediate data units 340 and / or of the verification information comprised within the second data unit 320 of the second set to verity’ the subset of intermediate data units 340.

[0144] It should be noted that the different schemes for defining the subset of intermediate data units 340, which have been described in the present document, may becombined. In particular, the subset of intermediate data units 340 may be defined based on a set of unit types and / or based on a substream identifier. Each set of first and second data units 310, 320 (wherein the different sets are identified by different pairing parameters) may make use of the different schemes for defining the subset of intermediate data units 340 independently from one another.Basic Syntax

[0145] Next, example syntax for use within the VVC standard (ITU-T H.266 and / or ISO / IEC 23090-3) is described.

[0146] The first data unit and / or the second data unit may comprise a SEI message.

[0147] The first data unit may comprise an initialization data unit which may be referred to as “digitally _signed_content_initialization”. Alternatively, or in addition, the first data unit may comprise a content data unit which may be referred to as “digitally signed content selection SEI message7’. The second data unit may comprise a verification data unit which may be referred to as “digitally signed content verification SEI message”.

[0148] For purposes of interpretation of the digitally signed content initialization, the digitally signed content selection and / or the digitally signed content verification SEI messages, the following may be specified:• The list nonVclDigitallySignedNalUnitsList (as a default list of data unit types) may be set to comprise the NAL unit types with nal_unit_type values 15,16,17,18,19, 23, and / or 24.• The variable prefixSeiNut is set equal to 23 and / or the variable suffixSeiNut may be set equal to 24.• The list digitallySignedSeiPayloadTypeList (as a default list of data unit types) may be set to comprise the SEI message payload types with payloadType values 3, 4, 5, 19, 45, 47, 137, 142, 144, 147, 148, 149, 150, 153, 155, 165, 177, 202, 204, 210, 211, 217, and / or 218.

[0149] Use of the digitally signed content initialization SEI message (as the first data unit) may make use of the definition of the following:• A list of non-VCL NAL unit type identifiers nonVclDigitallySignedNalUnitsList (as a default list of data unit ty pes).• The SEI NAL unit type identifiers prefixSeiNut and suffixSeiNut. When prefixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList or suffixSeiNut ispresent among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 1. When prefixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList and suffixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 0.• When seiNutPresentFlag is equal to 1, a list of SEI message payload ty pe values digitallySignedSeiPayloadTypeList (as a default list of data unit types). Otherwise, seiNutPresentFlag is equal to 0, the list digitallySignedSeiPayloadTypeList is set to empty.

[0150] The digitally signed content initialization SEI message, the digitally signed content selection SEI message, and the digitally signed content verification SEI message may provide a mechanism for verifying that the coded video (within the one or more intermediate data units) has been produced by a content provider that identifies itself via the digital certificate that is referenced in the digitally signed content initialization SEI message (i.e., in the first data unit). This SEI message (i.e., the first data unit) also provides information about the secure hash algorithm used for calculating message digests, which are used together with the digital signature present in the digitally signed content verification SEI message (i.e., in the second data unit) to verify the trustworthiness of one or more of the following:• VCL (Video Coding Layer) NAL units present in the coded video sequence (i.e., in the one or more intermediate data units);• non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList and VCL NAL units;• SEI messages present in the coded video sequence with a payloadType value among the values in digitallySignedSeiPayloadTypeList.

[0151] The digitally signed content initialization SEI message (i.e.. the first data unit) may further provide information about the digital signature algorithm used and the public key of the content provider. The digitally signed content initialization SEI message may provide the public key of the content provider either by providing an URI (Uniform Resource Identifier) that identifies a trust record, as specified in ISO / IEC 21617-1, that contains the certificate of the content provider or by providing an URI that directly identifies the certificate.Table 1

[0152] dsci_hash_method_type indicates the secure hash algorithm that is used to calculate message digests for VCL NAL units, the subset of non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList and of the coded video sequence, and the SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList present in the coded video sequence. Based on these message digests and the digital signatures present in digitally signed content verification SEI messages, a decoder can verify that the coded video was produced by the content originator indicated by the syntax elements dsci key source uri, dsci_use_key_register_idx_flag and, if dsci_use_key_register_idx_flag flag is equal to 1, dsci_key_register_idx. The supported values for the syntax element dsci_hash_method_type, the block size used for calculating the message digest, and the size of the calculated message digests are specified in. The secure hash algorithms listed in Table 2 are specified in the ‘“Secure Hash Standard” NIST FIPS PUB 180-4.Table 2

[0153] dsci key source uri contains a URI with syntax and semantics as specified in IETF Internet Standard 66. If dsci key retrieval mode idc is equal to 0, dsci_key_source_uri specifies a trust record, as specified in ISO / IEC 21617-1. If dsci_key_retrieval_mode_idc is equal to 1, the following applies:• If dsci use key register idx flag is equal to 0, the URI identifies the certificate of the content provider that can be used for verifying the signatures present in following digitally signed content verification SEI messages;• Otherwise (if dsci_use_key_register_idx_flag is equal to 1), the URI identifies a register of certificates and the certificate of the content provider that can be used for verifying the signatures present in following digitally signed content verification SEI messages as indicated by dsci_key_register_idx.

[0154] dsci num verification substreams minusl plus 1 indicates the number of substreams for which message digests are calculated and signatures may be present in following digitally signed content verification SEI messages.

[0155] The variable NumVerifi cationSubstream is derived as:NumVerificationSubstream = dsci_num_verification_substreams_minusl + 1.

[0156] dsci key retrieval mode idc equal to 0 indicates that the URI contained in dsci key source uri specifies a trust record, as specified in ISO / IEC 21617-1.dsci key retrieval mode idc equal to 1 indicates that the URI contained in dsci_key_source_uri and, when present, dsci_key_register_idx specify a certificate. In this version of this Specification dsci_key_retrieval_mode_idc shall be in the range of 0 to 1. Decoders shall also allow other values of dsci_key_retrieval_mode_idc, but shall ignore the content of the digitally signed content initialization SEI message, associated digitally signedcontent selection SEI messages and associated digitally signed content verification SEI messages.

[0157] dsci use key register idx flag equal to 1 indicates that the URI contained in dsci_key_source_uri specifies a register of certificates and the syntax element dsci_key_register_idx is present in the SEI message. dsci_use_key_register_idx_flag equal to 0 indicates that the URI contained in dsci_key_source_uri specifies a certificate and the syntax element dsci key register idx is not present in the SEI message.

[0158] When dsci key retrieval mode idc is equal to 0, the media asset for which the last trust manifest within the trust record, as specified in ISO / IEC 21617-1, provides content binding is the digitally signed content initialization SEI message. The following constraints apply to the trust record, as specified in ISO / IEC 21617-1, identified by the dsci_key_source_uri :• The last trust manifest within the trust record, as specified in ISO / IEC 21617-1, shall contain exactly one hard binding data hash assertion with a label equal to c2pa.hash.data.• The schema for data hash assertion is typically defined by a pre-defined data-hash- map rule.• The exclusion range specifying the data in the digitally signed content initialization SEI message that is excluded when computing the hash value and indicated in the data hash assertion shall match the dsci_key_source_uri bytes in the digitally signed content initialization SEI message.

[0159] dsci_key_register_idx, when present, contains an index that specifies the certificate of the content provider, in the certificate register indicated by dsci_key_source_uri, which can be used for verifying the signatures present in following digitally signed content verification SEI messages.

[0160] The certificate indicated by the syntax elements dsci key retrieval mode idc, dsci_use_key_register_idx_flag, dsci_key_source_uri, and, if dsci_use_key_register_idx_flag is equal to 1, dsci_key_register_idx shall specify a digital signature method, with associated parameters (if applicable), and the public key of the content provider. A digital signature algorithm conforming to the “Digital Signature Standard” NIST FIPS 186-5 may be used.

