Concurrent Stream Limiting Guide


Concurrent Stream Limiting (CSL) is one of PallyCon Multi-DRM service features that can identify and limit the number of streams being played simultaneously per user account through DRM license renewal. The CSL feature can be used when you want to prevent a decrease in service revenue due to excessive account sharing.

DRM License Renewal is a function that enables periodic license renewal requests and responses during content playback by setting the license duration shorter than the length of the content (eg 10 minutes). This allows the DRM server to accurately determine whether the stream has finished playing and control the number of ‘simultaneous plays’.

Please refer to the scenario example below to see how CSL works through license renewal.

CSL Service Scenario

When using the CSL function, the following items can be set for each site (SiteID) subscribed to the PallyCon service.

  • Maximum Concurrent Streams per end user account
  • DRM license renewal cycle

The following is an example scenario when the maximum number of concurrent streams is set to ‘two’ and the license renewal cycle is set to ‘ten minutes’.

  1. A user starts playing DRM content on the first device. On the DRM server, the number of concurrent streams of the user ID is counted as one. And during playback, the license is renewed every 10 minutes to determine whether playback ends.
  2. DRM content playback is started on the second device with the same user account. The concurrent stream count on the server increases to two.
  3. Attempts to play DRM content on third device. DRM license issuance fails due to limit on the number of concurrent streams. A message such as ‘Cannot start a new playback due to the limit of the maximum number of simultaneous playbacks’ is displayed on the device. (implemented by DRM error handling in the customer’s service application)
  4. The content playback on the first device ends. As there is no more license renewal request from that client, the count decreases to one in up to ten minutes.
  5. After the count is decreased, the user tries playing a DRM content on the third device. Since the maximum number of concurrent streams is not exceeded, a DRM license is issued and playback begins. Server’s count is increased to two.
  6. With the process above, the number of concurrent streams per one user account is limited to two or less.
CSL feature is not applicable for VOD download/offline scenarios where DRM license cannot be renewed. (Offline playback is not counted as concurrent streams)

Differences from other methods

Content service providers have previously applied the following methods to limit excessive account sharing.

Limiting the number of devices

This method is to limit the number of devices that can be registered per user account by using the unique ID information of each client device.

Although this method has been widely used in many OTT services, it has the following problems.

  • Difficulty in obtaining unique ID information: In the case of web browsers such as Chrome, it is difficult to obtain a unique ID, and access to the information is becoming increasingly difficult even in mobile apps due to privacy issues.

  • Implementation required for device registration and de-registration: The de-registration function must be implemented for customer support when the number of registered devices is exceeded, and there is a possibility that the implementation may be hacked.

The CSL function implemented by the DRM license renewal method does not have the above problems and has the advantage of less inconvenience to users compared to the limit on the number of devices.

Implementing concurrent stream limit in application level

Instead of the DRM license renewal method, CSL can be implemented by checking the playback start and end times of content via a communication between the service application and backend server.

This method is also applied to many services along with the limit on the number of devices, but it has the following problems.

  • Possibility of bypassing through hacking: It is possible to bypass the concurrent stream count logic through hacking the client application.

  • Possibility of mismatched count: When a situation such as an abnormal termination of the client application occurs, the ‘play end’ signal to the server can be lost. So the server’s ‘concurrent stream count’ may not decrease, then the count won’t match with the actual concurrent streams.

CSL’s DRM license renewal logic cannot be bypassed by client hacking, and even in the event of abnormal termination, the server count is automatically deducted within the renewal cycle, enabling accurate control of concurrent streams.

PallyCon Console settings for CSL

In order to use the CSL function, the following processing is required in PallyCon Console according to the multi-DRM plan of the PallyCon account.

Trial account

To test the CSL function during the trial period before switching to a commercial plan, set the Concurrent Stream Limiting option to Enable in the Multi-DRM > DRM Settings screen of PallyCon Console.

