PallyCon > Content Security  > Multi-DRM  > How to Estimate SaaS DRM License Cost

How to Estimate SaaS DRM License Cost

How much does it cost?

It is one of the biggest questions for customers looking to adopt a DRM solution for content security.

For on-premise solutions that deploy DRM servers directly on customer systems, it was common to pay annual fees for license, maintenance, and technical support for the software.

A subscription-based SaaS can save you upfront costs and fees compared to on-premises, but the downside is that it is hard to predict what you’ll pay.

However, a clear understanding of the Monthly Active License (MAL), which is the most common business model of SaaS-based DRM services, allows you to calculate DRM costs based on your service type and usage.

In this article, I will explain the concept of the DRM license and how you can calculate the MAL.

What is a DRM License?

DRM License means the data passed from the DRM server to the client (player) for the playback of the encrypted content.

As we saw in the previous post, the content data must be encrypted before its delivery to the client to secure digital content with DRM. The DRM license server manages the keys used for this DRM packaging (encryption) and delivers them to the client at the time of playback for decryption and playback.

License Request Data

It is the DRM module provided by the platform (OS or web browser) that requests the DRM license, not the player application.

The client DRM module generates the information of the device and the content as License Challenge data. And it sends the data to the License Acquisition (LA) URL of the DRM server by POST method. At this time, the custom data pre-set by the player application for DRM integration is also delivered via HTTP custom header, URL parameter or cookie.

License Response Data

After the DRM server authenticates the requested user/device or token, it sends DRM license data to the client in response to the license request.

The DRM license data contains the key to decrypt content along with license rules for controlling content usage. This response data is encrypted with the public key of the client device included in the license request data (license challenge). So only the requested device can decrypt and use the data.

For more information about content packaging and DRM licenses, please check the previous post.

Content service providers can set the following licensing rules for each content and user through callback or token-based integration.

  • Persistence of license: Whether to save license to support offline scenario
  • Duration of license: Set the playable validity period for offline licenses
  • Minimum security level for client devices: The minimum security level required for that content
  • Protection level for external output: The level of output protection (HDCP) required for the content

I will explain about setting client security levels in license rules in a separate post.

How DRM Licenses Are Set Up and How They Work

DRM licenses have different settings and behaviors depending on the content and the playback scenario. To calculate DRM costs based on the number of licenses issued, you need to understand how the different DRM license types work.

License for VOD Streaming

The license for streaming playback sets the persistent value to false so that the client stores it in the memory only. (One-time license)

In streaming scenarios, the persistent and limit setting in the licensing rules are ignored, and therefore the license duration does not apply in most client environments.

Example of streaming license (PallyCon Multi-DRM)
    "playback_policy" : {
        "persistent": false

Besides the above default settings, you can also set the security level and external output protection of the client device, which applies to both streaming and download scenarios.

How to Control the Duration of Streaming

The duration control for VOD streaming content is handled by the Content Management System (CMS) of Content Services, instead of DRM licensing rules. CMS checks the end user’s subscription period (for SVOD) or the content rental period (for TVOD) to ensure that it issues the DRM license only within that period.

You can control the start of streaming playback in this way, but you can’t stop content that is already playing even after the subscription of the rental period. However, you can limit its continued use while issuing a new license when the user refreshes the web page during playback or relaunches the application.

License for VOD Download/Offline Scenario

Many OTT services support content download on mobile devices for offline use, such as on board an aircraft or when using content on the go.

Licenses for offline playback must be stored in the persistent storage on the client device with the persistent value set to true.

In download/offline scenarios, client devices may be offline at the time of content playback. Therefore, unlike streaming that acquires a DRM license at the start of playback, the client application must download a DRM license as well when downloading content.

How to Control Offline License Duration

To set a validity period for downloaded content, apply a time limit to the licensing rules. You can set the duration of the license from its issuance, or you can set the datetime of license expiration.