[0161] dsci_content_uuid_present_flag equal to 1 specifies that the syntax element dsci_content_uuid is present. dsci_content_uuid_present_flag equal to 0 specifies that thesyntax element dsci_content_uuid is not present. When dsci_key_retrieval_mode_idc is equal to 0, dsci_content_uuid_present_flag shall be equal to 1.

[0162] dsci_content_uuid, when present, indicates an identifier for the video content and may have a value specified as a UUID according to the procedures of ISO / IEC 11578:1996, Annex A.

[0163] When a digitally signed content initialization SEI message is present in an AU, the calculation of NumVerificationSubstream message digests is initialized according to the specification in NIST FIPS PUB 180-4 for the specified dsci hash method type. Each VCL NAL unit, non-VCL NAL unit with a NAL unit ty pe identifier among the values in nonVclDigitallySignedNalUnitsList, and each SEI message with payloadType value among the values digitallySignedSeiPayloadTypeList following the digitally signed content initialization SEI message is associated to one of the NumVerificationSubstream message digests; the verification substream id is either indicated by the digitally signed content selection SEI message or, if no digitally signed content selection SEI message is present for a PU, inferred to be equal to 0. The message used for calculating the k-th message digest, with k being in the range from 0 to dsci_num_verification_substreams_minusl, inclusive, is obtained by concatenating all VCL NAL units, non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList, and SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList associated with the k-th verification substream. The calculation of the message digests is conducted based on blocks, where the block size may be dependent on the value of dsci_hash_method_type. For each VCL NAL unit, non-VCL NAL unit with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList, and SEI message with payloadType values among the values digitallySignedSeiPayloadTypeList, the associated message digest is updated according to the algorithm specified in NIST FIPS PUB 180-4 for the specified dsci_hash_method_type. Since the message digests are calculated for the concatenation of all VCL NAL units, non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList, and SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList for a verification substream, some of the processing blocks may span over two or more successive NAL units.

[0164] The digitally signed content selection SEI message may have the following syntax:Table 3

[0165] Use of digitally signed content selection SEI message may make use of the definition of the following:• A list of non-VCL NAL unit type identifiers nonVclDigitallySignedNalUnitsList. • The SEI NAL unit type identifiers prefixSeiNut and suffixSeiNut. When prefixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList or suffixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 1. When prefixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList and suffixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 0.• When seiNutPresentFlag is equal to L a list of SEI message payload type values digitallySignedSeiPayloadTypeList. Otherwise, seiNutPresentFlag is equal to 0, the list digitallySignedSeiPayloadTypeList is set to empty.

[0166] The digitally signed content selection SEI message may provide a mechanism for associating coded pictures with one of the verification substreams indicated in a digitally- signed content initialization SEI message.

[0167] When an AU contains both a digitally signed content initialization SEI message and a digitally signed content selection SEI message, the digitally signed content initialization SEI message shall precede the digitally signed content selection SEI message in decoding order.

[0168] When a CVS does not contain a digitally signed content initialization SEI message, CLVSs of the CVS shall not contain a digitally signed content selection SEI message.

[0169] When a digitally signed content selection SEI message is present in any AU of a CVS. it shall precede all VCL NAL units, non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUmtsList, and SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList of the AU.

[0170] dscs_verification_substream_id indicates the verification substream to which the VCL NAL units, non-VCL NAL units with a NAL unit type identifier among the valuesin nonVclDigitallySignedNalUnitsList, and SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList of the current coded picture are assigned to. When a digitally signed content initialization SEI message was present in the current coded video sequence, but no digitally signed content selection SEI message is present for a coded picture, the value of dscs_verification_substream_id is inferred to be equal to 0. The value of dscs_verification_substream_id shall be in the range from 0 to dsci_num_verification_substreams_minus 1 , inclusive.

[0171] The message digest for the verification substream with id equal to dscs_verification_substream_id may be updated with the VCL NAL units, non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList, and SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList of the current coded picture according to the dsci_hash_method_type specified in the preceding digitally signed content initialization SEI message.

[0172] The digitally signed content verification SEI message may have the following syntaxTable 4

[0173] Use of the digitally signed content verification SEI message may make use of the definition of the following:• A list of non-VCL NAL unit type identifiers nonVclDigitallySignedNalUnitsList. • The SEI NAL unit type identifiers prefixSeiNut and suffixSeiNut. When prefixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList or suffixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 1. When prefixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList and suffixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 0.When seiNutPresenlFlag is equal to 1, a list of SEI message payload type values digitallySignedSeiPayloadTypeList. Otherwise, seiNutPresentFlag is equal to 0, the list digitallySignedSeiPayloadTypeList is set to empty.

[0174] The digitally signed content verification SEI message provides a mechanism for verifying the digital signature of video content.

[0175] When a CVS does not contain a digitally signed content initialization SEI message, CLVSs of the CVS shall not contain digitally signed content verification SEI message.

[0176] When an AU contains both a digitally signed content initialization SEI message and a digitally signed content verification SEI message, the digitally signed content initialization SEI message shall precede the digitally signed content verification SEI message. When a PU contains both a digitally signed content selection SEI message and a digitally signed content verification SEI message, the digitally signed content selection SEI message shall precede the digitally signed content verification SEI message.

[0177] When a digitally signed content verification SEI message is present in a PU of a CVS, no VCL NAL units, non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList, or SEI messages with payloadType values among the values digitallySignedSeiPayloadTypeList shall be assigned to the substream that is indicated by dscv_verification_substream_id, unless one or more of the following conditions are true:• The bitstream ends.• A new CVS (Coded video sequence) begins.• A new digitally signed content initialization SEI message is received.

[0178] dscv_verification_substream_id indicates the verification substream to which the SEI message applies.

[0179] dscv_signature_length_in_octets_minusl plus 1 specifies the length of the syntax element dscv_signature in octets (one octet consists of 8 bits).

[0180] dscv_signature contains the digital signature for the verification substream indicated by dscv_verification_substream_id.

[0181] As indicated above, the one or more intermediate NAL units which are authenticated by the verification information comprised within the second NAL unit (i.e.,within the digitally signed content verification SEI message) may be identified by default, e.g., using the list

[0182] defaultNonVclDigitallySignedNalUnitsList and / or defaultDigitallySignedSeiPayloadTypeList. The one or more intermediate NAL units which are authenticated by the verification information may comprise SEI messages, in particular SEI messages of the NAL unit type prefixSeiNut and / or suffixSeiNut.

[0183] In the following, an example syntax for a digitally signed content initialization SEI message (i.e., for a first data unit, such as a first NAL unit) is described, which enables a deviation from the default list of data unit types (in particular from the list

[0184] defaultNonVclDigitallySignedNalUnitsList and / ordefaultDigitallySignedSeiPayloadTypeList).<<Table 5

[0185] dsci use default nonvcl nalu list flag equal to 1 indicates the list nonVclDigitallySignedNalUnitsList is set equal to the list defaultNonVclDigitallySignedNalUnitsList and syntax elementsdsci_num_nonvcl_nal_units_minusl and dsci_nonvcl_nal_unit[ i ] are not present. dsci_use_default_nonvcl_nalu_list_flag equal to 0 indicates the list nonVclDigitallySignedNalUnitsList might not equal the list defaultNonVclDigitallySignedNalUnitsList and syntax element dsci_nonvcl_nal_units_type_prcsent_flag is present. When not present, the value of dsci_use_default_nonvcl_nalu_list_flag is inferred to be equal to 0.

