• BuyDRM_WowzaStreaming_Slider_1920x450.png
  • EPIX_BlogSlider_1920x450
  • 763x430_BuyDRM_WowzaStreaming
  • 763x430_BuyDRM_EPIX
  • 378x300_BuyDRM_WowzaStreaming
  • 378x300_BuyDRM_EPIX

Creating DRM Workflows - Part 3 -"3rd Party Server Solutions"

Posted by Christopher Levy on Dec 8, 2016 12:00:00 PM

Creating DRM Workflows Part 3


In this series we will cover: 3rd Party Server Solutions

In Part 3 of our series : “Creating A DRM Workflow” we will take a look at using 3rd Party Server solutions to provide DRM encryption.  More and more media operators are using 3rd party Streaming Media Servers for a variety of reasons. First and foremost, using a 3rd party server lets you control the origin of your content into any one of numerous CDN offerings available in the industry.  Secondly, using a 3rd party streaming media server can enable you to collapse a variety of key content workflow requirements into one integrated stack of processes where you are able to optimize the overall management of your deployed resources. 

These processes include:

  • Content Ingest
  • Content Encoding
  • Content Transcoding
  • Content Segmenting/Chunking/Fragmenting
  • Ad Insertion
  • Content Encryption
  • Content Ingress to CDN

These products are most often licensed as software that you deploy on-premise, in-network, in-the-cloud or at a customer’s facility. The licenses for these products can be purchased on a subscription basis, a perpetual license or as a service running the cloud. These licenses can be used to deploy the software on bare metal, in a virtual machine, private or public clouds and in some cases using containers. In some cases there are additional up-sell fees to get support for all of the various features these servers support.

New Call-to-action

The major components of a streaming media server include:

  • Format Ingest Support
  • Transcoding Support
  • nDVR Support
  • Live and VOD Support
  • DRM Support

With regards to how 3rd party servers handle encryption keys from DRM platforms, much of what I have to say is covered in Part 2 of this blog series. Here are the highlights:

  • A Server provider has to implement AES 128 bit encryption in their workflow and they need a way to input encryption keys to support this encryption process.
  • The server provider can provide a manual interface where an operator can import the 3rd party DRM provider key info.
  • The best model for enabling encryption within a 3rd party server is to implement a DRM provider’s Key Management API for Encryption Keys.
  • In this approach the server vendor writes code that uses standards like SOAP to securely acquire the encryption keys from the DRM Provider.
  • The keys are generated and encrypted and delivered over a secure SOAP connection to the server. The server then securely stores these keys within the platform and uses them for the Live or VOD encryption during the streaming process or prior to a user requesting content. 

Once the encryption and key issues are addressed, there are two methods to encrypting content using market-leading streaming servers. The first is pre-encryption and the second is just-in-time encryption.

Let’s take a look at both models:

Pre-Encryption: Usually implemented when the content is ingested into the streaming server’s storage system. In this model the server encrypts the content as it is uploaded or ingested. The content is then stored in the encrypted form and streamed when requested. This model enables the server to cue the content and do the encryption when the server’s system resources are optimized i.e. during periods of low demand etc.  Servers that pre-encrypt are typically able to handle more streaming connections as they are under less CPU demand and over system demand. One advantage of pre-encryption over JIT encryption is that the server is not full of unencrypted content and therefore it’s less of a security target.

Just-in-time: In this model the content is stored on the server in the clear. When a user requests a piece of content, the server instantly grabs the first few chunks of the content and starts encrypting them and feeding them out the streaming interface to the CDN and user. Servers that use JIT are a bit more susceptible to suffering from performance issues when under significant load. The server has to encrypt the content while it is also streaming the content and establishing and dropping new connections as they appear and disappear.  Another aspect of JIT encryption is that the server’s storage system is a honeypot of unencrypted digital glass master files. In this model you must ensure that you use very robust security measures to protect the server’s storage system.

When considering a streaming media server for deployment the following formats and DRMs should be confirmed as options in the platform:

Content Formats:

  1. Microsoft Smooth Streaming
  2. Dynamic Adaptive Streaming over HTTP (DASH)
  3. Pantos spec HLS

DRM Flavors:

  1. Microsoft PlayReady
  2. Google Widevine
  3. Apple Fairplay

The last technology check mark that operators need to ensure their streaming media server supports is the Common Encryption Standard. For more information please see the 2016 DRM Deployment Guide available here.

Modern streaming media servers offer a variety of content workflow benefits in that they give you the ability to deploy one platform that encompasses multiple components of your deployment.  By collapsing ingest, encoding, transcoding, ad-insertion, encryption and delivery into one platform, streaming media servers provide a great benefit to content licensees and operators.  With DRM heavily integrated into their workflows, streaming media servers can provide a short path to standing up DRM technologies.

Subscribe to The DRM Blog and get the 2016 DRM Deployment Guide


Readers Choice 2016.png

BuyDRM’s KeyOS™ Multi-DRM Platform 2016 Recognitions

BuyDRM is proud to announce our inclusion in The 2016 Streaming Media 100: The 100 Companies That Matter Most in Online Video in 2016. This is our  fourth consecutive year of being recognized as a top innovator in the field.  BuyDRM was also recognized as the runner up for the 2016 Streaming Media Readers'  Choice Awards for DRM/Access Control Service Providers, once again proving our solutions as being one of the most comprehensive and widely deployed in the world.

Playready Widevine Fairplay

BuyDRM – Your Single Source for Multi-DRM Solutions

Offering PlayReady, Widevine, and FairPlay, we can help you deliver protected content to any device in any situation whether online or offline or both.

Established in 2001, we are a market-leading Multi-DRM service provider. Over the last fifteen years we have seen drastic changes in the content protection arena as a variety of new technologies have entered the marketplace. Through our pioneering efforts in this field and decades of experience in digital media, we have your bases covered with the KeyOS Multi-DRM Platform supporting PlayReady, Widevine, and FairPlay DRMs. KeyOS supports all of the popular consumer platforms and business models.

Want to Learn More?

If you are either just beginning your search or are a seasoned streaming media pro, we think our team can help you. 


Contact us to learn more about our solution.  We would be happy to setup a call to evaluate your scenario and find out how we can help you.  Our consultations are always free. Our KeyOS platform powers the biggest names in media across the globe and we are eager to assist you as well. 

    Subscribe for Instant Notifications

    New call-to-action

    Posts by Topic

    see all