Licenses can also be obtained out-of-band (without contacting a Primetime DRM license Server) by storing the license on disk and in memory using the
To play encrypted videos in Primetime, the respective runtime needs to obtain the license for that video. The license contains the video’s decryption key and is generated by the Primetime DRM license server that the customer has deployed.
The runtime generally obtains this license by sending a license request to the Primetime DRM license server indicated in the video’s DRM metadata (
DRMContentData class). The application can trigger this license request by calling the
DRMManager.storeVoucher() allows the application to send licenses that it has obtained out-of- band. The runtime can then skip the license request process and use the forwarded licenses for playing encrypted videos. The license still needs to be generated by the Primetime DRM license server before it can be obtained out-of-band. However, you have the option of hosting the licenses on any HTTP server, instead of an Primetime DRM license server.
DRMManager.storeVoucher() is also used to support license sharing between multiple devices. After Primetime DRM 3.0, this feature is referred to as “Device Domain Support”. If your deployment supports this use case, you can register multiple machines to a device group using the
DRMManager.addToDeviceGroup() method. If there is a machine with a valid domain-bound license for a given content, the application can then extract the serialized license using the
DRMVoucher.toByteArray() method and on your other machines you can import the licenses using the
All Primetime DRM licenses, at creation time, must be bound to an end-entity. Binding is the cryptographic process of only allowing a specific entity the ability to consume the license. This is necessary as to prevent “floating licenses” which can be used by any arbitrary device. For Primetime DRM to “pre-generate” licenses, this means the “target” of these pre-generated licenses must be known ahead of time. Primetime DRM refers to this as “Device Registration”.
Let us assume that you have performed the following tasks:
The device registration phase involves the following actions:
DRMManager.authenticate()method. The application must include the randomly generated ID in the authentication request. For instance, include the ID in the username field.
After the device registration, the application uses the generated ID in the same way as it would have used the device ID in the previous scheme:
When the user of the device invokes the DRM factory reset option, the device certificate will be purged. To continue playing the protected content, the application must go through the device registration procedure again. If the application sends an outdated pre-generated license, the Primetime DRM client will reject it since the license was encrypted for an older device ID.