PallyCon > Content Security  > Multi-DRM  > Content Packaging -5 Things You Need to Know About Multi-DRM Technology

Content Packaging -5 Things You Need to Know About Multi-DRM Technology

What is ‘DRM packaging’ and how to do it

To prevent unauthorized use and leakage of content, many online content services are applying a multi-DRM solution provided by professional DRM vendors. A multi-DRM solution basically has license management features for multiple DRMs such as PlayReady, Widevine and FairPlay to support major web browsers and mobile OS.

In this series, we will examine each of the DRMs and related elements of multi-DRM technology in the following order.

What is DRM packaging?

To protect digital content with DRM, content data must be encrypted by default. The process of encrypting source content (such as MP4 video) and converting it into other format (such as DASH or HLS stream data) that will be delivered to end users is known as ‘DRM content packaging’.

During packaging, the key used to encrypt the content is passed to the DRM license server for safe management, as shown below.

Example of DRM content packaging process

Among other encryption algorithms, the Advanced Encryption Standard (AES) is the standard for encrypting multimedia content. It mainly uses AES-128, which encrypts with a 128-bit key, and block encryption mode of CTR or CBC is used depending on the client environment. (Ref #1Ref #2)

DRM content is delivered (streaming or download) to end-user device in encrypted form. To play the content, the client requires a DRM license with the encryption key which is issued from a DRM license server.

Please refer our blog Part 5 – Multi-DRM client integration, for more information on the client-side DRM license integration.

Various DRM packaging methods

DRM content packaging can be done in a variety of ways:

DRM packaging tools

A separate tool for encrypting content can be used to package source content (e.g. mp4 file). It runs on a content service provider’s system (cloud or on-premises).

The following tools are commonly used:

  • Shaka Packager: Open source based media packaging tool developed by Google Widevine team. Supports multi-DRM packaging of DASH / HLS content, Video On Demand (VOD) and live content packaging.
  • Bento4: Similarly, an open source C ++ library that provides a variety of multimedia related features, including the packaging of DASH / HLS content.
  • Dedicated packaging tools from DRM vendors: Professional DRM solution providers such as PallyCon provide customers with dedicated DRM packaging tools to help them get up and running quickly and easily.

Integration of encoding/streaming solutions

DRM packaging can be integrated into commercial encoding or streaming solutions.

PallyCon Multi DRM works with the following solutions. (Ref. #3)

  • Wowza: Multi-DRM packaging is handled as a plug-in to the Wowza Streaming Engine, which handles DASH / HLS packaging in real time.
  • Harmonic: Allows multi-DRM packaging to work with encoders / transcoder products and Harmonic Key Management Server (KMS) specifications.


The above method adds the encryption key exchange functions for various DRM companies in each solution such as Wowza and Harmonic.

This requires duplicated development work from solution vendors. To reduce this duplication and complexity, the DASH industry forum has released a standard guide called Common Protection Information Exchange Format (CPIX).

The CPIX API defines a standard for interfacing encryption keys required to apply multi-DRM in the packaging of media content. PallyCon integrated the following solutions with the CPIX API to enable easy and fast adoption of DRM packaging.

  • Anevia NEA-DVR: Included in Anevia’s Cloud DVR solution, it supports real-time packaging of VOD and Catch-up TV content.
  • Flussonic Media Server: A server software that enables you to build online video services for multi-device clients, from video capture, transcoding, recording, security, and delivery.

For more information about the CPIX APIs supported by PallyCon Multi-DRM service, please refer to the online guide document.


The Secure Packager and Encoder Key Exchange (SPEKE) API is an encryption key exchange API announced by AWS. It provides additional features based on the CPIX specification.

Through the SPEKE API, various DRM solutions can be easily integrated into the following AWS services and products.

DRM service workflow via SPEKE/CPIX API

Using a cloud-based service

In addition to the methods we’ve seen so far, you can use a service that handles DRM packaging of the source content on a SaaS (Solution as a Service) basis.

PallyCon service provides cloud SaaS-based packaging service for contents that simultaneously apply forensic watermarking and multi-DRM.

Instead of the complex watermark embedding and DRM packaging process, you can simply register the cloud storage where the original video is uploaded. The packaging service automatically generate DASH / HLS content with multi-DRM and forensic watermarking. (Ref. #4)

Forensic Watermarking and Multi-DRM Workflow


The first step in the process of adopting multi-DRM into content services is DRM packaging, which encrypts and protects the original content.

In order to support various environments and requirements of customers, PallyCon Multi DRM Service provides all of the various packaging methods mentioned in this article.

Contact PallyCon if you want to discuss which packaging method is the best for you.