Fairplay DRM is the trusted studio-approved DRM for secure playback in the Apple IOS app, IOS Safari, Mac Safari. In this post, we present a complete guide for implementing Apple FairPlay DRM. FairPlay DRM protects videos from download and also stops screen capture of videos. The second half of the article explains the technology behind Apple’s DRM.
The content owner/distributor has to obtain the required license from Apple to use this. As your streaming partner, we provide the encryption and licensing service to use your FairPlay keys. The complete integration setup is handled directly by VdoCipher, you only need to apply for a license and get the keys.
What is FairPlay DRM?
Fairplay is Apple’s DRM technology, which is used by Apple exclusively to stream content securely on iOS app, iOS safari, macOS safari as well as TV OS.
Fairplay streaming(FPS) securely delivers encrypted content through HTTP Live Streaming(HLS) and CBCS protocol .
Apple Fairplay prevents video download as well as ensures screen recording protection.
Apple Fairplay DRM Compatibility
Fairplay DRM is compatible with the following devices:
- Mac Safari
- iOS Safari (iOS >11.2)
- iOS App. Native Apps are supported, web view apps are not supported.
Difference between default VdoCipher encryption security & Fairplay DRM Encryption – VdoCipher provides default encryption security for ios and Safari to prevent downloads. Apple’s DRM is approved by studios and has an additional advantage of prevention from screen capture. VdoCipher helps our customers to apply to Apple for a Fairplay license and also then integrate it for your videos without any extra steps needed from your side.
How To Request Apple FairPlay DRM Production License?
IMPORTANT: Below are some key steps, but it is recommended to mail us at firstname.lastname@example.org and we will guide you on the procedure to apply to Apple for the license.
- Please go to the Apple FairPlay page.
- Click on the link to Request Deployment Package. You need to have a developer account before this.
- If you are an organization you should use the organization account for this purpose. Companies outside the USA need to obtain a DUNS number in order to create an organization account.
- After proceeding further, you should see a form to request the deployment package.
- Enter your company and content details. Please take our help (email@example.com) to ensure that Apple doesn’t reject your use case as it can do for many cases.
- If asked, you can enter our name “VdoCipher” in “Streaming Distribution Partner Name”
- Confirm that you already have a “Keyserver module” setup and tested. You now need the “deployment package” for production.
Note that Fairplay DRM is only allowed for entities who are the content owner or have distribution rights to the content. Apple only provides Fairpay license when the video content is premium i.e. can only be accessed after payment.
How To Use Fairplay DRM Deployment Package?
You should have received an FPS_deployment package file from Apple. Open the zip file. You should find a PDF document titled: “FPSCertificateCreationGuide.pdf”.
This pdf describes the process of creation of an RSA key-pair and then getting the public key signed by Apple. In the process, it also generates an ASK. This key is a 32 character alphanumeric string associated with your Fairplay DRM. Once the process is complete, you can share your private key, challenge password, signed certificate, and the ASK.
Checklist before proceeding:
- Make sure you understand the overall process.
- Make sure your hardware and OS is stable enough and has power backup so that it does not shut down unexpectedly. You can not recreate the keys if anything goes wrong, so prepare for such events.
- In case of any issue, we are always there for help. If you need help with the key generation and signing process, we can offer guidance through a remote desktop session or skype.
- Understand that it is your responsibility for the safe-keeping of generated keys.
How do we use the above keys?
The Apple FairPlay DRM is a multi-component system. It also requires us to maintain the media keys in our database.
– When the player loads, it requests the signed public certificate.
– The FairPlay DRM device uses the certificate to create a license request.
– The license servers can read the “license request” using the “private key” and corresponding challenge password.
– The ASK is used to create the license containing the content keys.
How do we store your keys?
– We have dedicated license servers and licensing database separate from the rest of our infrastructure. The license database is heavily access controlled.
– We save your encrypted private key for FairPlay DRM in Google Storage or AWS S3 for Video Streaming.
– Private keys and challenge passwords are only accessible from license servers.
– The challenge password and ASK is stored in MySQL Database encrypted by a session key held in license server application.
– The signed certificate is kept in separate S3 and is public readable from a CDN. The FairPlay DRM in the player will load this certificate on your website or mobile app.
– We have set up encrypted backups every 6 hours.
Although we take extreme care of your keys, we do not allow retrieving the keys in future. We expect you to safe keep all your keys. You should make sure backups of the keys and ensure that they remain accessible to only authorised persons. As a checklist, here is a list of things to keep for FairPlay DRM.
- The private key (file)
- Challenge password (string)
- ASK (string)
- Signed certificate (file)
It is recommended not to trust your memory and keep all the files and associated passwords in digital format.
The steps for generating and signing keys
Step 1. Generating key pair with private key (.pem) and signing request(.csr) files.
i) When asked to enter a challenge password, you should first write down the password somewhere safe.
ii) Copy it from there once.
iii) When asked for verification type the password without pasting.
Note that when typing in the terminal, you should not see anything on the screen. That is how the terminal hides passwords.
Step 2. Signing the key requires an active Apple developer program membership.
- Follow the exact process as described in the PDF document provided by Apple.
- You should receive the ASK and need to type it again. Make sure you have it copied to a safe place before typing it again.
- After proceeding, it should ask you to download the certificate file. (.cer)
- The document should ask you to save the certificate in Keychain. This step is only for safekeeping. It does not affect any functionality.
The process is now complete. In the end, you should have the following files safe:
- Private key file (.pem)
- Challenge password for the private key
- Certificate file (*.cer)
Send your Apple Fairplay DRM keys to VdoCipher:
1. To share the above keys with us, use our email info [at] vdocipher.com. Do NOT use any other email or cc another email to the email. This process is to ensure that the files and passwords remain within our systems.
