What is ‘DRM packaging’ and how to do it
To prevent unauthorized use and leakage of content, many online content services are applying a multi-DRM solution provided by professional DRM vendors. A multi-DRM solution basically has license management features for multiple DRMs such as PlayReady, Widevine and FairPlay to support major web browsers and mobile OS.
In this series, we will examine each of the DRMs and related elements of multi-DRM technology in the following order.
What is DRM packaging?
To protect digital content with DRM, content data must be encrypted by default. The process of encrypting source content (such as MP4 video) and converting it into other format (such as DASH or HLS stream data) that will be delivered to end users is known as ‘DRM content packaging’.
During packaging, the key used to encrypt the content is passed to the DRM license server for safe management, as shown below.
Among other encryption algorithms, the Advanced Encryption Standard (AES) is the standard for encrypting multimedia content. It mainly uses AES-128, which encrypts with a 128-bit key, and block encryption mode of CTR or CBC is used depending on the client environment. (Ref #1, Ref #2)
DRM content is delivered (streaming or download) to end-user device in encrypted form. To play the content, the client requires a DRM license with the encryption key which is issued from a DRM license server.
Please refer to Part 5, which will be posted later on, for more information on the client-side DRM license integration.
Various DRM packaging methods
DRM content packaging can be done in a variety of ways:
DRM packaging tools
A separate tool for encrypting content can be used to package source content (e.g. mp4 file). It runs on a content service provider’s system (cloud or on-premises).
The following tools are commonly used:
- Shaka Packager: Open source based media packaging tool developed by Google Widevine team. Supports multi-DRM packaging of DASH / HLS content, Video On Demand (VOD) and live content packaging.
- Bento4: Similarly, an open source C ++ library that provides a variety of multimedia related features, including the packaging of DASH / HLS content.
- Dedicated packaging tools from DRM vendors: Professional DRM solution providers such as PallyCon provide customers with dedicated DRM packaging tools to help them get up and running quickly and easily.
Integration of encoding/streaming solutions
DRM packaging can be integrated into commercial encoding or streaming solutions.
- Wowza: Multi-DRM packaging is handled as a plug-in to the Wowza Streaming Engine, which handles DASH / HLS packaging in real time.
- Harmonic: Allows multi-DRM packaging to work with encoders / transcoder products and Harmonic Key Management Server (KMS) specifications.
The above method adds the encryption key exchange functions for various DRM companies in each solution such as Wowza and Harmonic.
This requires duplicated development work from solution vendors. To reduce this duplication and complexity, the DASH industry forum has released a standard guide called Common Protection Information Exchange Format (CPIX).
The CPIX API defines a standard for interfacing encryption keys required to apply multi-DRM in the packaging of media content. PallyCon integrated the following solutions with the CPIX API to enable easy and fast adoption of DRM packaging.
- Anevia NEA-DVR: Included in Anevia’s Cloud DVR solution, it supports real-time packaging of VOD and Catch-up TV content.
- Flussonic Media Server: A server software that enables you to build online video services for multi-device clients, from video capture, transcoding, recording, security, and delivery.
For more information about the CPIX APIs supported by PallyCon Multi-DRM service, please refer to the online guide document.
The Secure Packager and Encoder Key Exchange (SPEKE) API is an encryption key exchange API announced by AWS. It provides additional features based on the CPIX specification.
Through the SPEKE API, various DRM solutions can be easily integrated into the following AWS services and products.
- AWS Elemental MediaConvert: Transcoding service for VOD on the AWS Cloud
- AWS Elemental MediaPackage: Packaging service for live streaming on the AWS Cloud
- AWS Elemental Live: On-premise product for live video encoding
- AWS Elemental Delta: On-premise product for live / VOD packaging
Using a cloud-based service
In addition to the methods we’ve seen so far, you can use a service that handles DRM packaging of the source content on a SaaS (Solution as a Service) basis.
Instead of the complex watermark embedding and DRM packaging process, you can simply register the cloud storage where the original video is uploaded. The packaging service automatically generate DASH / HLS content with multi-DRM and forensic watermarking. (Ref. #4)
The first step in the process of adopting multi-DRM into content services is DRM packaging, which encrypts and protects the original content.
In order to support various environments and requirements of customers, PallyCon Multi DRM Service provides all of the various packaging methods mentioned in this article.
Contact PallyCon if you want to discuss which packaging method is the best for you.
Daniel is a DRM specialist and has been associated with this industry for over 10 years. Other than this, he is addicted to reading and writing.