  • Max Stream per User: The maximum number of concurrently playable streams per end-user account. (default 3)

  • Renewal Interval: Set the renewal interval of streaming license for CSL function. The shorter the interval, the more accurately the end of playback can be determined. However, shorter internal increases the number of license issuances by renewal. (default 10 minutes)

If you activate CSL on your trial account, you will not be charged for that feature. However, please note that license issuance will stop when the trial usage limit (up to 1,000 licenses per month) is reached due to CSL’s license renewal. If you still need additional testing after reaching your usage limit, please contact our Helpdesk.

Commercial account

In order to use the CSL function in a commercial account, you must be subscribed to the following plan by signing up for a new commercial plan or changing a plan.

  • MAU (Monthly User-Based) Plan: To use the CSL feature in the MAU plan, you must select the Enable Concurrent Stream Limit option on the Change Plan screen. If you choose this option, you will be charged an additional CSL fee (base $200/month) on top of the MAU base rate.

  • MAL (Monthly License Count-Based) Plan: If you use the MAL plan, you can use the CSL function without selecting a separate plan option or additional base fee. However, the increased MAL due to license renewal will be reflected in the invoice.

After one of the above plans is applied, you can enable and configure the CSL function on the Multi-DRM > DRM Settings screen just like the trial account.

When you switch from a trial account to commercial, if the converted plan is MAL-based or if you have not selected the CSL option for MAU-based, the CSL function will be automatically disabled even if you have previously enabled it. In this case, you can enable CSL again on the DRM Settings screen if you are using the MAL plan. And in the case of the MAU plan, you need to change the plan option. (contact our business team or Helpdesk about it)

DRM-specific client settings

The DRM license renewal function used to limit concurrent streams has different specifications and client support for each DRM. Accordingly, additional integration with the following player solutions is required for each client environment.

Widevine Support Environment

In a client environment that supports Widevine DRM (Chrome browser, Android app, etc.), you can use the CSL function through Widevine’s license renewal specification without any restrictions of player solutions.

For the desktop Chrome browser environment, the following settings must be added to the player to enable unique client IDs to be applied. Below is an example of setting the persistentState option to required for unique ID support in the Bitmovin player.

widevine: {
    'mediaKeySystemConfig': {
Any player can be used for CSL integration in the Widevine support environment, but considering the limitations of the PlayReady environment described below, Bitmovin player is recommended for the web player solution for Chrome and Edge browser environments.

PlayReady Support Environment

In PlayReady DRM environment such as Windows Edge browser, the license renewal API is required on the player side to manually request renewal according to the license renewal cycle. Among the HTML5 players we have tested so far, Bitmovin player is the only one that provides the API. (Refer to the Bitmovin Player API)

You need to apply the code that calls the above API for each license renewal cycle set in PallyCon Console, referring to the example code linked below. For more information, please see the sample code in the GitHub repository below.

HTML5 player sample - CSL related code
If the renewal cycle set in the Console and the cycle applied to the player are different, the license renewal will not be processed properly and content playback will be stopped. Please be careful that the same renewal cycle value is used.

FairPlay Support Environment

Safari Browser

To support FairPlay license renewal in Safari browser, only the basic HLS player built into Safari is currently supported. It is not yet supported by other HTML5 player solutions, though Bitmovin Player team is considering the feature in their future development roadmap.

In the case of the Safari built-in player, the basic integration method is similar to the Bitmovin Player integration for Edge (PlayReady) browser. Please refer to the example code linked below for more details.

HTML5 player sample - CSL related code

iOS application

For iOS apps developed using the latest version of PallyCon FPS iOS SDK or Bitmovin Player iOS SDK, manual license renewal processing is implemented in the SDK library, making CSL integration relatively easy.

The renewal cycle setting in the iOS app can be done in the following two ways according to the Response Format of the license token. (in case of PallyCon FPS iOS SDK)

  • original: Since the data that the DRM server responds to is in the actual license data format, the license renewal cycle must be input in the code manually as the same value as Console setting.