Example of offline license (PallyCon Multi-DRM)
    "playback_policy" : {
        "persistent": true,
        "limit": true,
        "duration": 604800 

You can also specify an expiration date with the expire_date option instead of duration if you want your license to expire at a specific date and time. In this case, the server sets the duration value automatically by calculating the time remaining until the expiration date.

License for Live/Linear Streaming

If you apply DRM to a linear streaming channel with no beginning or end of content, the basic DRM license settings are the same as for VOD streaming. You can issue the one-time license for streaming by setting the persistentvalue to false, and no license duration.

Playback Period Control through Key Rotation

Unlike VOD, linear content can be subject to key rotation, which periodically changes the encryption key. This gives you increased security against key leaks and allows you to control the duration of your content with periodic user authentication.

You can enable the key rotation and set the rotation frequency by configuring the relevant streaming server solution. (E.g. Wowza, Elemental, etc.)

What is MAL and How is it Calculated

Monthly Active Licenses (MAL) is one of the billing criteria for DRM services, which is the number of licenses issued for a service account (content service provider) for a month.

By default the MAL is proportional to the number of users and the number of times that each user plays content, because unique DRM licenses must be issued for each piece of content and end-user and client devices.

MAL Calculation Example

Let’s calculate the expected MAL using the following VOD service as an example.

  • Platforms serviced: PC web browser and mobile (Android, iOS) devices
  • Average monthly users: 10,000
  • 8 streams per user per month
  • 2 downloads per user per month
MAL Calculation: (Average Users per Month) * (Streaming + Downloads per user) = 10,000 * 10 = 100,000 MALs

In general, MAL is calculated based on the number of users and the number of content consumed per user, but there may be exceptions.

  • When a user plays the same content on multiple devices: If the playback device is different even though the user and content are the same, a new license will be issued.
  • Streaming the same content multiple times: With streaming licenses, a new license will be issued every time the user plays the same content.

The user can play the downloaded content multiple times with just one persistent license during the license period.

  • Separated licenses for audio/video tracks: For certain solutions that package video and audio tracks separately, two DRM licenses may be issued for a piece of content. (E.g. AWS Elemental MediaConvert, MediaPackage)

MAL Calculation of Live/Linear Content

Unlike the MAL of VOD content, which is counted by play or download, live content has a different number of licenses based on the key rotation cycle and playback time.

MAL = (average number of users per month) * (live channel playback time per user) * (number of key rotations per hour)

If you apply separate encryption keys for multiple live channels, you need to multiply the above formula by the number of live channels played per user. (issues a new license when switching channels)

In general, you may package multiple channels with the same key to reduce latency when switching between channels.

How to Calculate DRM Fee by MAL

Given these circumstances, you may estimate the number of license issuance (MAL) and calculate the monthly fee by multiplying the DRM price per license.

PallyCon Multi DRM provides a default MAL for the monthly base fee, with a differential fee based on the number of licenses exceeded.

Differential Pricing by MAL Size

Let’s calculate the monthly rate using the plan of PallyCon Multi DRM Cloudproducts on the AWS Marketplace.

Example of calculation
- 10,000 MAL: Within the basic amount (20,000 MAL) = $ 500 monthly fee
- 100,000 MAL: ($ 20,000 MAL base fee) + (additional 80,000 MAL / 100 * $ 0.5) = 500 + 400 = $ 900 monthly fee
- 1 million MAL: ($ 20,000 MAL base fee) + (additional 80,000 MAL / 100 * $ 0.5) + (additional 400,000 MAL / 100 * $ 0.35) + (additional 500,000 MAL / 100 * $ 0.3) = 500 + 400 + 1,400 + 1,500 = $ 3,800 monthly fee


The MAL-based plan, calculated by the number of licenses issued, has the advantage of a clear base for rate calculation. However, for DRM service customers, it is difficult to estimate the MAL figures and the cost of DRM accurately until they integrate and operate a DRM solution.

In addition to the MAL plan, PallyCon Multi DRM Service also offers a customizable plan that charges based on monthly active users (MAU).

If you want to use a customized plan or additional products such as forensic watermarking and client SDKs, please contact us through our website form.