The emergence of OTT segment as the main source of entertainment in the last few years has brought into focus the security infrastructure needed to ensure that only rightful subscribers get to see the premium video content. It is a given now that all established and new OTT players want to use digital rights management (DRM) technology to control how their content is consumed by users. Given the device fragmentation in the market, most OTT players take the multi-DRM approach to protect their video streams, which is also a compulsory requirement set by Hollywood studios before they ink deals with OTT platforms.
At the heart of a multi-DRM regime are the encryption standards enforced through Google’s Widevine, Windows’ PlayReady, and Apple’s FairPlay DRM technologies. A multi-DRM service provider, which is more often than not a SaaS provider these days, ties up various ends of the whole DRM workflow involving the video file from the producer company, a CDN, like Amazon AWS, a DRM license key server, and the client device. The multi-DRM SaaS provider encrypts the video file with encryption keys.
OTT players mostly work with an always-on internet-based model. Every time a user issues a playback request for a file using DRM video protection, the OTT site issues a token as response to the user device which contains authentication information like user ID, content ID, and other licensing conditions. Having been authenticated in this fashion, the client (user device) then requests a DRM license from the multi-DRM SaaS provider using the token issued by the OTT site. The multi-DRM provider authenticates the token and issues a DRM license, which allows the client to decrypt the video file and allow playback.
Such a license is restrictive in many ways, which helps the OTT player to not only curb piracy but also maximize revenue. Some examples of the restrictions contained in DRM licenses include:
- The time period for which the license is valid.
- Persistent licenses meant for offline usage.
- The resolution that each device can play for each video file. This option allows OTT platforms to restrict high-resolution videos only for devices which enforce highest level of security.
- Streaming restrictions, like download only or streaming only options.
While protecting a video stream appears to be a complicated, multi-step task, it is made easy using cloud-based multi-DRM technology. The playback process to effect the decryption of protected video files is rather seamless once the user is authenticated.
The success of OTT platforms has greatly reduced the earlier practise among users of buying digital copies of films, documentaries, TV shows, etc. However, there still is a sizable chunk of users who prefer to download and own their copies of digital videos. Traditional sellers continue to allow downloads of videos after users have paid for them. Similarly, OTT platforms also allow offline downloads of videos which a user can access on a particular device as long as their subscription stays valid. The DRM technology can be customized to protect all of these video downloads to legitimate users by authenticating encryption keys through the DRM server.