- DRM Overview
- Certificate Enrollment Guide
- Adobe Primetime DRM SDK 5.3.1
- DRM Quick-Start Guide
- Adobe Primetime Cloud DRM Quick-Start Guide
- What is included with Primetime Cloud DRM
- What is NOT supported by Primetime Cloud DRM
- Prerequisites
- Packaging options
- Test the packaged content
- Triaging errors
- Custom authentication/entitlement
- Adobe Primetime authentication (Optional)
- Creating custom DRM policies (Optional)
- Update existing DRM content to use Cloud DRM (Optional)
- Streaming to Xbox360 (Optional)
- Using the Adobe Primetime DRM Key Server
- Adobe Primetime DRM Secure Deployment Guidelines
- Multi-DRM Workflows
- Multi-DRM Workflows
- Primetime DRM Cloud Quick-start
- Workflows: Package, License, and Play
- Multi-DRM Workflow for FairPlay
- Multi-DRM Workflow for Widevine and PlayReady
- Package your content with Bento4
- Package your content with Adobe Offline Packager
- Using Output Protection Policies
- Client Key Request workflow overview
- Expressplay tokens
- Key request workflow on Android PSDK
- Key request workflow on HTML5 TVSDK
- Device Binding
- Generic Workflows
- Feature Topics
- ExpressPlay license token request / response reference
- Migrating from Access to Multi-DRM
- Glossary
- Adobe Primetime DRM On Premises Individualization Server Guide
- Primetime DRM Server for Protected Streaming 5.3.1
- About Adobe Primetime DRM Server for Protected Streaming
- About usage rules
- Requirements
- Understanding Deployment
- Deploying the Adobe Primetime DRM Server for Protected Streaming
- Java system properties
- About Adobe Primetime DRM credentials
- HSM configuration
- Setting up the License server configuration files
- Crossdomain DRM policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Primetime DRM Server for Protected Streaming
- Running the DRM Server for Protected Streaming
- Packaging content
- DRM Server for Protected Streaming utilities
- Using the Adobe Primetime DRM SDK for Protecting Content - 5.3.1
- What is new in Adobe Primetime DRM
- Usage rules and Authentication
- Runtime and application restrictions
- Allow list for Primetime DRM applications allowed to play protected content…
- Allow list for Adobe® Flash® Player SWFs
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak enforcement (requires Adobe Primetime DRM)
- Other DRM policy options
- Device Group Domain Registration
- Output protection controls
- Packaging Options
- Setting up the SDK
- Work with DRM policies
- Package media files
- Pre-generating and embedding licenses
- Implement a License Server
- Overview
- License Server deployment options
- Process Adobe Primetime DRM requests
- Handle Get Server Version requests
- Handle Domain Registration requests
- Handle Domain De-Registration requests
- Handle License Return requests
- Handle authentication requests
- Handle license requests
- License chaining
- Handle synchronization requests
- Handle FMRMS compatibility
- Handling certificate updates when Adobe-issued certificates expire
- Performance tuning
- Revoke client credentials
- Create video players
- Resolution-Based Output Protection 5.3.1
- Adobe Primetime DRM Reference Implementations 5.3.1
- About the reference implementations
- Typical workflow
- Command-line tools
- Configure and run the command-line tools
- DRM Media Packager
- DRM Policy Update List Manager
- DRM Revocation List Manager
- DRM License Generator
- DRM License Embedder
- AIR Publisher ID utility
- License server
- Configuration
- Deploy the license server
- Troubleshooting
- Check whether the license server started properly
- Determining if Reference Implementation License Server runs properly
- Implementing the usage models
- Domain registration
- Migrate from FMRMS 1.0 or 1.5 to Adobe Primetime DRM 2.0 or later
- Upgrade existing deployments
- Adobe Primetime TVSDK-DRM Workflow
- TVSDK-DRM client-side workflow overview
- Primetime DRM content protection options
- Primetime DRM on the client
- Primetime DRM license server
- License acquisition process overview
- License acquisition process details
- Pre-loading licenses for offline playback
- Using the DRMStatusEvent class
- Using the DRMAuthenticateEvent class
- Using the DRMErrorEvent class
- Using the DRMManager class
- Using the DRMContentData class
- Out-of-band licenses
- Device domain support
- License preview
- Delivering content
- DRM Client Error Message Reference
- Using Adobe Access DRM With an External Key Management System
- Use the Adobe Access Server for Protected Streaming
- About Adobe Access Server for Protected Streaming
- Usage rules
- Requirements
- Deploying the Adobe Access Server for Protected Streaming
- License server configuration files
- Crossdomain policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Access Server for Protected Streaming
- Updating configuration files
- Packaging content
- Adobe Access Server for Protected Streaming utilities
- Adobe Access Secure Deployment Guidelines
- Introduction to Network Topology
- Vendor-specific security information
- Physical security and access
- Packaging and protecting content
- Protect and issue licenses
- Consuming locally generated CRLs
- Consuming CRLs published by Adobe
- Generating CRLs to supplement those published by Adobe
