Developed by GS Labs programmers, the DREPlus Digital Rights Mmanagement (DRM) system, together with the Metadata Management System (MDS), is the main “core” of the IPTV / OTT ecosystem.
Patents, audits, certificates …
MultiDRM DREPlus is a completely Russian development, unique in that it is the only DRM of Russian origin that has passed the Farncombe Security Audit by the internationally recognized independent auditor of encryption systems Cartesian. This audit is passed by the products of all recognized leaders in the field of cryptography and encryption: Verimatrix, Nagra, Conax, Irdeto, etc.
Passing an audit entitles to use the audit logo in marketing materials about products. It also allows operators to receive rights to broadcast content in OTT / IPTV from the world’s leading studios. Which produce the most demanded and popular content.
The situation is similar with TV channels. Currently, more than 200 TV channels from different countries have approved MultiDRM DREPlus encryption for broadcasting in IPTV / OTT environment.
MultiDRM DREPlus has passed the official registration procedure with Rospatent and is included in the Unified Register of Russian Programs for Electronic Computers and Databases of the Ministry of Telecom and Mass Communications. The order on entry into the Unified Register signed by the Minister of Digital Development, Communications and Mass Media of the Russian Federation is available on the register portal.
In accordance with Federal Law No. 265-FZ of July 31, 2020, software products included in the unified register of Russian programs for electronic computers and databases receive preferences in the form of exemption from VAT. And the VAT exemption for foreign software has been canceled from January 1, 2021. In addition, the ministry is currently considering proposals for amending the Tax Code of the Russian Federation, providing for the inclusion of the costs of introducing domestic software into the investment tax deduction for income tax.
CIFRA LLC (TM GS Labs) is also licensed by the Federal Security Service of the Russian Federation to develop, produce, distribute encryption (cryptographic) means, information systems and telecommunication systems, protected using encryption (cryptographic) means. And it has the ability to offer its products and services in cases where the presence of such a license is required by the customer.
Encryption and ecosystem interaction
The DRM DREPlus digital rights management system is a MultiDRM system and supports the following encryption methods:
- Native encryption algorithm with support for the AES-128 key rotation mechanism, applicable to any device. HLS packaging.
- Widevine encryption algorithm from Google. Recommended for use with devices based on Android, AndroidTV, and for Chrome family’s browsers. DASH packaging.
- Apple’s FairPlay encryption algorithm from Apple. It is a native cryptographic protection for use with devices based on iOS, and for Safari family’s browsers. HLS packaging.
To ensure the lowest possible latency, source content such as video files are transcoded into adaptive bitrate profile sets. Then they are encrypted by each of the algorithms, and, already protected, are sent to the corresponding streamers. Where are stored and wait requests from client devices and applications.
Depending on which encryption algorithm is natively supported by subscriber device, operator settings determine which version of the content will be delivered to the client device:
- Links to Apple FairPlay encrypted content are transmitted to devices manufactured by Apple.
- Links to content encrypted with the Widevine algorithm from Google are transmitted on Android and AndroidTV devices, as well as on devices with the Chrome browser.
- Links to content encrypted with the DREPlus algorithm are transmitted to all other devices, for example, to subscriber devices manufactured with General Satellite own brand, as well as to any other devices.
Of course, instead of video files, the source file storage can contain audio files or live streams of TV channels. The scheme will remain the same. In addition, if you change the priority, and instead of achieving the maximum speed of content delivery, set the goal to save disk space, then the transcoded content can be stored on streamers in a single copy. And encrypt “on the fly” only those content, requests for which came from specific device. And only by algorithm preferred to tis device.
Using “3 DRMs in one” speeds up the process of developing applications and publishing them in platform applications. And it does not require making registration of DREPlus DRM on a each new device or platform. If the subscriber’s device allready supports at least one of 3 algorithms: DREPlus, Widevine or Apple FairPlay, this is enough.
DRM works with its environment (devices) through an API mechanism.
DRM Library is a library embedded in a client application on a device with which OTT services are consumed. It is implemented for STB, Android, iOS, provides authorization and a response part to the server part of the DRM solution.
There are three modifications of DRM Library:
- to work with STB devices using hardware protection;
- to work on devices using native implementation and software protection;
Selection of HW configuration, scaling, explotation
In view of the critical importance of the MultiDRM service, the DRM server software and its database are recommended to be installed on top of high-availability clusters. That is, groups of servers that are designed and configured according to high availability practices and minimizing downtime through hardware redundancy.
The minimum allowed number of servers in a cluster at the start is 3 servers. Any two of which are guaranteed to meet the maximum system performance requirements. Those the failure of one of the three servers does not lead to system failure or crashes. Further, the cluster can be freely scaled by adding servers.
The table below shows the requirements for the configuration of HW servers for MultiDRM DREPlus, depending on the expected subscriber quantity:
|Number of registered subscribers||2 000||20 000||2 000 000|
|Number of active users (once a month accessed content)||200||2 000||200 000|
|Number of users accessed to content in busy hour||100||1 000||100 000|
|Configuration type||Cluster of 3 servers or Minikube, and 1 server for the database||Cluster of 3 servers, and 1 server for the database||Cluster of 5 or more servers, and a cluster of 3 servers for the database|
|Service configuration (requirements for each of N servers)||CPU - 4-6 cores, |
RAM - 8 GB
|CPU - 6 cores, |
RAM - 16 GB,
HDD - 500GB
|CPU - 8 cores,
RAM - 32GB,
Network - 10G
|Database configuration (requirements for each of N servers)||CPU - 8 cores, |
RAM - 8 GB
|CPU - 8 cores, |
RAM - 16 GB,
HDD - 500GB
|CPU - 8 cores,
RAM - 32GB,
HDD - 3TB,
Network - 2G
At the start of a new project, servers can be real physical or virtual. But with an increase in the number of subscribers, it is preferable to switch to physical servers. This will provide better performance and stability, especially on projects with a high load in busy hour.