[0186] dsci nonvcl nal unit types present flag equal to 1 indicates that the syntax elements dsci num nonvcl nal units minusl and dsci_nonvcl_nal_unit[ i ] are present. dsci_nonvcl_nal_units_type_present_flag equal to 0 indicates that the syntax elements dsci_num_nonvcl_nal_units_minusl and dsci_nonvcl_nal_unit[ i ] are not present and that the lists nonVclDigitallySignedNalUnitsList and digitallySignedSeiPayloadTypeList are empty.

[0187] dsci_num_nonvcl_nal_units_minusl plus 1 specifies the number of non-VCL NAL unit types present in the list nonVclDigitallySignedNalUnitsList.

[0188] dsci_nonvcl_nal_unit[ i ] specifies the ith non-VCL NAL unit type value in the list nonVclDigitallySignedNalUnitsList.

[0189] When prefixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList or suffixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 1. When prefixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList and suffixSeiNut is not present among the values in nonVclDigitallySignedNalUnitsList, the variable SeiNutPresentFlag is set equal to 0.

[0190] dsci use default sei payload type flag equal to 1 indicates the list digitallySignedSeiPayloadTypeList is set equal to the list defaultDigitallySignedSeiPayloadTypeList. dsci_use_default_sei_payload_type_flag equal to 0 indicates the list digitallySignedSeiPayloadTypeList might not equal the list defaultDigitallySignedSeiPayloadTypeList.

[0191] dsci_sei_payload_types_present_flag, when present, equal to 1 indicates that the syntax elements dsci_num_num_sei_payload_types_minusl and dsci_sei_payload_type[ i ] are present, dsci sei pa load types present Hag equal to 0 indicates that the syntax elements dsci num num sei pa load types minus I and dsci_sei_payload_type[ i ] are not present and the list digitallySignedSeiPayloadTypeList is empty. When not present, the value of dsci sei payload types_present flag is inferred to be equal to 0.

[0192] dsci_num_ num sei payload types minusl plus 1 specifies the number of SEI message payload types present in the list digitallySignedSeiPayloadTypeList.

[0193] dsci_sei_payload_type[ i ] specifies the ith SEI message payload type value in the list digitallySignedSeiPayloadTypeList.

[0194] Hence, the first NAL unit (e.g., the digitally signed content initialization SEI message) may enable the encoder to replace the default list of the included NAL unit types (e.g., the defaultNonVclDigitallySignedNalUmtsList) by an alternative list (e.g., nonVclDigitallySignedNalUnitsList) which is explicitly defined within the first NAL unit. Alternatively, or in addition, the first NAL unit may enable the encoder to replace the default list of included SEI message payload types (e.g., defaultDigitallySignedSeiPayloadTypeList) by an alternative list (e.g., digitallySignedSeiPayloadTypeList) which is explicitly defined within the first NAL unit. It should be noted that the SEI message payload types are typically a subset of NAL unit types.

[0195] A further example syntax for a digitally signed content initialization SEI message (i.e., for a first data unit, such as a first NAL unit), which enables a deviation from the default list of NAL unit types (in particular from the list

[0196] defaultNonVclDigitallySignedNalUnitsList and / or defaultDigitallySignedSeiPayloadTypeList) is shown in Table 6. <<<<Table 6

[0197] dsci use default nonvcl nalu list flag equal to 1 indicates the list nonVclDigitallySignedNalUnitsList is set equal to the list defaultNonVclDigitallySignedNalUnitsList and syntax elements dsci_excluded_nonvcl_nal_units_present_flag and dsci_included_nonvcl_nal_units_present_flag are not present. dsci_use_default_nonvcl_nalu_hst_flag equal to 0 indicates the list nonVclDigitallySignedNalUnitsList might not equal the list defaultNonVclDigitallySignedNalUnitsList and syntax elements dsci_excluded_nonvcl_nal_units_present_flag and dsci_included_nonvcl_nal_units_presnt_flag are present.

[0198] dsci excluded nonvcl nal units present flag, when present, equal to 1 indicates that the syntax elements dsci_num_excluded_nonvcl_nal_units_minusl and dsci_excluded_nonvcl_nal_units_type[ i J are present. dsci_excluded_nonvcl_nal_units_present_flag equal to 0 indicates that the syntax elements dsci num nonvcl nal units minusl and dsci_excluded_nonvcl_nal_units_type| i ] are not present. When not present, the value of dsci_excluded_nonvcl_nal_units_present_flag is inferred to be equal to 0.

[0199] dsci_num_excluded_nonvcl_nal_units_minusl plus 1 specifies the number of non-VCL NAL unit ty pes of values present in the list excludedNonVclDigitallySignedNalUnitsList.

[0200] dsci_excluded_nonvcl_nal_unit[ i ] specifies the ith non-VCL NAL unit type value in the list excludedNonVclDigitallySignedNalUnitsList.

[0201] dsci_included_nonvcl_nal_units_present_flag, when present, equal to 1 indicates that the syntax elements dsci_num_included_nonvcl_nal_units_minusl and dsci_included_nonvcl_nal_units_type[ i ] are present.dsci_included_nonvcl_nal_units_present_flag equal to 0 indicates that the syntax elements dsci num nonvcl nal units minusl and dsci_included_nonvcl_nal_units_type[ i ] are not present. When not present, the value of dsci_included_nonvcl_nal_units_present_flag is inferred to be equal to 0.

[0202] dsci_num_included_nonvcl_nal_units_minusl plus 1 specifies the number of non-VCL NAL unit types of values present in the listincludedN onV clDigitally SignedN alUnitsList.

[0203] dsci_included_nonvcl_nal_unit[ i ] specifies the ith non-VCL NAL unit type value in the list includedNonVclDigitallySignedNalUnitsList.

[0204] The list of non-VCL NAL unit ty pe identifiers nonVclDigitallySignedNalUnitsList is set to consist of all NAL unit type values in the defaultNonV clDigitally SignedNalUnitsList and includedNonV clDigitally SignedNalUnitsList except NAL unit ty pes of value in the list excludedNonVclDigitallySignedNalUnitsList.

[0205] When prefixSeiNut is present among the values innonV clDigitally SignedNalUnitsList or suffixSeiNut is present among the values in nonVclDigitallySignedNalUnitsList, the variable seiNutPresentFlag is set equal to 1. When prefixSeiNut is not present among the values in nonV clDigitally SignedNalUnitsList and suffixSeiNut is not present among the values in nonV clDigitally SignedNalUnitsList, the variable SeiNutPresentFlag is set equal to 0.

[0206] dsci use default sei payload type flag, when present, equal to 1 indicates the list digitallySignedSeiPayloadTypeList is set equal to the list defaultDigitallySignedSeiPayloadTypeList. dsci_use_default_sei_payload_type_flag equal to 0 indicates the list digitallySignedSeiPayloadTypeList might not equal the list defaultDigitallySignedSeiPayloadTypeList. When not present, the value of dsci_use_default_sei_payload_type_flag is inferred to be equal to 0.

[0207] dsci_excluded_sei_payload_types_present_flag, when present, equal to 1 indicates that the syntax elements dsci_num_excluded_sei_payload_types_minusl and dsci_excluded_sei_payload_types_type[ i ] are present. dsci_excluded_sei_payload_types_present_flag equal to 0 indicates that the syntax elements dsci_num_sei_payload_types_minusl and dsci_excluded_sei_payload_types_type[ i ] are not present. When not present, the value of dsci_excluded_sei_payload_types_present_flag is inferred to be equal to 0.

[0208] dsci_num_excluded_sei_payload_types_minusl plus 1 specifies the number of SEI payload types of values present in the list excludedDigitallySignedSeiPayloadTypeList.

