I am trying to do an experiment with encrypted Microsoft smooth streaming streams.
And i have a IIS server with transform manager installed. However, i wonder is there a free PlayReady server available online for testing?
It can be a trial or functionality limited version.
I just want to do a quick POC before invest more into this.
I found a service provider list on Microsoft PlayReady site: http://www.microsoft.com/playready/licensing/asp/
But none of them seems to provide any form of free trial.
Does anybody know any service i can use? or is there an alternative way of applying DRM to smooth streaming?
UPDATE:
Thanks all for the answers, and thanks to Sander, i have actually found one usable:
http://playready.directtaps.net/pr/doc/slee/
FYI
A time-limited free trial of SilverHD DRM is available for commercial users - the contact details to get a trial account are on the website. The free trial includes access to a PlayReady and Windows Media DRM license server and all the licensing related functionality that goes along with that. Disclaimer: I work for Axinom who provides the SilverHD DRM service.
Alternatively, Microsoft has a public PlayReady test server that you can use for free. Basically, it will always provide a persistent license in response to any license request made to it. Not very flexible and the URL query string customization options tend to not actually work, but maybe it suits your needs?
If you describe your needs in more detail, I might be able to offer more specific advice on how to proceed with evaluating PlayReady.
2019-01-09 update:
New Microsoft Test Playready Server can be used for testing. Please note this does not secure keys as it's given in laurl request(base64). See example below.
kid=43215678123412341234123412341234
key=12341234123412341234123412341234
playready=https://test.playready.microsoft.com/service/rightsmanager.asmx?cfg=(kid:header,sl:2000,persist:false,firstexp:60,contentkey:EjQSNBI0EjQSNBI0EjQSNA==)
(edit 2019-06-06) License url for older devices without a time-policy feature drop firstexp attribute.
playready=https://test.playready.microsoft.com/service/rightsmanager.asmx?cfg=(kid:header,sl:2000,persist:false,contentkey:EjQSNBI0EjQSNBI0EjQSNA==)
I must admit I've not looked closely at this but have you checked out Azure Media Services?
They have a free trial and it looks like they support PlayReady and a bunch of other things.
Doesn't look like they have a "portal" at the moment (coming in future release), so you have to do the uploading etc. with code.
Here are some test streams you could use to test your PlayReady implementation:
PlayReady Encrypted Smooth Streaming:http://htmlsamples.origin.mediaservices.windows.net/66446cae-fd27-4c8f-a1c2-a38a9771ac09/Testing.ism/Manifest
PlayReady Encrypted HLS: http://htmlsamples.origin.mediaservices.windows.net/66446cae-fd27-4c8f-a1c2-a38a9771ac09/Testing.ism/Manifest(format=m3u8-aapl)
PlayReady Encrypted DASH: http://htmlsamples.origin.mediaservices.windows.net/66446cae-fd27-4c8f-a1c2-a38a9771ac09/Testing.ism/Manifest(format=mpd-time-csf)
Here is how you could configure PlayReady license server on Azure with a few steps: https://www.youtube.com/watch?v=k6WWfZxE42w
This is a blog post for PlayReady and AES key service via Azure Media Services: http://azure.microsoft.com/blog/2015/01/29/azure-media-services-enhances-streaming-security-with-general-availability-of-drm-technology/
Please reach out to yanmf#microsoft if you have any questions.
Related
I have some audio and video files which will be served from server to browser on request. Now I need a way by which "Users can watch or listen to media but shouldn't be able to download in anyway (even with developer tools or download manager plugins)". Kindly share your ideas if you have had experience on this.
If you are streaming it to them you can't stop them downloading it as, in extreme cases, they can simply capture the network traffic.
It sounds like you may want to encrypt the content using one of the commonly used encryption techniques and then find a secure way to share the encryption key with your users and their devices/players. This way any captured or downloaded content will not be of use to anyone without the right key.
This is essentially what DRM technologies do so it would probably be worth you investigating them - you can integrate the functionality to your own sever or simply host your videos with a provider who provides the functionality and embed their video player on your site.
I need to create digital signature of some XML data with a client certificate(smart card) using web browser. Usually I used to do it with a java applet executing on the client side. The benefit being multiplatform in terms of OS and browsers.
However this option is getting increasingly harder and harder to implement and support in the long term. Virtually all browsers require some sort of action in order to execute such applet, code signing with a trusted certificate is almost mandatory nowadays, new manifest attributes and so on. Well there is nothing wrong with some extra layer of security and I am ok with that.
However Google Chrome as of April 2015 has stopped support for Java applets (and other plugins as well) - there is a configuration switch but it won't be available for much longer as stated here.
Mozilla Firefox does not have end of support date for NPAPI but they call it "legacy technology".
As for IE - it does not support plugins in Modern UI.
So with Java applets no longer really a universal option what are my choices?
What I have investigated so far:
ActiveX - IE only
Silverlight - no access to certificates at all and as a plugin faces the same limitations as Java
Browser specific extensions; For example Firefox up until version 33 used to have window.crypto.signText but not anymore
local applications installed on the client - not easy to install, support, develop and update for several OS and their different versions.
Web Cryptography - "only basic cryptographic functions", no certificates support
I ran out of ideas. All suggestions are welcome and appreciated.
I did same research few weeks ago, and the first option for me is migrate to firefox (at least for now).
An alternative, could be migrate applets to JNLP java client application (maybe with some websocket/restful synchronization between java client/server/web page).
I think the options that you mentioned have less support among browsers than java applet.
Proprietary API available
I want to revive an answer previously deleted for lack of information. My answer does not provide complete info but since I had the same problem and stumbled upon this question, I'd like to share my findings.
I also have an additional requirement so that the browser signature works on "older" (IE9) browsers.