  • json: Custom license data in JSON format is responded, and in this case, the value entered in the JSON data (the same value as the license renewal cycle set in the Console) is automatically applied with no need for manual input.

Other notes about CSL

License token setting for CSL application

As described in the service scenario item, the CSL function is applicable only to the streaming scenario. Therefore, the persistent item of playback_policy must be set to false when generating a license token for the content to which the CSL function will be applied.

For tokens with CSL enabled and set to persistent: false, the playback policy values ​​for license validity periods such as license_duration are ignored and the renewal cycle value set in the Console is applied instead.

  • Since CSL is a feature that limits the number of simultaneous plays ‘per end user account’, a unique user ID must be set in the license token for proper operation. Please enter a unique user ID in the user_id field of the token data so that the DRM server can identify the end user.

  • CSL feature is available only in the license policy V2 or later. If you are using V1 version of license token specification, you need to update to V2 in order to use the CSL.

Setting the maximum number of concurrent streams by service plan or content contract

The max concurrent streams value set in the PallyCon Console is applied equally to all streams on the service site by default. However, you may want to apply different values for each stream sessions in the following cases.

  • Based on service plan: setting a different maximum number of concurrent streams based on the service plan the end user is subscribed to (e.g., Basic plan - up to 2, Premium plan - up to 5).
  • Based on content contract: If the content owner, such as a Hollywood studio, requires a certain number for the maximum number of concurrent streams, you may need to set a different number for different content.

The new max_stream_per_user item in playback_policy of the License Token Specification gives you the flexibility to apply the maximum number of concurrent streams at license issuance as needed. If the item is applied to a license token, the value in the token will be used instead of the value set in the PallyCon Console.

Cannot use CSL and key rotation in the same service

Due to limitations in the implementation of the current PallyCon DRM server, it is not possible to apply both key rotation and CSL to one service site. If you are a customer that provides both live stream and VOD content, you may consider only one of the two features below according to the importance of them.

  • To prevent excessive account sharing by limiting simultaneous playback -> Use CSL function. Cannot apply key rotation to live stream.
  • Enhanced security and business model for live stream are more important -> Use key rotation function. CSL is not applicable.

Chromecast and Airplay support

If your service application (client player) supports Google Chromecast or Apple Airplay features, you need to keep the following points in mind when applying CSL features.

The below notes about Chromecast and Airplay apply to the Chromecast Casting or Airplay Streaming scenario, not the Mirroring scenario. Please refer to the description below for the difference between the two cases.

  • Chromecast casting, Airplay streaming: Streams are sent directly to and played on a Chromecast or Airplay device (Apple TV).
  • Chromecast mirroring, Airplay mirroring: The stream is still sent to the device (mobile or browser) that initiates the mirroring, and the screen and audio are shared with the Chromecast or Airplay device.

Due to the nature of the mirroring feature as a screen sharing method, the mirrored video may display a black screen or mirroring may be interrupted (depending on the environment of the device initiating the mirroring).

CSL and Chromecast

If you cast to a Chromecast device during streaming of CSL-enabled DRM content, it depends on the model (generation) of the Chromecast device whether only the device that first started playback may be counted as a concurrent stream or both devices may be counted.

If both devices are counted, playback on the Chromecast will not begin if the device being played by the same user account has already reached its limit.

Cast playback to Chromecast devices is possible if the limit of concurrent streams has not been exceeded. It is because the License renewal works fine on Chromecast.

CSL and Airplay

Unlike Chromecast, where Widevine DRM license renewal works fine, license renewal for FairPlay DRM is not supported on AppleTV, which is an Airplay target device. To solve this problem, PallyCon Multi-DRM License Server has an exception that does not apply license renewal to FairPlay DRM content when it is played on an AppleTV device via Airplay streaming.

Therefore, for airplay streaming, only the mobile or web player where the playback is initially started will be counted as the simultaneous playback count, and the airplay playback on the AppleTV will not be added to the count. If the playback is started directly on the AppleTV rather than via airplay, the device will be reflected in the count.