[0209] dsci_excluded_nonvcl_nal_unit[ i ] specifies the ith non-VCL NAL unit type value in the list excludedDigitallySignedSeiPayloadTypeList.

[0210] dsd_included_sei_payload_types_present_flag, when present, equal to 1 indicates that the syntax elements dsci_num_included_sei_payload_types_minusl and dsci_included_sei_payload_types_type[ i ] are present. dsci_included_sei_payload_types_present_f1ag equal to 0 indicates that the syntax elements dsci_num_sei_payload_types_minusl and dsci_included_sei_payload_types_type| i ] are not present. When not present, the value of dsci included sei_payload types_present flag is inferred to be equal to 0.

[0211] dsci_num_included_sei_payload_types_minusl plus 1 specifies the number of SEI payload types of values present in the the list includedDigitallySignedSeiPayloadTypeList.

[0212] dsci_included_nonvcl_nal_unit[ i ] specifies the i-th non-VCL NAL unit type value in the list includedDigitallySignedSeiPayloadTypeList.

[0213] The list of SEI payload type identifiers digitallySignedSeiPayloadTypeList is set to consist of all NAL unit type values in the defaultDigitallySignedSeiPayloadTypeList and includedDigitallySignedSeiPayloadTypeList except NAL unit types of value in the list excludedDigitallySignedSeiPayloadTypeList.

[0214] Hence, the first NAL unit (e.g., the digitally signed content initialization SEI message) may enable the encoder to deviate from the default list of the included NAL unit types (e.g., the defaultNonVclDigitallySignedNalUnitsList) by excluding one or more NAL unit types (as indicated within excludedNonVclDigitallySignedNalUnitsList) and / or by including one or more NAL unit types (as indicated within includedNonVclDigitallySignedNalUnitsList). Alternatively, or in addition, the first NAL unit (e.g., the digitally signed content initialization SEI message) may enable the encoder to deviate from the default list of the included SEI message payload types (e.g., the defaultDigitallySignedSeiPayloadTypeList) by excluding one or more SEI message payload types (as indicated within excludedDigitallySignedSeiPayloadTypeList) and / or by including one or more SEI message payload types (as indicated withinincludedDigitallySignedSeiPayloadTypeList).

[0215] A further example for the syntax of a digitally signed content initialization SEI message (i.e., for a first data unit, such as a first NAL unit) is provided in Table 7.Table 7

[0216] dsci id contains an identifying number that may be used to identify a mechanism for verifying that the coded video has been produced by a content provider. The value of dsci_id may be in the range of 0 to 232- 2, inclusive. Values of dsci_id from 256 to 511, inclusive, and from 231to 232- 2, inclusive, may be reserved for future use by ITU- T | ISO / IEC. Decoders encountering a digitally signed content initialization SEI message with dsci id in the range of 256 to 511, inclusive, or in the range of 231to 232- 2, inclusive, shall ignore the SEI message.

[0217] Alternatively, or in addition, the dsci id parameter may be provided in the digitally signed content selection SEI message, as illustrated in Tables 8 or 9.Table 8Table 9

[0218] dscs_verification_substream_id indicates the verification substream to which the non-VCL NAL units with a NAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList and VCL NAL units of the current coded picture are assigned to. When a digitally signed content initialization SEI message was present in the current coded video sequence, but no digitally signed content selection SEI message is present for a coded picture, the value of dscs_verification_substream_id is inferred to be equal to 0. The value of dscs_verification_substream_id shall be in the range from 0 to dsci_num_verification_substreams_minus 1. inclusive.

[0219] The digitally signed content verification SEI message provides a mechanism for verifying a substream indicated in a digitially signed content initialization SEI message indicated by dsci id.

[0220] When a CV S does not contain a digitally signed content initialization SEI message identified by dsci id, CLVSs of the CVS shall not contain digitally signed content verification SEI message identified by dsci id. dscv_verification_substream_id may therefore indicate the verification substream to which the SEI message applies.

[0221] dscv_signature_length_in_octets_minusl plus 1 specifies the length of the syntax element dscv_signature in octets (one octet consists of 8 bits).

[0222] dscv signature contains the digital signature for the verification substream indicated by dscv_verification_substream_id.

[0223] When an AU contains both a digitally signed content initialization SEI message identified by dsci_id and a digitally signed content verification SEI message identified by dsci_id, the digitally signed content initialization SEI message shall precede the digitally signed content verification SEI message. When a PU contains both a digitally signed content selection SEI message identified by dsci_id and a digitally signed content verification SEI message identified by dsci_id, the digitally signed content selection SEI message shall precede the digitally signed content verification SEI message.

[0224] When a digitally signed content verification SEI message identified by dsci id is present in a PU of a CVS, no non-VCL NAL units with aNAL unit type identifier among the values in nonVclDigitallySignedNalUnitsList or VCL NAL unit shall be assigned to the substream that is indicated by dscv_verification_substream_id, unless one or more of the following conditions are true:• The bitstream ends.• A new CVS begins.• A new digitally signed content initialization SEI message is received.Apparatus Programs, and Recordins Media

[0225] While methods and processing chains have been described above, it is understood that the present disclosure likewise relates to apparatus (e.g., computer apparatus or apparatus having processing capability in general) for implementing these methods and neural networks (or techniques in general).

[0226] An example of such apparatus 400 is schematically illustrated in Fig.4. The apparatus 400 comprises a processor 410 and a memory 420 coupled to the processor 410. The memory 420 may store instructions for execution by the processor 410. The processor 410 may be adapted to implement the apparatus described throughout the disclosure and / or to perform methods (e.g., methods of encoding or decoding, methods of generating or modifying bitstreams) described throughout the disclosure. The apparatus 400 may receive inputs (e.g., media (e.g., video) content or a video bitstream) and generate outputs (e.g., a video bitstream, media content, a verification result) as described throughout the disclosure.

[0227] The present disclosure further relates to programs (e.g., computer programs) comprising instructions that, when executed by a processor (or multiple processors), cause the processor (or multiple processors) to carry out any of the methods described throughout the disclosure, and to computer-readable storage media storing such programs.Interpretation

[0228] Aspects of the systems described herein may be implemented in an appropriate computer-based sound processing network environment (e.g., server or cloud environment) for processing digital or digitized audio files. Portions of these systems may include one or more networks that comprise any desired number of individual machines, including one or more routers (not shown) that serve to buffer and route the data transmittedamong the computers. Such a network may be built on various different network protocols, and may be the Internet, a Wide Area Network (WAN), a Local Area Network (LAN), or any combination thereof.

[0229] One or more of the components, blocks, processes or other functional components may be implemented through a computer program that controls execution of a processor-based computing device of the system. It should also be noted that the various functions disclosed herein may be described using any number of combinations of hardware, firmware, and / or as data and / or instructions embodied in various machine-readable or computer-readable media, in terms of their behavioral, register transfer, logic component, and / or other characteristics. Computer-readable media in which such formatted data and / or instructions may be embodied include, but are not limited to, physical (non-transitory). nonvolatile storage media in various forms, such as optical, magnetic or semiconductor storage media.

[0230] Specifically , it should be understood that embodiments may include hardware, software, and electronic components or modules that, for purposes of discussion, may be illustrated and described as if the majority of the components were implemented solely in hardware. However, one of ordinary skill in the art, and based on a reading of this detailed description, would recognize that, in at least one embodiment, the electronic-based aspects may be implemented in software (e.g.. stored on non-transitory computer-readable medium) executable by one or more electronic processors, such as a microprocessor and / or application specific integrated circuits ("ASICs"). As such, it should be noted that a plurality of hardware and software-based devices, as well as a plurality of different structural components, may be utilized to implement the embodiments. For example, computer-implemented neural networks described herein can include one or more electronic processors, one or more computer-readable medium modules, one or more input / output interfaces, and various connections (e.g., a system bus) connecting the various components.

