DRM as a Service: What Makes It Tick? (Part 1)

Security as a whole is pretty important to any thriving video service business. There are large sums of money invested in the content, infrastructure and marketing (and so on), as well as a significant amount of personal subscriber data, that must be protected. So how does this work in practice?

Digital Rights Management (DRM) is actually an essential component of the video business, although most people think of it purely in terms of a technology. Any video service business has to manage the granting of rights to view video – and those rights are only granted for short periods of time. For example, in a subscription video service, if the subscription dues are paid for March, but not in April, then the viewing rights should cease when the new month starts. If a video is rented in a pay-per-view transaction for a period of 3 days, then viewing outside of this 72-hour window should not be allowed. Managing rights can therefore be tied very directly to payment as a part of the that service business model.

The technology of DRM ensures that these viewing rights can be securely granted and that the rules can be enforced by the video operator. Since even large digital files can easily be stored and copied these days, the video streams or downloaded files should not be directly readable or editable. This also protects the operator of an advertising supported service because, if the video service content can be stripped of its advertising load, then the business model for that service falls apart. If clear copies of valuable content are circulated without limit, then the whole content value chain – from performer to service operator - is undermined.

So, how does a service operator protect their own interests with DRM?

• Firstly, ensure that the video content is encrypted in a secure fashion on the service side and remains in that secure, encrypted form during the process of delivery. The keys used for this encryption must be specifically protected – this is the server component of the DRM scheme.
• Secondly, only deliver video to devices that are trusted. Trust here, comes from knowledge of the consumer (through, for example a login or other credentials) and consideration of the consumption device. In general, devices that can be trusted are those that incorporate a verified implementation of one or more DRM clients. Sliding scale is also possible.
• Thirdly, only deliver decryption keys to these trusted consumer devices in a highly secure form – one that does not permit interception or tampering – and that imposes appropriate time limits on the use of the decryption key amongst other rules. This secure packaging is the core nature of a DRM license.
• Fourthly, only permit the process of video playback in conjunction with a current valid DRM license to eliminate any possible illicit capture of unprotected video during consumption. A fully secure integration of the video player, the DRM client and the device video hardware is critical here.

It’s clear from this description that there are client-side and server-side components to any DRM solution that should be described in more detail. In posts over the next few weeks we will start to fill in some of these details - again, from a non-technical viewpoint.

Visit our Frequently Asked Questions page for the full story - or download the full DRMaaS - What Makes it Tick? reference document. When you request this document, you'll also get in in line to receive our latest cool T-shirt swag! Something that shouldn't be missed in this time of virtual "no gift available" trade shows :)

Thanks for reading.

The Team at EZDRM
Digital Rights Management. Simplified.