You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/media-services/previous/media-services-content-protection-overview.md
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,13 +31,18 @@ The following image illustrates the Media Services content protection workflow:
31
31
This article explains concepts and terminology relevant to understanding content protection with Media Services. The article also provides links to articles that discuss how to protect content.
32
32
33
33
## Dynamic encryption
34
-
You can use Media Services to deliver your content encrypted dynamically with AES clear key or DRM encryption by using PlayReady, Widevine, or FairPlay. Currently, you can encrypt the HTTP Live Streaming (HLS), MPEG DASH, and Smooth Streaming formats. Encryption on progressive downloads is not supported. Each encryption method supports the following streaming protocols:
35
34
35
+
You can use Media Services to deliver your content encrypted dynamically with AES clear key or DRM encryption by using PlayReady, Widevine, or FairPlay. If content is encrypted with an AES clear key and is sent over HTTPS, it is not in clear until it reaches the client.
36
+
37
+
Each encryption method supports the following streaming protocols:
38
+
36
39
- AES: MPEG-DASH, Smooth Streaming, and HLS
37
40
- PlayReady: MPEG-DASH, Smooth Streaming, and HLS
38
41
- Widevine: MPEG-DASH
39
42
- FairPlay: HLS
40
43
44
+
Encryption on progressive downloads is not supported.
45
+
41
46
To encrypt an asset, you need to associate an encryption content key with your asset and also configure an authorization policy for the key. Content keys can be specified or automatically generated by Media Services.
42
47
43
48
You also need to configure the asset's delivery policy. If you want to stream a storage-encrypted asset, make sure to specify how you want to deliver it by configuring the asset delivery policy.
@@ -49,9 +54,6 @@ Customers often wonder whether they should use AES encryption or a DRM system. T
49
54
50
55
PlayReady, Widevine, and FairPlay all provide a higher level of encryption compared to AES-128 clear key encryption. The content key is transmitted in an encrypted format. Additionally, decryption is handled in a secure environment at the operating system level, where it's more difficult for a malicious user to attack. DRM is recommended for use cases where the viewer might not be a trusted party and you require the highest level of security.
51
56
52
-
> [!NOTE]
53
-
> If content is encrypted with a clear key and it is sent over HTTPS, the content is not in clear until it reaches the client.
54
-
55
57
## Storage encryption
56
58
You can use storage encryption to encrypt your clear content locally by using AES 256-bit encryption. You then can upload it to Azure Storage, where it's stored encrypted at rest. Assets protected with storage encryption are automatically unencrypted and placed in an encrypted file system prior to encoding. The assets are optionally re-encrypted prior to uploading back as a new output asset. The primary use case for storage encryption is when you want to secure your high-quality input media files with strong encryption at rest on disk.
57
59
@@ -96,6 +98,7 @@ The following considerations apply:
96
98
* Encryption type doesn't have to be specified in the URL if only one encryption was applied to the asset.
97
99
* Encryption type is case insensitive.
98
100
* The following encryption types can be specified:
101
+
99
102
***cenc**: For PlayReady or Widevine (common encryption)
0 commit comments