- DRM Overview
- Certificate Enrollment Guide
- Adobe Primetime DRM SDK 5.3.1
- DRM Quick-Start Guide
- Adobe Primetime Cloud DRM Quick-Start Guide
- What is included with Primetime Cloud DRM
- What is NOT supported by Primetime Cloud DRM
- Prerequisites
- Packaging options
- Test the packaged content
- Triaging errors
- Custom authentication/entitlement
- Adobe Primetime authentication (Optional)
- Creating custom DRM policies (Optional)
- Update existing DRM content to use Cloud DRM (Optional)
- Streaming to Xbox360 (Optional)
- Using the Adobe Primetime DRM Key Server
- Adobe Primetime DRM Secure Deployment Guidelines
- Multi-DRM Workflows
- Multi-DRM Workflows
- Primetime DRM Cloud Quick-start
- Workflows: Package, License, and Play
- Multi-DRM Workflow for FairPlay
- Multi-DRM Workflow for Widevine and PlayReady
- Package your content with Bento4
- Package your content with Adobe Offline Packager
- Using Output Protection Policies
- Client Key Request workflow overview
- Expressplay tokens
- Key request workflow on Android PSDK
- Key request workflow on HTML5 TVSDK
- Device Binding
- Generic Workflows
- Feature Topics
- ExpressPlay license token request / response reference
- Migrating from Access to Multi-DRM
- Glossary
- Adobe Primetime DRM On Premises Individualization Server Guide
- Primetime DRM Server for Protected Streaming 5.3.1
- About Adobe Primetime DRM Server for Protected Streaming
- About usage rules
- Requirements
- Understanding Deployment
- Deploying the Adobe Primetime DRM Server for Protected Streaming
- Java system properties
- About Adobe Primetime DRM credentials
- HSM configuration
- Setting up the License server configuration files
- Crossdomain DRM policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Primetime DRM Server for Protected Streaming
- Running the DRM Server for Protected Streaming
- Packaging content
- DRM Server for Protected Streaming utilities
- Using the Adobe Primetime DRM SDK for Protecting Content - 5.3.1
- What is new in Adobe Primetime DRM
- Usage rules and Authentication
- Runtime and application restrictions
- Allow list for Primetime DRM applications allowed to play protected content…
- Allow list for Adobe® Flash® Player SWFs
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak enforcement (requires Adobe Primetime DRM)
- Other DRM policy options
- Device Group Domain Registration
- Output protection controls
- Packaging Options
- Setting up the SDK
- Work with DRM policies
- Package media files
- Pre-generating and embedding licenses
- Implement a License Server
- Overview
- License Server deployment options
- Process Adobe Primetime DRM requests
- Handle Get Server Version requests
- Handle Domain Registration requests
- Handle Domain De-Registration requests
- Handle License Return requests
- Handle authentication requests
- Handle license requests
- License chaining
- Handle synchronization requests
- Handle FMRMS compatibility
- Handling certificate updates when Adobe-issued certificates expire
- Performance tuning
- Revoke client credentials
- Create video players
- Resolution-Based Output Protection 5.3.1
- Adobe Primetime DRM Reference Implementations 5.3.1
- About the reference implementations
- Typical workflow
- Command-line tools
- Configure and run the command-line tools
- DRM Media Packager
- DRM Policy Update List Manager
- DRM Revocation List Manager
- DRM License Generator
- DRM License Embedder
- AIR Publisher ID utility
- License server
- Configuration
- Deploy the license server
- Troubleshooting
- Check whether the license server started properly
- Determining if Reference Implementation License Server runs properly
- Implementing the usage models
- Domain registration
- Migrate from FMRMS 1.0 or 1.5 to Adobe Primetime DRM 2.0 or later
- Upgrade existing deployments
- Adobe Primetime TVSDK-DRM Workflow
- TVSDK-DRM client-side workflow overview
- Primetime DRM content protection options
- Primetime DRM on the client
- Primetime DRM license server
- License acquisition process overview
- License acquisition process details
- Pre-loading licenses for offline playback
- Using the DRMStatusEvent class
- Using the DRMAuthenticateEvent class
- Using the DRMErrorEvent class
- Using the DRMManager class
- Using the DRMContentData class
- Out-of-band licenses
- Device domain support
- License preview
- Delivering content
- DRM Client Error Message Reference
- Using Adobe Access DRM With an External Key Management System
- Use the Adobe Access Server for Protected Streaming
- About Adobe Access Server for Protected Streaming
- Usage rules
- Requirements
- Deploying the Adobe Access Server for Protected Streaming
- License server configuration files
- Crossdomain policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Access Server for Protected Streaming
- Updating configuration files
- Packaging content
- Adobe Access Server for Protected Streaming utilities
