Over-the-top (OTT) streaming is partly a subset of VOD streaming and has revolutionized the way audiences consume video content. OTT streaming is limited to internet-based streaming including live stream. From Netflix to Amazon Prime, OTT platforms deliver content directly to users via the internet, bypassing traditional cable or satellite TV. With ease of delivering video content across the globe through the internet there comes the threat of piracy. Even basic encryption does not work as the key to decrypt the content is also accessible within the network. This has motivated the tech giants like Google and Apple to provide a secure mechanism for transmitting media files securely. What they came up with was a native hardware and software-protected black box mechanism to protect the decryption key. This whole system of communicating with the license server, encryption, and key exchange mechanism is often called DRM and for over-the-internet video providers, it becomes OTT DRM.
Table of Contents:
Brief History of Digital Piracy
- Digital piracy began with Peer-to-Peer (P2P) music sharing, evolving with the internet from the outset. Early forms of online piracy were primarily conducted through P2P networks where individuals could share music files.
- The principle of piracy predates the internet, but digital piracy specifically refers to unauthorized downloading and distribution of copyrighted digital works like music, movies, or software.
- Piracy’s digital form threatens economies much like Atlantic pirates threatened early 18th-century economies, underscoring piracy’s enduring nature despite evolving mediums.
VdoCipher helps several VOD and OTT Platforms to host their videos securely, helping them to stop losing their video revenues.
Financial Implications of Unsecured Content
- Digital piracy significantly impacts the U.S economy with annual losses nearing $30 billion due to pirated videos alone. The movie and television sector, despite generating around $230 billion in revenue in 2017, is hit hard by piracy.
- On a global scale, the movie industry faces annual revenue losses between $40 and $97.1 billion due to digital piracy. Illegal downloading of copyrighted materials consumes about 24% of global bandwidth.
- The financial losses extend to other content niches like ebooks, with American ebook publishers incurring over $300 million in losses due to digital piracy, a menace that also affects the films, music, and TV industries significantly.
This makes OTT content protection by employing Multi-DRM and dynamic watermarking among other methods crucial for content creators aiming to secure their content against piracy and unauthorized distribution. These protective measures include encryption, watermarking, and access control, with DRM solutions restricting how the content can be used, accessed, and distributed, thereby maintaining the integrity and value of the content.
OTT DRM Basic Concepts and Terminologies
Encryption is a process that transforms readable data into an unreadable format to prevent unauthorized access. In the OTT DRM context, the digital content is encoded and encrypted using a cryptographic key immediately after uploading. The encryption helps to protect the content in transit between the platform server and the client side. Depending on the platform, encryption can be done before or after streaming. Two primary modes of AES used for video content encryption are CTR and CBC, differing in the encryption process and how the keys are used. The complexity of AES encryption necessitates a balance between encryption time/effort and security, especially for live video, which is a real-time application with increasing data quantities as we move towards HD, 4K, and HDR content qualities.
In DRM, the encryption key is a “private key” that needs to be securely stored in a database accessible to a license server. The KeyID is a “public key” that can be given to anyone. When someone with the public key requests the license server for the private key (decryption key), it’s the DRM provider’s responsibility to authenticate the person before supplying or denying the decryption key.
The DRM workflow can be viewed in two parts: encryption of content in the packager and decryption of content in the client. The packager requests an encryption key from the DRM system, encrypts the content using the encryption key, and re-packages it. The client, upon receiving the content, requests the decryption key from the DRM system to decrypt and play the content.
A License Server in DRM holds the information required to securely encrypt and decrypt media. It has two primary roles: associating a license key with the media after packaging and encrypting it, and authenticating the request from the player for license and encryption keys during playback. The License Server fetches the decryption key from the key store (database) and responds to the player with the license and decryption keys.
Licensing servers implement fine-granular policies and rules to control how content is consumed. They can support various DRM policies and, in most DRM systems, licensing servers can be integrated with commercial DRM systems and their APIs.
Packaging refers to chunking or breaking up a movie into small pieces and describing the location and playback order of these chunks in a text file called a manifest or playlist. This playlist is essential for the video player to download the correct segments at the correct time, making packaging vital for Adaptive Bitrate (ABR) video streaming.
Popular OTT DRM Systems and their Features
OTT platforms typically rely on established DRM systems. Here’s a look at some major players:
|DRM System||Supported Platforms||Key Features|
|Widevine (Google)||Android, Chrome, Edge, Firefox, Roku, Smart TVs, etc.||Modular and adaptive; Google’s solution|
|Apple FairPlay||iOS, macOS, Safari Browser, AppleTV||Apple’s DRM system; integrates with HLS|
|VdoCipher (Apple+Google)||Android, Chrome, Edge, Roku, Smart TVs, iOS, macOS, Safari Browser, AppleTV||Direct Google Partner with dynamic watermark & user-based security analytics|
|PlayReady (Microsoft)||Edge, Xbox||Microsoft’s offering; versatile with many formats|
|Marlin||Some Smart TVs||Open standard; suitable for IPTV solutions|
|WisePlay (Huawei)||EMUI & Harmony OS||For Huawei device standard|
Explore More ✅
Vdocipher helps over 2500+ customers over 120+ countries to host their videos securely, helping them to boost their video revenues.
