- DRM Overview
- Certificate Enrollment Guide
- Adobe Primetime DRM SDK 5.3.1
- DRM Quick-Start Guide
- Adobe Primetime Cloud DRM Quick-Start Guide
- What is included with Primetime Cloud DRM
- What is NOT supported by Primetime Cloud DRM
- Prerequisites
- Packaging options
- Test the packaged content
- Triaging errors
- Custom authentication/entitlement
- Adobe Primetime authentication (Optional)
- Creating custom DRM policies (Optional)
- Update existing DRM content to use Cloud DRM (Optional)
- Streaming to Xbox360 (Optional)
- Using the Adobe Primetime DRM Key Server
- Adobe Primetime DRM Secure Deployment Guidelines
- Multi-DRM Workflows
- Multi-DRM Workflows
- Primetime DRM Cloud Quick-start
- Workflows: Package, License, and Play
- Multi-DRM Workflow for FairPlay
- Multi-DRM Workflow for Widevine and PlayReady
- Package your content with Bento4
- Package your content with Adobe Offline Packager
- Using Output Protection Policies
- Client Key Request workflow overview
- Expressplay tokens
- Key request workflow on Android PSDK
- Key request workflow on HTML5 TVSDK
- Device Binding
- Generic Workflows
- Feature Topics
- ExpressPlay license token request / response reference
- Migrating from Access to Multi-DRM
- Glossary
- Adobe Primetime DRM On Premises Individualization Server Guide
- Primetime DRM Server for Protected Streaming 5.3.1
- About Adobe Primetime DRM Server for Protected Streaming
- About usage rules
- Requirements
- Understanding Deployment
- Deploying the Adobe Primetime DRM Server for Protected Streaming
- Java system properties
- About Adobe Primetime DRM credentials
- HSM configuration
- Setting up the License server configuration files
- Crossdomain DRM policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Primetime DRM Server for Protected Streaming
- Running the DRM Server for Protected Streaming
- Packaging content
- DRM Server for Protected Streaming utilities
- Using the Adobe Primetime DRM SDK for Protecting Content - 5.3.1
- What is new in Adobe Primetime DRM
- Usage rules and Authentication
- Runtime and application restrictions
- Allow list for Primetime DRM applications allowed to play protected content…
- Allow list for Adobe® Flash® Player SWFs
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak enforcement (requires Adobe Primetime DRM)
- Other DRM policy options
- Device Group Domain Registration
- Output protection controls
- Packaging Options
- Setting up the SDK
- Work with DRM policies
- Package media files
- Pre-generating and embedding licenses
- Implement a License Server
- Overview
- License Server deployment options
- Process Adobe Primetime DRM requests
- Handle Get Server Version requests
- Handle Domain Registration requests
- Handle Domain De-Registration requests
- Handle License Return requests
- Handle authentication requests
- Handle license requests
- License chaining
- Handle synchronization requests
- Handle FMRMS compatibility
- Handling certificate updates when Adobe-issued certificates expire
- Performance tuning
- Revoke client credentials
- Create video players
- Resolution-Based Output Protection 5.3.1
- Adobe Primetime DRM Reference Implementations 5.3.1
- About the reference implementations
- Typical workflow
- Command-line tools
- Configure and run the command-line tools
- DRM Media Packager
- DRM Policy Update List Manager
- DRM Revocation List Manager
- DRM License Generator
- DRM License Embedder
- AIR Publisher ID utility
- License server
- Configuration
- Deploy the license server
- Troubleshooting
- Check whether the license server started properly
- Determining if Reference Implementation License Server runs properly
- Implementing the usage models
- Domain registration
- Migrate from FMRMS 1.0 or 1.5 to Adobe Primetime DRM 2.0 or later
- Upgrade existing deployments
- Adobe Primetime TVSDK-DRM Workflow
- TVSDK-DRM client-side workflow overview
- Primetime DRM content protection options
- Primetime DRM on the client
- Primetime DRM license server
- License acquisition process overview
- License acquisition process details
- Pre-loading licenses for offline playback
- Using the DRMStatusEvent class
- Using the DRMAuthenticateEvent class
- Using the DRMErrorEvent class
- Using the DRMManager class
- Using the DRMContentData class
- Out-of-band licenses
- Device domain support
- License preview
- Delivering content
- DRM Client Error Message Reference
- Using Adobe Access DRM With an External Key Management System
- Use the Adobe Access Server for Protected Streaming
- About Adobe Access Server for Protected Streaming
- Usage rules
- Requirements
