Content protection using PHDS/PHLS and Adobe Access with Adobe Media Server 5.0

In this article, you will get an overview of how to use PHDS, PHLS, and Adobe Access (aka Flash Access) for streaming protected content to Flash Player, Air, and iOS devices over HTTP with and without using a DRM License Server.

Here the assumption is that Adobe Media Server (AMS) is already installed.

You can use Adobe Media Server (AMS) 5 to serve live and on-demand protected content to Flash Player and AIR over HTTP without using a DRM License Server. When AMS packages the content, it generates the license and embeds it into the DRM metadata of the content stream. Flash Player 11 and AIR 3 clients can retrieve the license from the content stream, which eliminates communication between the client and a License Server. This feature is called Protected HTTP Dynamic Streaming (PHDS). You can read more about PHDS here.

The AMS installer generates credentials, certificates, and policy files to the rootinstall/creds directory. The installer also creates a common-key.bin file in the /creds directory. You can change the content of this file or create a new common key file using the Scramble tool.

To configure PHDS with basic settings, see the below sections:

Configuring PHDS for LIVE

To enable PHDS for LIVE, open the httpd.conf file in a text editor. The httpd.conf file is located under the root_install/Apache2.2/conf folder.

In the httpd.conf file, search for the <Location /hds-live> location directive. Enable PHDS by adding the following tags under <Location /hds-live> :

Publish a live stream called “livestream?adbe-live-event=liveevent” to livepkgr.

Play back the stream using the URI http://<server-ip>/hds-live/livepkgr/_definst_/liveevent/livetsream.f4m.

Configuring PHDS for VOD

To enable PHDS for VOD, open the httpd.conf file in a text editor and search for the <Location /hds-vod> location directive. Enable PHDS by adding the following tags under <Location /hds-vod>:

By default you have a media file “sample2_1000kbps.f4v” in the webroot/vod folder so you can playback that using the URI http://<server-ip>/hds-vod/sample2_1000kbps.f4v.f4m.

Note: Above the configurations change will enable PHDS at the server level.

You can also use AMS to enable HDS with Adobe Access for protected streaming. The Adobe Access server for protected streaming is a license server implementation optimized for use with HDS.

Note: The Adobe Access SDK and the Adobe Access license server reference implementation can issue licenses for HDS.

After you have deployed Adobe Access Server for protected streaming, configure AMS to package and encrypt the content in real-time.

You can read more about Adobe Access for HDS here.

To configure Adobe Access for HDS with basic settings, see the below sections:

Configuring Adobe Access for HDS LIVE

In the httpd.conf file, search for the <Location /hds-live> location directive. Enable Adobe Access(AdobeAccessV2) by adding the following tags under <Location /hds-live>:

To enable and configure Adobe Access (AdobeAccessV3) in the httpd.conf file, add the following tags under <Location /hds-live>:

Configuring Adobe Access for HDS VOD

In the httpd.conf file, search for the <Location /hds-vod> location directive. Enable Adobe Access(AdobeAccessV2) by adding the following tags under <Location /hds-vod>:

To enable and configure Adobe Access (AdobeAccessV3) in the httpd.conf file, add following tags under <Location /hds-vod>:

Note: Please make sure you have certificates as .der files. If you have other formats like .cer, .pem etc then use openssl commands to convert them to .der.

AMS 5 can be used to serve protected content to iOS devices over HTTP without using a DRM License Server or key server.  This is PHLS mode and it’s a non-DRM solution. The key is always served in a local mode. You can read more about PHLS here.

To configure PHLS with basic settings, see the below sections:

Configuring PHLS for LIVE

After installing AMS, navigate to the <root-install>/Apache 2.2/conf/ directory. Edit the http.conf file and add the following tags under <Location hls-live>:

Publish a live stream called “livestream?adbe-live-event=liveevent” to livepkgr.

Play back the stream using the URI http://<server-ip>/hls-live/livepkgr/_definst_/liveevent/livetsream.m3u8

Configuring PHLS for VOD

To enable PHLS for VOD, open the httpd.conf file, and add the following tags under <Location /hls-vod>:

By default you have a media file “sample2_1000kbps.f4v” in the webroot/vod folder so you can play back that using the URI http://<server-ip>/hls-vod/sample2_1000kbps.f4v.m3u8.

Note: The above configurations change will enable PHLS at the server level.

Adobe Access mode offers a complete DRM solution. It supports all the Adobe Access 3.0 features, along with remote key serving for HLS. Local key serving mode also works with Adobe Access 2.0 or higher license servers. The remote key serving mode works only with an Adobe Access 4.0 compliant server. You can read more about Adobe Access content protection for HLS here.

To configure Adobe Access with basic settings, see below sections:

Configuring Adobe Access for HLS LIVE and HLS VOD

To enable Adobe Access for HLS, open the http.conf file and add the following tags under the respective location directives:

Note: For local key delivery, Adobe recommends that HLSDrmKeyServerURL be set to the dummy URL http://faxs.adobe.com.

Also, please make sure you have certificates as .der files. If you have other formats like .cer, .pem etc then use openssl commands to convert them to .der.

Apart from the server level configurations explained above, content protection using AMS can be achieved even at content level. You can learn more about it here.

Learn more about Adobe Media Server here. Send feedback on this article.