OTT DRM Implementation Challenges
Implementing DRM is not without its hurdles:
- Encryption and Packaging:
- Encrypting content in multiple formats upon ingestion.
- Utilizing different encryption methods and packaging for various devices to ensure compatibility.
- Adaptive bitrate (ABR) leads to multiple file segments, increasing complexity and storage costs.
- Scaling Challenges:
- Encoding multiple file sets at scale, leveraging cloud scalability to manage encoding operations in parallel.
- Overcoming storage and processing requirements associated with encryption, encoding, and packaging.
- User Experience:
- Ensuring consistent user experiences across devices with delay-free acquisition of keys from DRM servers.
- Addressing challenges with ever-changing client devices, operating system variations, and associated SDKs.
- Key Management:
- Developing a key management solution to ensure content protection throughout the workflow.
- Setting up license servers and managing security policies for playback conditions.
- Handling all aspects of key management and licensing to safeguard keys across the workflow, including implementing standards like Secure Packager and Encoder Key Exchange (SPEKE) for secure key transmission.
- Advancement and Integration:
- Transition towards Common Media Application Format (CMAF) to facilitate a single DRM-enabled file set for broad device compatibility.
- Challenges with player integration, especially around server-side ad insertion (SSAI) due to varying encryption keys.
- License URL Simplification:
- Simplifying license URLs for specific players by embedding license server URLs in the manifest and encoding session-specific data into the Protection Scheme Specific Header (PSSH).
OTT DRM working key points
- Content Encryption: Initially, the digital content needs to be encrypted to protect it from unauthorized access. Encryption can occur either during the encoding and packaging process or dynamically, just-in-time (JIT), the latter offering benefits like added security with key rotation and bandwidth savings.
- Rights Packaging: This step involves defining the rights or permissions associated with the content, which may include access controls, expiration terms, and other usage restrictions.
- License Server Interaction: The DRM system interacts with a license server to manage digital rights and licenses, ensuring only authorized users can access the content.
- Client-side License Acquisition: On the client-side, a license request is made to access the content. This request is sent to the license server, which then validates the request and issues a license if the request is valid.
- Content Decryption: Once the license is acquired, the client-side DRM system decrypts the content for playback, ensuring it remains protected from unauthorized use.
- Playback: The decrypted content is then played back on the user’s device through the requesting player.
VdoCipher – Hassle free DRM integration with your OTT Platform
To implement DRM solutions like VdoCipher on an OTT platform, various components and features need to be integrated for a seamless and secure video streaming experience. Here are some of the OTT components and the corresponding features provided by VdoCipher:
- Multi-device Player: VdoCipher provides a multi-device HTML5 player for desktops and SDKs for iOS and Android, facilitating a seamless user experience across various devices1.
- Analytics: Detailed analytics are offered to provide insights into user engagement and video performance, which can help in improving user experience and optimizing content delivery1.
- Custom Video Player & Cloud Hosting: VdoCipher provides custom video player solutions, packaged cloud hosting, and a video dashboard for easy video management, ensuring security with ease of integration for businesses2.
- Backend Integration: The backend system is responsible for making API calls, with the app SDK requiring an OTP (One-Time Password) for playback. An API endpoint should be created as part of the app backend to manage authenticated HTTP requests for playing a video and responding with an OTP, facilitating the interaction between the VdoCipher API and the OTT platform3.
- Content Management System (CMS): Whether you are working with CMS like WordPress or any LMS of your choice, VdoCipher’s suite of plugins and features are designed to integrate with existing OTT platform components.
- [DRM support: Platform comparison – link]
- [History of the Internet – Wikipedia – link]
- [Online piracy – Wikipedia – link]
- [Piracy Is Back: Piracy Statistics for 2023 – link]
- [Protect OTT Content with DRM – link]
Supercharge Your Business with Videos
At VdoCipher we maintain the strongest content protection for videos. We also work extremely hard to deliver the best viewer experience. We'd love to hear from you, and help boost your video streaming business.
My expertise focuses on DRM encryption, CDN technologies, and streamlining marketing campaigns to drive engagement and growth. At VdoCipher, I’ve significantly enhanced digital experiences and contributed to in-depth technical discussions in the eLearning, Media, and Security sectors, showcasing a commitment to innovation and excellence in the digital landscape.