- Rollback detection
- Machine count when issuing licenses
- Replay protection
- Maintain an allow list of trusted content packagers
- Timeout for authentication tokens
- Overriding policy options
- Pre-generating licenses
- Managing Domains
- An Overview of Adobe Access SDK
- Using the Adobe Access SDK for Protecting Content
- Introduction
- User authentication
- Time-based rules
- Runtime and application restrictions
- Allow list for Adobe® Primetime applications allowed to play protected content
- Allow list for Adobe® Flash® Player SWFs allowed to play protected content
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes restricted from accessing protected content
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak Enforcement (requires Adobe Primetime)
- Other policy options
- Output protection controls
- Packaging Options
- Setting up the SDK
- Working with policies
- Packaging media files
- Pre-generating and embedding licenses
- Implementing the License Server
- Processing Adobe Access requests
- Processing Adobe Access requests
- Using machine identifiers
- User authentication
- Replay protection
- Rollback detection
- Global server configuration data
- Crossdomain policy file
- Handling Get Server Version requests
- Handling Domain Registration requests
- Handling Domain De-Registration requests
- Handling License Return requests
- Handling authentication requests
- Handling license requests
- Handling license requests
- Generating licenses
- License chaining
- Enhanced License Chaining
- Issuing Domain-bound licenses
- Issuing licenses for remote key delivery to iOS clients (requires Adobe Primetime)
- Minimum Client Version
- License preview
- Identity-based licenses
- Revoking client credentials
- Creating video players
- Adobe Access Reference Implementations
- Overview - Using the reference implementations
- Command line tools for packaging content and creating revocations lists
- Policy Manager
- Media Packager
- Policy Update List Manager
- Revocation List Manager
- AIR Publisher ID utility
- License Generator
- License Embedder
- License server and watched folder packager
- License server and watched folder packager overview
- Requirements
- Building the license server
- Configuration
- Server properties files
- Preparing passwords for the Server properties files
- License server properties file
- Packager properties file
- Watched folder properties
- Setting up the database and configuring the JNDI datasource
- HSM configuration
- Crossdomain policy file
- Deploying the license server and watched folder packager
- Determining if Reference Implementation License Server is running properly
- Implementing the usage models
- Implementing domain registration
- Migrating from FMRMS 1.0 or 1.5 to Adobe Access 2.0 and above
- Upgrading existing deployments
- Set up a domain server
- Flash Access Manager AIR application usage
Configuration file properties
The configuration file specifies the following properties. For property names that include n, n represents an integer starting with 1 and increasing for each instance of the property.
| Property/Command Line Option | Description |
|---|---|
| policy.name -n policyname |
The human-readable policy name. |
| policy.requireKeyServer -keyServer boolean |
If true, an HTTPS Key Server is required for key delivery to iOS. Default is false, if not specified. |
| policy.enforceJailbreak -enforceJailbreak boolean |
If true, for devices that support jailbreak detection, do not allow playback if jailbreak has been detected. |
| policy.critical -critical boolean |
Set policy criticality. If true, the server must understand all parts of the policy (this is the default behavior). If false, the server may ignore policy attributes it does not understand. |
| policy.chaining.asymmetric.certfile | License server certificate whose public key is used to encrypt the root encryption key for the Enhanced License Chaining This property specifies a file that contains the certificate only (either PEM or DER format is acceptable). |
| policy.chaining.rootKey -rootKey root-key |
Specify root encryption key for the Enhanced License Chaining. If no key is specified, and Enhanced License Chaining is enabled, a random key will be generated. The key must be 16 bytes in length and specified as Hex values. Whitespace between the Hex values is optional. For updates, the command line option is not allowed, and the property is ignored. |
| policy.domain.url -domainURL url |
URL of domain server, if domain registration is required. For updates, the command line option is not allowed, and the property is ignored. |
| policy.domain.anonymous -domainAnon |
Specifies whether anonymous domain registration is allowed. Set the property to true or include this command line option to allow anonymous access. This option cannot be used with -domainAuthNS. |
| policy.domain.authNamespace -domainAuthNS namespace |
The authentication namespace for domain registration. If specified, the client should authenticate with a user name and password issued by the specified authority. For updates, the command line option is not allowed, and the property is ignored. This option cannot be used with -domainAnon. |
