TheDRMBlog

It's Screener Season: Do You Know Where Your Keys Are?

Written by Christopher Levy | Jan 30, 2020 8:18:21 PM

2019 was a blockbuster year for the Motion Picture Industry with close to $11.5B in gate receipts according to CNBC's recent publication. Nearly $3.5B of that total was produced with just the top 5 movie releases in 2019 including: Avengers: Endgame, The Lion King, Toy Story 4, Frozen II and Captain Marvel rounding out the list.

We are now deep into the Screener Season with every studio in the business providing access to Streaming Screeners by Academy Voters using a variety of screener platforms. Consumer DRM is the sole technology in this process that "rides with the content" from creation to consumption. BuyDRM plays a vital role in this process by servicing the overwhelming majority of these studio brands with our Multi-DRM Platform KeyOS.

More specifically, our KeyOS MultiKey Service is the industry-leading Consumer DRM platform for securing Major Studio Content in screening applications. BuyDRM also operates our own KeyOS MultiScreener platform providing the industry's most robust 360° content security offering available.

Taking a step back to view the broader screener marketplace, BuyDRM has compiled a list of Screener DRM Best Practices for managing the entire DRM LifeCycle from Studio to Voter. These practices encompass nearly 19 years of DRM success stories in the commercial application of DRM. With over 10B licenses served last year alone, we believe these best practices for the Screener Industry can eliminate as many gaps as possible in the process.

BuyDRM's Screener DRM Best Practices:

  1. Ensure The Integrity Of Your Content Encryption Keys: Many times the focus on security around content is on the client playback platform(s) when in reality, the content encryption keys are much more valuable and require a deeper security focus. If you are using a 3rd party Encoding, Packaging or Server solution to encrypt your DASH or HLS content with consumer DRMs (Apple FairPlay, Google Widevine, Microsoft PlayReady), you need to make sure your partner is handling the content encryption keys with as much security as possible. This includes acquiring the keys using a secure, robust and audited API. This does not include the manual entering of a content encryption key from a physical or electronic source using cut and paste for example. When possible, require that your 3rd party renew their encryption keys on a daily basis.
  2. Avoid using Common Encryption (CENC) When Possible: This may sound controversial but the reality is that CENC is a weak standard that can compromise your entire DRM deployment. If one DRM Content Key is leaked, then all DRM Content Keys are leaked. BuyDRM recommends that you use a separate encryption key for each DRM you deploy to eliminate this significant gap. In a consumer facing scenario this could drive up your costs and management resources extensively. However, in the screener marketplace, the overall viewer usage is much, much lower and therefore the cost and resource implications of using separate keys per DRM are very low.
  3. Avoid Weak CPIX Implementations: CPIX was a standard for a problem that didn't exist. Ultimately it has lowered the security of DRM deployments by relying on 3rd party encoder, server and packager partners to implement security best practices. The reality is that this has not happened and there are a variety of very weak CPIX implementations in the marketplace. BuyDRM has seen numerous different examples of these weak implementations and they grossly overlook the necessary security to robustly and securely deliver Content Encryption keys from a DRM platform to a 3rd party system.
  4. Do Not Persist DRM Licenses: When you persist a license on a Voter's device or PC, you are in essence giving them the ability to view the content at will. Considering the negligible costs of re-issuing a DRM license, best practices dictate that you do not persist the keys, re-issue them as often as possible and deploy as many rights available within the specific DRM Schema you are using. In the case of streaming, you should issue a license every session, for every play including pauses and stop/starts.
  5. Audit Your License Delivery Routines Regularly: If you follow the logic of #4 above, each time a Voter views a piece of content they must acquire a license to do so. This "license delivery process" should include a variety of PKI and security to ensure that only legitimate portals, voters and clients can access the DRM-protected content. Each unique request should be signed and validated before your DRM platform of choice issues the license to the Voter. A real-time auditable record of this transaction with the IP information, region, client version, DRM version, content key etc. should be logged and made available for review. GeoFencing can further augment this process to ensure that there are no gaps in your license delivery processes.

Screener DRM offers a very efficient way to ensure that your high-value studio content is available for review by Voters in a secure and robust manner. These 5 Best Practices provide some of the best mechanisms possible to keep your screener content secure. Please don't hesitate to contact BuyDRM should you have more questions about how to secure your screener platform or if you need a screener platform with built-in DRM.