Content protection using PHDS/PHLS and Adobe Access with Adobe Media Server 5.0


Requirements
   
Prerequisite Knowledge
Some basic knowledge of streaming content using HLS and HDS in AMS without using protection.
Required Products
Adobe Media Server 5 Standard
 
User Level
Intermediate
 
 

 
   
In this article, you will get an overview of how to use PHDS, PHLS, and Adobe Access (aka Flash Access) for streaming protected content to Flash Player, Air, and iOS devices over HTTP with and without using a DRM License Server.
Here the assumption is that Adobe Media Server (AMS) is already installed.
 

PHDS

 
You can use Adobe Media Server (AMS) 5 to serve live and on-demand protected content to Flash Player and AIR over HTTP without using a DRM License Server. When AMS packages the content, it generates the license and embeds it into the DRM metadata of the content stream. Flash Player 11 and AIR 3 clients can retrieve the license from the content stream, which eliminates communication between the client and a License Server. This feature is called Protected HTTP Dynamic Streaming (PHDS). You can read more about PHDS here.
 
The AMS installer generates credentials, certificates, and policy files to the rootinstall/creds directory. The installer also creates a common-key.bin file in the /creds directory. You can change the content of this file or create a new common key file using the Scramble tool.
To configure PHDS with basic settings, see the below sections:
 
Configuring PHDS for LIVE
To enable PHDS for LIVE, open the httpd.conf file in a text editor. The httpd.conf file is located under the root_install/Apache2.2/conf folder.
 
In the httpd.conf file, search for the location directive. Enable PHDS by adding the following tags under :
 

HttpStreamingEncryptionScope server
HttpStreamingProtectionScheme PHDS

 
Publish a live stream called “livestream?adbe-live-event=liveevent” to livepkgr.
 
Play back the stream using the URI http:///hds-live/livepkgr/_definst_/liveevent/livetsream.f4m.
 
Configuring PHDS for VOD
To enable PHDS for VOD, open the httpd.conf file in a text editor and search for the location directive. Enable PHDS by adding the following tags under :
 

EncryptionScope server
ProtectionScheme PHDS

 
By default you have a media file “sample2_1000kbps.f4v” in the webroot/vod folder so you can playback that using the URI http:///hds-vod/sample2_1000kbps.f4v.f4m.
 
Note: Above the configurations change will enable PHDS at the server level.

 

Adobe Access for HDS

 
You can also use AMS to enable HDS with Adobe Access for protected streaming. The Adobe Access server for protected streaming is a license server implementation optimized for use with HDS.
 
Note: The Adobe Access SDK and the Adobe Access license server reference implementation can issue licenses for HDS.
 
After you have deployed Adobe Access Server for protected streaming, configure AMS to package and encrypt the content in real-time.You can read more about Adobe Access for HDS here.
 
To configure Adobe Access for HDS with basic settings, see the below sections:
 
Configuring Adobe Access for HDS LIVE
In the httpd.conf file, search for the location directive. Enable Adobe Access(AdobeAccessV2) by adding the following tags under :
 

HttpStreamingEncryptionScope server
HttpStreamingProtectionScheme AdobeAccessV2
HdsDrmCommonKeyFile "../creds/common-key.bin"
HdsDrmLicenseServerURL http:///
HdsDrmTransportCertFile "aaxs-server-trnsCert.der"
HdsDrmLicenseServerCertFile "aaxs-server-licCert.der"
HdsDrmPackagerCredentialFile " aaxs-server-pkgrCert.pfx"
HdsDrmPackagerCredentialPassword ?????
HdsDrmPolicyFile "sample_policy.pol"

 
To enable and configure Adobe Access (AdobeAccessV3) in the httpd.conf file, add the following tags under <Location /hds-vod>:
 

HttpStreamingEncryptionScope server
HttpStreamingProtectionScheme AdobeAccessV3
HdsDrmCommonKeyFile "../creds/common-key.bin"
HdsDrmLicenseServerURL http:///
HdsDrmTransportCertFile "aaxs-server-trnsCert.der"
HdsDrmLicenseServerCertFile "aaxs-server-licCert.der"
HdsDrmPackagerCredentialFile " aaxs-server-pkgrCert.pfx"
HdsDrmPackagerCredentialPassword ?????
HdsDrmPolicyFile "sample_policy.pol"

