DRM content encryption
- Print
- PDF
DRM content encryption
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
One Click Multi DRM provides functions to encrypt DRM content, including Live Station, using the API based on CPIX.
Note
- CPIX API is an API implemented according to the Content Protection Information Exchange Format (CPIX) Standard Guide as defined by the DASH Industry Forum. It defines specifications that integrate the keys required to apply multi-DRM in the process of packaging media content.
- You can use the API to easily integrate the encoder/transcoder solution that supports keys based on CPIX with PallyCon Multi DRM.
- You must activate the site after creating it to issue a license.
- One Click Multi DRM supports effortless integration with NAVER Cloud Live Station products. For details on the integration, see Live Station DRM application guide.
Apply content encryption to use One Click Multi DRM
| Type | Path | Description |
|---|---|---|
| PallyCon CPIX API | Go to Pallycon CPIX client guide | A CPIX API implemented by PallyCon that the encoder/transcoder solution vendors can use to integrate with PallyCon Multi DRM. Flussonic Media Server is integrated using PallyCon CPIX API |
| SPEKE API | Go to SPEKE guide | A CPIX API implemented by AWS Elemental that can be pre-integrated with PallyCon to easily apply PallyCon Multi DRM to MediaPackage or MediaConvert products of AWS Elemental Media Service. For more information about SPEKE API integration, see the guide |
| ATEME NEA-DVR CPIX API | Go to the guide | A CPIX API implemented by Anevia (acquired by ATEME) that can be pre-integrated with the NEA-DVR solution to easily apply PallyCon Multi DRM |
Note
- The PallyCon CPIX API client provides pre-implemented CPIX client modules for each key development languages.
- These modules implement the functions of generating request data and interpreting response data in XML format for communication with the KMS server.
Specifications supported by Pallycon CPIX API
Currently, the PallyCon CPIX API client supports the following specifications:
| Items | Supported specifications | Description |
|---|---|---|
| Development language | C++, C#, Java, Python | Provides language-specific samples for DRM packaging integration development environments |
| DRM type | Widevine, PlayReady, FairPlay, NCG, HLS_NCG | - NCG: used to encrypt the entire target file with NCG which is PallyCon’s proprietary DRM - HLS_NCG: NCG-compliant key encryption of AES-128 encrypted HLS content |
| Encryption method | CENC, CBC1, CENS, CBCS | Typically specifies CENC or CBCS, depending on the AES encryption method supported by the client platform |
| Track type | ALL_TRACKS, AUDIO, SD, HD, UHD1, UHD2 | Used for multi-key packaging to apply different encryption keys per track |
You can only use 2 encryption methods for multi-DRM content:
CBCS and AES-CBC (AES-CBC with subsample).
CENC is used for packaging DASH content that supports PlayReady and Widevine DRM, and CBCS encryption must be applied when packaging HLS or CMAF that requires FairPlay support.
| Encryption method | Protocol | DRM type | Encryption algorithm | Supported devices |
|---|---|---|---|---|
| DRM | HLS | FairPlay | AES-CBC | Mac/iOS Safari browser, iOS/iPadOS/tvOS app, HLS HTML5 |
| DRM | DASH | PlayReady, Widevine | CENC (Common Encryption) | MS Edge, Internet Explorer 11, Google Chrome, Firefox, Opera DASH HTML5 |
One Click Multi DRM use flow
- STEP 1. Prepare the encrypted DRM content.
- STEP 2. Refer to the encrypted DRM content settings, such as
contentIdanddrmType, to request the issuance of One Click Multi DRM license from the client. - STEP 3. The client (player) plays the DRM content.
Caution
The license applied with detailed playback/security rules according to the "Policy" used by the One Click Multi DRM site is issued.
If the requested license information and the encrypted DRM content information are not identical, the playback may not be successful.
DRM content encryption
The following is the encryption method for the preparation of the DRM content.