| policy.outputProtection.analog -opAnalog AnalogOption |
Analog output protection constraints. The following values are supported:
|
| policy.drmVersionBlacklist.n -drmBlacklist name/value-pairs |
DRM clients restricted from accessing protected content. This option specifies a list of versions of DRM modules that may not be used (block list). The value consists of comma separated name=value pairs with the following format: os|release|arch|model|vendor|env|screen=value Additional name/value pairs must be comma-separated. For example: os=Win,release=2.0,arch=32. |
| policy.runtimeVersionBlacklist.n -runtimeBlacklsit name/value-pairs |
Application runtimes restricted from accessing protected content. This option specifies a list of versions of runtime modules that may not be used (block list). The value consists of comma separated name=value pairs with the following format: os|release|application|arch|model|vendor|env|screen=value Additional name/value pairs must be comma-separated. For example, os=Win,application=AIR. |
| policy.v1DeviceCapabilities -devCapabilitiesV1 name/value-pairs |
Specifies device capabilities required to access protected content. The value consists of comma separated name=value pairs with the following format: nonUserAccessibleBus|hardwareRootOfTrust=true|false For example, nonUserAccessibleBus=false,hardwareRootOfTrust=true. During update, use -devCapabilitiesV1 without the remaining arguments to remove the device capabilities restriction. |
| policy.syncFrequency -sync name/value-pairs |
Specify how often clients are required to send synchronization messages to the server. If not set, clients will not send synchronization messages when playing content protected with this policy. The value consists of comma separated name=value pairs with the following format: start|force|hardStop=numberValue
|
| policy.useRootLicense | Indicates whether this policy has a root license (see Enhanced License Chaining in Using Adobe Access for Protecting Content). |
| policy.startDate | The date after which content is valid. Use the format yyyy-mm-dd (for example, 2009-01-31 represents January 31 at 12:00 AM) or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM). |
| policy.expiration.endDate | The date before which content is valid. Both policy.expiration.endDate and policy.expiration.duration may not be specified concurrently. Use the format yyyy-mm-dd or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM). |
| policy.expiration.duration | The amount of time the content is valid (in minutes), starting from when it is packaged. Both policy.expiration.endDate and policy.expiration.duration may not be specified at the same time. |
| policy.licenseCaching.duration | Amount of time a license may be cached on the client (in minutes). Set this property to 0 to disallow license caching. The value must be 0 or higher. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently. Note: This policy setting is applied only to the license caching on the disk. It doesn't control memory cached license duration. License can be cached on memory even if policy specified duration is zero. |
| policy.licenseCaching.endDate | The date after which licenses may not be cached. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently. |
| policy.anonymous | Indicates whether anonymous license acquisition is allowed. The default is "false" (username/password authentication is required) if not specified. |
| policy.authNamespace | If username/password authentication is required, this property specifies an optional name qualifier for user names. |
| policy.customProp.n | Custom name/value pairs to be used by the server during license acquisition. Use the following format for specifying properties: policy.customProp.n=name=value |
| policy.playbackWindow | Specifies the playback window (in minutes), which is the duration for which the license is valid after the first time it is used to play protected content. |
| policy.outputProtection.digital | Output protection constraints. Values must be one of the following: NO_PROTECTION, USE_IF_AVAILABLE, REQUIRED, NO_PLAYBACK |
| policy.drmMinSecurityLevel | The DRM module must have the specified minimum security level, or higher, to access protected content. |
| policy.runtimeMinSecurityLevel | The application runtime module must have the specified minimum security level, or higher, to access protected content. |
| policy.allowedAIRApplication.n | A allow list of Adobe AIR or iOS applications allowed to play protected content. The property must use the following format: pubId[:appId[:[min]:[max]]] |
| policy.allowedSWFApplication.n | A allow list of SWF applications allowed to play protected content. Use the following format: URL or file=swf_file,time=max_time_to_verify swf_file is the SWF file for which to compute the hash and max_time_to_verify is the maximum time to allow for download and verification of the SWF to complete (in seconds). |
| policy.license.customProp.n | Custom name/value pairs to be included in licenses issued to users. Use the following format: policy.license.customProp.n=name=value This option can be defined multiple times for multiple custom properties. |
Business.Adobe.com resources
Resources
Adobe Account