- Deploying the Adobe Access Server for Protected Streaming
- License server configuration files
- Crossdomain policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Access Server for Protected Streaming
- Updating configuration files
- Packaging content
- Adobe Access Server for Protected Streaming utilities
- Adobe Access Secure Deployment Guidelines
- Introduction to Network Topology
- Vendor-specific security information
- Physical security and access
- Packaging and protecting content
- Protect and issue licenses
- Consuming locally generated CRLs
- Consuming CRLs published by Adobe
- Generating CRLs to supplement those published by Adobe
- Rollback detection
- Machine count when issuing licenses
- Replay protection
- Maintain an allow list of trusted content packagers
- Timeout for authentication tokens
- Overriding policy options
- Pre-generating licenses
- Managing Domains
- An Overview of Adobe Access SDK
- Using the Adobe Access SDK for Protecting Content
- Introduction
- User authentication
- Time-based rules
- Runtime and application restrictions
- Allow list for Adobe® Primetime applications allowed to play protected content
- Allow list for Adobe® Flash® Player SWFs allowed to play protected content
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes restricted from accessing protected content
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak Enforcement (requires Adobe Primetime)
- Other policy options
- Output protection controls
- Packaging Options
- Setting up the SDK
- Working with policies
- Packaging media files
- Pre-generating and embedding licenses
- Implementing the License Server
- Processing Adobe Access requests
- Processing Adobe Access requests
- Using machine identifiers
- User authentication
- Replay protection
- Rollback detection
- Global server configuration data
- Crossdomain policy file
- Handling Get Server Version requests
- Handling Domain Registration requests
- Handling Domain De-Registration requests
- Handling License Return requests
- Handling authentication requests
- Handling license requests
- Handling license requests
- Generating licenses
- License chaining
- Enhanced License Chaining
- Issuing Domain-bound licenses
- Issuing licenses for remote key delivery to iOS clients (requires Adobe Primetime)
- Minimum Client Version
- License preview
- Identity-based licenses
- Revoking client credentials
- Creating video players
- Adobe Access Reference Implementations
- Overview - Using the reference implementations
- Command line tools for packaging content and creating revocations lists
- Policy Manager
- Media Packager
- Policy Update List Manager
- Revocation List Manager
- AIR Publisher ID utility
- License Generator
- License Embedder
- License server and watched folder packager
- License server and watched folder packager overview
- Requirements
- Building the license server
- Configuration
- Server properties files
- Preparing passwords for the Server properties files
- License server properties file
- Packager properties file
- Watched folder properties
- Setting up the database and configuring the JNDI datasource
- HSM configuration
- Crossdomain policy file
- Deploying the license server and watched folder packager
- Determining if Reference Implementation License Server is running properly
- Implementing the usage models
- Implementing domain registration
- Migrating from FMRMS 1.0 or 1.5 to Adobe Access 2.0 and above
- Upgrading existing deployments
- Set up a domain server
- Flash Access Manager AIR application usage
BEES Workflow
Summary:
- Policy - Create a DRM BEES-aware policy that indicates BEES is required for all content packaged using thispolicy.
- Packaging - Package content using the BEES-aware DRM policy.
- Authentication - Authenticate your client device and use the Primetime DRM API, or the Primetime API, toassociate this token with Primetime Cloud DRM. Doing this will cause the client device to send this authenticationtoken up to Primetime Cloud DRM along with all license requests. Primetime Cloud DRM will not process thistoken, but instead will pass it along (as an opaque blob) to your BEES endpoint for processing.
- Licensing - Request a license for your protected content. The client device will automatically append yourpreviously-set authentication token to the call.
- Entitlement - Primetime Cloud DRM will determine that the content was packaged with a policy that requiresBEES. Primetime Cloud DRM will construct a JSON request to send to the BEES endpoint. The BEES responsewill instruct Primetime Cloud DRM on whether or not to issue a license, and optionally, which DRM policy to use.