For the DRM content encryption, you must first create a Multi DRM site through the NAVER Cloud Platform console or API. For details on the PallyCon CPIX client, see the guide.
Live content DRM encryption
- When using Live Station
- step 1. Create a site using One Click Multi DRM.
- step 2. Go to Live Station > DRM settings and select the created site to create a channel for Multi DRM encryption.
- When not using Live Station
- step 1. At the key request URL by API, including PallyCon CPIX API or SPEKE API, used for content DRM encryption, add and call the KMS token obtained via the One Click Multi DRM site details.
- step 2. Through the issued CPIX JSON response, obtain the encryption data for content encryption.
- step 3. Enter the DRM encryption information obtained from the CPIX API response to the solution integrated with various third-party encoder/transcoder/packager solutions.
Note. DRM encryption information obtained from the CPIX API response
| Field name | Description |
|---|---|
| key_id_hex, key_id_b64, key_hex, key_b64, iv_hex, iv_b64 | Represents the Key ID, Key, and IV values in hexadecimal or Base64 format, respectively. |
| pssh | The PSSH data used by PlayReady or Widevine (including header). |
| pssh_payload_only | The portion of the payload with headers removed from the pssh data. |
| key_uri | The value of the URI parameter contained in the #EXT-X-Key tag of a FairPlay DRM-enabled HLS m3u8 file. |
VOD content DRM encryption
- DRM encryption through VOD Station only supports CPIX v1.
- During 2024, we plan to support the effortless DRM integration between One Click Multi DRM product and VOD Station.
- When using VOD Station
- step 1. Create a VOD Station channel for the Multi DRM encryption.
- step 2. When creating the channel, enter the necessary value for VOD Station DRM encryption settings.
- Content ID: it is a unique identifier for DRM-packaged content, and the Content ID value to be included in the XML Body when requesting the CPIX API.
- DRM System ID: it is a unique identifier for DRM system, and the System ID to be included in the XML Body when requesting the CPIX API. 1 or 2 system IDs have to be included according to the selected encryption settings. Enter 1 ID per line.
- \<example>
9A04F079-9840-4286-AB92-E65BE0885F95,EDEF8BA9-79D6-4ACE-A3C8-27DCD51D21ED
- \<example>
- DRM Key URL: it is the URL requested by CPIX API. Insert the KMS token obtained from the Multi DRM site into the path and enter it.
- \<example>
https://kms.pallycon.com/v1/cpix/pallycon/getKey/{kmsToken}
- \<example>
- When not using VOD Station
- step 1. At the key request URL by API, including PallyCon CPIX API or SPEKE API, used for content DRM encryption, add and call the KMS token obtained via the One Click Multi DRM site details.
- step 2. Through the issued CPIX JSON response, obtain the encryption data for content encryption.
- step 3. Enter the DRM encryption information obtained from the CPIX API response to the solution integrated with various third-party encoder/transcoder/packager solutions to apply the DRM encryption packaging.
