Live Stream Blocking via License Renewal and Blacklist
Introduction
This guide provides a technical overview of implementing real-time live stream blocking using DOVERUNNER’s Multi-DRM platform. The solution leverages continuous license validation through DRM license renewal mechanisms and immediate playback control via DRM Blacklist API.
sequenceDiagram
participant A as End User<br>(Client Player)
participant B as Streaming Platform
participant C as DOVERUNNER<br>DRM Server
opt For normal users
A ->> C: Periodic license renewal request
C ->> C: Validate token and blacklist data
C ->> A: Issue renewal license
A ->> A: Keep playing live stream
end
B ->> B: Monitor illegal streams and find suspicious user IDs
opt Block verified illegal users
B ->> C: Register user IDs on DRM blacklist
C ->> C: Store the ID in Blacklist DB
A ->> C: Request license renewal (Blacklist targets)
C ->> C: Validate token and check blacklist
C -->> A: Deny license renewal
A -->> A: Terminate live stream playback
end
This document is intended for streaming platform architects, backend engineers, and DRM solution integrators seeking scalable and responsive live content protection.
Functional Overview
License Renewal
License renewal enables the DRM client (browser or app) to periodically validate its session with the license server. Players trigger renewal requests based on the renewal_duration specified in the DRM license token. License renewal allows enforcement policies to be dynamically applied during playback, ensuring ongoing session validity.
The triggering behavior of renewal requests depends on the DRM type and the player.
- Widevine clients
- Renewal requests are triggered automatically by Widevine CDM regardless of player.
- PlayReady and FairPlay clients
- Player needs additional configuration to trigger renewal requests manually. The manual trigger interval should match the
renewal_durationset in the license token.
- Player needs additional configuration to trigger renewal requests manually. The manual trigger interval should match the
For more details about PlayReady and FairPlay client settings, please refer to the CSL guide.
DRM Blacklist
DRM Blacklist is an enforcement layer used to deny license issuance or renewal based on specific user ID registered for blocking. Upon the next license renewal attempt, the session will be rejected with a predefined error code, terminating the stream playback for that user.
The user ID used in the DRM blacklist feature is the value of user_id in the token data used for DRM license acquisition. If you do not enter this value when creating a token, or enter a random value that is not related to the end user, you cannot apply the blacklist for the user ID.
The DRM Blacklist feature also supports blocking of specific device ID as well as user ID. However, you cannot block a live stream with device ID blacklist because Widevine’s renewal license requests don’t include the device ID data.
Piracy Monitoring
As a streaming platform provider, you need to monitor your service for illegal streaming or suspicious activities to find end users to block during live events. DOVERUNNER Multi-DRM service does not include such piracy monitoring.
If you need help with the monitoring, please contact us for consultation.
Implementation Guide
1. License Token Configuration
To enable periodic renewal, the DRM license token must have the renewal_duration value under playback_policy. A DRM license with the policy is only valid for that period of time. And it must be renewed at the intervals to allow players keep playing the DRM-protected stream.
Example license token JSON:
{
"policy_version": 2,
"playback_policy": {
"persistent": false,
"renewal_duration": 60
}
}
renewal_durationdefines the license renewal interval (in seconds).- Adjust the interval to balance enforcement responsiveness vs license server load and cost.
Please refer to the Subscription and Billing section for more details.
2. Player-Side Integration
Triggering Renewal Requests
As mentioned earlier, PlayReady and FairPlay client environments require additional configurations on the client player to enable the license renewal.
Please refer to the Concurrent Stream Limiting Guide for more details.
Refreshing DRM License Tokens
Tokens have a validity period(default: 600 seconds) which can be configured on DOVERUNNER Console. If a license renewal request occurs after token expiry, the license server will reject it with error code 7011 (License Token Expired).
To prevent license renewal failures due to token expiration, the client must request a new token to the streaming platform’s backend before the token expires. The player may need to get the license token from the streaming platform when a DRM license renewal event occurs.
If you need technical supports about the token management, please create a ticket on our Helpdesk.
3. Blacklist Enforcement
When you have identified end user IDs that need to be blocked during a live event, you can register the user ID to the DRM Blacklist either automatically via API integration or manually in the web console UI.
Detailed instructions available in the DRM Blacklist Guide.
Considerations
Subscription and Billing
Unlike typical DRM licenses, where requests are made only at the start of playback, license renewals are periodic requests during playback, resulting in much more license issuance. As a result, the license renewal feature incurs additional charges.
| Plan | Description | Notes |
|---|---|---|
| MAU (Monthly Active Users) | Renewal licenses billed separately from the number of active users. | To enable license renewal, you must add an optional item to your subscription. |
| MAL (Monthly Active Licenses) | Renewal licenses count toward the total number of licenses issued. | No need to add the optional subscription item. |
License Usage Estimation
total_licenses = number_of_viewers × (event_duration / renewal_duration)
For example, a live event with 10,000 viewers and a 60-second renewal interval will generate approximately 600,000 licenses per hour.
Comparison: License Renewal vs. Key Rotation
The live stream blocking use case uses DRM license renewal for continuous authorization during playback sessions. You can also use the DRM key rotation feature for this purpose, but the scalability issues with key rotation make it unsuitable for large-scale services.
| Aspect | License Renewal | Key Rotation |
|---|---|---|
| Periodic authorization during a playback session | Yes | Yes |
| Change the content key (rotation) | No (license extensions only) | Yes |
| Scalability | High (Distributed license requests based on when playback starts) | Low (Concurrent requests cause traffic spikes) |
| Use cases | Real-time live stream blocking. Concurrent stream limiting (CSL) | Enhanced security for small-scale live streaming. Applying security policies based on program type. |
Comparison: CSL vs. Live Stream Blocking
Both Concurrent Stream Limiting and Real-time Live Stream Blocking are features that take advantage of DRM license renewals. However, there are the following differences between the two features:
| Aspect | Concurrent Stream Limiting (CSL) | License Renewal Blocking |
|---|---|---|
| Purpose | Limit excessive account sharing | Block illegal users during live events |
| When to control | At the start of playback | At the start of playback and mid-session |
Conclusion
Implementing live stream blocking via license renewal and blacklisting offers a scalable, responsive defense against unauthorized streaming. It enables mid-session intervention without affecting legitimate users, making it ideal for protecting high-value live events and premium content.