USING CPIX TO ENHANCE CONTENT PROTECTION THROUGH MULTI-DRM Posted on March 27th, 2019 | Posted by Roger Pales

DRM Provider

Content protection is vital for content owners and broadcasters needing security for their video streaming. A suitable solution can often be complex and in response to this, content protection has become increasingly sophisticated through multi-DRM solutions and features such as multi-key encryption etc. VUDRM from VUALTO delivers multi-DRM, scalable and robust DRM solutions to support your DRM requirements. One element that helps to make more complex DRM solutions possible is the CPIX (Content Protection Information Exchange Format) platform.

CPIX is a specification format produced by DASH Industry Forum that describes how to exchange DRM (Digital Rights Management) information using XML documents.

CPIX

In its’ version 2.1 CPIX, already supports DASH, Apple HLS, Microsoft Smooth Streaming and Adobe HDS and it describes fields to satisfy most of the DRM systems and common use cases. Its’ simplicity makes it highly flexible. It is not surprising then, that big names of the industry, such as Unified Steaming and AWS Elemental, have already got on board.

CPIX is the first real attempt of DRM information exchange standardisation. Whether talking about pure live or video on demand (VOD), video streaming delivery workflows require for a number of services to talk to each other about content protection. DRM providers adopting CPIX can be easily and seamlessly integrate with other services also supporting CPIX; as well as effectively delivering what could be called dynamic or JIT (just-in-time) DRM, as opposed to during the packaging (or content preparation).

The implementation of CPIX by Unified Streaming brings along many new features, some of which would not be possible without dynamic DRM (fetching keys on the fly as the streaming gets generated), which means that content protection keys no longer need to be present on the main manifest.

This removes, almost completely, the challenge of securely storing encrypted source content and its manifest when Trans-DRM (decrypt source content) is required.

Encrypted content can be stored alongside its main manifest without having to worry about ‘decrypt keys’ being exposed on the clear. In other words, even if both content and manifest were to be leaked, decrypt information would remain elsewhere protected, and therefore the content useless.

Security improvements aside, the feature also brings flexibility as far as encryption is concerned. Now the Key Provider (sometimes referred to as KMS, Key Management System) can be the one to dictate what keys are to be used for a particular piece of content at the playback time. DRM can now be changed and even disabled without re-generating the main manifest or re-processing of any sort.

An example use case could be easily switching on/off content protection for a particular piece of content.

It is in part thanks to using dynamic key provisioning that key rotation for HLS is now easier than ever to achieve. Both Unified Streaming and AWS Elemental have implemented HLS key rotation following the CPIX guidelines.

Another exciting new feature Unified Streaming has brought along with CPIX, is to use multiple keys for a single piece of content. Multi-Key DRM allows you to securely control access to certain tracks with DRM. For example, standard definition (SD) tracks could be encrypted with a different set of keys than high definition (HD) tracks; it would then be down to the license server to provide a license valid for playing SD only, or both SD and HD.

 

IN SUMMARY
Having fully adopted CPIX, the benefits for users are:

  • Seamless and efficient integration with other services also supporting CPIX.

 

  • On the fly content decryption keys provision:
    • Main manifest no longer requires decrypt keys on the clear and can be safely stored along encrypted content.

 

  • On the fly encryption keys provision:
    • DRM keys’ change without re-processing.
    • HLS key rotation.
    • Multi-key DRM.

 

For further information on our VUDRM solutions, please click here.