DRM play “A media player’s perspective.”

The below article is part of the learning process I am working on.

I will keep updating here as I gather more wisdom 😊 on the matter.

So, please feel free to add or correct me here.

I will not go through the introduction of DRM (even the full form) as this article isn’t about that.

So, it is suggested you get an overview of Content protection and DRM then get back.. (trust me, it will be very helpful.)

The Azure Media Service docs regarding the process of “Content Protection and DRM” is great place to start. (this is a little bit specific to the use of Azure media services but it gives the basic idea also.)

Protect your content with Azure Media Services

So jumping to the real business..

DRM being a complicated (sort of :)) process, it is best to break it down to:

1. What happens on the server (encoding, packaging, encrypting, delivering, etc.)

2. What happens in the media player (getting streaming URL, requesting for a license, etc.)

Here we will go through only what happens in the media player during playing content, mainly:

· Getting a streaming URL

· Requesting license for that stream based on DRM tech-supported (PlayReady, Widevine, FairPlay) from the licensing server.

Simply putting for playing a DRM protected stream a player needs.

A Streaming URL.

A Content Key.

Ways to get a content key/license.

1. Open authorization

The player can get the content key without any authorization of the client like by hitting a particular URL (with some identifier for the streaming file in the header or as URL parameter).

2. Token Authorization

In this process, the player needs a token (JWT or SWT) in order to get a content key.

Breaking this in steps;

1. The Player requests STS for a JWT or SWT (this token will be used to get content key later) with some data which is used for authenticating and validating the request by the STS.
2. The STS authenticates the request from the player and provides a JWT or SWT.
3. The player then requests the “Content key delivery system” with this JWT or SWT which provides the player the content key after validating the JWT.

A brief overview of some terms used above.

Content key

This is a 32-byte AES key for the asset decryption. After the creation of the encrypted asset, the content key is linked to the asset (the encrypted media file to be served).

JWT (JSON web token)/ SWT (Simple web token)

This is a token used by the player to request a content key/license from the licensing server.

STS (Security Token Service)

This is a system that authenticates the request made to it on the basis of the request data and returns a JWT or SWT.

Also, I think it will be wise to add a flow diagram depicting the process of “Content protection and DRM” for better understanding.

Image from: https://docs.microsoft.com/en-us/azure/media-services/previous/media-services-content-protection-overview