KwikTec Digital Rights Management

Licence types
SVOD = Subscription VOD
AVOD = Advertising VOD
TVOD = Transactional VOD
Live = Live stream
Catchup = recording of scheduled live

Introduction
This document describes KwikTecs approach and DRM protection workflow.

Workflow
Step 1: Navigate
The user navigates the Web portal and decides to buy/rent some content (this is just a sample scenario TVOD). User hits «Buy» button.

Step 2: Transaction processing
The Web portal processes the transaction and does whatever it needs to do.

Step 3: DRM Purchase
The Web portal makes /purchase API to the Kwiktec server to create a license rule for the current purchase which will allow the current user to view the acquired content.

Step 4: Watch url
The Web portal sends its Web response to the user’s browser.
Usually the user is redirected now to a Web page that contains a video player and the stream URL for the video.

Step 5: Detect encryption
Kwiktec Player on the client browser connects the delivery server and starts downloading the protected content. It discovers that the content is encrypted and extracts the license acquisition URL from the content header.

Step 6: Retrieve license
KwikFlix Player connects to KwikSecureDRM server and receives the just created license (/key/{productId}). This license contains the decryption key as well as the usage rights.
Step 7: Start watching
Kwiktec Player continues downloading and starts decryption and playback of the video.
Authorization API (Version 1.0)
POST /api/v1.0/purchase
request parameters:
product_id- product identifier.
uid (optional) – client identifier. Create new one if not specified.
type – one licence types: tvod (expires in 48 hours), svod (never expires)
response parameters:
token
uid
created
expires
GET /api/v1.0/check?token={token}&product_id={pid}
request parameters:
product_id | name – product identifier. “name” is parameter alias for Kwiktec
token – token that was generated on purchase.
GET /api/v1.0/key/create
request parameters:
product_id | name – product identifier. “name” is parameter alias for Kwiktec
response body: hex key data
response headers:
X-Key-Url – url to get binary version of this key. See previous method
X-Created – is key just created
GET /api/v1.0/key/{name}?token={token}
request parameters:
name – key unique name.
token (optional) – If specified do additional token validation (is token exists and product_id of token match product_id of key).
response body: binary key data

API methods protection
There are next methods should be protected from everyone’s access:
Purchase. Purchase method should public accessible (for example for middleware), but only for authorized users (OAuth / password / host based)
key/create. Create key method should be accessible only for Kwiktec machines (host based protection). Because only Kwiktec should request new keys creation.

Leave a Reply

Your email address will not be published. Required fields are marked *