We are excited to announce a significant update to our Content Key Encryption API that enhances security, improves monitoring capabilities, and facilitates easier deployment. This upgrade benefits our existing customers, potential customers, and partners by addressing critical concerns in the ever-evolving data protection landscape.
Key Features of the Upgrade:
I. Elimination of Non-Encrypted Key Exchange
One of the most critical enhancements in this update is the complete elimination of non-encrypted key exchanges. This change is a significant leap forward in security, as it effectively prevents potential man-in-the-middle attacks. We significantly reduce the risk of unauthorized exposure by ensuring that sensitive data is never exchanged in an unencrypted format.
II. Upgrades for Data Protection and Compliance
This update fortifies security and aligns with industry standards for data protection and compliance. By eliminating unencrypted exchanges, we help our clients adhere to regulations such as GDPR, CCPA, and others that mandate strict data handling practices. This approach to security enhances trust with your customers and partners, ensuring that sensitive information remains protected throughout its lifecycle.
III. Deployment in Kubernetes Containers
The Content Encryption API is deployed in Kubernetes containers, mirroring our License Acquisition API. This transition allows for easier deployment, monitoring, and scaling. This is especially important for our MultiKey Managed Service Offering, which is managed in our customers' own networks, and our MultiKey Server product, which was developed for bandwidth-challenged or offline environments like In-Flight Entertainment (IFE), Transportation (bus, train), Hospitality Industries (hotels, hospitals), and Military Facilities.
With the new Content Encryption Key API, clients can keep all their packaging key requests within their own infrastructure, not just their license acquisition. This means we can deploy our services on-prem or in-network without needing a single API call outside of that infrastructure.
This way, we can manage the whole key chain in the offline environment—both Content Encryption Key retrieval and License Acquisition, providing greater control over operations while improving security.
IV. Stats and Monitoring Extension
With the introduction of enhanced statistics and monitoring capabilities, clients now have complete visibility over the content for which they have requested keys. The new CPIX v4 endpoint utilizes the ContentID field, making it possible to group content even if multiple keys are used for different renditions of the same piece of content.
Technical Details
To support this upgrade, we offer several endpoints:
- CPIX v3
- New CPIX v4
- SPEKE v1 and v2
It's important to note that CPIX v1 and v2 will soon be deprecated, as announced in our previous emails to all clients. Users currently on CPIX v1, v2, and v3 can find the updated CPIX v4 guidelines in their consoles, which will assist them in migrating to the new version.
Additionally, we will provide a Legacy Endpoint available until November 2024 for a smoother migration process.
Call to Action
We encourage our existing customers to explore the new Content Key Encryption API and its enhanced features. If you currently use any old APIs for Content Encryption Key retrieval, now is the perfect time to migrate to the new version and experience the improvements firsthand.
For more information or to start your migration, please get in touch with our support team or visit our website. We look forward to helping you enhance your security and operational efficiency with our latest API update!