 
Configuring Adobe Access for HDS VOD
In the httpd.conf file, search for the location directive. Enable Adobe Access(AdobeAccessV2) by adding the following tags under :
 

EncryptionScope server
ProtectionScheme AdobeAccessV2
JitDrmCommonKeyFile "../creds/common-key.bin"
JitDrmLicenseServerURL http:///
JitDrmTransportCertFile "aaxs-server-trnsCert.der"
JitDrmLicenseServerCertFile "aaxs-server-licCert.der"
JitDrmPackagerCredentialFile " aaxs-server-pkgrCert.pfx"
JitDrmPackagerCredentialPassword ?????
JitDrmPolicyFile "sample_policy.pol"

 
To enable and configure Adobe Access (AdobeAccessV3) in the httpd.conf file, add the following tags under <Location /hds-vod>:
 

EncryptionScope server
ProtectionScheme AdobeAccessV3
JitDrmCommonKeyFile "../creds/common-key.bin"
JitDrmLicenseServerURL http:///
JitDrmTransportCertFile "aaxs-server-trnsCert.der"
JitDrmLicenseServerCertFile "aaxs-server-licCert.der"
JitDrmPackagerCredentialFile " aaxs-server-pkgrCert.pfx"
JitDrmPackagerCredentialPassword ?????
JitDrmPolicyFile "sample_policy.pol"

 
Note: Please make sure you have certificates as .der files. If you have other formats like .cer, .pem etc then use openssl commands to convert them to .der.
 

PHLS

 
AMS 5 can be used to serve protected content to iOS devices over HTTP without using a DRM License Server or key server.  This is PHLS mode and it’s a non-DRM solution. The key is always served in a local mode. You can read more about PHLS here.
 
To configure PHLS with basic settings, see the below sections:
 
Configuring PHLS for LIVE
After installing AMS, navigate to the /Apache 2.2/conf/ directory. Edit the http.conf file and add the following tags under <Location hls-live>:
 

HLSEncryptionScope server
HLSProtectionScheme PHLS

 
By default you have a media file “sample2_1000kbps.f4v” in the webroot/vod folder so you can play back that using the URI http:///<server-ip>/hls-vod/sample2_1000kbps.f4v.m3u8.
 
Note: The above configurations change will enable PHLS at the server level.
 

Configuring PHLS for VOD

 
Adobe Access mode offers a complete DRM solution. It supports all the Adobe Access 3.0 features, along with remote key serving for HLS. Local key serving mode also works with Adobe Access 2.0 or higher license servers. The remote key serving mode works only with an Adobe Access 4.0 compliant server. You can read more about Adobe Access content protection for HLS here.
 
To configure Adobe Access with basic settings, see below sections:
 
Configuring Adobe Access for HLS LIVE and HLS VOD
To enable Adobe Access for HLS, open the http.conf file and add the following tags under the respective location directives:
 

HLSEncryptionScope server
HLSProtectionScheme AdobeAccessV4
HLSDrmCommonKeyFile "../creds/common-key.bin"
HLSDrmLicenseServerURL “http:///"
HLSDrmTransportCertFile "aaxs-server-trnsCert.der"
HLSDrmLicenseServerCertFile "aaxs-server-licCert.der"
HLSDrmPackagerCredentialFile "aaxs-server-pkgrCert.pfx"
HLSDrmPackagerCredentialPassword ?????
HLSDrmPolicyFile "sample_policy.pol"
HLSDrmKeyServerURL ""

 
Note: For local key delivery, Adobe recommends that HLSDrmKeyServerURL be set to the dummy URL http://faxs.adobe.com.
 
Also, please make sure you have certificates as .der files. If you have other formats like .cer, .pem etc then use openssl commands to convert them to .der.
 

Where to go from here

 
Apart from the server level configurations explained above, content protection using AMS can be achieved even at content level. You can learn more about it here.
 
Learn more about Adobe Media Server hereSend feedback on this article.

More Like This