- Adobe Access Secure Deployment Guidelines
- Introduction to Network Topology
- Vendor-specific security information
- Physical security and access
- Packaging and protecting content
- Protect and issue licenses
- Consuming locally generated CRLs
- Consuming CRLs published by Adobe
- Generating CRLs to supplement those published by Adobe
- Rollback detection
- Machine count when issuing licenses
- Replay protection
- Maintain an allow list of trusted content packagers
- Timeout for authentication tokens
- Overriding policy options
- Pre-generating licenses
- Managing Domains
- An Overview of Adobe Access SDK
- Using the Adobe Access SDK for Protecting Content
- Introduction
- User authentication
- Time-based rules
- Runtime and application restrictions
- Allow list for Adobe® Primetime applications allowed to play protected content
- Allow list for Adobe® Flash® Player SWFs allowed to play protected content
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes restricted from accessing protected content
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak Enforcement (requires Adobe Primetime)
- Other policy options
- Output protection controls
- Packaging Options
- Setting up the SDK
- Working with policies
- Packaging media files
- Pre-generating and embedding licenses
- Implementing the License Server
- Processing Adobe Access requests
- Processing Adobe Access requests
- Using machine identifiers
- User authentication
- Replay protection
- Rollback detection
- Global server configuration data
- Crossdomain policy file
- Handling Get Server Version requests
- Handling Domain Registration requests
- Handling Domain De-Registration requests
- Handling License Return requests
- Handling authentication requests
- Handling license requests
- Handling license requests
- Generating licenses
- License chaining
- Enhanced License Chaining
- Issuing Domain-bound licenses
- Issuing licenses for remote key delivery to iOS clients (requires Adobe Primetime)
- Minimum Client Version
- License preview
- Identity-based licenses
- Revoking client credentials
- Creating video players
- Adobe Access Reference Implementations
- Overview - Using the reference implementations
- Command line tools for packaging content and creating revocations lists
- Policy Manager
- Media Packager
- Policy Update List Manager
- Revocation List Manager
- AIR Publisher ID utility
- License Generator
- License Embedder
- License server and watched folder packager
- License server and watched folder packager overview
- Requirements
- Building the license server
- Configuration
- Server properties files
- Preparing passwords for the Server properties files
- License server properties file
- Packager properties file
- Watched folder properties
- Setting up the database and configuring the JNDI datasource
- HSM configuration
- Crossdomain policy file
- Deploying the license server and watched folder packager
- Determining if Reference Implementation License Server is running properly
- Implementing the usage models
- Implementing domain registration
- Migrating from FMRMS 1.0 or 1.5 to Adobe Access 2.0 and above
- Upgrading existing deployments
- Set up a domain server
- Flash Access Manager AIR application usage
Policy Manager Command-line usage
java -jar AdobePolicyManager.jar
<i class="+ topic ph hi-d="" i "="">
command filename [options]
</i class="+ topic>
Table 1: Commands
| Command | Description |
|---|---|
new |
Creates a new DRM policy |
detail |
Describes an existing DRM policy |
update |
Updates an existing DRM policy |
Table 2: Options
| Command-line option |
Description |
|---|---|
| -c configfile | Specifies the name and location of the configuration file. If you do not specify a name or a location, the DRM Policy Manager searches for flashaccesstools.properties in the current working directory. Note: Options that you specify on the command line take precedence over the options you specify in the configuration file. |
| -o | If the destination file exists, you can overwrite the file without being prompted. |
| -noprompt | Do not ask if the destination file should be overwritten. If the destination file exists and -o is not set, an error occurs. |
| -root | Indicates that the DRM policy has a root license. This option is not available for updates. |
| -e date | The date before licenses becomes valid. You can specify the date in yyyy-mm-dd or yyyy-mm-dd-h24:min:sec format. For example, 2008-12-1 or 2008-12-1-00:00:00 for midnight on December 1, 2008.
|
| -r minutes | The duration in minutes that the protected content is valid. The DRM policy becomes valid when the content is protected with the packager.
|
| -s date | The date that the licenses become valid. You can specify the date in the yyyy-mm-dd or yyyy-mm-dd-h24:min:sec format. For example, 2008-12-1 or 2008-12-1-00:00:00 for midnight on December 1, 2008.