Policy workflow details
When Primetime Cloud DRM processes a license request, it parses the DRM policy in the request to determine if a call to a backend-entitlement service is required before the content can be shown. If a BEES call is required, Primetime Cloud DRM will create the BEES request, then parse the DRM policy to obtain a specified BEES URL endpoint for the BEES request.
Apply your DRM policy that indicates the BEES requirement, specifying the following two custom properties in the policy:
policy.customProp.1=bees.required=<true | false>policy.customProp.2=bees.url=<url to your BEES endpoint>
For example, using the Primetime DRM Policy Manager ( AdobePolicyManager.jar), you would specify the following two custom properties in the flashaccesstools.properties configuration file:
policy.customProp.1=bees.required=truepolicy.customProp.2=bees.url=https://mybeesserver.example.com/bees
NOTE
If you are already using policy.customProp.1 or policy.customProp.2 for another property, simply use unique numbers for the newer properties.
Package workflow details
During the packaging of your Adobe Access-protected content, you must apply one of your BEES-aware DRM policies to the content.
Authentication workflow details
In order for your BEES endpoint to make entitlement decisions, the client device must provide authentication information. You accomplish this by using your own customer-specific authentication token.
Primetime Cloud DRM does not have to understand this token - it simply passes this token through to your BEES endpoint. The client device is responsible for creating or acquiring this token and setting it using the DRMManager.setAuthenticationToken() API.
Do the following to associate this token with Primetime Cloud DRM , so that it is sent with the license request:
Instantiate the DRMManager object with the DRM metadata of the content that was packaged for Primetime Cloud DRM.
The setAuthenticationToken() method works by associating the given byte array with the License Server URL provided in the DRM metadata that was used to instantiate DRMManager.
//client device acquires auth token needed by your BEES endpoint
DRMManager mgr = new DRMManager(<DRM Metadata of CloudDRM content>);
mgr.setAuthenticationToken(<auth token>);
The token gets sent with all license requests until the token is cleared by calling .setAuthenticationToken with null as the parameter.
License workflow details
Request a license from Primetime Cloud DRM by calling mgr.loadVoucher().
Entitlement request and response details
When Primetime Cloud DRM determines that content was packaged with a BEES-aware DRM policy, it constructs the following JSON request to send to the BEES endpoint specified in the DRM policy:
{
"title":"Entitlement Request",
"type":"object",
"properties": {
"messageID": {
"type":"string",
"description":"Unique ID for this message. Used to confirm that the
returned response is for this particular message."
},
"version": {
"type":"string",
"description":"BEES Request Version. Currently 1."
},
"contentID": {
"type":"string",
"description":"Content ID (GUID)"
},
"customerSpecificAuthToken": {
"type":"string",
"description":"Base64-encoded authentication token. Must be set
explicitly by client before making the license request."
}
},
"required": [
"messageID",
"version",
"contentID"
]
}
The following response is expected from the BEES endpoint:
{
"title":"Entitlement Response",
"type":"object",
"properties": {
"messageID": {
"type":"string",
"description":"ID of the Entitlement Request that this Response is
handling. Must exactly match the ID of the request
or this response will be rejected."
},
"version": {
"type":"string",
"description":"BEES Response Version. Currently 1."
},
"isAllowed": {
"type":"boolean",
"description":"Grant the license or not."
},
"policy": {
"type":"string",
"description":"Base64-encoded policy to enforce If no policy is
provided, the policy that was packaged with the content
during packaging time will be used to generate the license."
},
"error": {
"type":"integer",
"description":"An error number produced by the entitlement server.
Will be passed to the client as the 'code' field of
the server error response."
},
"errorText": {
"type":"string",
"description":"Additional error information produced by the
entitlement server. Will be passed to the client as
the 'text' field of the server error response."
}
},
"required": [
"messageID",
"version",
"isAllowed"
]
}
Primetime Cloud DRM uses the response to determine whether or not it should issue a license to the requesting device, and if it should substitute a new DRM policy into the license generation process. If isAllowed is true and no policy is provided in the response, then the original DRM Policy used during content packaging time will be used to generate the license.
Business.Adobe.com resources
Resources
Adobe Account
Change language
Copyright © 2023 Adobe. All Rights Reserved.