CPIX API request example
POST /v1/cpix/pallycon/getKey/{kmsToken}
HOST: kms.pallycon.com
Content-Type: application/json
x-ncp-apigw-timestamp:1521787414578
x-ncp-iam-access-key:6uxz1nKkcYwUjWRG5Q1V7NsW0i5jErlu2NjBXXgy
x-ncp-apigw-signature-v2:iJFK773KH0WwQ79PasqJ+ZGixtpDQ/abS57WGQdld2M=
x-ncp-region_code:KR
Request body
/* step 1. vod dash content request xml */
<?xml version="1.0" encoding="UTF-8"?>
<cpix:CPIX id="your-content-id" xmlns:cpix="urn:dashif:org:cpix" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:speke="urn:aws:amazon:com:speke">
<cpix:ContentKeyList>
<cpix:ContentKey kid="681e5b39-49f2-4dfa-b744-86573c22e6fb"></cpix:ContentKey>
</cpix:ContentKeyList>
<cpix:DRMSystemList>
<!-- Common encryption / MSS (Playready) -->
<cpix:DRMSystem kid="681e5b39-49f2-4dfa-b744-86573c22e6fb" systemId="9a04f079-9840-4286-ab92-e65be0885f95" />
<!-- Common encryption (Widevine)-->
<cpix:DRMSystem kid="681e5b39-49f2-4dfa-b744-86573c22e6fb" systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" />
</cpix:DRMSystemList>
</cpix:CPIX>
Response example
/* step 2. vod dash content response xml */
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<cpix:CPIX id="cpix-test-cid" xmlns:cpix="urn:dashif:org:cpix" xmlns:speke="urn:aws:amazon:com:speke" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" >
<cpix:ContentKeyList>
<cpix:ContentKey explicitIV="MDEyMzQ1Njc4OWFiY2RlZg==" kid="12ea753c-23e7-bc02-4474-b2b976c43beb">
<cpix:Data>
<pskc:Secret>
<pskc:PlainValue>SzC1qc1cEpyFU6t/lL7Byw==</pskc:PlainValue>
</pskc:Secret>
</cpix:Data>
</cpix:ContentKey>
</cpix:ContentKeyList>
<cpix:DRMSystemList>
<!-- Common encryption / MSS (Playready) -->
<cpix:DRMSystem kid="12ea753c-23e7-bc02-4474-b2b976c43beb" systemId="9a04f079-9840-4286-ab92-e65be0885f95">
<cpix:ContentProtectionData>qAUAAAEAAQCeB...A=</cpix:ContentProtectionData><!-- added to V2-->
<cpix:PSSH>AAACwnBzc2gAAAAAmgTweZhAQoarkuZb4IhflQAAAqKiAgAAAQABAJgCPABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAANwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAwACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwARQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQBMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBJAEQAPgBQAEgAWABxAEUAdQBjAGoAQQByAHgARQBkAEwASwA1AGQAcwBRADcANgB3AD0APQA8AC8ASwBJAEQAPgA8AEMASABFAEMASwBTAFUATQA+AC8ARgA3AEIAMQBmAEgAMgBlADAAYwA9ADwALwBDAEgARQBDAEsAUwBVAE0APgA8AEwAQQBfAFUAUgBMAD4AaAB0AHQAcABzADoALwAvAHQAZQBzAHQAdABvAGsAeQBvAC4AcABhAGwAbAB5AGMAbwBuAC4AYwBvAG0ALwByAGkALwBwAGwAYQB5AHIAZQBhAGQAeQAvAGwAaQBjAGUAbgBzAGUATQBhAG4AYQBnAGUAcgAuAGQAbwA8AC8ATABBAF8AVQBSAEwAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AA==</cpix:PSSH>
</cpix:DRMSystem>
<!-- Common encryption (Widevine)-->
<cpix:DRMSystem kid="12ea753c-23e7-bc02-4474-b2b976c43beb" systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">
<cpix:ContentProtectionData>qAUAAAEAAQCeB...A=</cpix:ContentProtectionData><!-- added to V2-->
<cpix:PSSH>AAAAVXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADUIARIQEup1PCPnvAJEdLK5dsQ76xoMaW5rYWVudHdvcmtzIg1jcGl4LXRlc3QtY2lkKgJIRA==</cpix:PSSH>
</cpix:DRMSystem>
</cpix:DRMSystemList>
</cpix:CPIX>
Note
<cpix:CPIX id="">: the CID value entered in the request data is returned.
<cpix:ContentKey>: the key value for the content encryption (<pskc:PlainValue>), IV(explicitIV), and the kid value for the key are returned. The kid value is applied with the value newly generated in KMS regardless of the value entered to the request data. The key and IV are returned in Base64 encoding format.
<cpix:DRMSystem>: The PSSH data for the DRM of both PlayReady and Widevine are returned. The <cpix:PSSH> tag displays the default PSSH value, and the <cpix:ContentProtectionData> tag displays the PSSH data with the header section removed.
Was this article helpful?