The DRM Blog

Creating DRM Workflows - Part 4 -"3rd Party Cloud Encryption Solutions"

Posted by Christopher Levy on Mar 16, 2017 1:00:00 PM

In this series we will cover: 3rd Party Cloud Encryption Solutions

In part 4 of our series: “Creating DRM Workflows” we will take a look at using 3rd Party Cloud Encryption Solutions to provide DRM encryption. Over the past 5 years we have seen numerous different cloud platforms come online for the encoding/transcoding and encryption of cloud-based content. These types of solutions remove the need for licensing a 3rd party software or hardware platform and provide content encryption on a “pay as you go” basis. 

To utilize a 3rd party Cloud Encryption platform you will need to upload your content to the platform as a first step. You then kickoff an encoding/encryption process and once it’s done the content is outputted to your destination of choice. Some cloud encoding platforms are compatible with various cloud storage platforms like AWS S3 or Akamai NetStorage so you don’t have to upload your content to them. Some services also support more efficient upload using 3rd party apps like Aspera or Signiant to enable faster file uploads.

Typically a 3rd party cloud encryption solution will come with a fixed pipeline for kicking off and managing and monitoring encryption processes. Depending on the provider you should be able to access a variety of DRMs and output streaming formats (MP4-based) for ABR streaming using HTTP. Some vendors will also offer cloud-based storage, streaming and downloads based on their solution which provides the added benefit of saving time wrt to moving your content around and providing a “one neck to choke” solution where you just upload your raw content and they take it from there to the consumer.

part4-cloud2.png

As a cloud encryption solution goes, each platform has their own methodology and interface for configuring your encoding and encryption pipelines. Typically you must encode and encrypt the content at the same time as most cloud providers don’t offer the option of just content encryption as a stand-alone process.  A robust cloud encoding/encryption platform will generally accept a variety of professional content input formats including:

  • MPEG2-TS
  • Apple ProRes
  • DNXD
  • MXF
  • XDcam
  • fmp4 (for Smooth Streaming and MPEG-DASH)
  • MP4
  • WebM
  • FLV
  • MPG

A modern cloud encryption platform will support the most popular DRM flavors which are:

  • Microsoft PlayReady
  • Google Widevine
  • Apple FairPlay
  • Intertrust Marlin

DRM WorkflowsAdding DRM During the Encoding Process in a 3rd Party Cloud Encryption Platform  (Reprint from part 3)

Accommodating DRM providers inside a 3rd party cloud encryption platform is not an easy task. To support encryption using a 3rd party DRM platform, a cloud encryption provider needs to implement AES 128 bit encryption in their encoding workflow and to do so they need a way to input encryption keys to support this encryption process. There are several approaches to doing so. The encryption provider can provide a manual interface where an operator can manually type in the key information from the 3rd party DRM provider. This method is the low hanging fruit per se in applying encryption in an encoding workflow. It’s not secure and requires human intervention to make the process succeed.

The encryption vendor can provide their own APIs for delivering keys to the encoder and rely on the DRM vendor to implement their API. This method is cumbersome in that having an encoding company define to a DRM vendor how to create, implement and manage encryption keys is really the tail wagging the dog. Very few encoding vendors have taken this approach and it’s not a widely supported or viable model for the reasons described above.

The most popular model for supporting 3rd party encoders providing encryption within their workflow is to implement a DRM providers Key Management API for Encryption Keys. To support robust, secure, automated key management, the encoding vendor writes code that uses industry standard methods of communicating (typically SOAP) to securely poll the DRM provider’s platform for the encryption keys. In this model, the customer is given a Server Key or User Key from the DRM provider and they input this information into a DRM Provider tab or section inside the encoding platform’s user interface.

The encoding software then remotely queries the DRM provider’s Key Management API and the encryption keys are then generated and encrypted and delivered over a secure SOAP connection to the encoder. The encoder then securely stores these keys within the platform and uses them for the Live or VOD encryption during the encoding process. All of this happens in less than 2 seconds as the encoding process kicks off.

Pricing Models for 3rd Party Encryption Platforms

When selecting a 3rd party Cloud Encryption platform to provide encryption for your DRM Workflow the following pricing models may come into play.  Based on your short-term and long-term needs, you should be able to find a provider pricing model that fits your business model. You should of course also take into account the following components when making a pricing decision:

  • Does the provider have flexibility in how content is ingested into their system?
  • Does the provider support the various file formats that you operate with?
  • Does the provider support the various DRM flavors you need to operate your business?
  • Does the provider offer content storage and streaming and downloads as well?
  • Does the provider support common 3rd Party DRM Platform Encryption Key APIs?
  • Does the provider support both Live and VOD content encryption?

Once you have sorted out the answers to your product feature needs, you will then need to review the dominant pricing models in play in the 3rd party cloud encoding/encryption space:

  1. The first model is a pay per Gb of encoding/encryption throughput model. Typically you pay a monthly fee and get a bucket of data and when you go beyond that bucket, you are then charged per Gb.
  2. The second model is broken into two parts. In this model you pay per minute of encoded/encrypted video however there are two variations to this model:
    1. Flat rate per minute of encoded/encrypted content
    2. Dual rate model of per minute of encoded/encrypted SD content and encoded/encrypted HD content. The HD per minute cost is typically 1.5 to 2X times greater than the SD cost per minute.

With the explosion of 3rd party cloud encoding/encryption platforms coming online, you have a wide variety of choices wrt to your product needs. Cloud encoders, both large and small, offer significant benefits to on-premise hardware or software solutions. Increased flexibility and shorter time to new features are considerable reasons to select a 3rd party Cloud encoding/encryption platform.

- In the next episode, part 5 of our series:  “Creating DRM Workflows”, we will review “Content Licensing”.

 Subscribe to The DRM Blog and get the 2016 DRM Deployment Guide

SUBSCRIBE


View Past Episodes From Our "Spotlight On DRM" Webinar Series

New Call-to-action

Spotlight On DRM Webinar Series


 

Readers Choice 2016.png

BuyDRM’s KeyOS™ Multi-DRM Platform 2016 Recognitions

BuyDRM is proud to announce our inclusion in The 2016 Streaming Media 100: The 100 Companies That Matter Most in Online Video in 2016. This is our  fourth consecutive year of being recognized as a top innovator in the field.  BuyDRM was also recognized as the runner up for the 2016 Streaming Media Readers'  Choice Awards for DRM/Access Control Service Providers, once again proving our solutions as being one of the most comprehensive and widely deployed in the world.

Playready Widevine Fairplay

BuyDRM – Your Single Source for Multi-DRM Solutions

Offering PlayReady, Widevine, and FairPlay, we can help you deliver protected content to any device in any situation whether online or offline or both.

Established in 2001, we are a market-leading Multi-DRM service provider. Over the last fifteen years we have seen drastic changes in the content protection arena as a variety of new technologies have entered the marketplace. Through our pioneering efforts in this field and decades of experience in digital media, we have your bases covered with the KeyOS Multi-DRM Platform supporting PlayReady, Widevine, and FairPlay DRMs. KeyOS supports all of the popular consumer platforms and business models.

Want to Learn More?

If you are either just beginning your search or are a seasoned streaming media pro, we think our team can help you. 

CONTACT US

Contact us to learn more about our solution.  We would be happy to setup a call to evaluate your scenario and find out how we can help you.  Our consultations are always free. Our KeyOS platform powers the biggest names in media across the globe and we are eager to assist you as well. 

Topics: DRM, 3rd party cloud encryption solutions, encryption solutions