There is a web API at https://www.4identity.eu/ distributed by Italian smart card manufacturer Bit4id.
The 4identity API, however, is not really a full "web API" that relies on plain Javascript, as it still requires to download a Windows-only client (sic!). The client, as far as I could understand, responds on a custom keychain URL protocol (I had a past Oauth-2 related question on how to handle desktop applications....) which is not standard according to my findings. The client has access to the key store so it can upload the signed file to the remote web service who is being polled by the Ajax page.
I need to do some paperwork to get full API access, and I have no information about pricing. Still, I deem worth to give a detailed look.
Part 2 of the question
Supporting a real digital signature from browser requires browser vendors and W3C, who oversees web standards, to do a lot of effort, maybe just the same effort they did for standardizing DRM solutions in HTML5 for sake of multimedia companies (criticism mode on). Currently there is WebCrypto standard but according to research it is not available in "mainstream browsers"
Digital signing a remote file with a smart card requires access to the key store and the implementation of cryptography libraries. An open source implementation of PaDES/CaDES is expectable by the community, but without a final implementation of a standard way to access the key store the smart card cannot be accessed.
See also this answer.
This additional part of the answer does not apply to my case as I require this to work on older browsers.
Disclaimer: I am not affiliated with Bit4id but I know them since I had the opportunity to integrate their work in my apps. One of our customers is a Bit4id partner
Is there a service or solution to integrate video/audio communications within your userbase on site or within application ?
Something like google hangouts, but users must have avatars and nicknames that is getting out of my database.
There are some frameworks that may give you what you want.
Twilio provides tools to allow you build combinations into your apps - they explain it pretty well on the site.
http://www.twilio.com
Ericsson has also just open sourced their Web RTC browser:
http://www.pcworld.com/article/2691212/ericsson-releases-webrtc-browser-and-framework-as-open-source.html
Other examples include:
https://www.plivo.com/web-sdk/
http://www.webrtc.org/home
Essentially for the web application world, Web RTC is the technology you are most likely looking for and you will probably have to take a look at some of the more popular offering built around this to see which you like best and which best meets your needs.
If you want to build your own from the basic building blocks then Web RTC is a W3C standard based technology so you can find out about it here:
http://en.wikipedia.org/wiki/WebRTC
http://w3c.github.io/webrtc-pc/
I need to develop a system to stream media over the web to subscribers (like Netflix). It's very important that my consumers can't "save on disk" my videos, since I'll be billing them by the minute watched...
I would like to know how video-streaming-DRM software, like the one behind Netflix, actually work. How the encryption happens? Do they use symmetric keys? I don't need specifics about the implementation, not now at least, but rather a overview of the whole system (client and server)
Extra Info:
-I will be the one uploading videos. The user wont upload videos
-I intend to build this as a Azure Cloud Native App
-I have not yet decided on the client side yet. Since my target public is quite narrow, I'm considering if I should build a app client or web-client... in case of web I would like to leverage the new DRM capabilities ...
-The server side will be C#
-It's safe to assume that the end-user will have a "decent 3ยบ world" internet connection (at least 1 Mb/s)
Although quite reasonable, your question does not really fit the Stack Overflow's format. But I'll give you some hints and resources to check out:
Microsoft PlayReady Overview - check it and related pages (like Learn More, White Paper)
EZDRM
Content Protection with Windows Azure Media Services
Task Preset for Windows Azure Media Encryptor
Clients of DRM protected content can be developed in Silverlgiht, Windows Store App, iOS native app (this one is not open to the wide public!). Never tried Android and HTML 5.
In short - don't worry! If you use a DRM solution, your users will not be able to save the videos. However, one can always do a screen capture using [Expression Encoder Screen Capture | Camtasia Studio | Any screen capturing software]. So there is no full 100% content protection.
How do you secured a key into your iPhone application?
I have an API key that is used by the client application, and do not want anyone to see it, only the application should be able to read it.
1) how do I safely store this in my application? storing it into a variable? is good enough?
2) What happens if someone decrypts my application? (Is that possible?)
There's a lot of questions here so let me answer one at a time:
How do you secured a key into your iPhone application?
I assume that you are trying to secure it from the user of your application. This is impossible unless you are using a trusted computing platform, ie. a platform that can be trusted to not obey orders from its owner (sometimes called treacherous computing for that reason). iPhone is not such a platform to my knowledge.
I have an API key that is used by the client application, and do not want anyone to see it, only the application should be able to read it.
If your application can read it then the owner of the platform that your application runs on can read it as well. (The exception would be a trusted computing platform - see above.)
how do I safely store this in my application?
You can't.
storing it into a variable?
You might.
is good enough?
No.
What happens if someone decrypts my application?
Then he gets your key.
Is that possible?
Yes.
If you don't want your users to know your key then don't give it to them in the first place. Set up a proxy server that your application would connect to and keep your secrets there.
There's an old saying that every secret has to be treated like a public knowledge unless it's known by no more than two people. This applies to software too.
Consider storing the key in the iPhone's keychain repository. Take a look at the Apple provided keychain sample app here:
http://developer.apple.com/library/ios/#samplecode/GenericKeychain/Introduction/Intro.html
Hope this helped. Good Luck.
I agree with Greg Thompson, Apple recommends the use of the keychain to store secure data such as credentials.
By the other hand there is a couple of articles around the web that says that the keychain is no longer "the safer zone", because some people were able to decode its data (and pretty quick).
With iOs 4.0 and later, some improvements about security where made, that is called Data Protection (you can google it like: iOs data protection).. if you are interested in this topic, you'll find the Session 209 - Securing Application Data from WWDC 2010 Session Videos very interesting ... You can get this video for free via iTunes store - iTunes U
Hope this helps