Backstage and EZDRM integration

Introduction

Backstage supports the scenario, when video content is encoded/transcoded via the Videostage component and provisioned to CDN. For such a scenario, Backstage CMS provides UI to configure necessary accounts, accesses, key management, etc.

Solution

The customer might want to use their encoder (AWS, etc.) and provision content into their CDN. For this scenario, Backstage provide means for managing EZDRM-specific account details to serve necessary attributes to the players for DRM content decrypting.

DRM systems:

Widevine - provide the license URL along with the stream URL
Fairplay - provide the license URL and the certificate URL along with the stream URL

Solution description

Backstage service-specific settings for DRM provider (EZDRM)

DRM Configuration:

DRM Provider: EZDRM
- Available DRM Systems: Widevine, Fairplay
- EZDRM account details: username/password (provided by the account owner)
- EZDRM account’s profile identifier (specific per DRM system, provided by the account owner)
- Certificate URL for Fairplay (provided by the content owner)

EZDRM Configuration in Backstage CMS UI

Sample inputs:

Login: customer@ezdrm.com
Password: ds3CEss8@lsl7Dnd
Widevine profile ID: BA916D60-C5BB-4EA9-AF67-FC44B6125644
Fairplay profile ID: 4C936DF9-E054-4A03-96D0-022A94FA0E7B
Fairplay certificate URL: https://sample.com/fairplay-certificate.cer

DRM system per stream (media edition) configuration

If the streams are using DRM protection of the available DRM systems (DRM settings enabled for the Backstage service), users must be able to configure the appropriate DRM system for the stream (media edition). Available options:

Unencrypted (default)
Fairplay - typically used with HLS streams
Widevine - typically used with MPEG-DASH streams

Stream configuration in Backstage CMS UI

info

When adding editions to asset through CMS UI, without enabling DRM setting in the CMS Settings, the default Unencrypted DRM protection will be applied

Provisioning of DRM attributes to the app (player) for content decrypting

License URL (Widevine and Fairplay):

Format Fairplay: https://fps.ezdrm.com/api/licenses/auth?pX={{PROFILE_ID_LAST_6_CHARS}}&customdata={{JWT_ENCODED_EDITION_AND_REQUESTOR}}
Format Widevine: https://widevine-dash.ezdrm.com/proxy?pX={{PROFILE_ID_LAST_6_CHARS}}&CustomData={{JWT_ENCODED_EDITION_AND_REQUESTOR}}

info

The PROFILE_ID_LAST_6_CHARS is generated from the last six characters of the profile ID (e.g., 4C936DF9-E054-4A03-96D0-022A94FA0E7B)

The JWT_ENCODED_EDITION_AND_REQUESTORis a JWT encoded header and payload, see below

Sample FAPI response:

{
    "url": "https://sample.com/HLS/index.m3u8",
    "type": "hls",
    "drm": "fairplay",
    "data": {
        "licenseUrl": "https://fps.ezdrm.com/api/licenses/auth?pX=FA0E7B&customdata=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpcCI6IjE5Mi4xNjguMS4xIiwic2VydmljZUlkIjoiZGVmYXVsdC1zZXJ2aWNlLWlkIiwiZWRpdGlvbklkIjoiYXl5SXo0a0JycDRBNHBIX1hsZ3oiLCJ0aW1lc3RhbXAiOjE2OTE3NTMzNTB9.FM-5TM2iIFkQi-JfJELBglnITmLk1FbQ-smi6HU06rY",
        "certificateUrl": "https://sample.com/fairplay-certificate.cer"
    },
    "advertisement": null,
    "thumbnails": null
}

Sample header and payload to be encoded as custom data:

{
  "typ": "JWT",
  "alg": "HS256"
}

{
  "ip": "192.168.1.1",
  "serviceId": "default-service-id",
  "editionId": "ayyIz4kBrp4A4pH_Xlgz",
  "timestamp": 1691753350
}

Introduction​

Solution​

DRM systems:​

Solution description​

Backstage service-specific settings for DRM provider (EZDRM)​

DRM Configuration:​

Sample inputs:​

DRM system per stream (media edition) configuration​

Provisioning of DRM attributes to the app (player) for content decrypting​