Setting-up DRM is an important, but sometimes a somewhat complicated job to execute. The complexity often comes from the business requirements, DRM technology is more and more available to everyone. 

In this blog we will talk you through the video playout of a video stream DRM protected with AWS Elemental Media Package and EZDRM (https://www.ezdrm.com/).

Concept

In Part 1 we covered the basic concept of DRM, where AWS Elemental Media Package encrypts video fragments based on keys provided by EZDRM. 

To successfully play out the stream, a player is required to get the video fragments, and a key with which it can decrypt the segments. The latter can be retrieved via a Licence Server.

In case of EZDRM and a widevine / dash integration the following license server must be contacted:

https://widevine-dash.ezdrm.com/widevine-php/widevine-foreignkey.php?pX=<......>

Where the pX value are the last 6 digits from your widevine profile ID from your EZDRM account.

The player will request the licence from the licence server, before the licence server will issue the licence, your backend will be contacted (as configured in your EZDRM account). You have control over who gets a licence and when. To provide additional information to your backend additional query parameter (name CustomData) can be added which is transparently forwarded. 

Typically you can provide here a custom token which the back-end can use to apply and customised logic like concurrent stream tracking and any required authorizations.

This provides us with the following flow:

Implementation

The following SAM code provides a very basic implementation which can be extended with business logic:

AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: Simple license api


Resources:
 RestLicenseApi:
   Type: AWS::Serverless::Api
   Properties:
     StageName: dev
     EndpointConfiguration:
       Type: REGIONAL


 LicenseRequest:
   Type: AWS::Serverless::Function
   Properties:
     FunctionName: LicenseRequest-dev
     InlineCode: |
       def handler(event, context):
           print(event)
           # Business logic comes here
           return {'body': 'play=true', 'statusCode': 200}
     Handler: index.handler
     Runtime: python3.10
     Events:
       ApiEvent:
         Type: Api
         Properties:
           RestApiId:
             Ref: RestLicenseApi
           Path: /play
           Method: GET


As can be seen in the code, this utilises a combination of AWS API Gateway and AWS Lambda to respond to licence requests. This is a highly scalable, cost efficient pattern to provide checks for licence requests.

Contact Merapar in case you require help in implementing DRM in your media workflow. We are happy to help!