User Guides
Start typing to search…

Apple FairPlay DRM (HLS)

Apple FairPlay Streaming (FPS) Digital Rights Management (DRM)

FairPlay Streaming (FPS) supports:

  • HTTP Live Streaming (HLS) playback of encrypted video content.

  • iOS, Apple TV, and Safari on macOS 10.10.3 or later.

  • Stopping playback on mobile devices and Apple TV when an expired Content Key (CK) is detected.

  • Identifying individual devices without compromising anonymity via a device identifier within the Server Playback Context (SPC) message.

Quick Start

Set up playback via Apple FairPlay Streaming (FPS) by performing the following steps:

  1. Register as a licensed content owner with Apple and request a deployment package. Request FPS deployment package from Apple.

  2. Request Studio DRM activation by submitting the following information via the Apple FairPlay Streaming page (Uplynk account must be enabled for DRM):

    • Your application public key certificate.
    • Your RSA private key passphrase.
    • Your application secret key.
    • Your RSA private key in PEM format.

  3. Verify that both the Require a token for playback and the Require a studio approved DRM for playback options have been enabled on the desired CMS asset, live channel, or live event.

  4. Make your application compatible with our service by performing the following steps:

    • Point your player to a HLS version of the playback URL that corresponds to the content identified in the previous step.

    • Construct and digitally sign this playback URL.

      Query String

      Append the following value to the end of the playback URL:

      ?rmt=fps

      Studio DRM Policies

      Define the desired set of Studio DRM policies by adding either a Studio DRM policy configuration or the desired individual policies to the playback URL's query string.

      ?rmt=fps&drm_policy_name=wvpolicy1

      Digital Signature: Sign the playback URL.

    • Update the Key Server Module (KSM) URL's scheme to https://.

    • Submit a Content Key request to our Key Server using the above KSM URL.

    • Use the deserialized Content Key Context (CKC) message to initiate playback.

Activation

FPS encrypts content to prevent unauthorized playback. In order to playback encrypted content, a player must use a Content Key to decrypt it. This Content Key is generated by our key server. Before our key server may generate Content Keys for your account, it requires information provided by Apple as a part of your FPS deployment package.

Submit the following information via the Apple FairPlay Streaming page:

FPS Deployment Data

Description

Details

Application Public Key Certificate

Upload the application public key certificate provided by Apple. This X.509 certificate should be in Distinguished Encoding Rules (DER) format and have a .cer or .der file extension.

RSA Private Key Passphrase

Provide the passphrase that encrypted your private key during CSR submission.

Application Secret Key

Provide your application secret key, which is a 32-character hex string.

RSA Private Key

Upload your private key by:
1. Opening the .pem file in a text editor.
2. Copying the entire contents of that file.
3. Pasting it in the Private Key (.pem) option.
Verify that this option looks similar to the following copy:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Content Keys

Upon initiating playback, an Apple device should request a Content Key from the Key Server Module (KSM) for the desired content. The KSM will provide the Content Key within an encrypted response.

Update the KSM URL

Before requesting a Content Key, update the scheme defined within the EXT-X-KEY URL attribute from skd:// to https://. The following sample JavaScript function returns an updated KSM URL.

JavaScript KSM construction example:

function getSPCUrl(initData) {
     skdurl = arrayToString(initData);
     spcurl = skdurl.replace('skd://', 'https://');
     spcurl = spcurl.substring(1, spcurl.length);
     return spcurl;
}

Request a Content Key

Request a Content Key via the following:

  • Request URL: Updated KSM URL

  • Request Header: Set Content-Type header to "application/json"

  • Request Body: Set it to the following key-value pair:

    • Key: spc
    • Value: Set it to a Base64-encoded string for a Server Playback Context (SPC) message.

The body of the response will contain a Base64-encoded string for a Content Key Context (CKC) message.

Sample request

{
	"spc": "your base 64 string"
}

Sample response

{
	"ckc": "your base 64 string"
}

Content Key Request Minimization

Reduce rebuffering, improve startup time, and speed up switching between different rays encrypted with the same content key by minimizing content key requests.

Reuse licenses for content, ads, and different rays by performing the following steps:

  1. Contact your account manager to request that your encoding profile be optimized for content key reuse.
  2. Include fpuseki=1 within the playback URL's query string.
  3. Update your player to cache licenses and associate them with license URLs.

Playback without Studio DRM Protection

Certain types of content (e.g., slate) should not be protected by Studio DRM.

To Play Content Without Studio DRM Protection

  1. Disable Studio DRM by performing either of the following:
  • Clear the Require studio approved DRM for playback option on the desired CMS asset.
  • Pass the drm_optional parameter in the playback URL.Learn More.
  1. Update your player to request a cleartext key via the following URL:

Updated about 1 month ago