DRM Protection questions

Anes Hmida 81 Reputation points
2020-10-13T14:36:11.283+00:00

Hello There, I want to ask some questions about DRM that I can't wrap my head around and I wish you guys could answer me.

Now I'm making a music player app, I have multiple users, here are my questions :

1 - what stops a user that has my DRM protected streaming URL from reading my content and what can I do to stop him from playing it back?

2- What system should I implement in my server in order to authenticate users to be able to playback successfully? for now, i have implemented an STS, but How can I update a JWT in my contentKeyPolicy without having to update all of the contentKeyPolicy and eventually having to update the streaming locators to be updated with my new data? by this, i mean trying to implement JWT rotation every N minutes from my server.

it doesn't make sense to update my whole library with new streaming locators every 10 minutes.

3- what else can i do to stop people from reading my content.?

please help , I'm very confused.

Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
316 questions
0 comments No comments
{count} votes

Accepted answer
  1. William Zhang 91 Reputation points
    2020-10-13T18:27:13.757+00:00
    1. A DRM protected content is first encrypted, unless the player is able to get the license containing decryption key, the player cannot decrypt the content. Therefore, you do not need to protect the encrypted content, but you do need to protect your license - only authorized users can get license.
    2. Yes, the recommended way is to use JWT token (essentially OAuth 2) to protect your license. This part indeed is a bit involving. This document provides the details for the scenario when Azure AD is used for authentication as well as STS: https://learn.microsoft.com/en-us/azure/media-services/latest/azure-ad-content-protection. Notice this: when we say key rollover in this context, it is not rolling over the key used in content encryption. Instead it is referring to rolling the signing key (x.509 cert with private key) for signing JWT token. .Rolling over content key (used for content encryption) is not yet supported by AMS, other than republishing with a new key
    3. If you use DRM (different DRM depending on different client device platform) and properly protect your DRM license, this would be the most secure approach so far. Another option is less expensive and slightly less secure: AES-128 clear key encryption.
    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.