[0231] While one or more implementations have been described by way of example and in terms of the specific embodiments, it is to be understood that one or more implementations are not limited to the disclosed embodiments. To the contrary, it is intended to cover various modifications and similar arrangements as would be apparent to those skilled in the art. Therefore, the scope of the appended claims should be accorded the broadest interpretation so as to encompass all such modifications and similar arrangements.

[0232] Also, it is to be understood that the phraseology and terminology used herein are for the purpose of description and should not be regarded as limiting. The use of“including,” “comprising,” or “having” and variations thereof are meant to encompass the items listed thereafter and equivalents thereof as well as additional items. Unless specified or limited otherwise, the terms “mounted,” “connected,” “supported,” and “coupled” and variations thereof are used broadly and encompass both direct and indirect mountings, connections, supports, and couplings.

[0233] Various aspects and implementations of the invention may also be appreciated from the following enumerated example embodiments (EEEs), which are not claims.EEE1. A method of generating or modifying a data unit-based bitstream, comprising: providing a first NAL unit and a second NAL unit,wherein the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units;wherein the first NAL unit includes information indicating a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available in the bitstream for verifying the subset of intermediate NAL units: andthe second NAL unit includes the verification information.EEE 2. The method according to EEE 1, further comprising:applying a hashing algorithm to the subset of intermediate NAL units to generate a hash value;generating an authentication signature based on the hash value and an encr ption key, wherein the verification information relates to the authentication signature; and embedding the verification information into the second NAL unit.EEE 3. The method according to EEE 2, further comprising embedding, into the first NAL unit, one or more of:information identifying the hashing algorithm;information identifying the encryption key; and / orinformation identifying an authentication authority in relation to the encryption key.EEE 4. The method according to EEE 2 or EEE3, wherein the encryption key is a private key of a private-public key pair.EEE 5. The method according to any one of the preceding EEEs, further comprising: selecting, as the subset of intermediate NAL units, one or more NAL units for which verification should be provided; andembedding information identifying the subset of intermediate NAL units into the first NAL unit.EEE 6. The method according to any one of the preceding EEEs, wherein the subset of intermediate NAL units includes all intermediate NAL units in the bitstream between the first NAL unit and the second NAL unit.EEE 7. The method according to any one of the preceding EEEs. wherein the first NAL unit includes a first substream identifier, andwherein the subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier identical to the first substream identifier; and / orwherein the subset of intermediate NAL units includes all intermediate NAL units that are identified as belonging to the same substream as the first NAL unit using the first substream identifier.EEE 8. The method according to any one of the preceding EEEs, wherein the first NAL unit includes identifier information indicating one or more substream identifiers that are to be included for verification; andthe subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier indicated by the identifier information.EEE 9. The method according to any one of the preceding EEEs, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification; andthe subset of intermediate NAL units includes all intermediate NAL units that have a data unit type indicated by the data unit type information.EEE 10. The method according to any one of the preceding EEEs, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification and wherein the data unit type information is indicative of whether or not a default list of data unit types is to be included for verification.EEE 11. The method according to any one of the preceding EEEs, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification and wherein the data unit type information is indicative of an alternative list of data unit ty pes that are to be included for verification; wherein the alternative list of data unit ty pes is explicitly provided within the first NAL unit and / or within the second NAL unit.EEE 12. The method according to any one of the preceding EEEs, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification and wherein the data unit type information is indicative of one or more data unit types which are to be included and / or which are to be excluded for verification.EEE 13. The method according to any one of the preceding EEEs, wherein the first NAL unit includes data unit type information indicatingone or more data unit types from a default list of data unit types that are to be excluded for verification; and / orone or more data unit types that are to be included in addition to the default list of data unit types for verification; and / orone or more data unit types that are to be included and / or that are to be exclude for verification, which are not comprised within the default list of data unit types; and / oran alternative list of data unit types that are to be included or that are to be excluded for verification.wherein the one or more data unit types comprise one or more SEI message payload ty pes, one or more NAL unit types or a combination of one or more SEI message payload types and one or more NAL unit types.EEE 14. The method according to any one of the preceding EEEs, wherein the verification information relates to a portion of an authentication signature; andthe second NAL unit includes verification splitting information indicative of a relationship between the portion of the authentication signature and the complete authentication signature.EEE 15. The method according to any one of the preceding EEEs, wherein the first NAL unit includes a verification indicator; wherein the verification indicator indicates a predefined combination of a hash method, a source URI and / or a number of substreams of the bitstream that has been used for determining the verification information.EEE 16. The method according to any one of the preceding EEEs, wherein the first NAL unit and / or the second NAL unit comprise a SEI message according to the ITU-T H.274 and / or ISO / IEC 23002-7 VSEI specification.EEE 17. The method according to any one of the preceding EEEs, wherein the first NAL unit comprises a digitally signed content initialization SEI message and / or a digitally signed content selection SEI message, and / or wherein the second NAL unit comprises a digitally signed content verification SEI message.EEE 18. The method according to any one of the preceding EEEs, wherein the data unit-based bitstream is a video bitstream, wherein the video bitstream is a VVC bitstream according to the ITU-T H.266 and / or ISO / IEC 23090-3 specification, or a HEVC bitstream according to the ITU-T H.265 and / or ISO / IEC 23008-2 specification, or a AVC bitstream according to the ITU-T H.264 and / or ISO / IEC 14496-10 specification.EEE 19. A method of decoding a data unit-based bitstream, comprising: decoding, from the bitstream, a first NAL unit and a second NAL unit, and one or more intermediate NAL units separating the first NAL unit and the second NAL unit in the bitstream, wherein the first NAL unit includes information indicating a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information for verifying the subset of intermediate NAL units is available in the second NAL unit; and verifying the subset of intermediate NAL units using the verification information.EEE 20. The method according to EEE 19, further comprising:applying a hashing algorithm to the subset of intermediate NAL units to generate a hash value;extracting the verification information from the second NAL unit, wherein the verification information relates to an authentication signature; andverify ing the subset of intermediate NAL units based on the authentication signature, the generated hash value, and a decryption key.EEE 21. The method according to EEE 20, further comprising extracting, from the first NAL unit, one or more of:information identifying the hashing algorithm;information identifying the encryption key; and / orinformation identifying an authentication authority in relation to the encryption key.EEE 22. The method according to EEE 20 or 21, wherein the decry ption key is a public key of a private-public key pair.EEE 23. The method according to any one of EEEs 19 to 22, further comprising: extracting the information identifying the subset of intermediate NAL units from the first NAL unit; andselecting, as the subset of intermediate NAL units, one or more NAL units among the intermediate NAL units based on the information identifying the subset of intermediate NAL units.EEE 24. The method according to any one of EEEs 19 to 23, wherein the subset of intermediate NAL units includes all intermediate NAL units in the bitstream between the first NAL unit and the second NAL unit.EEE 25. The method according to any one of EEEs 19 to 24, wherein the first NAL unit includes a first substream identifier, andwherein the subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier identical to the first substream identifier; and / orwherein the subset of intermediate NAL units includes all intermediate NAL units that are identified as belonging to the same substream as the first NAL unit using the first substream identifier.EEE 26. The method according to any one of EEEs 19 to 25, wherein the first NAL unit includes identifier information indicating one or more substream identifiers that are to be included for verification; andthe subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier indicated by the identifier information.EEE 27. The method according to any one of EEEs 19 to 26, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification; andthe subset of intermediate NAL units includes all intermediate NAL units that have a data unit type indicated by the data unit type information.EEE 28. The method according to any one of EEEs 19 to 27, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification and wherein the data unit type information is indicative of whether or not a default list of data unit types is to be included for verification.EEE 29. The method according to any one of EEEs 19 to 28, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification and wherein the data unit type information is indicative of an alternative list of data unit types that are to be included for verification; wherein the alternative list of data unit types is explicitly provided within the first NAL unit and / or within the second NAL unit.EEE 30. The method according to any one of EEEs 19 to 29, wherein the first NAL unit includes data unit type information indicating