In some cases you may want to restrict end users from playing content on multiple devices when the content is purchased or rented. If the customer is using Expressplay, this can be done by using the Expressplay APIs to bind the user’s Expressplay token to the user’s machine.
You can use the APIs in the following way.
Generate a cookie.
Send a dummy token generation request with the generated cookie attached as either a query string (cookie=
<cookie>) or as headers.
Have the user’s machine send a license request to the Expressplay license server using the above token, for example by playing a dummy content.
This dummy license request, when successful, associates the user’s device_id (calculated or generated by the DRM implementation on the user’s device) to the cookie in the Expressplay back-end. This cookie is then used in the following manner:
At content purchase/rent time, the code queries the Expressplay back-end for the user’s device_id by sending the associated cookie ( https://www.expressplay.com/developer/restapi/#record-retrieval)
Send a token generation request with the purchased content’s key (CEK), keyID (CEKSID), policies, and other information, attaching the cookie and device_id above as, respectively, the
cookie correlation parameter and
deviceid token restriction parameter.
Provide this token to the user.
This process generates a token for the content bound to the user’s device_id. When the user’s machine sends out a license request with this token, the Expressplay back-end will cross check the token’s device_id with the license request’s device_id.
A sample Expressplay entitlement server implements this workflow.