Skip to main content
Skip table of contents

OTT Authorization Binding

1. OTT Authorizations Based on Content Authorization Token

Any device requesting access to keys needed to decrypt OTT content authorized by Content authorization token will perform a license request containing the following fields:

  • a DRM specific (PR, WV, FPS, Connect, ...) license request message a.k.a "DRM challenge". These message usually contains a unique identifier of the device assigned by the DRM system.

  • a SSP Content authorization token. This message might include in the "device" structure:

    • nothing, in this case the token is not bound to any device and can be shared and reused as many times as wanted. This is perfect for demo but should never be used for production.

    • a "deviceUniqueId" field which needs to be equal to the unique identifier of the "DRM challenge". Using this field is the most secure way to avoid sharing (not reuse) of tokens but it supposes the operator service creating the token has access to this "deviceUniqueId". W3C EME requirements prevents Javascript application to access such identifier.   

    • a "deviceId" field which needs to be equal to a "_id" field of a device authorized by the service provider in the ADM. This identifier is assigned by the service provider.

    • An "accountId" field, if present, is currently ignored

    • Alternatively, the token can be defined as playable only once by using "jti" and "exp" fields.

In addition to the check of the various fields of the token, SSP performs automatically the (23.48) OTT Authorization Binding#deviceId binding operation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close