one or more data unit types that are to be included for verification and wherein the data unit type information is indicative of one or more data unit types which are to be included and / or which are to be excluded for verification.EEE 31. The method according to any one of EEEs 19 to 30, wherein the first NAL unit includes data unit type information indicatingone or more data unit types from a default list of data unit types that are to be excluded for verification; and / orone or more data unit types that are to be included in addition to the default list of data unit types for verification; and / orone or more data unit types that are to be included and / or that are to be exclude for verification, which are not comprised w ithin the default list of data unit types; and / oran alternative list of data unit types that are to be included or that are to be excluded for verification.wherein the one or more data unit types comprise one or more SEI message payload ty pes, one or more NAL unit types or a combination of one or more SEI message payload ty pes and one or more NAL unit types.EEE 32. The method according to any one of EEEs 19 to 31, wherein the verification information relates to a portion of an authentication signature;the second NAL unit includes verification splitting information indicative of a relationship between the portion of the authentication signature and the complete authentication signature; andthe method further comprises:extracting the verification information and the verification splitting information; and reconstructing the authentication signature based at least in part on the verification information and the verification splitting information.EEE 33. The method according to any one of EEEs 19 to 32, further comprising: upon detection of the second NAL unit in the bitstream, outputting, by a core decoder, the verification information and the subset of intermediate NAL units for subsequent verification of the subset of intermediate NAL units, using a predefined data format.EEE 34. The method according to EEE 33 when depending on EEE 31, wherein the verification information and the subset of intermediate NAL units are output, using the predefined data format, separately for different pairing information.EE 35. The method according to any one of EEEs 19 to 34, wherein the first NAL unit includes a verification indicator; wherein the verification indicator indicates a predefined combination of a hash method, a source URI and / or a number of substreams of the bitstream that has been used for determining the verification information.EEE 36. The method according to any one of EEEs 19 to 35, wherein the first NAL unit and / or the second NAL unit comprise a SEI message according to the ITU-T H.274 and / or ISO / IEC 23002-7 VSEI specification.EEE 37. The method according to any one of EEEs 19 to 36, wherein the first NAL unit comprises a digitally signed content initialization SEI message and / or a digitally signed content selection SEI message, and / or wherein the second NAL unit comprises a digitally signed content verification SEI message.EEE 38. The method according to any one of EEEs 19 to 37, wherein the data unitbased bitstream is a video bitstream, wherein the video bitstream is a VVC bitstream according to the ITU-T H.266 and / or ISO / IEC 23090-3 specification, or a HEVC bitstreamaccording to the ITU-T H.265 and / or ISO / IEC 23008-2 specification, or a AVC bitstream according to the ITU-T H.264 and / or ISO / IEC 14496-10 specification.EEE 39. A method of generating or modifying a data unit-based bitstream, comprising:providing a first NAL unit and a second NAL unit,wherein the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units;wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available for verifying the subset of intermediate NAL units; andthe second NAL unit includes the verification information.EEE 40. A method of decoding a data unit-based bitstream, comprising: decoding, from the bitstream, a first NAL unit and a second NAL unit, and one or more intermediate NAL units separating the first NAL unit and the second NAL unit in the bitstream, wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available in the second NAL unit for verifying the subset of intermediate NAL units; andverify ing the subset of intermediate NAL units using the verification information.EEE 41. The method according to any one of EEEs 39 to 40, wherein the data unit type information is indicative of a list of data unit types which is included for verification.EEE 42. The method according to EEE 41, wherein the list of data unit ty pes, digitallySignedSeiPayloadTypeList, comprises SEI message payload types with payloadType values 3, 4. 5, 19, 45, 47, 137. 142, 144. 147, 148. 149, 150, 153. 155, 165. 177, 202, 204.210, 211, 217, and / or 218.EEE 43. The method according to any one of EEEs 39 to 42, wherein the list of data unit types, nonVclDigitallySignedNalUnitsList. comprises the NAL units types withnal_unit_type values 15, 16, 17, 18, 19, 23, and / or 24.EEE 44. The method according to any one of EEEs 39 to 43, wherein the data unit type information is indicative of SEI NAL unit types prefixSeiNut and / or suffixSeiNut.EEE 45. The method according to any one of EEEs 39 to 44, wherein the data unit type information is indicative of one or more SEI message payloadTypes for one or more SEI messages that enable a receiver to correctly display or otherwise use video in the way intended by a content provider of the data unit-based bitstream.EEE 46. The method according to any one of EEEs 39 to 45, whereinthe data unit type information is indicative of a first list of data unit types, nonVclDigitallySignedNalUnitsList; andif the first list of data unit ty pes does not comprise the SEI NAL unit types prefixSeiNut and / or suffixSeiNut, a second list of data unit types. digitallySignedSeiPayloadTypeList, is set to be an empty list.EEE 47. The method according to any one of EEEs 39 to 46, wherein the data unit type information is indicative ofVCL NAL units present in a coded video sequence comprised within the data unitbased bitstream;non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values comprised within a first list, nonVclDigitallySignedNalUnitsList; andSEI messages present in the coded video sequence with a payloadType value among the values comprised within a second list, digitallySignedSeiPayloadTypeList.EEE 48. A method of generating or modifying a data unit-based bitstream, comprising:providing a first NAL unit and a second NAL unit,wherein the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units;wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediateNAL units for which verification information is available for verifying the subset of intermediate NAL units;wherein the data unit type information is indicative of at least one default list of data unit types which is included for verification; andthe second NAL unit includes the verification information.EEE 49. A method of decoding a data unit-based bitstream, comprising: decoding, from the bitstream, a first NAL unit and a second NAL unit, and one or more intermediate NAL units separating the first NAL unit and the second NAL unit in the bitstream, wherein the first NAL unit includes data unit type information indicating one or more data unit types of a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available in the second NAL unit for verifying the subset of intermediate NAL units; wherein the data unit type information is indicative of at least one default list of data unit types which is included for verification; andverifying the subset of intermediate NAL units using the verification information.EEE 50. The method according to any one of EEEs 48 to 49, wherein the default list of data unit types, defaultDigitallySignedSeiPayloadTypeList, comprises SEI message payload types with payloadType values 3. 4, 5, 19, 45, 47, 137. 142, 144. 147, 148, 149. 150, 153, 155, 165, 177, 202, 204, 210, 211, 217, and / or 218.EEE 51. The method according to any one of EEEs 48 to 50, wherein the default list of data unit types, defaultNonVclDigitallySignedNalUnitsList, comprises the NAL units types with nal_unit_type values 15, 16, 17, 18, 19, 23, and / or 24.EEE 52. The method according to any one of EEEs 48 to 51, wherein the data unit type information is indicative of SEI NAL unit types prefixSeiNut and / or suffixSeiNut.EEE 53. The method according to any one of EEEs 48 to 52, whereinthe data unit type information is indicative of a first default list of data unit types, defaultNonVclDigitallySignedNalUnitsList: andif the first default list of data unit types does not comprise the SEI NAL unit types prefixSeiNut and / or suffixSeiNut, a second default list of data unit types, asdefaultDigitallySignedSeiPayloadTypeList, is set to be an empty list.EEE 54. The method according to any one of EEEs 48 to 53, whereinthe data unit type information comprises a syntax element, as dsci_use_default_nonvcl_nalu_list_flag, which is indicative of whether or not, a list of data unit types which is included for verification, nonVclDigitallySignedNalUnitsList, is equal to the default list of data unit types, defaultNonVclDigitallySignedNalUnitsList.EEE 55. The method according to any one of EEEs 48 to 54, whereinthe data unit type information comprises a syntax element,dsci use default sei pay load type flag, which is indicative of whether or not, a list of SEI payload data unit types which is included for verification, digitallySignedSeiPayloadTypeList, is equal to the default list of SEI payload data unit types, defaultDigitallySignedSeiPayloadTypeList.EEE 56. The method according to any one of EEEs 54 to 55, whereinthe data unit type information comprises an alternative list of data unit types which replaces the default list of data unit types; orthe data unit type information comprises a list of data unit types which is added to and / or excluded from the default list of data unit types.EEE 57. The method according to any one of EEEs 48 to 56, wherein the data unit type information is indicative ofVCL NAL units present in a coded video sequence comprised within the data unitbased bitstream;non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values comprised within a first list, nonVclDigitallySignedNalUnitsList; and / orSEI messages present in the coded video sequence with a payloadType value among the values comprised within a second list, digitallySignedSeiPayloadTypeList.EEE 58. An encoding apparatus comprising one or more processors and a memory coupled thereto, wherein the one or more processors are configured to perform the method according to any one of EEEs 1 to 18, 39, 41 to 47, 48, and 50 to 57.EEE 59. A decoding apparatus comprising one or more processors and a memory coupled thereto, wherein the one or more processors are configured to perform the method according to any one of EEEs 19 to 38, 40 to 47, and 49 to 57.EEE 60. A computer program including instructions that when executed by one or more processors, cause the one or more processors to perform the method according to any one of EEEs 1 to 57.EEE 61. A computer-readable storage medium storing the computer program according to EEE 60.

