If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.

1. Overview

SSP supports declaration and enforcement of content usage rules that define how content shall be used by the client device, for instance regarding output control.

For OTT content, usage rules can be defined in two different ways in SSP:

    1. The preferred method and the most generic is to use Usage Rules Profiles.
      • It consists in referencing a Usage Rules ProfileId
      • It can apply to live channels defined in IMS or to Content authorization tokens.
      • SSP comes with four default profile values that can be customized and additional profiles can be defined.
      • If no usage rules profiles are specified in IMS or in the Content authorization tokens or in the authorization callback mode, then SSP will automatically apply the Default profile of the DRM.
    2. The second method Generic Usage Rules is deprecated but still supported by SSP. It is supported only in Content authorization tokens and consists in declaring the usage rules in a generic format (see details in Content Authorization token definition)


2. Usage Rules Profiles

For OTT contents, SSP supports Usage Rule Profiles (aka UR Profiles). A UR Profile is a set of DRM specific values for the content usage rules defined below and tagged with an identifier. For convenience, a profile identifier can then be used to replace the list of rules in the IMS API as well as in Content authorization tokens.

SSP is delivered with the following default set of four content usage rules profiles:


Usage rulesProfile "Test"Profile "SD"Profile "HD"Profile "UHD"Profile "default"
(default system values)
Comments
PlayReady    
digitalVideoOnlyFALSEFALSETRUETRUETRUE

minimumAnalogTelevision

100200300300300
agcAndColorStrip00000

0: AGC and Color Strip OFF

1: AGC ON and Color Strip OFF

2: AGC OFF and Color Strip ON

3: AGC ON and Color Strip ON

minimumUncompressedDigital

VideoOutputProtection

100100300300300

minimumCompressedDigitalVideo

OutputProtection

500500500500500

minimumUncompressedDigital

AudioOutputProtection

100100300300300

minimumCompressedDigital

AudioOutputProtection

100100300300300
minimumSecurityLevel1502000200030002000
hdcpTypenullnull011
dtcpExportFALSEFALSEFALSEFALSEFALSE
FairPlay    
airPlayAllowedTRUETRUETRUEFALSEFALSE
digitalAvAdapterTRUETRUETRUETRUETRUE
hdcpLevel

0xef72894ca7895b78

0xef72894ca7895b780x40791ac78bd5c5710x285a0863bba8e1d30x285a0863bba8e1d3

0xEF72894CA7895B78 HDCP not required.

0x40791AC78BD5C571 HDCP Type 0 is required.

0x285A0863BBA8E1D3 HDCP Type 1 is required.

hdcpStrictEnforcementFALSEFALSETRUETRUETRUE
Widevine    
hdcp00144

HDCP_NONE = > 0,

HDCP_V1 => 1,

HDCP_V2 => 2,

HDCP_V2_1 => 3,

HDCP_V2_2 => 4

minimumSecurityLevel53313

Value compared with the security level stored in the license request which is the Widevine security level (from 3 - SW security to 1 - HW security)

In case the security level is not accessible in the license request, SSP will consider the device security level to be 5. This could happen with test devices.

policySecurityLevel11141Security level stored in the license response and used by the DRM client. EME format (from 1 to 5).
disableAnalogOutputFALSEFALSETRUETRUETRUE
cgmsFlagCGMS_NONECOPY_NEVERCGMS_NONECGMS_NONECGMS_NONE
allowUnverifiedPlatformTRUEFALSEFALSEFALSEFALSE



To use one of those profiles, simply use the profile identifier above ("Test" / "SD" / "HD" / "UHD") in the channel definition in IMS or in the Content Authorization token.

Notes:

  • Profile "Test" should only be used for integration purposes.
  • New profiles can be added into the system. In the current release, this operation shall be performed by a NAGRA administrator. Please contact your NAGRA support team for this purpose.

2.1. Using UR Profiles With Content Authorization Tokens

SSP Content Authorization tokens can include a UR profile identifier both at ContentRights level as well as at Track level (field "usageRulesProfileId" in the ContentAuthZ token definition)

When using UR profile with tokens, the following rules will apply:

  • If an SSP Content authorization token refer to a UR profile that does not exist, the respective license request will be rejected.
  • Profiles and rules are mutually exclusive: a given Content AuthZ token can contain either a UR profile identifier or an explicit list of usage rules, but not both (otherwise the license request will be rejected).
  • If the token does not contain neither a profile identifier nor explicit usage rules, then default values are applied for each usage rule. The list of default values is detailed above.