Digital Rights Management (DRM) controls access as well as the usage of copyrighted content. It allows authorized users to access the content and also prevents its unauthorized copying & distribution. You can implement DRM systems on multiple streaming protocols to offer content protection methods.

This includes key management, encryption, and compatibility with different devices. Proper DRM implementation needs an understanding of how each protocol handles such aspects for access control as well as secure delivery.

RTMP and DRM

Being an old streaming protocol, you can use RTMP with specific DRM solutions. As RTMP does not support modern DRM systems, it has limited DRM capabilities. You can secure RTMP using RTMPS (RTMP over SSL/TLS) to ensure the stream encryption during transmission. Yet, it doesn't support the complex DRM systems necessary for premium content protection.

Basic RTMP Security with RTMPS

You can tunnel RTMP over SSL (RTMPS) to secure an RTMP stream and encrypt the connection to prevent eavesdropping. However, it does not offer complex platform features, such as playback restrictions, conditional access, or content licensing.

Command Example for RTMPS (RTMP over SSL):

code
ffmpeg -re -i input.mp4 -c:v libx264 -preset veryfast -f flv -rtmp_http -ssl rtmp://your-server/live/secure_stream

Explanation:

  • -rtmp_http: Uses HTTP over RTMP to ensure the stream is encrypted.
  • -ssl: Ensures that the RTMP stream is transmitted securely using SSL (RTMPS).

HLS and DRM

HLS is a streaming protocol that you can use for streaming, and it also has support for basic-level content encryption. It uses AES-128 encryption for securing video segments during transmission. AES-128 encryption encrypts each video stream segment with a key. Also, the key is provided through a separate file (usually a .keyinfo file).

HLS is further compatible with Apple's FairPlay DRM as well, for you to set restrictions on content, including playback duration, device limits, and more. FairPlay secures the web content using encryption and manages user access through a license server.

AES-128 Encryption in HLS

You can create an encryption key to implement AES-128 encryption in HLS and specify the key in a key info file. This key is then used to encrypt and protect the video segments during encoding. The key info file is then sent to the client, which it uses for decrypting the content during playback.

Command Example for AES-128 Encryption in HLS:

code
openssl rand 16 > enc.key
code
ffmpeg -i input.mp4 -hls_time 4 -hls_key_info_file enc.keyinfo -f hls output_encrypted.m3u8

Explanation:

  • openssl rand 16 > enc.key: Generates a 16-byte AES-128 key for encryption.
  • -hls_key_info_file enc.keyinfo: Specifies the key info file, which contains the URL of the key and its encryption method.
  • -f hls: Outputs the stream in HLS format.
  • output_encrypted.m3u8: The encrypted playlist file.

FairPlay DRM with HLS

HLS integrates with Apple’s FairPlay DRM system for advanced DRM requisites. FairPlay allows content publishers to apply necessary restrictions, like conditional access and device authentication. This is done using an external license server to issue decryption keys to only authorized devices.

Basic FairPlay DRM Setup:

FairPlay DRM needs an implementation of server-side where content is encrypted using the FairPlay encryption key, and the client device communicates with the licensed server for obtaining the decryption key.

Step 1: Use Apple's FairPlay to encrypt the video content.

Step 2: Use MPEG-TS segments or fMP4 to serve the content on HLS.

Step 3: Configure a license server for user authentication and then allow authorized clients to fetch decryption keys.

DASH and DRM

DASH is way more versatile than HLS and, in addition, permits a number of superior DRM schemes. The most intrinsic quality of DASH is that it adheres to Common Encryption (CENC). This provides support with DRM like Apple’s FairPlay, Google’s Widevine, and Microsoft’s PlayReady.

CENC provides a systematized method to encrypt content, then distribute keys on several platforms & devices. DASH supports the CENC framework and AES-128 encryption for multi-platform streaming, where content protection is required on various devices.

Common Encryption (CENC) in DASH

The CENC goes a step ahead and ensures that content can be encrypted by all DRM systems/platforms forcefully. It makes securing content for multiple DRMs (Widevine, FairPlay, and PlayReady) a breeze by sharing the same key and manifest.

Command Example for DASH with CENC:

code
ffmpeg -i input.mp4 -c:v libx264 -preset medium -f dash -dash_segment_filename "segment_%03d.m4s" -master_pl_name "master.mpd" -encryption_scheme cenc output.mpd

Explanation:

  • -c:v libx264: Use the H.264 video codec for encoding.
  • -f dash: Specifies the DASH format for output.
  • -dash_segment_filename "segment_%03d.m4s": Defines the naming pattern for segments.
  • -master_pl_name "master.mpd": Defines the master playlist file for DASH.
  • -encryption_scheme cenc: Enables Common Encryption (CENC) for DRM compatibility.

Widevine, PlayReady, and FairPlay with DASH

With CENC support, DASH is the preferred protocol for carrying out multi-platform streaming with advanced DRM requirements.

You can use FairPlay for Apple devices, Widevine for web browsers & AndroidPlayReady, for Microsoft devices. Using CENC, these 3 DRM systems can work on the same encrypted content.

DRM and Streaming Use Cases

Live Streaming

During live streaming, you must ensure that the DRM implementation doesn't introduce latency. RTMP does not support the latest DRM systems; you can use it in low-latency with RTMPS. However, for larger-scale live streaming with DRM, HLS, or DASH is preferred.

Use Case: HLS with AES-128 Encryption for Live Sports Streaming

  • Requirement: Secures live sports video streams for desktop as well as mobile devices.
  • Protocol: HLS with FairPlay DRM and AES-128 encryption.
  • Consideration: Low-latency live video streaming with circumstantial access restrictions for premium content.

Video-On-Demand (VOD)

For DASH, VOD with CENC is used because it supports multiple DRM systems to provide secure playback on multiple platforms and devices. This flexibility is crucial for content providers who provide HD or 4K on-demand video on a diverse ecosystem.

Use Case: DASH with CENC for VOD Content Distribution

  • Requirement: Securely distribute premium 4K movie content.
  • Protocol: CENC with DASH for DRM protection, supporting Widevine, PlayReady, and FairPlay.
  • Consideration: Secure & Scalable delivery with DRM restrictions for licensing as well as region-based access.