如何用DRM保护你的内容
You’ve been distributing unsecured video from your website, 并且你已经决定需要数字版权管理(DRM)形式的内容保护。. Perhaps it’s to protect premium content that you’re selling, 或者可能是为了控制接受培训的机会, marketing, sales, on-boarding, 或其他专有或机密视频. 在本教程中, 我们将描述DRM是什么, 它是如何工作的, 您需要实现哪些DRM技术, 如何选择技术合作伙伴, 如何加密, and how to license acquisition to your video player.
立即访问我们的2019年百家乐软件手册. Register for free to download the entire issue right now!
什么是DRM?
DRM涉及对内容进行加密,因此如果没有第三方DRM平台(包括许可服务器)提供的解密密钥,内容就无法读取. 第三方DRM平台的概念是将真正的DRM与简单的加密(如通过AES 128位加密的HLS)区分开来的关键特性之一. Since simple encryption is both cheaper and easier than true DRM, 理解这是一个有用的区别, 我们从这里开始.
To deploy AES 128-bit encryption, you encrypt your content during packaging. 在回放期间, the player clicks the link with the content and starts the download, 通常来自HTTP服务器(参见 Figure 1). 同时, 浏览器试图从清单文件中指定的位置检索解密密钥, 通常来自HTTPS服务器,因此您可以在下载密钥之前要求授权. 在这个模式中, 只有有权访问HTTPS站点中受保护内容的成员或员工才能访问密钥.
Figure 1. 简单的加密通过HTTPS保护密钥.
这种方法存在两个主要问题. First, at some point during the retrieval of the decryption key, 它在浏览器缓存中可用, 哪里容易被抓住. Second, whoever has the decryption key can decrypt the video; there’s no additional authorization between player and server to verify that the viewer should be able to watch the video.
True DRM
现在让我们看看真正的DRM. 顺便说一下背景, 我们将讨论的所有DRM工具都将在HTTP 在线直播 (HLS)或Dynamic Adaptive Streaming over HTTP (DASH)架构中实现, 尽管许多生产商需要同时支持这两种做法.
That’s because you’ll need HLS to reach Apple devices in the browser, 大多数其他设备都需要DASH. Currently, 这需要两组文件, 一个是HLS,一个是DASH, though this will change over the next few years (more on this below). Currently, the only DRM supported with HLS is Apple’s FairPlay. In contrast, DASH通过媒体源扩展(MSE)和加密媒体扩展(EME)支持一系列第三方DRM解决方案,如Widevine和PlayReady。. Note that if you’re running on iOS devices via an app, 您有更大的灵活性,并且可以将DASH与受支持的第三方drm之一一起使用.
True DRMs have multiple advantages over simple encryption. 首先,你可以看到 Figure 2, 通信通过内容解密模块(Content Decryption Module, CDM)处理,CDM是每个兼容EME设备的组件. 使用挑战/回应系统, 这些通信是加密的,所以解密密钥永远不会在公开的地方被黑客攻击. 除了, 许可服务器和浏览器之间的通信可以确认查看器具有有效的许可证, 未撤销的播放器观看视频. 因此,真正的DRM更加安全. 我们将在下面讨论, true DRM还支持许多简单加密不支持的业务规则.
如图2所示, 大多数真正的DRM集成都包括一个DRM许可服务器和一个由视频服务维护的订阅服务器. Sometimes license requests are routed through the licensing server, 有时通过订阅服务器. Either way, 其他功能, 订阅服务器验证观看者播放内容的权利,而DRM许可服务器验证播放器身份并颁发许可证. 这可以实现并简化更高级的功能,如离线播放和防止通过未经授权的硬件(如HDMI)通过DRM许可密钥中包含的权利对象进行播放.
使用真正的DRM
在消费者web浏览器中使用EME, DASH supports DRM technologies via what’s called Common Encryption, a specification that enables multiple DRMs to be built into a single DASH package. This is necessary because of fragmented support by EME-compatible browsers and devices. EZDRM hosts a detailed chart you can view at go2sm.com/ comparedrm, but DRM support falls out just as you would expect it do.
That is, 谷歌在Chrome中支持自己的Widevine DRM, Android, Android TV, 以及所有安卓OTT设备和智能电视, 而微软在Edge中支持PlayReady, Internet Explorer, Xbox, 和其他微软平台. Apple supports its own FairPlay DRM in Safari, iOS, and Apple TV platforms. Again, if you’re distributing to mobile viewers via an app, 你有更多的灵活性,可以通过DASH在iOS设备上使用PlayReady和/或Widevine. For playback in Safari, HLS with FairPlay is your only option, as it is for AppleTV.
