Content Usage Rules for OTT for MDRM eCommerce
If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.
1. Overview
SSP supports declaration and enforcement of content usage rules that define how content shall be used by the client device, for instance regarding output control.
For OTT content, usage rules can be defined in two different ways in SSP:
- The preferred method and the most generic is to use Usage Rules Profiles.
- It consists in referencing a Usage Rules ProfileId
- It can apply to live channels defined in IMS or to Content authorization tokens.
- SSP comes with four default profile values that can be customized and additional profiles can be defined.
- If no usage rules profiles are specified in IMS or in the Content authorization tokens or in the authorization callback mode, then SSP will automatically apply the Default profile of the DRM.
- The second method Generic Usage Rules is deprecated but still supported by SSP. It is supported only in Content authorization tokens and consists in declaring the usage rules in a generic format (see details in Content Authorization token definition)
2. Usage Rules Profiles
For OTT contents, SSP supports Usage Rule Profiles (aka UR Profiles). A UR Profile is a set of DRM specific values for the content usage rules defined below and tagged with an identifier. For convenience, a profile identifier can then be used to replace the list of rules in the IMS API as well as in Content authorization tokens.
SSP is delivered with the following default set of four content usage rules profiles:
| Usage rules | Profile "Test" | Profile "SD" | Profile "HD" | Profile "UHD" | Profile "default" (default system values) | Comments |
|---|---|---|---|---|---|---|
| PlayReady | ||||||
| digitalVideoOnly | FALSE | FALSE | TRUE | TRUE | TRUE | |
minimumAnalogTelevision | 100 | 200 | 300 | 300 | 300 | |
| agcAndColorStrip | 0 | 0 | 0 | 0 | 0 | 0: AGC and Color Strip OFF 1: AGC ON and Color Strip OFF 2: AGC OFF and Color Strip ON 3: AGC ON and Color Strip ON |
minimumUncompressedDigital VideoOutputProtection | 100 | 100 | 300 | 300 | 300 | |
minimumCompressedDigitalVideo OutputProtection | 500 | 500 | 500 | 500 | 500 | |
minimumUncompressedDigital AudioOutputProtection | 100 | 100 | 300 | 300 | 300 | |
minimumCompressedDigital AudioOutputProtection | 100 | 100 | 300 | 300 | 300 | |
| minimumSecurityLevel | 150 | 2000 | 2000 | 3000 | 2000 | |
| hdcpType | null | null | 0 | 1 | 1 | |
| dtcpExport | FALSE | FALSE | FALSE | FALSE | FALSE | |
| FairPlay | ||||||
| airPlayAllowed | TRUE | TRUE | TRUE | FALSE | FALSE | |
| digitalAvAdapter | TRUE | TRUE | TRUE | TRUE | TRUE | |
| hdcpLevel | 0xef72894ca7895b78 | 0xef72894ca7895b78 | 0x40791ac78bd5c571 | 0x285a0863bba8e1d3 | 0x285a0863bba8e1d3 | 0xEF72894CA7895B78 HDCP not required. 0x40791AC78BD5C571 HDCP Type 0 is required. 0x285A0863BBA8E1D3 HDCP Type 1 is required. |
| hdcpStrictEnforcement | FALSE | FALSE | TRUE | TRUE | TRUE | |
| Widevine | ||||||
| hdcp | 0 | 0 | 1 | 4 | 4 | HDCP_NONE = > 0, HDCP_V1 => 1, HDCP_V2 => 2, HDCP_V2_1 => 3, HDCP_V2_2 => 4 |
| minimumSecurityLevel | 5 | 3 | 3 | 1 | 3 | Value compared with the security level stored in the license request which is the Widevine security level (from 3 - SW security to 1 - HW security) In case the security level is not accessible in the license request, SSP will consider the device security level to be 5. This could happen with test devices. |
| policySecurityLevel | 1 | 1 | 1 | 4 | 1 | Security level stored in the license response and used by the DRM client. EME format (from 1 to 5). |
| disableAnalogOutput | FALSE | FALSE | TRUE | TRUE | TRUE | |
| cgmsFlag | CGMS_NONE | COPY_NEVER | CGMS_NONE | CGMS_NONE | CGMS_NONE | |
| allowUnverifiedPlatform | TRUE | FALSE | FALSE | FALSE | FALSE | |
To use one of those profiles, simply use the profile identifier above ("Test" / "SD" / "HD" / "UHD") in the channel definition in IMS or in the Content Authorization token.
Notes:
- Profile "Test" should only be used for integration purposes.
- New profiles can be added into the system. In the current release, this operation shall be performed by a NAGRA administrator. Please contact your NAGRA support team for this purpose.
2.1. Using UR Profiles With Content Authorization Tokens
SSP Content Authorization tokens can include a UR profile identifier both at ContentRights level as well as at Track level (field "usageRulesProfileId" in the ContentAuthZ token definition)
When using UR profile with tokens, the following rules will apply:
- If an SSP Content authorization token refer to a UR profile that does not exist, the respective license request will be rejected.
- Profiles and rules are mutually exclusive: a given Content AuthZ token can contain either a UR profile identifier or an explicit list of usage rules, but not both (otherwise the license request will be rejected).
- If the token does not contain neither a profile identifier nor explicit usage rules, then default values are applied for each usage rule. The list of default values is detailed above.