To Protect and Serve: A DRM Primer

We knew you’d want to understand how to protect and monetize your content, so we went to the source. We interviewed the biggest names in digital rights management (DRM) so that you have all the info you need to get started.

Why use DRM in the first place? “By securing something with DRM, it’s, in my opinion, the only sure and certain way to guarantee that that content is monetizable. Now you’ve made it selectable and accessible only to a restricted few. Therefore, you can set a price on it,” says Jan Steenkamp, vice president Americas for Irdeto. But there are a few questions you should ask yourself first:

“Is the content that you are about to DRM and protect actually content that has a price and a value? I think a lot of the debate has been DRM or non-DRM, and I think a lot of that is people getting caught up in trying to DRM and protect content that doesn’t really have high value. As soon as you identify the fact that you have high value, you should DRM it, and in DRM-ing it, you actually ensure that you get a price of fair value for that piece of content,” says Steenkamp, who was CEO of Entriq before that company was acquired by Irdeto.

What Are Your Options?
There are four main options, and it’s partly linked to what the rightsholder has determined and what player technology you’re choosing, according to Mark Taylor, vice president of product delivery for Level 3's content market group. There’s PlayReady and Windows Media Rights Manager from Microsoft, which is the most widely used and there’s Flash Access, formerly Flash Media Rights Management Server, and the RTMPe function built into Flash Media Server from Adobe, Taylor says.

WMRM and PlayReady and FlashAcess almost all work identically. They all have the same model where you encrypt your content, deliver it to the user, deliver the user a license key and this key dictates how long they can view the content or how many devices they can copy it to or how many times they can play it.

The WMRM, PlayReady and FlashAccess solutions require you to encrypt a file, deliver that file to the user and then send them a key so that their computer can decrypt the file and render it out to their associated player, Taylor says. RTMPe is a secure connection through which an insecure file passes. “If you’re just doing streaming—Adobe has been very good at playing this up—[the studios are] quite happy with the RTMpe solution. If you’re doing a purchase to own or download to rent, then either of Microsoft’s technologies or Adobe’s Flash Access is more appropriate, because you actually have the complete file on your disc.” As of now, RTMPe only provides real-time encryption to for streamed video, Taylor says, not downloaded video, though that’s going to change with Adobe’s Flash Access 2.0. Level 3 works with 3 of the 4 solutions, although people choosing Microsoft’s Windows Media Rights Manager or PlayReady need to hire a third-party service to host and deliver the encryption keys as well as the entire DRM platform.

How Do You Implement DRM?
What’s involved in setting up a DRM system? Let’s get started with Adobe. “If you want to add encryption, there are two ways to do it: RTMPE encrypts the bits and provides an SSL connection between you and the server, and that’s a standard way of doing all ecommerce activities,” says Taylor.

“The second piece is that the player itself has some common keys built into it which allows, on-the-fly, that stream to be de-encrypted. What was happening prior to late last year is people were copying that player, [allowing them] to take the content and un-encrypt it—steal it, for want of a better word. Adobe introduced something call SWF validation, which actually validates the player itself. For example, if Disney were providing something, they’d have their own validated player, and only players that they distributed could play their content,” he explains.

“The vast majority of people that we stream using Adobe want RTMPE or SWF validation or both. They either want to encrypt the stream, validate the player, or do both. But that’s probably preselected in terms of who we are selling to, the Disneys and Netflixes of this world. The social media sites, like YouTube, for example—clearly they don’t need to or want to provide any encryption on their stream,” Taylor says. “The content itself is protected in the encrypted stream. The ability to de-encrypt it is protected by that validation of the player.”

If this sounds overly cautious, that’s because there are so many people ready to steal content online. “It used to be very easy to grab an encrypted or protected stream, strip off the encryption, and have a file on your computer that was then unencrypted,” Taylor says. “The SWF validations tended to make that harder.”

With Adobe’s system, you need a library of content that can be hosted on your own server or with a CDN such as Level 3. Validation can be turned on or off for individual assets or for a whole library. The library itself isn’t encrypted; all encryption happens at the time of distribution. While that causes a small speed hit, Taylor says, it doesn’t take nearly the same amount of download time as other systems.

“Various CDN providers may or may not charge you extra for turning the things on that we talked about. So if you turn on RTMPE or RTMPS,” says Taylor, “some [CDNs] charge you additional delivery charge on your rate per gigabyte, some [CDNs] charge a fixed fee for the feature. It varies. You really have to get quotes from multiple CDNs.”

Both Microsoft’s Windows Media Rights Manager and PlayReady DRM technologies have a different setup, since a third party needs to, provide the encryption utility, provide the rights database and generate and deliver the license keys. You need to encrypt your library in the first place, and you provide the license key server, says Taylor. You can either do that yourself by licensing the core cryptography solutions from Microsoft, building your own platform from the ground up and then deploying and managing it in the datacenter or you can employ someone like Entriq or BuyDRM who specialize in providing these kinds of services, he adds.

As for Apple’s DRM, that’s a closed system. Apple uses its own FairPlay DRM for anything protected in the iTunes Store. It’s not something you can use on your own; it’s something you get by default when working with Apple.

Adobe
Someone who is quite knowledgeable in the value of Adobe’s current DRM is Christopher Levy of BuyDRM.com. “Adobe had built the Flash Media Rights Management product, and due to some changing market conditions they decided to move away from that platform and towards the soon to be released Flash Access solution. ”They have been hard at work on the new platform and I suspect they will be releasing it shortly after they release the new Flash Player 10.1,” Levy says.

As for the current Adobe solution: “It just wasn’t what the market needed when they needed it," Levy says, "and Flash Access promises to be all that and more."

Levy thinks Flash Access has a bright future. “That’s the platform that’s going to really kick off Flash encrypted media for a variety of reasons; mainly because it’s compatible with the new Flash Player 10.1. It doesn’t require you to build an entire AIR application to deliver your content with DRM although it does work with AIR apps if that’s the route you choose to go,” he says. “The Flash player is very widely deployed; AIR applications aren’t, and that was really one of the key things that distinguishes Flash Access from Flash Media Rights Management Server from a consumer standpoint and from a deployment standpoint, as well.”

“Adobe’s working to build upon their existing FMRMS 1.5 offering using their massive traction in the video space. To be able to grab an update to a Flash player and suddenly the player can consume encrypted media is a pretty significant thing. I think it’s going to be worth the wait,” Levy says.

Streaming Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues