De-mystifying DRM

www.castLabs.com©2016 castLabs 1

De-mystifying DRMfor multiscreen streaming

Presented at NAB 2016


Looking to learn about how DRM fits into the streaming workflow?

How can you reach your full audience with protected content?


SD

Studios require DRM to stream their content to ensure assets are protected.

HD / 4K+

Hardware-protected implementation

Software-based implementation

So…. why Digital Rights Management ?

Part of a monetization strategy…

Part of a piracy protection strategy…

DRM operations occur in a device’s chipsetHarder to compromise / most secure

Example: part of a device’s operating system

If you wish to supply premium video content online, you’ll eventually encounter DRM


How DRM works: what encryption does


How DRM works: preparing content

Source video Encrypted video Content delivery networkEncryption process

DRM licensing serverContent key ingestion


One integration for Microsoft® PlayReady®, Google Widevine™, Apple’s FairPlay Streaming, Adobe® Primetime, and CMLA-OMA.

Securely deliver video content across all major studio-recognized DRM

systems

Multi-DRM cloud licensing service

Trial DRMtoday for free

http://www.drmtoday.com/trial







To maximize security, a different key is used for every individual video

Piece of data used as part of an algorithm to both encrypt & decrypt content

~ 3.4×10³⁸

possible key combinations(standard 128-bit AES encryption)

Encryption ‘keys’

11B71E73496446BE

Cracking one key does not crack them all!


Securely stores content encryption keys (keys usually encrypted when stored)

DRM licensing server

Can be operated in-house or via cloud-based service

Securely delivers content licenses, containing: • An video’s encryption key• Specific info for DRM system used by player• License metadata (e.g. length of time license is valid

for)• License is usually also encrypted itself

(to protect against interception during transmission)

Must have individual DRM systems implementedExample: PlayReady, Widevine, FairPlay Streaming, etc.(DRM systems are not compatible with each other!)


DRM licensing server

How DRM works: delivering content & license

Content delivery network User’s player

User/content authorization check

DRM license (contains key)Encrypted content

When a user

presses play


Need to ensure user cannot access key or decrypted content in device’s memory

How DRM works: playing contentOnce content & license are delivered to user’s device, decryption needs to be securely

handled

Device uses hardware or software DRM decryption methods for this


Playing content: DRM hardware-protection (secure media path)License is decrypted & stored only in protected hardware chipset: no API exists to access it

Decrypts license to access key

Player software receives license &

places it in device’s chipset

Think of it like a safe, for running code securely

Content pushed from chipset

directly to screen (no intermediate layers

able to access it)

Uses key to decrypt/decode

content

Studios typically require hardware protected DRM for delivering HD/4K+ quality content on mobile devices


Playing content: DRM software implementationSame process, but occurs in “user-space” of a device’s OS (where applications are

written)

Player software itself pushes decrypted/decoded content to playback screen

I.E. information is potentially accessible in device’s memory, and not as secure

11101111 01000011 01010101 01011110 00111011 11010000 00111100 10110011 10011111 10110101

Studios typically only allow SD quality content when using DRM software protection on mobile devices

‘Code obfuscation’ for mobile player applications may be required


Must have specific functionality to request / read DRM licenses, and decrypt content for playback

Players supporting DRM won’t support every system on the market – check their compatibility

Not every player supports DRM-protected content!

A note on Video Players & DRM


DRM-enabled player solutions

Find out more about our player solutions

Our DASH Everywhere cross-browser player & Video Player SDKs for Android/iOS easily deliver encrypted

video

Also supporting MPEG-DASH, Smooth Streaming, and HLS playback with built-in support for DRMtoday

http://castlabs.com/products/dash-everywhere/


FairPlay Streaming by

Apple®Microsoft® PlayReady ®

Google Widevine™

Adobe® Primetime (a.k.a Access)

Marlin

CMLA-OMA

Common DRM systems used

for video


DRM Systems: what's the difference?

License delivery Format/delivery method of DRM licensing data & content keys differ for each system making them incompatible with one another

Security levelSome DRM systems work with hardware-protection, others via software only

Can affect quality of content allowed to stream to devices based on studio requirements (e.g. SD/HD)

They all perform the same end-function, but with differences


A note on “Common Encryption” (CENC)

Only 1 content file-set & key needed Reduces storage/delivery cost & complexity of delivery workflow

Helps simplify fragmented DRM market…but does not govern all DRM activities Example: DRM systems retain control of license distribution, rights mapping, compliance…

Adopted by leading systems Microsoft PlayReadyGoogle Widevine (Modular)CMLA-OMAMarlinAdobe Primetime

ISO standardized method for DRM encryption & decryption processes

Enables playback of same encrypted content across multiple DRM systems

CENC simplifies encryption… but you still need licensing for individual DRM systems!


Content formats & DRM: a quick overview

MPEG-DASH Common Encryption (CENC) compatible systems• PlayReady• Widevine• Marlin• Primetime• CMLA-OMA

HLS FairPlay Streaming

Smooth Streaming PlayReady…but CENC compatible DRM-systems are also possible!

…also FairPlay Streaming (…if you’re Netflix)

Able to use with other systems, e.g. PlayReady… with some effort


It’s not about the DRM system, it’s about what a device/platform supports

DRM support on platforms & devices

Here are some examples of built-in DRM support…

Challenge to navigate DRM support available in a fractured market

More information on DRM support: drmtoday.com/platforms

How to cover the multitude of consumer devices and platforms in use today?

Different devices/platforms support different DRM systems


Browsers

Flash® uses Adobe Primetime…but browsers have standardized to HTML5

Silverlight® uses PlayReady…but on its way out (NPAPI deprecation)

PlayReady

Widevine

Adobe Primetime

Widevine

FairPlay Streaming


Mobile devices

“Why can’t I just use browsers?”

iOS

4.3+Widevine 6+

FairPlay Streaming

Chrome: YESSafari: NO

Mobile browser EME support not prevalent yetFor example…


TV (& set-top-boxes, casting, game consoles)

Chromecast™: Widevine, PlayReady Apple TV®: FairPlay Streaming

Amazon Fire TV: PlayReady

Xbox® One: PlayReady

PlayStation® 4: PlayReady, Marlin

Popular examples…

Samsung Smart TV & Tizen TVPlayReady, Widevine (Classic)

Smart TV AlliancePlayReady, Widevine (Classic)

Android TVWidevine, PlayReady

HbbTV: Common Encryption DRMsPlayReady, Widevine, Marlin, Primetime, CMLA-OMA


SDKs to enable more DRM systems on devices/platforms

Google Widevine Modular SDK

Microsoft PlayReady Client SDK

Adobe Primetime Player SDK

castLabs Video Player SDKs

A number available on the market - a few examples:


Streaming content to multi-screens carries DRM considerations

The more screens you deliver to, the more DRM systems you need to use!


…but do you want to leave any users out?


Tackling DRM can be a challenge…


…but with some help, DRM can be friendly!


One integration for Microsoft® PlayReady®, Google Widevine™, Apple’s FairPlay Streaming, Adobe® Primetime, and CMLA-OMA.

Securely deliver video content across all major studio-recognized DRM

systems

Multi-DRM cloud licensing service

Trial DRMtoday for free








castlabs.com

Berlin Los Angeles

Thank you!

castLabs GmbHPlatz vor dem Neuen Tor 210115 BerlinGermany

castLabs Inc.WeWork Building7083 Hollywood Blvd.Los Angeles, CA 90028USA

Please watch other presentations on our SlideShare channel or visit our website.

http://www.castlabs.com/