CDSA

There continue to be challenges today when it comes to assembling scalable, multi-digital rights management (DRM) security for video delivery, according to Christopher Levy, CEO and founder of BuyDRM.

“When we talk about DRM to scale, what we’re really talking about is the massive amount of licenses and devices and business models that [have] suddenly popped up in our industry, where DRM is becoming pervasive across the fabric of most video delivery platforms – and definitely part of all premium video offerings, he said April 23 at the Anti-Piracy and Content Protection Summit in Las Vegas, during the session “DRM to Scale: Best Practices for Managed Security Services.”

During the session, he discussed how to best deploy a robust multi-DRM solution at scale.

“The main considerations that we see on a regular basis in talking to clients [include], first off, as we all know, DRM is a mandated studio security technology,” he said.

And what that means is that “if you’re licensing content from a studio, or a major broadcaster or network or major content owner, they have a security questionnaire that they’re going to provide to your organization,” he noted. “That security questionnaire is going to address a bunch of things like how you store the content, how you deliver it [and] how users get access to it.”

Questions will include: “What’s your hosting platform like? What are your security controls? What types of security are you using? And then it drops down into the video security piece and it typically asks some very granular questions about the type of security you’re using. They talk about what types of DRM you’re using and ask you to call them out, and how you’re using them and how the keys are managed, etc.,” he said.

Explaining DRM

As a mandated technology, DRM is a part of over-the-top (OTT) streaming workflows, Levy pointed out.

“Secondly is the tsunami of all of the connected devices that are out there” that keep on growing, he said. At “last count, I think there was something like 24 different connected devices,” including mobile phones, tablets, computers, smart TVs, in-flight entertainment and hotel rooms, he said.

“So there’s just a huge wave of people watching streaming video because all of these devices [that] are connected now,” he noted, adding: “That is driving up the massive amount of demand for DRM.”

Then comes the “notion that for DRM to be effective, it’s got to be everywhere all the time,” he added.

Meanwhile, there are “a lot of playback platforms out there that do not support persistent licensed storage,” he noted, explaining: “What that means is, for example, a lot of the smart TVs that are available in the market today, they do not support persisting the DRM license … because they don’t have a secure methodology to store the key or access it, so they don’t store it. And so, every time the user changes the channel to watch a different channel or a different stream or a different live event, etc., they need to get a new license because there isn’t a license available for playback.”

There is also “key rotation” that is used in some device models, primarily for live events, including sports, he said. “As you rotate the keys on the encryption side, you’re in essence driving the acquisition of the new license key.”

There also three different forms of DRM, he noted, pointing to Google’s Widevine, Apple’s FairPlay, and Microsoft Play-Ready, and “they’re all in play in different locations,” he pointed out.

“As a result, you’ve got to be able to support unknown demand for those DRM technologies based on your usership,” he said.

“For those of you that are kind of new to DRM or stumbled into this room for this webinar by accident,” he joked, “DRM is, in essence, a very simple concept where we take videos and we encrypt them using” Advanced Encryption Standard (AES) 128 encryption “in various modes and then we get a license key from a DRM platform through” an application programming interface (API) to “play back the content.”

He added: “In essence, the player on your computer makes a request out to the DRM proxy, which makes a request to the DRM platform. The DRM platform then derives the license key and the license response and then the license is transmitted back to the player, where the video and the license are combined such that the playback stack can then start to decrypt the video and play it out.”

Today’s Problems

Explaining the problems that we see today, Levy said: “Most DRM services are not designed to support large gate crashes or live event ramp-ups. So we all know at the beginning of a live event, there’s this big rush of traffic. And then the traffic kind of settles down, or settles in, if you will. But it’s a pretty significant component of live events and always has been.”

There is also a problem in pricing, he said, explaining: “A lot of the pricing pools that are out there [have] a different way that they price, but generally you’re buying a pool of licenses. And so those licenses are typically in tiers. The DRM providers are not really designed in our industry to support, let’s say, billions or 20 billion licenses from a client. Their pricing is more in the millions to hundreds of millions of range. So that’s kind of a mismatch.”

Third, he said, “most DRM providers must over-deploy and hope that the impact on their Software-as-a-Service clients is negligible,” he said. “In other words, we’ve got a Software-as-a-Service platform, as a shared infrastructure, [and] we take on this big client who has some really big thing going on and that big client’s thing is going to impact all of the clients on that platform.”

As a result of all this, DRM providers must “price their services to cover these large bursts in traffic, kind of in the way that” the content delivery network (CDNs) did in the early 2000s,” he noted.

There are three modern solutions in the marketplace today that support DRM deployments, with the most common still being SaaS Model DRM that is run off a shared infrastructure, where all clients are on the same platform, he said.

The second one is Solution Model DRM, which he noted is “more of a software approach” in which companies license from a DRM provider and then the client has to manage and run that, he added.

And the third model is the one that BuyDRM pioneered: A Managed Service Offering hybrid model that he said was created from the “reality that the DRM industry is evolving quickly and the old ways of delivering DRM don’t work to scale for large clients anymore.”

He went on to detail the “pros and cons” of DRM SaaS, pointing to, among other things, DRM-to-Scale via SaaS being “very expensive” with a “wide spectrum of unknowns.”

Those aren’t all of them, he said, noting “these are just some high-level ones that we call out as part of the presentation today, but they’re definitely significant ones.”

Meanwhile, “some clients out there don’t necessarily need DRM to scale,” he pointed out.

To view the presentation, click here.

The 2022 Anti-Piracy and Content Protection Summit was presented by Richey May Technology Solutions, with sponsorship by Convergent Risks, NAGRA, Verimatix, BuyDRM, EZDRM and Vision Media. Produced by MESA, in association with the Content Delivery and Security Association (CDSA), the media partner for the show was Piracy Monitor.

To learn more about CDSA visit: https://CDSAonline.org

To find out more about upcoming MESA events or to get involved as a sponsor please contact Evie Silvers at [email protected].