If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.

This page details the DRM signaling generated by the CKM service. It is intended to support OTT integration cases using content key token instead of the CKM service or if several pre-encrypted contents already exist, it can be used to check that their DRM signaling is already compatible with SSP.

1. PlayReady DRM Signaling

PlayReady DASH signaling is defined here.

  • When integrated with OpenTV Platform 2.x or with SSP authorization server, SSP requires a contentId as string to be defined in the custom attributes of the PlayReady Header Object as follows for the contentId "Content1":
                <nv:ContentId xmlns:nv="urn:schema-ssp-nagra-com">Content1</nv:ContentId>
  • When integrated with CLM authorization tokens, this custom attributes is ignored.

2. Widevine DRM Signaling

Widevine DASH signaling is defined here.

Widevine HLS signaling is defined here.

For SSP, both "contentId" and "keyIds" fields are mandatory.

3. FairPlay DRM Signaling

FairPlay HLS signaling is defined as part of the FPS SDK downloadable here.

  • When integrated with OpenTV Platforn 2.x or with SSP authorization server, SSP requires that the FPS "assetId" is equal to a JSON encoded as base64 URL safe according to the following JSON schema:

    "ContentId": {
        "type": "string"
    "KeyId": {
        "type": "string"
    "IV": {
        "type": "string"

    "required": ["ContentId", "KeyId", "IV"]

  • Here is a  example:

{ "ContentId":"Gone with the Wind", "KeyId":"91a1e447-684b-4ace-b6ce-401160f07f01", "IV":"Ej5FZ+ibEtOkVkJmVUQAAA==" }

  • And finally with the HLS full signaling including this example:


  • When integrated with CLM authorization tokens, the assetId is ignored.