AWS Media Blog
Guest post from castLabs: AWS customers can use SPEKE and DRMtoday for video security
Guest post Bryce Pedersen, VP of Marketing, castLabs
The content and opinions in this post are those of the third-party author and AWS is not responsible for the content or accuracy of this post.
The Secure Packager and Encoder Key Exchange (SPEKE) specification defines the standard for authentication and communication between encryptors and digital rights management (DRM) key providers. Encryptors include video encoders, transcoders, and origin servers. SPEKE itself is an API based on the DASH-IF Content Protection Information Exchange Format (CPIX), which is an XML document format designed to standardize how content key exchanges are performed.
castLabs’ DRMtoday cloud licensing service was among the first DRM key providers to offer API integration with SPEKE for streaming video workflows.
DRMtoday is SPEKE-compliant and allows AWS Elemental Media Services users to easily:
- Deploy required resources to interact with DRMtoday and SPEKE through a simple AWS CloudFormation template
- Support protected MPEG-DASH, HLS, Smooth Streaming through CMAF packaging workflows
- Process secure content key exchanges for Google Widevine, Apple FairPlay Streaming, and Microsoft PlayReady DRM systems
- Take advantage of Common Encryption (CENC) use cases
End-to-end Key Security
Content keys are extremely sensitive data. SPEKE and DRMtoday establish a secure end-to-end key transit channel to deliver encrypted media content.
DRMtoday and SPEKE Workflow Integration
DRMtoday is compatible with AWS Elemental MediaConvert and AWS Elemental MediaPackage for cloud-based video workflows, and AWS Elemental Live and AWS Elemental Delta for on-premises video workflows. AWS security requires key service components to be located in a customer’s account. To facilitate this, castLabs provides an ‘adapter’ as an AWS CloudFormation template that acts as the bridge between AWS and DRMtoday workflows. This allows for rapid deployment of DRMtoday for AWS Elemental Media Services.
This combined solution consists of two main components: fully configured Amazon API Gateway and AWS Lambda functions. The Amazon API Gateway allows for IAM role authentication within the AWS ecosystem (i.e. it facilitates IAM authentication between AWS Media Services and the key server proxy). This calls the AWS Lambda function, which in turn calls DRMtoday.
Get Started Today
castLabs is an AWS Advanced Technology Partner. To learn more about API integration between DRMtoday and AWS Elemental Media Services, contact firstname.lastname@example.org.
castLabs pioneers software and cloud services for digital video markets worldwide. Its solutions enable the playback of DRM-secured premium content over a large selection of consumer devices and platforms for high-quality video experiences. castLabs’ range of applications and services include DRMtoday licensing, PRESTOplay player SDKs, and Video Toolkit processing. castLabs is based in Los Angeles, California, and Berlin, Germany.