A deeper look at eHLS, pHLS and HLS with DRM

HLS without content protection:

HTTP Live Streaming (HLS) without any form of content protection means the content is unencrypted and any sort of key server is not required. Such unprotected  content can be easily redistributed and used locally. Usually valuable content over the internet is safe and protected in one or other form. Often, low value content is not meant to be protected or live events which are valuable only during the event.

eHLS with keyserver:

Encrypted HLS content is encrypted with AES128 (Advanced Encryption Standard). Such manifest contains a key which allows HLS content decryption. The content protection via use of keyserver is not that safe and secure as once key is obtained, the content can be easily decrypted and redistributed. To protect the key, serve it over HTTP or make use of token authentication models. Beside all the truth, such protection is not labelled as DRM level content  protection.

pHLS

Short for protected HLS, is an Adobe Primetime content protection scheme. pHLS robustly secures by embedding the key in HLS manifest. pHLS and pHDS are equivalent in security level as well. It applies the same security mechanism to HDS. But pHLS is available on platforms like mobile and digital home.

Due to lack of DRM server, pHLS is also not a DRM solution. But, pHLS enabled client can enforce DRM features: output protection, policies, jailbreaking features and apps whitelisting.

Its design philosophy is to provide the ease of deployment of eRTMP in combination with increased security over AES 128 encrypted HLS with clear key protection.

HLS with DRM

DRM (Digital Right Management) used by copyright holder, applying technological restriction that control the usage of digital media content or device or any digitally valuable stuff.

It’s like pHLS but uses DRM server which makes it a complete DRM solution. Whereas pHLS is not a DRM solution. Here, the high valuable content is served and the content is highly secured under all DRM features.

1. The content and application can be whitelisted to allow access only to authorized users

2. The content is accessible only within the domain. The domains are managed to control access       within the domain.

3. Time based token authentication.

4. Licenses are chained to a root license. Each time a new license is requested, it gets generated         from root license.

5. Output controls are selectable to ensure content cannot be recorded at client end.