Recently we’ve been discussing Intertrust’s comprehensive protection services for live content. Today we’ll be continuing that discussion with a focus on how Intertrust’s ExpressPlay® Media Security Suite protects all types of content in direct-to-consumer (D2C) and virtual MVPD streaming services.
Securing High Value Streaming Services
Premium live streaming services such as live sports or eSports events are growing and as the value continues to increase, it is more critical than ever to guard against content theft. Pirates try their best to extract their own revenue by restreaming eSports and other live broadcast events. Digital rights management (DRM) has long been a core component of protecting all live and on-demand streaming contents.
There are various multi-DRM services available such as ExpressPlay DRM™, which is one of the most widely-deployed cloud-based DRM services that supports all major DRM technologies . This cloud-based multi-DRM service is integrated with Amazon Web Services (AWS) Media Services and cuts down on operational costs and infrastructure investments. Deployed on AWS, ExpressPlay DRM makes it possible for distributors to implement robust rights management on a usage-driven cost basis without adding new infrastructure or incurring high setup costs.
As described at greater length in a previous Intertrust white paper, ExpressPlay DRM delivers a major cost advantage over both fixed-priced solutions and build-it-yourself approaches, where the investment has to cover a capacity sufficient to accommodate the heaviest use-case scenarios.
Support for new advances that streamline DRM operations
A key aspect of Intertrust’s optimization of ExpressPlay DRM for live streaming involves concerns related to low latency streaming typically experienced in multi-DRM scenarios via the encryption and licensing processes.
1. Reducing encryption-related delays
Through tight integration with third-party encoders and packagers via robust and finely tuned APIs, ExpressPlay DRM eliminates the lag time between encryption and encoding.
ExpressPlay DRM enables an efficient Content Encryption Key (CEK) acquisition process, made possible by MPEG-DASH Industry Forum’s Content Protection Information Exchange (CPIX) standard. Addressing HLS as well as DASH, CPIX facilitates the streaming of protected content to every type of device while eliminating the need to rely on proprietary DRM APIs to handle the information exchanges. CPIX also supports track encryption as well as key rotation if required.
ExpressPlay DRM has also adopted the Secure Packager and Encoder Key Exchange (SPEKE) protocol developed by AWS that streamlines communications between DRM systems and encryptors including encoders, packagers, and origin servers. Intertrust leverages SPEKE to integrate customers’ DRM operations with AWS Media Services, streamlining communications between Media Services and the ExpressPlay DRM Key Management Service (KMS) through an AWS API Gateway.
2. Minimizing licensing delays
ExpressPlay DRM also reduces session licensing-related startup delays through the use of more efficient licensing processes, including:
- Persistent licensing: Persistent licenses continually enable playback from a given service by the licensed user throughout the life of the license, while non-persistent licenses terminate with the completion of each session. The elimination of repeated license renewals cuts down on startup time and hence reduces latency.
- Proxy-based license delivery: Unlike token-based license delivery, which requires two roundtrip communications between the player and the licensing source, the proxy model enables players to retrieve a DRM license directly from the proxy server managed by the OTT streaming service provider. This greatly simplifies support for complex use cases such as key rotation and multi-party packaging workflows. It also prevents unauthorized redistribution of licenses and simplifies client-side logic by eliminating the need to configure each player to prefetch tokens.
Protecting apps and keys
There is a need to secure apps and keys at the source code level with tamper-resistant white-box cryptography. Intertrust’s proprietary whiteCryption technology hardens apps against static and dynamic analysis, hacking, and reverse engineering, and it keeps keys secure during all cryptographic operations performed by the app.
Key features of Intertrust’s whiteCryption include:
- Two-pronged app Code Protection: This approach first hardens apps by detecting any code modifications, then guards against hacking and reverse engineering through obfuscation of the original code.
- whiteCryption Secure Key Box (SKB): The SKB is a powerful software-based, hardware-agnostic white-box library that makes cryptographic operations highly resistant to both browser-based and side-channel attacks on keys and credentials through a unique combination of crypto algorithms. SKB libraries are diversified so that keys exported, stored, and protected by one SKB instance cannot be used by another, and internal data is encoded differently with each delivery.
Support for live-optimized watermarking systems
ExpressPlay Anti-Piracy and Watermarking service (powered by Friend MTS) incorporates content monitoring and legal enforcement with high-performance watermarking.
Friend MTS’ fully automated Advanced Subscriber ID Service (ASiD) utilizes digital fingerprinting to quickly identify pirated content streams and send legal notifications to the infringing parties. The ASiD service operates on a massive scale and spans illegal streaming devices, Kodi add-ins, mobile apps, websites, and social media. The service leaves no visual impact on the viewing experience, delivers high-performance watermark extraction from pirated content, and has proven effective against collusion, blurring, reframing, and other tricks employed by pirates to steal content. Finally, the service supports integration with the client SDK on all devices, including legacy STBs. These advantages make it the most widely-used watermarking service for live streaming services worldwide.
ExpressPlay Watermarking enables a holistic live content protection environment that allows watermarking-related applications to be managed together with ExpressPlay® multi-DRM service and whiteCryption application shielding solution.
Learn more about ExpressPlay Media Security Suite
As additional MovieLabs Enhanced Content Protection (ECP) recommendations beyond watermarking gain traction in licensing policies for high-value live and other content, Intertrust continues to develop content protection services in accordance with these standards. For example, ExpressPlay DRM supports non-streaming content, including secure download, offline playback, device-to-device side loading, and protection for content accessed in catch-up or, in the case of live programming, network DVR applications.
To learn more about the content protection services encompassed in the ExpressPlay Media Security Suite, read the full white paper.
About Ali Hodjat
Ali Hodjat is the VP Marketing for Intertrust ExpressPlay. He has extensive experience in leading product management and product marketing activities in the fields of content protection and pay-TV security, anti-piracy, and IoT security solutions.