The following terms and concepts are used throughout this document:
The consumer is the end user who downloads or streams content.
Content consists of digital audio or video files.
Content Encryption Key
The Content Encryption Key (CEK) is a cryptographic key used to encrypt the content.
Content owners are the business entities who own the copyright to the content. These can be large motion picture studios, or smaller, independent producers of movies or other audiovisual content.
Content packagers are organizations who package content for use with Adobe Primetime DRM. Content owners or Distributors may choose to package their own content, or they may enlist the services of a third-party to package their content, and distribute it electronically via the Internet.
Digital certificates (also referred to as certificates) bind an entity, such as an individual, organization, or system, to a specific public and private key pair. Digital certificates can be thought of as electronic credentials that verify the identity of an individual, system, or organization.
A digital signature binds the publisher’s identity to the content that they have published and provides a mechanism to detect tampering. Digital signature algorithms use cryptographic hash functions and asymmetric—or public/private key pair—encryption algorithms. Some digital signatures also take advantage of digital certificates and public key infrastructure (PKI) to bind public keys to the identities of content owners or distributors.
Distributors (also referred to as content distributors or* retailers*) are business entities who secure distribution rights from content owners to publish and circulate content to consumers. In some cases, the same entity is both the content owner and content distributor.
Information that the client (meaning Adobe® Flash® Player, Adobe® AIR® runtime, and Primetime client) sends to identify the requested content.
A *license *is a data structure that contains an encrypted key used to decrypt content associated with a policy. The license is generated by Primetime DRM when the consumer requests content, and is bound to the consumer’s computer. Using a policy as a reference, the license defines the rights available to the consumer who downloads content. In order to view content, the consumer must obtain a license.
License acquisition is the process of acquiring a license allowing the consumer to decrypt and view protected content according to a set of usage rules. License acquisition occurs when a client sends information identifying the requested content (the DRM metadata) and the machine certificate (identifying the consumer’s computer) to the License Server (see below).
The* License Server *may be integrated into the distributor’s or service provider’s billing and authentication systems, and may contain business logic to verify that the consumer requesting protected content is authorized to view the content. If the user is authorized to access the content, the License Server issues a license allowing the runtime client to decrypt and playback content based on the policy and rights associated with the consumer’s account.
You must create and deploy a License Server using the Primetime DRM SDK.
A policy is a container for the usage rules that determine how consumers can use protected content. Policies are defined independently of the content being protected. A policy does not enforce rights until it is bound to the content through the license. A policy lists the set of usage rules, meaning the permissions or “rights” that consumers have to the content they acquire. For example, content owners may create a policy that ensures that protected content is only accessible by consumers for a specific period of time. This policy is then applied to all the content for which the content owner wants to enforce this restriction.
Policies are created using Primetime DRM SDK.
Protected content (also referred to as packaged content) refers to video content that has been encrypted using Primetime DRM SDK or other supported tools.
See the entry for distributors earlier in this section.