Content protection has become a fundamental pillar for any OTT video platform. Protecting your content from unauthorized or malicious viewers is essential when your business model is subscription-based. 

Among all the different methods to secure HTTP video, Digital Rights Management (DRM) is one of the most effective and widely used. During the encoding process, each individual video segment is encrypted. This makes the content of the package, the video itself, illegible without the decryption keys.

It is important to highlight that content protection systems, such as DRM, achieve a different goal than just securing access to your CDN. Content protection systems secure access to the content itself from the origin to the end-user. However, securing access to your CDN does not protect your content end to end. It does prevent an unauthorized user from retrieving content from your CDN. However, if the content delivered by the CDN is not protected (DRM’ed) at the origin, then it could potentially be read by anyone sniffing on the path (or playout software stack). There are many approaches for securing access to the CDN, such as token authentication, geographical restrictions, or IP blacklisting and whitelisting. These are widely common, effective and used practices. However, let’s first focus a bit more on the role of DRM here and we will come back to those on later posts.

DRM at the Player Level

A workflow that includes DRM does not differ much from other OTT video delivery workflows. A layer of encryption is added after the encoding. Then, the video player will need to decrypt it to render the video. Therefore, DRM also impacts the video player in use.

Video payback on the web browser, with no plugins, has been a reality for years. There are several web API’s, like the Media Source Extension API (MSE), or the Encrypted Media Extension API (EME) that help this happen: 

• Media Source Extension API (MSE): allows the injection of content into the decoder from the application layer. This gives each video player the ability to implement its own streaming algorithms (e.g. HLS, DASH, Smooth, etc).
• Encrypted Media Extension API (EME):  this API provides a way to manage the playback of encrypted media (such as DRM). The specification does not define the specific protection system. It may be DRM (such as PlayReady and Widevine), or any other mechanisms. Again, it is up to the video player to implement the preferred one, leveraging the decryption resources provided by the browser and the platform. You can continue to read about it here.

The EME API is designed to avoid the app layer (video player) from having access to clear media content. Otherwise, the media would be exposed to fairly simple attacks, such as code injections or bug exploitation at the app layer, making the protection mechanisms lose most of its value. 

How does a P2P CDN fit into this pipeline?

The nature of the design of this API, and the different Content Decryption Modules (CDM), make it so that when using a P2P CDN, no changes have to be made to your DRM system. P2P CDNs distribute the media segments through their network of peers. The segments that move through the network are the same as the ones that originated at the CDN. Therefore, they will have DRM protection as well.

The following diagram describes how a P2P and DRM work together to offload bandwidth usage in an environment that requires content protection of this type:

A P2P network can’t interfere with your DRM encryption. The network only acts as a transport layer of video segments, which will always be encrypted, whether they come from the CDN or the origin server. Integrating Teltoo’s P2P network can be done in a few minutes, without compromising your content protection. It will preserve your network by absorbing the traffic that sudden spikes in viewership generate. 

Protect your business and revenues by safeguarding your content and securing your user’s quality of experience with Teltoo.