Search code examples
streaminghttp-live-streamingdrmmpeg-dash

What is the value added by DRM compared to encrypted streams?

This question is about video streaming using MPEG-DASH and/or HLS. I am trying to understand the value added by commercial DRM systems (such as EZDRM, BuyDRM, etc.) compared to simple encrypted streaming e.g. AES-128 encrypted HLS. I am a bit lost in the commercial slogans.

So if I have a live or VOD stream I can easily send the stream encrypted with AES-128 if I use HLS "for free". It seems to me that when I set up a paid DRM for my MPEG-DASH streaming, basically the same thing happens, the stream gets encrypted and the details are shared in a standardized way (CENC).

So in both cases on the player side all I need is the key for decryption. It should not be a big deal to fetch that key from any webservice separately. Is that all..?

Based on this it would be very simple to implement some custom key provider service, but apparently the market is owned by big providers, so I must be missing some important aspect here.

(To clarify: I am not talking about everything within DRM, just the case when I have some live or vod videos and a website to offer these)

Any help and good comprehensive article links are appreciated.

Solution

  • It's a valid point. But there are quite a few differences, albeit not entirely obvious at first glance:

    • "Real" DRM systems don't just deliver a content decryption key as AES-128 HLS does. They deliver what is usually called licenses, which in turn also contain a set of usage rights, such as for example an expiry date (useful for rentals), or the ability to play through HDMI, or a constraint on the max resolution you're allowed to watch, and more.
    • Real DRM systems typically allow offline storage of licenses, which is useful in those scenarios where playback can also happen offline, or those online cases where you have to maintain state (such as rentals, if for example you play the movie in separate watching sessions).
    • Real DRM systems require individualization, meaning that the local license database is cryptographically bound to the device on which it was created. This is to prevent situations where user A obtains legally a valid usage license for content X, and then trivially posts the license database on BitTorrent for everyone to use. User A can do that, but the database is unusable for everyone else.
    • Real DRM systems allow revocation, meaning that -- since each device has a cryptographically unique identity -- if a device (or, more likely, a class thereof) is detected to be rogue, then it can be earmarked as unable to obtain future licenses.
    • Licenses are signed, meaning that one cannot tamper with one while in transit over HTTP, in order perhaps to extend his rental period or to allow HDMI playback where it was not originally allowed.

    And there is more... Also, the above is what most commercial DRM systems have in common, but if you look at individual ones (PlayReady, Widevine, FairPlay, ...) you'll see they also have several individual characteristics that differentiate them from one another and from plain AES-128 HLS.