|
| -w [<minutes>[,enableHS|disableHS]] | Playback window, which is the number of minutes the content can be viewed from the first playback. If unspecified, or if -w is used without specifying a number of minutes, there is no playback window limitation. The value must be non-negative. The optional enableHS or disableHS flag signals whether to enable or disable hard stop. The flag indicates whether the decryption context is destroyed at the end of the playback window (enabled) or not destroyed (disabled). For example, to specify that the content may only be viewed for 60 minutes and requires hard stop:
Note: Hard stop is not currently supported in Flash Player, Android, and iOS. |
| -l minutes | The license caching duration is the time in minutes that a license can be cached in the client's License Store after the license has been issued by the server. The value must be non-negative. You can specify -l 0 to indicate that license caching is not permitted. For unlimited license caching, specify -l without any minutes. |
| -ldate date | The license caching end date. This indicates the final date that the client can cache licenses in the client's License Store after the Primetime DRM server has issued the license. You can specify the date in the following formats:
|
| -authNS | The authentication namespace. If you apply this option, then the client needs to enter a user name and password that was issued by the specified authority. You cannot apply this option along with -x . This option is not allowed for updates. |
| -x | Allow anonymous access. You cannot apply this option along with -authNS . This option is not allowed for updates. |
| -air pubId [: appId [:[ min ]:[ max ]]] | A allow list of AIR applications that can play protected content. You can apply this option to restrict which publishers, applications, and versions can access the content that is protected with this DRM policy. If you do not specify appId, all of the applications for publisher pubId are allowed. Note: min and max version numbers are optional. You can specify multiple -air options to allow multiple applications. If you do not specify an AIR or SWF application, all of the applications can access this content. During an update, to remove or delete all entries from the list, apply -air without the remaining arguments . |
| -drmBlacklist name / value pairs | The DRM clients that are restricted from getting access to protected content. The value supports comma-separated name:value pairs in the following format: os | release= stringValue For example, os=Win,release=2.0.1 . During an update, to remove all entries from the list, apply -drmBlacklist without the remaining arguments. |
| -drmLevel int | Indicates that DRM clients must have an assigned minimum security level to get access to protected content. |
| -opAnalog NO_PROTECTION | USE_IF_AVAILABLE | REQUIRED | NO_PLAYBACK | REQUIRED_ACP | REQUIRED_CGMSA | USE_IF_AVAILABLE_ACP | USE_IF_AVAILABLE_CGMSA | Analog output protection constraints |
| -opDigital NO_PROTECTION | USE_IF_AVAILABLE | REQUIRED | NO_PLAYBACK | Digital output protection constraints |
| -runtimeBlacklist name / value pairs | The application runtimes that are restricted from accessing protected content. The value support comma-separated name:value pairs in the following format: os | application | release= stringValue For example, os=Win,release=2.0.1,application=AIR . During an update, to remove all entries from the list, apply -runtimeBlacklist without the remaining arguments . |
| -runtimeLevel int | Indicates that the application runtimes must have a specified minimum security level to access protected content. |
| -swf url -swf file= swf_file , time= max_time_to_verify |
A allow list of SWF applications that are allowed to play protected content. You can specify multiple -swf options to allow multiple applications. If you do not specify any AIR or SWF applications, all of the applications can access this content. During an update, to remove all entries from the list, apply -swf without the remaining arguments . If you want to identify a SWF by its hash value, you need to specify the SWF file for which to compute the hash and the maximum time to allow for SWF verification to complete (in seconds). |
| -k name= value | Specifies custom key/values that you want to add to a DRM policy. You can specify multiple -k options. During update, you can apply -k without the remaining arguments if you want to remove all properties. The interpretation or handling of the data is managed by the Primetime DRM license server. |
| -p name= value | Adds a custom property that appears in the license generated for each client. You can specify multiple -p options to add multiple properties. During an update, you need to apply -p without the remaining arguments if you want to remove all properties. The interpretation or handling of this data is managed by the implementation of the client application. |
| -opOTA whitelist=<connection types> | Over the air (OTA) output protection constraints. The whitelist field specifies which connection types to allow list and the format of <connection types> is [type(,type)*] , where type can be any of the following: MIRACAST, AIRPLAY, WIDI, DLNA |
| -opResolution <filename> | Resolution-based output protection constraints as defined in the specified file. The encoding of this file is JSON. The grammar for the formatting can be found in About Resolution-Based Output Protection. |
Examples
To create a policy that allows anonymous access to your content, using your own configuration properties file:
java -jar libs\AdobePolicyManager.jar new policy_test.pol -x -c my_configuration.properties
Business.Adobe.com resources
Resources
Adobe Account
