How to Protect Your Content With DRM
If your needs are more complicated and involve mobile app SDKs, the licensing of other applications like an encoder or player, or the ability to run the multi-DRM server in-house, then fewer DRM providers will be able to check all of your required boxes. Identify those that can meet your needs and then, again, focus on overall cost and ease of integration.
STEP 3: ENCRYPT YOUR VIDEOS
We’ll show three examples of encrypting your videos, one using EZDRM and open source packager Bento4, another using BuyDRM as accessed via AWS Elemental MediaConvert, and a third using Wowza Streaming Engine via EZDRM.
Encrypting With EZDRM and Bento4
This process is outlined in a document titled EZDRM Bento4 Configuration Open Source. By way of background, Bento4 is an open-source packager used in many encoding and packaging pipelines. To acquire the DRM key, you log in to the EZDRM web service manually or via cURL or a different web service call. This returns the XML file shown in Figure 3, which provides keys for PlayReady and Widevine.
Figure 3. XML file received from EZDRM with DRM Key
After fragmenting your MP4 file using Bento4’s mp4fragment application, you integrate the data supplied in the XML file into the mp4-dash.py command shown in Figure 4. The entries are color coded to match the color codes in Figure 3, which is how EZDRM presents this in its documentation. Copy the data according to the colors, run the application, and you produce your encrypted data plus the Media Presentation Description (MPD) manifest with the necessary Widevine and PlayReady metadata.
Figure 4. Integrating the XML data into the Bento4 packaging application
To produce FairPlay-encrypted packaging, you run a similar process using the Bento4 mp4hls application.
Encrypting With BuyDRM and AWS Elemental MediaConvert
BuyDRM has integrated its KeyOS Multi-DRM platform with AWS Elemental’s MediaConvert using the SPEKE API (Secure Packager and Encoder Key Exchange). In this example, we implemented the integration from BuyDRM to encrypt and package our content. BuyDRM does a nice job of documenting what’s required in a video and blog post. Note that some technical details are omitted in the pubic tutorial, but are available once you sign on as a BuyDRM customer and access the tutorial on BuyDRM’s Wiki.
Basically, the tutorial walks you through a bunch of AWS “stuff” like creating roles and permissions and setting up API gateways. Nothing technically onerous, but a meticulous process you should be able to finish in 30 minutes or so. Once complete, encryption becomes available within the MediaConvert interface as shown in Figure 5, which is set up to encode a group of files to HLS encrypted with FairPlay. Obviously, you can access the same method via MediaConvert’s API, which is how most larger shops will produce their content.
Figure 5. Accessing BuyDRM encryption from within AWS Elemental MediaConvert
Encrypting With EZDRM and Wowza Streaming Engine
Figure 6 shows how you would access EZDRM encryption from within the Wowza Streaming Engine after performing an integration (note that Wowza has similar integrations with BuyDRM and Verimatrix, and also supports custom integrations). The obvious point is that while custom DRM integrations aren’t rocket science, adding encryption to your encoding workflow is simpler when integrations exist, a factor you should strongly consider when choosing DRM providers.
Figure 6: The EZDRM Wowza Streaming Engine integration
STEP 4: INTEGRATE DRM LICENSING SERVER WITH SUBSCRIPTION SERVER
Most DRM providers supply a dummy authorization URL you can use for decoder testing, but for live production you’ll need to integrate your licensing server with the subscription server (see Figure 2).
STEP 5: PLAYER INTEGRATION
Player integration will vary by DRM provider. One level of integration is shown in Figure 7, where the Bitmovin Player is playing a video encrypted with Widevine and PlayReady by EZDRM. In the test player, you choose the ABR technology (DASH), insert the URL of the DASH MPD (the S3 address), and then the authentication URL provided by EZDRM (the EZDRM address). In the actual Bitmovin (or other) player, you would insert the address of the DASH MPD and HLS M3U8 manifests and authentication URLs for Widevine, PlayReady, and FairPlay. The browser client chooses the appropriate manifest and DRM automatically.
Figure 7. Playing EZDRM encrypted content in the Bitmovin player
Each DRM provider defines its own license acquisition processes. Rather than using an authentication URL, BuyDRM uses XML to authenticate and authorize license requests from video operators and to set the license policies. You see this in Figure 8, which shows the BuyDRM KeyOS WebPlayer playing Netflix Meridian protected by FairPlay. On Safari Mac, in addition to the Stream URL and authentication XML, you need a link to the FairPlay Certificate. You can read an explanation of this process and how to generate the XML in a blog post entitled “Advanced Techniques Authentication XML.”
Figure 8. BuyDRM’s KeyOS WebPlayer uses XML to authorize playback.
By design, off-the-shelf players are sufficiently flexible to accommodate the different authorization schemes used by the different vendors. Before choosing a DRM provider, however, you should understand how they authenticate license requests and how this technique will integrate with your player.
What Will It Cost?
Pricing will vary by service provider and (of course) by the products and services that you actually license. BuyDRM offers licensing, packaging, and an HTML5 player with separate charges for each, along with player SDKs for iOS and Android and licensing packages. BuyDRM doesn’t publish its prices but offers KeyOS MultiPass at $99/month (with 10,000 licenses) and KeyOS MultiKey with higher-volume packages and unlimited enterprise plans. BuyDRM also licenses its MultiKey Server for on-premise support. EZDRM does publish its prices; they start at $199.99 per month for 10,000 licenses.
When comparing license charges, be sure to ask about these:
- Pricing for all necessary DRMs, with minimums and overage charges
- Pricing for any set-up charges
- What level of support is included with the available license package
Over the last few years, DRM has become cheaper and more technically accessible. If you’ve been considering adding DRM to protect your content, there’s never been a better time than now.
The author wishes to thank Roman Kozenov and Christopher Levy from BuyDRM, and David C. Eisenbacher and Olga Kornienko from EZDRM for their guidance and assistance while creating this article.
[This article appears in the March 2019 issue of Streaming Media Magazine as "How To Protect Your Content With DRM."]
Get instant access to our 2019 Sourcebook. Register for free to download the entire issue right now!
Related Articles
With the goal of preventing harmful content, Facebook offers technology that can identify and block photos and videos as quickly as they're uploaded.
02 Aug 2019
As 2018 nears to a close and with the largest IBC ever just wrapped last week, three key movements in the Digital Rights Management market have come to light. In the first scenario we see a massive movement towards standardized containers like FMP4 in HLS and CMAF for the deployment of "Consumer DRM" including Apple FairPlay, Google Widevine and Microsoft PlayReady.
10 Oct 2018
While publishers wait for a single content encryption system that works across all browsers, standards bodies debate the future of EME. Here's what rights management will look like in a post-plugin world.
25 Oct 2017
BuyDRM founder Christopher Levy and Streaming Media's Tim Siglin discuss the history of BuyDRM, the evolution of DRM technology, and misconceptions about encryption and DRM.
27 May 2017
Companies and Suppliers Mentioned