What is Digital Rights Management (DRM)? Protect video and streaming content

Digital Rights Management (DRM) is how legal access to digital content is managed and stops any unauthorised access. Find out how this can protect content on a streaming service.

If you’ve ever experienced the frustration of someone accessing your personal account on a streaming service, you’ll understand the concern it causes. At an end-user level, it’s unsettling from a privacy and security perspective. Now, imagine the issues an organisation can face if the streamed content itself was stolen, let alone an individual user's account being accessed. This is why DRM protecting video and streaming content from the source is essential.

What is DRM protection? 🔐

DRM is a method of protecting digital content to prevent piracy through unauthorised access to assets. In the OTT and streaming industry this means encrypting your video or live stream so if anyone gets hold of it, it’s scrambled and unusable without decrypting it.

This level of security is achieved by encrypting the content when you package it. To then watch the content, you need the correct key to decrypt it. In short, DRM is how you ensure that content is only played back by people that are allowed to watch it.

How DRM works 🔧

Before any content is streamed, it must be encrypted and packaged. The encrypted content is then stored in a secure location, ready to be requested by an authorised user. Here’s an example of the entire process, from the perspective of an end-user clicking play on an application:

1. Content is placed into a secure storage location, encoded and packaged with encryption keys in the Common Encryption Scheme (CENC). The same content then sits in the origin server.

2. When an end-user clicks play, the player sends a request to the CDN (Content Delivery Network) for this content. Either this content is:

A) Available in the CDN.

B) Not available so the request is passed to the origin server to locate it.

3. The requested content is sent back to the player by the CDN or origin server. The player then receives the content and is alerted that it is encrypted by the Application Programming Interface (API).

4. The player will check the stream system to see which device the request is being made from, and then requests a certificate and encryption key from the relevant license server.

5. The license server will return a key and license to unlock the content so that it can be viewed.

6. This entire process happens in milliseconds. Check out the diagram below for a visual representation of all the above:

A Simplestream branded DRM protection workflow diagram containing coloured boxes filled with text titles for each stage of the DRM process when content is played.

Why DRM is essential 🤝

Beyond the requirement of making the content served on any streaming service secure, is that licensed content makes it a must-have. Most production companies and content owners will include the requirement for their content to be DRM protected as part of the license agreement for using it. However, even if a streaming service shows only original and in-house content then it’s still a good idea to protect it.

There are three flavours of DRM:

FairPlay – iOS 🍏

Widevine – Android 🤖

PlayReady – Microsoft ⌨️

At Simplestream, we work with all these DRM providers. If you were to license content for your own OTT service, the level of encryption you need depends on what the content owner requests as per the license agreement.

What is encryption and decryption

Encryption - safeguards media content by securely packaging it, requiring a unique key for access. When you stream a film on platforms like Netflix, encryption decodes the content from a scrambled code to its original format. In the streaming industry, businesses commonly use DRM systems like Fairplay (iOS), Widevine (Android), and PlayReady (Microsoft) for content protection.

Decryption - is the process of converting encrypted data back to its original form, using specific keys or algorithms. In DRM, it allows authorised users to access protected content. Learn more about decryption and DRM.

Right place, right time

You may not need the highest level of secure encryption for original content on your OTT service. Encryption can be expensive depending on the method and provider used.

For in-house content, AES (Advanced Encryption Standard) encryption is still secure but won’t cost as much as the other DRM providers. It only becomes necessary to use other DRM providers if you’re licensing content from content owners. However, having the option to easily leverage those other DRM providers can be lucrative…

If Disney approached your service and offered a great deal on the Star Wars saga, they’d have specific requirements for encrypting this content. This is why working with a technology provider that can offer all levels of DRM is the best option. No right place, or right time: it can be any place, any time for a content licensing opportunity.