How can I integrate video DRM for my website/app?

Digital rights management (DRM) technology, which uses data encryption for DRM video protection to secure digital content against unauthorized usage, requires a multi-step process to be integrated into media websites and apps. The first step involves transcoding the video content into formats that are streaming compatible, usually MPEG-DASH or HLS, before they are delivered to the user’s device. DRM technologies such as Microsoft’s PlayReady and Google’s Widevine support both common encryption (CENC) and MPEG-DASH. This means that the encrypted package can be decrypted using both the DRM systems. Apple’s FairPlay, on the other hand, uses SAMPLE-AES encryption and HLS packaging. A video asset intended for all three systems will therefore need to be encrypted and packaged twice. This process is usually achieved by using a multi-DRM service, which allows concurrent encoding of videos into both MPEG-DASH with CENC encryption and HLS with SAMPLE-AES encryption in a single operation.

Website owners which want to stream content using DRM video protection need to generate an encryption key, an asset ID, and a key ID for each asset that is to be delivered to the client encrypted with DRM technology. For both FairPlay and CENC, an AES 128-bit key is used to encrypt content and an additional Initialization Vector (IV) needs to be provided for FairPlay. The keys are then ingested into the license server and used by the client-side content decryption module (CDM) to decrypt the content. Website owners should always keep a backup for keys within their content platform so that they can be easily accessed in case there is a shift to a different license server in the future. Most streaming platforms maintain both the licensing server and the subscription server for DRM integration. While the subscription server verifies the viewer’s rights to the content, the licensing server authenticates the player identity and issues the license.

The content packaged through a multi-DRM server is stored on a CDN, like AWS, from where it is delivered to the end user using a complicated workflow involving the multi-DRM vendor’s server, DRM technology provider’s server, the CDN and the client device/browser. The decryption involving the communication between the licensing server and the browser are handled by the CDM, which is present in all compatible EME (Encrypted Media Extensions) devices. The communications are encrypted using a challenge-response system so as to secure the keys from being hacked.

Once the CDM authenticates the license key and decrypts the video asset blocks, the video is played on HTML5 players.