Fulfilling in-flight entertainment content security requirements

Posted On

By Team ExpressPlay


Ironclad content protection opens door to licensing the most appealing programming

Airlines and other long-distance travel providers have more opportunities than ever to maximize the benefits from onboard and in-flight entertainment (IFE) systems for passengers by featuring premium movies and TV shows that require full compliance with the most rigorous content protection policies.

There’s growing awareness across the travel industry that attractive entertainment offers and packages meeting or exceeding passenger expectations open new paths to bolstering bottom lines. The key lies in providers’ ability to deliver the most compelling content, such as Hollywood premium content, utilizing a content-protection platform that satisfies rights holders’ requirements no matter what devices passengers use to access the service.

Preventing access by unauthorized users is essential. Adherence to licensing terms that typically allow the content to be offered free in flight in the closed on-board environment requires that passengers be prevented from transmitting the content over any internet connection that might be available to them while traveling or engaging in other forbidden uses such as storing content for access or sharing later.

A purpose-built solution to fulfilling in-flight entertainment content security requirements 

As growing numbers of airlines and other transport providers (“common carriers”) are discovering across the globe, these requirements can be met no matter what type of in-flight entertainment system is employed when providers utilize Intertrust’s ExpressPlay™ DRM Offline solution. As a component of the ExpressPlay™ Media Security Suite, ExpressPlay DRM Offline enables secure streaming through a multi-DRM solution designed to protect premium content delivery and playback in environments with limited internet access.  

The platform employs the same highly automated and secure multi-DRM protection, key management, device authentication and user authorization processes the cloud-based ExpressPlay DRM software-as-a-service (SaaS) is providing for some of the largest OTT streaming services worldwide. This is a level of protection that’s fully in compliance with the stringent requirements stipulated by the Enhanced Content Protection (ECP) specification recommendations by MovieLabs, a Hollywood motion picture technology consortium.

Whether deployed in the cloud or as a closed on-board end-to-end system, ExpressPlay DRM performs its tasks automatically, gathering and reacting to user, device, and policy data to validate and secure each viewing session. Encryption/decryption keys are provisioned on a per-session basis in accord with all the types of encryption methods and file formats the various DRMs use to convey licenses and policy information. All provisioning and upgrade processes associated with these interactions are rigorously secured. 

The same is true of the keys themselves, which are protected with persistent encryption at all times. License servers, reacting to requests from authorized users, securely transmit the keys for decryption on the authenticated device. This process prevents use of the keys by other users or the same user on any other device, unless such use is specifically authorized by the provider.

Critically, ExpressPlay DRM is the only multi-DRM solution that supports all major DRMs. These include Apple FairPlay Streaming, natively supported by devices running iOS, macOS and tvOS; Microsoft PlayReady, native to all Windows and some Android devices; Google Widevine, used with all Android and some other devices, and the long established Marlin DRM. 

Secure Offline DRM Workflow for Passenger Entertainment 

The primary distinction introduced with ExpressPlay DRM Offline is that the platform is installed on commodity servers for onboard use as opposed to relying on public cloud facilities. The following key platform components implement the secure workflow depicted in the diagram:

in-flight entertainment

  1. Content Management Service (CMS): A cloud management portal, managed by the service operator or third-party, for publishing and managing content on remote streaming servers. Content is packaged and encrypted with Widevine, Fairplay, and Marlin signaling.
  2. Key Management Server (KMS): Key management server that handles all the encryption keys during content packaging.
  3. Cloud Storage: CDN or s3 storage that keeps all the encrypted content after content packaging. 
  4. On-board Server: Performs downloading/syncing services to refresh server storage with newer content when available from cloud storage. Encrypted content is stored on the server and encrypted keys are kept in the local KMS database. 
  5. ExpressPlay DRM Offline: Contains the offline DRM implementation for Widevine, Fairplay, and Marlin DRM.
  6. Catalog Manager: End-users are able to browse available content via apps or browsers over the local Wi-Fi network.
  7. Content Playback: Secure offline playback is enabled across all the major browsers, OS, and “bring your own device” (BYOD), whether tablets, laptops or smartphones.
  8. Device Certificate Manager: The ExpressPlay DRM Offline service regularly refreshes all device certificates required by the different DRMs to authenticate end-users’ devices.

Architecture options

ExpressPlay DRM Offline serves two primary architectural approaches:

  • Hotspot approach: Users access protected content via dedicated hotspot devices that replicate the entire service stack, including content discovery, delivery and offline DRM server. To enable ExpressPlay DRM Offline support in this scenario, service providers simply integrate the ExpressPlay DRM servers with the service stack via its service APIs. The DRM server generates all DRM keys needed to accommodate passenger demand.

in-flight entertainment

  • Gateway approach: Users access protected content via a dedicated gateway that connects to a cloud-based external service. In this case, with each user session the service provider requests DRM licenses for specific target devices without the device or app having to contact the cloud-based multi-DRM service. If the content is played using a browser, the video player and the Content Decryption Module (CDM) communicate with ExpressPlay DRM Offline to authenticate devices and generate native Fairplay, PlayReady and Widevine DRM licenses. In the case of native apps, they communicate with ExpressPlay DRM Offline server to authenticate devices and generate DRM licenses. 

in-flight entertainment

The importance of Marlin to enable the unprecedented versatility of the ExpressPlay DRM Offline platform can’t be overstated. Support for Marlin is essential to market reach and cost efficiency insofar as it is a natively embedded, Hollywood-certified alternative to other DRMs, and it is already operating in millions of devices across Asia and elsewhere. Its general-purpose rights management architecture enables substantial flexibility and control in how it is implemented, providing sophisticated copyright management for playing entertainment and media content distributed over mobile, broadband, and broadcast networks.

The long established Marlin DRM specification is applicable to a market-leading variety of use cases across content types, content formats, delivery mechanisms, and platforms. Notably, ExpressPlay DRM, based on the Marlin specification, is the DRM of choice in high-volume common carrier settings with large in-train deployments in Brazil and India, and major in-flight entertainment systems in Japan. Users are capitalizing on multiple monetization opportunities, including advertising, subscriptions, and e-commerce/partnership services.

Clearly, airlines and other common carriers have more reason than ever to capitalize on the monetization and passenger experience and satisfaction benefits to be derived from a versatile offline distribution platform that makes it possible to license high-value content through adherence to the most stringent content protection requirements. The Intertrust ExpressPlay DRM Offline platform is making it easier to seize the full scope of opportunities available to providers of onboard and in-flight entertainment.