Claims

CLAIMS1. A method of generating or modifying a data unit-based bitstream, comprising: providing a first NAL unit and a second NAL unit,wherein the first NAL unit and the second NAL unit are separated in the bitstream by one or more intermediate NAL units;wherein the first NAL unit includes subset information indicating a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information is available in the bitstream for verifying the subset of intermediate NAL units;wherein the subset information includes data unit type information indicating one or more data unit types and the subset of intermediate NAL units includes all intermediate NAL units that have a data unit type indicated by the data unit type information; andthe second NAL unit includes the verification information.

2. The method according to claim 1, further comprising:applying a hashing algorithm to the subset of intermediate NAL units to generate a hash value;generating an authentication signature based on the hash value and an encryption key, wherein the verification information relates to the authentication signature; and embedding the verification information into the second NAL unit.

3. The method according to claim 2, further comprising embedding, into the first NAL unit, one or more of:information identifying the hashing algorithm;information identifying the encryption key; and / orinformation identifying an authentication authority in relation to the encryption key.

4. The method according to claim 2 or 3, wherein the encryption key is a private key of a private-public key pair.

5. The method according to any one of the preceding claims, further comprising: selecting, as the subset of intermediate NAL units, one or more NAL units for which verification should be provided; andembedding information identifying the subset of intermediate NAL units into the first NAL unit.

6. The method according to any one of the preceding claims, wherein the subset information includes a first substream identifier, andwherein the subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier identical to the first substream identifier; and / orwherein the subset of intermediate NAL units includes all intermediate NAL units that are identified as belonging to the same substream as the first NAL unit using the first substream identifier.

7. The method according to any one of the preceding claims, wherein the subset information includes identifier information indicating one or more substream identifiers that are to be included for verification; andthe subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier indicated by the identifier information.

8. The method according to any one of the preceding claims, wherein the data unit type information is indicative of whether or not a default list of data unit types is to be included for verification.

9. The method according to any one of the preceding claims, wherein the data unit type information is indicative of an alternative list of data unit types that are to be included for verification; wherein the alternative list of data unit types is explicitly provided within the first NAL unit and / or within the second NAL unit.

10. The method according to any one of the preceding claims, wherein the data unit type information is indicative of one or more data unit types which are to be included and / or which are to be excluded for verification.

11. The method according to any one of the preceding claims, wherein the data unit type information indicatesone or more data unit types from a default list of data unit types that are to be excluded for verification; and / orone or more data unit types that are to be included in addition to the default list of data unit types for verification; and / orone or more data unit types that are to be included and / or that are to be exclude for verification, which are not comprised w ithin the default list of data unit types; and / oran alternative list of data unit types that are to be included or that are to be excluded for verification;12. The method according to any one of the preceding claims, wherein the one or more data unit types comprise one or more SEI message payload ty pes, one or more NAL unit types or a combination of one or more SEI message payload types and one or more NAL unit types.

13. The method according to any one of the preceding claims, wherein the verification information relates to a portion of an authentication signature; andthe second NAL unit includes verification splitting information indicative of a relationship between the portion of the authentication signature and the complete authentication signature.

14. The method according to any one of the preceding claims, wherein the first NAL unit includes a verification indicator; wherein the verification indicator indicates a predefined combination of a hash method, a source URI and / or a number of substreams of the bitstream that has been used for determining the verification information.

15. The method according to any one of the preceding claims, wherein the first NAL unit and / or the second NAL unit comprise a SEI message according to the ITU-T H.274 and / or ISO / IEC 23002-7 VSEI specification.

16. The method according to any one of the preceding claims, wherein the first NAL unit comprises a digitally signed content initialization SEI message and / or a digitally signed content selection SEI message, and / or wherein the second NAL unit comprises a digitally signed content verification SEI message.

17. The method according to any one of the preceding claims, wherein the data unitbased bitstream is a video bitstream, wherein the video bitstream is a VVC bitstreamaccording to the ITU-T H.266 and / or ISO / IEC 23090-3 specification, or a HEVC bitstream according to the ITU-T 14.265 and / or ISO / IEC 23008-2 specification, or a AVC bitstream according to the ITU-T H.264 and / or ISO / IEC 14496-10 specification.

18. The method according to any one of the preceding claims, wherein the data unit type information is indicative of a list of data unit types which is included for verification.

19. The method according to claim 18, wherein the list of data unit types, digitallySignedSeiPayloadTypeList, comprises SEI message payload types with payloadType values 3, 4. 5, 19, 45, 47, 137, 142, 144, 147, 148. 149, 150, 153, 155, 165, 177, 202, 204, 210, 211.217, and / or 218.

20. The method according to any of claims claim 18 to 19, wherein the list of data unit ty pes, nonVclDigitallySignedNalUnitsList, comprises the NAL units ty pes with nal_unit_type values 15, 16, 17, 18, 19, 23, and / or 24.

21. The method according to any one of the preceding claims, wherein the data unit ty pe information is indicative of SEI NAL unit types prefixSeiNut and / or suffixSeiNut.

22. The method according to any one of the preceding claims, wherein the data unit ty pe information is indicative of one or more SEI message payloadTypes for one or more SEI messages that enable a receiver to correctly display or otherwise use video in the way intended by a content provider of the data unit-based bitstream.

23. The method according to any one of the preceding claims, whereinthe data unit type information is indicative of a first list of data unit ty pes, nonVclDigitallySignedNalUnitsList; andif the first list of data unit types does not comprise the SEI NAL unit types prefixSeiNut and / or suffixSeiNut, a second list of data unit types, digitallySignedSeiPayloadTypeList, is set to be an empty list.

