The SDK supports NAGRA’s Secure Session Manager (SSM), which enables monitoring and limiting the number of sessions in parallel, chiefly to protect against account sharing. Security is enhanced as the session manager is linked to the license manager, with the licence regularly renewed during playback.
When the player acquires or renews a licence for playback, it also needs to obtain a session token. The licence server provides the session tokens (per content or account), keeps count of the number of active sessions, and limits the number of permitted concurrent sessions.
An SSM session is set up when a user starts playback of a content item and is torn down when playback stops. SSM also uses Widevine’s periodic licence renewal as a heartbeat; if the SSM server does not receive a heartbeat at regular intervals it deems the session as expired, the licence is not renewed, and the session count drops by one. This ensures that even if no
teardown message is sent by the player (for example, a device lost network connection), the session expires anyway.
The SDK provides an implementation of
OTVMediaDrmCallback dedicated to handling licence key requests with a licence server supporting SSM -
To implement Widevine with SSM, include the following methods to fetch the relevant data for the stream, Licence Server and SSM server. Ensure you have or implement methods to fetch the data relevant to the stream you want to play, the Licence Server you work with, and the SSM server.
OTVSSMHttpMediaDrmCallbackwith the Licence Server URI
Configure the DRM handler using the
setKeyRequestProperty()method. The values below are for illustration purposes only as they are specific to the type of licence server, the account and the content. The
nv-authorizationskey-value pair is mandatory for working with SSM.
OTVHttpMediaDrmCallbackinstance to your
Playback is started by assigning the path to the
Stopping playback (
OTVVideoView) will tear down the SSM session for this content.
Error reporting for SSM
setOnErrorListener() method in
OTVVideoView allows Integrators to register for errors in general, and SSM errors in particular. The application has to instantiate a class that implements the
OnErrorListener interface. This interface requires the implementation of one error callback:
The first parameter passed to the callback is the object reference of the
OTVMediaPlayer from which the error is reported. The two other parameters contain information about the nature of the error.
For example, the main application can register an
onError() callback as follows:
In the context of SSM errors, the following values may be assigned with the
extra parameter is an integer containing the errors as defined in the SSM API, for example:
|1000||Invalid request format|
|1003||Invalid authentication token|
|1007||Max Active Session Exceeded|
|1008||Session Management Disabled|
|1004||Invalid expiration time|
|1005||Tenant ID mismatch|
|1009||Device Account Mismatch|
|1012||Credential key not available|
|1013||Missing Device Id|
|4001||SSM is not available|