2. You should delete the email from your email servers after receiving confirmation from us.
How To Publish Videos On Your Site/app with Fairplay DRM & VdoCipher
Once you have shared the keys with VdoCipher, we will integrate it with streaming for your account at the backend. You don’t need to do any modifications to integrate VdoCipher. With our standard APIs or plugins, you can integrate our streaming player and enjoy secure embeds in the site or app.
What is The Technology Architecture behind Apple Fairplay DRM
The security of the content stream lies in the way encrypted content is transferred over the internet in a highly secure manner with a black-boxed key exchange mechanism.
FairPlay DRM files are encrypted using the AES algorithm on mp4 container files. The security of any encryption technology lies in the openness/closeness of its key exchange mechanism. For Fairplay DRM, the key for decryption is kept again in encrypted format in a closed box environment. The reason this close box is high secure is that Apple can control the total device and browser environment (Mac & iPhone). It is the same reason that the same DRM can’t work on android or chrome, because Apple can’t implement a hidden box environment in such cases.
Here are some details of DRM + Streaming infrastructure with VdoCipher
- Video Ingestion – You can upload videos through the dashboard, or using our upload APIs.
- Video Transcoding –
- Encoding videos to multiple sizes for different devices and net speed.
- Encrypting the video (CENC).
- Video File packaging and Key generation from the DRM license server
- Apis or plugins for Video Management
- Encrypted video files are streamed through Amazon AWS Cloudfront and Google Cloud Platform CDN Edge locations to ensure fast video streaming
- Secure Online Video playback
- Embed Code to generate Dynamic URLs (HTTP Post request including client secret key to get unique OTP)
- Unique OTP is then sent by the DRM Server
- The encrypted video file is decrypted in Browser/ Device’s trusted environment. The video is rendered via the video player, which can switch across different streams of different bitrates.
- Multi-DRM: For content creators wishing to stream across all devices and software, they need a multi-DRM strategy. At VdoCipher we provide Widevine for Chrome, Fairplay for Apple devices, with Flash as a fallback. This multi DRM solution ensures that content providers can fully rely on VdoCipher for distributing content on all devices.
Key Features And Benefits of Apple Fairplay DRM
These are some of the most important features of Fairplay DRM and their benefit.
Hardware DRM support
This feature is similar to widevine’s L1 security. Here you have security at the hardware level. This includes all the client environments that are compatible with Fairplay DRM. Through this you can ensure that screen recording is completely blocked.
Content Key Expiration
Fairplay DRM allows you to create expiring content keys. These expiring content keys allow you to allow playback for a limited period of time. A good example for this would be rental videos online. Also you can fix the number of simultaneous video playback for a single user account. Using this you can restrict the number of users similar to what Netflix does.
Fairplay DRM supports the download and offline playback of videos through native app. Apple provides the relevant APIs to handle the downloading of videos and managing the hls content through offline licenses.
How Does FairPlay Streaming Work?
Let’s have a look on how various elements in FairPlay work with each other stream encrypted content.
- User interacts with the video player on the content provider’s app.
- Application then notifies AVFoundation about the video playback
- AVFoundation downloads the HLS playlist for streaming.
- AVFoundation then checks the KEY tag in the HLS playlist and ensures if the video file is encrypted.
- After the confirmation, AVFoundation requests the encryption key from the AVFoundation app delegate.
- App delegate in turn asks for Server Playback Context(SPC) data from AVFoundation.
- Upon receiving the SPC, App Delegate sends the SPC to the key server.
- Afer interpreting the SPC data through KSM module, it retrieves the key from the keydatabase.
- Key server then sends the key to the AVFoundation delegate in the form of Content key context(CKC)
- AVFoundation delegate then pushes the CKC data to AVFoundation
- AVFoundation then decrypts the key and streams the content securely
FAQs on Apple FairPlay DRM iOS
By now you must have got a fair enough idea on Apple FairPlay DRM iOS and Safari Video Security. It is a must-have for video protection on Apple devices.However, if you still have any doubts left about it and want to know more, then here we have mentioned some frequently asked questions. This will give you more understanding of Apple FairPlay DRM iOS:
Does Apple still use Fairplay?
- Yes, Apple uses Fairplay DRM to secure its music content and Movie platforms also use Fairplay DRM to secure videos on Mac and IOS.
Does Fairplay DRM support Safari?
- Yes Apple Fairplay DRM supports high secure playback in Mac Safari, IOS Safari and IOS App.
Does Fairplay DRM prevent video downloads?
- Yes Fairplay DRM prevents illegal video downloads because of its strong encryption.
Does Fairplay DRM prevent screen capture?
- Yes Fairplay DRM also blocks screen capture in Safari & IOS App.
How can I get Fairplay License from Apple?
- Please contact firstname.lastname@example.org for a detailed guideline from VdoCipher on applying and integrating Apple Fairplay DRM.
Is Fairplay DRM free?
- Apple Fairplay DRM integration is technically handled by DRM companies like VdoCipher to ensure the highest security on IOS and Mac.
How to secure videos from piracy in IOS App?
- The highest security in the IOS app is ensured with the integration of Fairplay DRM. VdoCipher provides integration for Fairplay DRM
How to secure videos from piracy in IOS?
- The highest security in IOS is ensured with the integration of Fairplay DRM. VdoCipher provides integration for Fairplay DRM.
We’ve also written a blog on how to stream videos on iOS using AVPlayer, do check it out to know more about video streaming in iOS.