DRM: The Big Two
Adobe Flash Access 2.0
Adobe named the first version of its content protection licensing solution Flash Media Rights Management Server (FMRMS); it revamped and renamed version 2.0 as Flash Access, which it announced in May.
"We see this as an enabling technology rather than restricting, especially premium content," said Florian Pestoni. "We want to push content out to as many devices as possible, with the balance between access and in-place control for profit maximization. If it's inconvenient for users, it's probably not a winning strategy. Likewise, even with content that has no consumer-generated revenue, such as advertising-driven content, content delivery still needs constraints to eliminate others from inserting their own advertising."
What's Different, What's New?
The basic changes between versions 1.0 and 2.0 are fairly significant, but the most basic changes are modularity and a move beyond Flash playback.
"We've redesigned the rights management solution to move beyond Flash Player," said Pestoni. "Flash Access is supporting both AIR 2.0 and Flash Player 10.1 in Windows Mac and Linux desktops. So that means that both online video streaming or download are possible with Access: AIR for apps, Flash for in-browser experiences."
Flash Access 2.0 falls under the Flash Media family of servers, so it naturally protects content that is being delivered via Flash Media Server, but it can also be used for HTTP Dynamic Streaming or progressive download content.
"The transmission protocol of HTTP between the CDN and the end user can also be protected," explained Pestoni, as a way to differentiate Flash Access 2.0's "persistent encryption" capabilities from that of RTMP-E, the protocol encryption used as "session encryption" to encrypt the pipe but not the bits traveling down it. "Flash Access works for both VOD and live content as part of HTTP Dynamic Streaming, and the latter is not tied to a new release of FMS."
For HTTP, the content protection comes in two parts-a content prep solution for packaging or chunking content for HTTP delivery and an additional licensing server.
"In our support for HTTP Dynamic Streaming, there is an offline packager and a live packager," said Pestoni, adding that more about those features will be revealed in late May or early June. "We're decoupling the delivery from the management of permissions, and are protocol agnostic in that it supports HTTP streaming, dynamic streaming, standard FLV, or F4V with no need to fragment the content within the licensing solution."
Going Beyond the Desktop
I asked Pestoni whether there was support for the mobile version of Flash Player 10.1 we've been hearing so much about.
"In this release, the initial focus is on desktops," said Pestoni, "but we've been DECE approved." This is important both for consumer devices, such as connected TVs, Blu-ray, players and portable devices, as well as for Flash Digital for the Home."
"FMRMS 1.0 was a full server solution based on Life Cycle," said Pestoni. "Feedback from customers was that it should be more modular, and that it be offered with a software developers' kit (SDK) to allow companies to integrate rights management into their existing infrastructure, or for those who want to bring it in-house instead of using a licensing provider."
To facilitate code writing for SDK integration, Pestoni says reference code will be available, allowing for minor modifications of the SDK code to rapidly implement a more custom solution.
Flash Access uses industry standard cryptography blocks, but Adobe is not publishing information about the type of cryptography. Due to the company's desire to get a modular protection solution to market, third-party cryptography modules are also not yet allowed. Pestoni did say obfuscation efforts are in place to make the DRM client tamper resistant.
"DECE approval means we're taking the necessary steps," said Pestoni, "along with the move toward bit-level encryption for Flash Access 2.0 game versus old approach of RTMP-E session encryption."
"Persistent protection, in use in Flash Access 2.0, means that content is protected once and then, wherever it is, the content stays protected until it reaches the player and is decrypted on the fly," said Pestoni. "Frankly if you're doing persistent protection approach, we wouldn't expect to see many people doing session encryption via RTMP-E. It is certainly feasible but not advisable. Yet we still see a role for RTMP-E, as alot of people using RTMP-E also use SWF verification to protect against deep-linking attacks."
Deep-linking attack methodologies also allow for server checks to confirm the SWF being played is an approved SWF, which leads to another encryption benefit: the white list.
"In Flash Access, the content license being sent down to the client will have a white list of acceptable SWFs," said Pestoni. "An example is a content provider licensing content from the studios that needs to place advertising within the SWF. Content will know where it's allowed to play on the Flash Player or within AIR apps, but the whitelist is key to the licensing server notifying players as to which content is allowable to play in which SWF player."
Pestoni says the company provides a number of knobs to tweak encryption - and licensing settings.
"We can cache a license securely on the Flash Player," said Pestoni, "which works well with pay-per-view pre-issuing of licenses, as an example."
Flash Access vs. PlayReady
I asked Pestoni to give his assessment of Adobe and Microsoft DRM solutions.
"Microsoft has solid offerings in the space," said Pestoni, "and we're both trying to solve the same problems. Superficially, you need to distribute keys and enforce usage rules, so the workflows look the same. The technical elements of cryptography are about the same and both PlayReady and Flash Access have been DECE approved. Yet we feel that we cover both download and streaming, and we have great platform reach. We expect to cover over 1 billion devices within a year."
Asked how it was possible to get to 1 billion devices in a year's time for something that requires Flash Player 10.1 or AIR 2.0, neither of which are shipping yet, Pestoni pointed back to adoption rates of previous versions of Flash.
"When we launched Flash Player 10, within 2 months it was on 50% of internet-connected computers," said Pestoni, "and almost 90% of those devices within one year. Yet it's not about PC and Macs: that's the immediate target, but we're keen to get it on CE devices within the next 18 months.
"I think we'll see a lot of change from today's web video protection experience and we'll see video as a whole moving towards this new experience."
With new technologies, digital rights management is working in the background -- or in the cloud -- and staying out of the viewer's way, says Irdeto.