24. The method according to any one of the preceding claims, wherein the data unit type information is indicative ofVCL NAL units present in a coded video sequence comprised within the data unitbased bitstream;non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values comprised within a first list, nonVclDigitallySignedNalUnitsList; andSEI messages present in the coded video sequence with a payloadType value among the values comprised within a second list, digitallySignedSeiPayloadTypeList.

25. A method of decoding a data unit-based bitstream, comprising:decoding, from the bitstream, a first NAL unit and a second NAL unit, and one or more intermediate NAL units separating the first NAL unit and the second NAL unit in the bitstream, wherein the first NAL unit includes subset information indicating a subset of intermediate NAL units among the one or more intermediate NAL units for which verification information for verifying the subset of intermediate NAL units is available in the second NAL unit;wherein the subset information includes data unit type information indicating one or more data unit types and the subset of intermediate NAL units includes all intermediate NAL units that have a data unit type indicated by the data unit type information; and verifying the subset of intermediate NAL units using the verification information.

26. The method according to claim 25, further comprising:applying a hashing algorithm to the subset of intermediate NAL units to generate a hash value;extracting the verification information from the second NAL unit, wherein the verification information relates to an authentication signature; andverify ing the subset of intermediate NAL units based on the authentication signature, the generated hash value, and a decryption key.

27. The method according to claim 26, further comprising extracting, from the first NAL unit, one or more of:information identifying the hashing algorithm;information identifying the encryption key; and / orinformation identifying an authentication authority in relation to the encryption key.

28. The method according to claim 26 or 27, wherein the decryption key is a public key of a private-public key pair.

29. The method according to any one of claims 25 to 28, further comprising: extracting the subset information identifying the subset of intermediate NAL units from the first NAL unit; andselecting, as the subset of intermediate NAL units, one or more NAL units among the intermediate NAL units based on the subset information identifying the subset of intermediate NAL units.

30. The method according to any one of claims 25 to 29, wherein the subset information includes a first substream identifier, andwherein the subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier identical to the first substream identifier; and / orwherein the subset of intermediate NAL units includes all intermediate NAL units that are identified as belonging to the same substream as the first NAL unit using the first substream identifier.

31. The method according to any one of claims 25 to 30, wherein the subset information includes identifier information indicating one or more substream identifiers that are to be included for verification; andthe subset of intermediate NAL units includes all intermediate NAL units that have a substream identifier indicated by the identifier information.

32. The method according to any one of claims 25 to 31, wherein the data unit type information is indicative of whether or not a default list of data unit types is to be included for verification.

33. The method according to any one of claims 25 to 32, wherein the data unit type information is indicative of an alternative list of data unit types that are to be included for verification; wherein the alternative list of data unit types is explicitly provided within the first NAL unit and / or within the second NAL unit.

34. The method according to any one of claims 25 to 33, wherein the data unit type information is indicative of one or more data unit types which are to be included and / or which are to be excluded for verification.

35. The method according to any one of claims 25 to 34, wherein the data unit type information indicatesone or more data unit types from a default list of data unit types that are to be excluded for verification; and / orone or more data unit types that are to be included in addition to the default list of data unit types for verification; and / orone or more data unit types that are to be included and / or that are to be exclude for verification, which are not comprised within the default list of data unit types; and / oran alternative list of data unit types that are to be included or that are to be excluded for verification.

36. The method according to any one of claims 25 to 35, wherein the one or more data unit types comprise one or more SEI message payload types, one or more NAL unit types or a combination of one or more SEI message payload types and one or more NAL unit types.

37. The method according to any one of claims 25 to 36, wherein the verification information relates to a portion of an authentication signature;the second NAL unit includes verification splitting information indicative of a relationship between the portion of the authentication signature and the complete authentication signature; andthe method further comprises:extracting the verification information and the verification splitting information; and reconstructing the authentication signature based at least in part on the verification information and the verification splitting information.

38. The method according to any one of claims 25 to 37, further comprising: upon detection of the second NAL unit in the bitstream, outputting, by a core decoder, the verification information and the subset of intermediate NAL units for subsequent verification of the subset of intermediate NAL units, using a predefined data format.

39. The method according to claim 38 when depending on claim 36, wherein the verification information and the subset of intermediate NAL units are output, using the predefined data format, separately for different pairing information.

40. The method according to any one of claims 25 to 39, wherein the first NAL unit includes a verification indicator; wherein the verification indicator indicates a pre-defined combination of a hash method, a source URI and / or a number of substreams of the bitstream that has been used for determining the verification information.

41. The method according to any one of claims 25 to 40, wherein the first NAL unit and / or the second NAL unit comprise a SEI message according to the ITU-T H.274 and / or ISO / IEC 23002-7 VSEI specification.

42. The method according to any one of claims 25 to 41, wherein the first NAL unit comprises a digitally signed content initialization SEI message and / or a digitally signed content selection SEI message, and / or wherein the second NAL unit comprises a digitally signed content verification SEI message.

43. The method according to any one of claims 25 to 41, wherein the data unit-based bitstream is a video bitstream, wherein the video bitstream is a VVC bitstream according to the ITU-T H.266 and / or ISO / IEC 23090-3 specification, or a HEVC bitstream according to the ITU-T H.265 and / or ISO / IEC 23008-2 specification, or a AVC bitstream according to the ITU-T H.264 and / or ISO / IEC 14496-10 specification.

44. The method according to any of claims 25 to 43, wherein the data unit type information is indicative of a list of data unit ty pes which is included for verification.

45. The method according to claim 44. wherein the list of data unit types, digitallySignedSeiPayloadTypeList, comprises SEI message payload ty pes with payloadType values 3, 4, 5, 19, 45, 47, 137, 142, 144, 147, 148, 149, 150, 153, 155, 165, 177, 202, 204, 210, 211, 217, and / or 218.

46. The method according to any of claims claim 25 to 45, wherein the list of data unit types, nonVclDigitallySignedNalUnitsList, comprises the NAL units types with nal_unit_type values 15, 16, 17, 18, 19, 23, and / or 24.

47. The method according to any of claims 25 to 46, wherein the data unit ty pe information is indicative of SEI NAL unit types prefixSeiNut and / or suffixSeiNut.

48. The method according to any of claims 25 to 47, wherein the data unit type information is indicative of one or more SEI message payloadTypes for one or more SEI messages that enable a receiver to correctly display or otherwise use video in the way intended by a content provider of the data unit-based bitstream.

49. The method according to any of claims 25 to 48, whereinthe data unit type information is indicative of a first list of data unit types, nonVclDigitallySignedNalUnitsList; andif the first list of data unit types does not comprise the SEI NAL unit types prefixSeiNut and / or suffixSeiNut, a second list of data unit types, digitallySignedSeiPayloadTypeList, is set to be an empty' list.

50. The method according to any of claims 25 to 49, wherein the data unit type information is indicative ofVCL NAL units present in a coded video sequence comprised within the data unitbased bitstream;non-VCL NAL units present in the coded video sequence with a NAL unit type identifier among the values comprised within a first list, nonVclDigitallySignedNalUnitsList; andSEI messages present in the coded video sequence with a payloadType value among the values comprised within a second list, digitallySignedSeiPayloadTypeList.

51. An encoding apparatus comprising one or more processors and a memory coupled thereto, wherein the one or more processors are configured to perform the method according to any one of claims 1 to 24.

52. A decoding apparatus comprising one or more processors and a memory coupled thereto, wherein the one or more processors are configured to perform the method according to any one of claims 25 to 50.

53. A computer program including instructions that when executed by one or more processors, cause the one or more processors to perform the method according to any one of claims 1 to 50.

54. A computer-readable storage medium storing the computer program according to claim 53.