FairPlay DRM – 5 Things to Know About DRM Technology
What is FairPlay DRM and How It Works
To prevent unauthorized use and leakage of content, many online content services are applying a multi-DRM solution provided by professional DRM vendors. A multi-DRM solution basically has license management features for multiple DRMs such as PlayReady, Widevine and FairPlay to support major web browsers and mobile OS.
In this series, we will examine each of the DRMs and related elements of multi-DRM technology in the following order.
- Part 1: Microsoft PlayReady DRM
- Part 2: Google Widevine DRM
- Part 3: Apple FairPlay DRM (this article)
- Part 4: DRM Packaging and CPIX/SPEKE API
- Part 5: Multi-DRM client standards
What is FairPlay DRM?
FairPlay is Apple’s Digital Rights Management (DRM) specification. FairPlay DRM has been used exclusively by Apple for its iTunes media service. Since FairPlay Streaming was announced in 2015, other media services can also apply FairPlay DRM to content delivered to Apple devices. (ref. 1)
This article mainly discusses about FairPlay Streaming technology.
Apple’s FairPlay Streaming (FPS) DRM is a technology that securely delivers streaming media to client devices through HTTP live streaming protocol. FPS technology enables content providers, encoding vendors, and content delivery networks (CDNs) to encrypt content, securely exchange keys, and protect playback on iOS, tvOS, macOS, and iOS Safari browsers. (ref. 2)
History of FairPlay
iPod and iTunes
FairPlay DRM was developed by Apple based on Veridisc technology. (ref. 3) In the early 2000s, when Apple launched its iPod MP3 player and iTunes music service, FairPlay DRM was used to protect the music content of iTunes Store from illegal use. However, it caused ‘DRM compatibility issue’ that users could use purchased music only on Apple devices.
‘DRM FREE’ by Steve Jobs
In February 2007, Apple’s CEO Steve Jobs wrote an email titled ‘Thoughts on Music’. He declared that Apple would no longer apply DRM to its iTunes content to address the ‘DRM compatibility issue’. Since then, major record companies have agreed to remove DRM from all music content on the iTunes Store since 2009. (ref. 4)
Revival of FairPlay DRM and FPS Announcement
Even after Steve Jobs’ ‘DRM FREE’ declaration, FairPlay DRM continued to be applied to movie content available on iTunes Store. And the issue of ‘DRM compatibility’ of music content has become less significant since subscription-based streaming services became a major trend for music content.
FairPlay Streaming was announced at WWDC event in 2015. Whereas FairPlay DRM was a closed technology exclusively applied to iTunes service, Apple released FPS integration specifications, allowing other content services to use it.
Components and how they work
FPS DRM consists of the following components: (ref. 5)
Key server and Key Security Module (KSM)
Key server manages the keys used for encrypting / decrypting DRM content. DRM solution or content service provider can implement a Key Security Module for FPS on their own key server by referring to the KSM sample provided by Apple.
KSM validates the key request data sent from the client and securely passes the requested content key.
The FPS client app runs on Apple devices’ OS such as iOS, tvOS, and macOS. It requests the key for FPS content to the key server and processes the response. Content service providers can use Apple’s sample code to develop their own FPS client app or use a FPS SDK provided by DRM solution provider.
To apply FPS to HLS content, each HLS segment must be encrypted by SAMPLE-AES method. The encryption method used for FPS content is AES-128 CBCS. Using packages or solutions that support FPS packaging, such as Shaka Packager, the KEY tag can be added to the m3u8 playlist of encrypted HLS content with related information.
Cipher-block chaining (CBC) is an encryption method that uses the encryption result of the previous block as the IV (Initial Vector) of the next block. The AES-CBCS method encrypts only a few sub-samples in CBC instead of the entire data of the content. (ref. 6)
FPS key request process
The FPS key request and response from the iOS / tvOS client app is as follows:
- Client app notifies the OS’s AVFoundation framework to play FPS content
- AVFoundation downloads HLS playlist (m3u8) from content server and checks KEY tag
- AVFoundation requests the key of the content from the client app (AVFoundation Delegate)
- App Delegate requests Server Playback Context (SPC) data from AVFoundation
- App Delegate sends generated FPS SPC data to key server
- Key server interprets SPC data through KSM module and retrieves key required for content playback from key DB
- The key server sends the retrieved content key to the client app in the form of Content Key Context (CKC) data.
- AVFoundation Delegate in Client app enters CKC data into AVFoundation
- AVFoundation decrypts and plays content securely using keys contained in CKC data
In Mac OS and iOS Safari, content key transfer and playback is similar to the above process. In this case, the Content Decryption Module (CDM) and Encrypted Media Extension (EME) standards built into the Safari browser are used instead of the implementation in the client app.
Features and benefits
Hardware DRM support
All client environments that support FPS DRM, such as Mac OS, iOS, and tvOS, are highly secure at the hardware level. Widevine DRM can also be applied to Apple devices via the Chrome browser for Mac OS or the Widevine CDM SDK for iOS, but that is not suitable for premium content security because hardware DRM is not available.
FPS DRM is a must for content that requires a high level of security, such as the early-window movies from Hollywood studios.
Apple AirPlay support
FPS DRM natively supports Airplay, Apple’s wireless content delivery protocol. FPS content on Apple devices can be played on Apple TV through AirPlay without any additional coding.
Key delivery and decryption of FPS content played through Airplay is performed on Apple TV, the target device, with the same level of security as playing on the original device such as iPhone.
Download and offline playback
Starting with iOS 10, download and offline playback of FPS content are supported. The relevant APIs provided by the OS can be used to handle downloading and managing HLS content with offline licenses.
If a content service provider adopts a multi-DRM solution provided by a DRM solution vendor, it can use Widevine and PlayReady DRM directly without a separate application or registration process. However, FPS DRM requires content service providers to apply for and issue an FPS Deployment Packagefrom Apple.
In addition to basic streaming scenarios, the following usage scenarios can be applied to FPS DRM content:
Video rental scenario
If you use a content key set to the rental type, decryption for content playback will stop after that key’s validity period. You can apply this scenario to contents purchased on a rental basis rather than for a permanent collection, making it available only for a certain period of time.
By periodically renewing content keys set for the lease type during content playback, you can check and limit the number of client devices that can be played simultaneously with a single user account.
Supported platforms and content formats
FPS DRM supports the following platforms and content formats:
- Mac OS 10.10 or later: Safari browser
- iOS 9.0 or later: iOS native app
- iOS 11.2 or later: iOS Safari browser
- Apple TV: tvOS 10.0 or later
- Streaming formats: HLS, CMAF
- Video formats: MPEG-TS, fMP4 container
- Video codecs: AVC (H.264), HEVC (H.265)
- Audio codecs: AAC, AC3
Introducing PallyCon Multi-DRM
PallyCon Multi DRM service provided by INKA Entworks is a cloud-based SaaS(Solution as a Service). It provides integrated licensing management of PlayReady, Widevine and FairPlay DRM, which are essential elements of multi-DRM technology.
- #1 https://developer.apple.com/videos/play/wwdc2015/502/
- #2 https://developer.apple.com/streaming/fps/
- #3 https://www.headendinfo.com/fairplay-drm/
- #4 https://en.wikipedia.org/wiki/FairPlay
- #5 https://developer.apple.com/videos/play/wwdc2015/502/
- #6 https://medium.com/@takusemba/hls-with-widevine-for-android-de3f41027ed2
Daniel is a DRM specialist and has been associated with this industry for over 10 years. Other than this, he is addicted to reading and writing.