Content and software owners have been using various encryption methods against piracy for a long time to keep unauthorized usage to the minimum. With the rise of video streaming platforms, managing encryptions effectively to stop piracy and control usage of content have become factors to consider in revenue generation.
Advanced Encryption Standard
The traditional way to protect content and software is to enforce encryption standards and allow decryption using keys. Cryptographers endorse the Advanced Encryption Standard, or AES, for this task, which uses a block cipher method to encrypt data. It fixes the block size to 128 bits, while the key size could have three variations, viz. 128, 192, or 256 bits, the last being the most secure method which allows plaintext input to be transformed into ciphertext using 14 rounds.
Before digital rights management (DRM) became popular, AES was the chosen method. The end user was required to manually choose encryption keys to decrypt videos before they could be played. Though AES is considered a robust cryptographic solution, it created two problems: One, the end user found it cumbersome to use it every time they wanted to watch videos; second, the chances of encryption keys leaking out were strong.
DRM Not Equal to Encryption
OTT players and Hollywood studios solved these twin problems with the adoption of DRM technology, more specifically by using third-party multi DRM solutions. DRM licenses are offered by major internet and IT giants. For example, Google offers Widevine, Apple has FairPlay, and Microsoft owns PlayReady DRM brands. There are other DRM technologies too, but these three control the whole gamut of user devices and services from operating systems – like Android and iOS – web browsers, gaming consoles, and smart TVs. The correct DRM strategy handles security with various usage rules, like number of maximum playbacks, resolutions like SD, HD, UHD, etc., and an offline download scenario while issuing the license for playback.
The primary multi-DRM advantage over AES is that both video files and encryption keys are delivered to user devices through a secured, yet complicated, network of servers and devices, involving the multi-DRM server, a DRM server (for example, Google’s Widevine), a CDN server (most commonly AWS), and user devices, which is almost impossible to crack for the purpose of piracy. Like the AES method, encryption takes place in fixed-size blocks and are decrypted in succession to avoid exposing the whole file to a rogue element in one go.
Business Logic of DRM
The DRM technology allows periodic authentication of user credentials across devices, which lets an OTT platform maximize concurrent streams according to its business logic. Since the AES method allowed only one-time authentication, it could not allow video producers to customize their subscription offerings to users with flexibility.