Enough for OTT players to encrypt premium videos
When it comes to the world of over-the-top (OTT) content, the security of video assets is of the utmost significance. This is because there is a significant demand for premium content in the grey market, where individuals want to watch popular TV shows and movies without having to pay for them. It has an impact on the amount of money that industry leaders such as Netflix, Amazon Prime, Disney+, and others generate in revenue because these companies invest a significant amount of money in order to gain exclusive distribution rights for premium content.
Multi-DRM services are utilised by OTT players in order to encrypt video streams and handle DRM licences issued by industry leaders such as Google’s Widevine, Apple’s FairPlay, and Microsoft’s PlayReady. A reliable multi-DRM service will also safeguard video files with a video watermark, which will assist the company in locating the points at which data is being leaked and allowing them to take further action.
The AES-128 encryption standard is used by many players to encrypt video content, but this presents a challenge when it comes to maintaining the confidentiality of the decryption key. Even if the encryption standard is of the highest calibre, content leakage and unauthorised usage of video streams may still occur if the decryption key is not properly protected. OTT players have resorted to utilising multi-DRM services in order to circumvent this issue.
High-Level Encryption Combined with Digital Rights Management
Functionalities of digital rights management, also known as DRM, include the distribution and management of encryption and decryption keys, as well as backend licencing servers. The Advanced Encryption Standard (AES) is the encryption method that is used by commercial DRM systems. It involves encrypting the premium content in such a way that it can only be read with a decryption key that is supplied by a third-party DRM platform that has been chosen by the OTT platform. Because the same key is employed for both the encryption and the decryption processes, this algorithm is known as a symmetric key algorithm. The licencing server is where the decryption keys are kept safely stored.
For the purpose of encrypting their videos, content owners will use a cryptographic key that is AES 128 bits in length. To play back the video content, the end-user is going to need to use the same key. Access to the content is restricted to only those users who have possession of the key. The server belonging to the multi-DRM service provider checks to see if the user and the device are authorised before it sends back a licence response containing a decryption key.
Because digital content needs to be encrypted to prevent it from being misused or any illegal or unauthorised playback, it should be packaged in a format that is compatible with other media, such as MPEG-DASH or HLS. This ensures that the content can be decrypted when it is needed. Both MPEG-DASH and HLS are examples of protocols for streaming media that are built on top of HTTP. The cloud-based encoding system converts the source files into the aforementioned adaptive streaming formats. The files are encrypted using encryption keys obtained from a variety of digital rights management (DRM) service providers by the encoder.
In order to encrypt any kind of digital content, the multi-DRM packager will first make a request for an encryption key from the DRM system, such as Google’s Widevine. After the DRM system has handed over the encryption key, that key will immediately be associated with the media content ID. When this occurs, the encryption keys are then transferred to the DRM system to be stored before being made available to the end users. In other instances, the encryption keys are generated directly within the packager. The content is subsequently encrypted by the packager with the use of the encryption key.
Before the client can start playing back the content, it first needs to have its encryption broken. The client is provided with access to the decryption key for the specific content ID that was utilised during the encryption process of the video by the digital rights management system (DRM). The Content Decryption Module, also known as CDM, is a piece of proprietary software that is either an integral part of the device or the browser. It is responsible for decrypting any data that has been encrypted. CDM is included in every single device that is compatible with the Encrypted Media Extensions (EME) standard. It decrypts the video content and then makes it accessible for use by the player after it has done so.
Although it is technically possible for a studio or content producer to use AES protection for their own content on their own, it is possible that they will not be able to plug any hardware-based leaks or stop the insecure transmission of AES keys between devices or between the server and the client device. When it comes to protecting video content with an AES layer, a multi-DRM solution is the only one that can fill this gap.
Importance of the AES-CTR and AES-CBC formats
Leading digital rights management (DRM) systems have moved to implement Common Encryption (CENC), which is a standardised method for enabling digital content protection. A single content file-set can be encrypted using CENC just the one time, and then it can be distributed across multiple devices or platforms, each of which may use a different type of digital rights management (DRM) system. The CENC encryption specification is compatible with both the cypher block chaining (CBC) and counter (CTR) modes of operation.