The bottom line is that many producers will have to create two sets of assets; one encrypted with FairPlay and cipher block chaining (CBC) for Apple, and the other encrypted with Widevine and PlayReady and counter mode encryption. As you can see if you check the aforementioned chart, 三种DRM技术之间的差异, you can deliver protected content to the vast majority of relevant platforms in computer, mobile, OTT, 游戏机, 和智能电视.
Via a specification called the Common Media Application Format (CMAF), DRM市场正朝着一套单一的cbc加密文件的方向发展,这种文件可以支持所有三种DRM. 在短期内, however, 这种方法不适用于大量传统的DASH和HLS设备和播放器, 这就是为什么大多数制作人要么支持两套文件,要么使用动态打包来为每个玩家创建适当的DASH或HLS内容.
第三方DRM提供商
Fortunately, as EME was formulated and the need for multiple DRM support became clear, many DRM providers diversified and started offering PlayReady, Widevine, 和FairPlay DRM, plus several other DRMs important in other markets. 这些供应商包括Microsoft Azure, BuyDRM, DRMtoday, EZDRM, ExpressPlay, Nagra, Synamedia, Verimatrix, and Vualto. This is just a partial list; if you’re from a DRM provider that’s not mentioned, please add your name on the 流媒体 website via a comment.
To create this tutorial, I worked with BuyDRM and EZDRM. Both could provide all required licensing to offer my test content with FairPlay, PlayReady, 和宽频保护.
At a high level, there are three touch points with DRM providers. 您需要获得密钥来加密您的内容, 并取得执照, 或者解密密钥, 播放内容. Both of these basic tasks can be accomplished pretty simply as demonstrated below. 您可能还必须在许可证服务器和订阅服务器之间建立通信, which may be more complex and is beyond the scope of this tutorial.
第一步:列出你的需求
That’s the background; let’s get started on how to choose and implement DRM tools. 您的第一步是定义您的需求.
业务规则
真正的DRM解决方案的一个好处是支持的业务规则的范围,比如脱机播放. Some business rules you’ll want to support as features for your customers, 而如果你分发的是第三方内容,其他的则是内容所有者强加的. Start by creating a list of business rules that your DRM solution will need to support.
目标平台
Which target platforms do you plan to serve, and how do you plan to serve them? 对于基于浏览器的计算机和移动设备支持,几乎任何DRM提供商都应该足够了. 如果你使用的是iOS和Android应用, 寻找为这些平台提供安全播放器软件开发工具包(SDK)或其他实现帮助的提供商. If you’ll be supporting OTT devices and/or smart TVs, you’ll want to learn how a provider can help you access these platforms.
内部部署或SaaS部署
Most companies will want to work with their service providers on an SaaS basis, 几乎所有DRM提供商都支持的模型. If you want to install a license server yourself, 您可能会有更少的选择,因为不是每个DRM提供商都为这种商业模式许可其技术.
Encoder
Your encoding platform will need to acquire encryption keys to protect your content. While there are generic ways for an encoder to acquire keys from any service, 如果您的DRM提供商已经与编码供应商合作,提供定制的集成,只需很少或不需要编程,则会更简单. 您将在下面看到一些示例. 如果你刚刚开始, 您可能还希望选择可以为您提供编码或打包工具的DRM提供商, which will already contain the required integration and will be even simpler. Most vendors list their integrations on their websites, 就像BuyDRM一样 and EZDRM does.
现成的球员
There are generic ways to acquire licenses programmatically from any DRM provider, 但是,如果您可以实现现有的集成,那么您将启动并运行得更快、更便宜. Again, most DRM vendors list their existing integrations on their websites.
Integration Between Licensing Server and Subscription Server
All DRM shops provide APIs for this; check the APIs for all candidate services to gauge ease of integration and ongoing maintenance.
步骤2:选择您的DRM提供商
For simple SaaS implementations for browser-based playback of Widevine-, PlayReady-, 和公平游戏加密的内容, you’ll have many candidates that can meet your needs. The keys here will be license and support pricing and ease of integration.
相关文章
目的是防止有害内容, Facebook提供的技术可以在照片和视频上传后立即识别和屏蔽它们.
2019年8月2日
As 2018 nears to a close and with the largest IBC ever just wrapped last week, three key movements in the Digital Rights Management market have come to light. 在第一种情况下,我们看到了向标准化容器(如HLS中的FMP4)和CMAF(用于部署包括Apple FairPlay在内的“消费者DRM”)的大规模移动, 谷歌Widevine和微软PlayReady.
10 Oct 2018
而出版商则在等待一个适用于所有浏览器的单一内容加密系统, 标准组织正在讨论EME的未来. Here's what rights management will look like in a post-plugin world.
2017.10.25
BuyDRM创始人Christopher Levy和流媒体的Tim Siglin讨论了BuyDRM的历史, DRM技术的发展, 以及对加密和数字版权管理的误解.
27 May 2017
提及的公司及供应商