You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/media-services/latest/frequently-asked-questions.md
+15-15Lines changed: 15 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -228,9 +228,9 @@ A sample boot.xml file:
228
228
229
229
Since Media Services v3 allows an Asset to have multiple StreamingLocators. You can have
230
230
231
-
1. One ContentKeyPolicy with license_type = "persistent", ContentKeyPolicyRestriction with claim on "persistent", and its StreamingLocator;
232
-
1. Another ContentKeyPolicy with license_type="nonpersistent", ContentKeyPolicyRestriction with claim on "nonpersistent", and its StreamingLocator.
233
-
1. The two StreamingLocators have different ContentKey.
231
+
* One ContentKeyPolicy with license_type = "persistent", ContentKeyPolicyRestriction with claim on "persistent", and its StreamingLocator;
232
+
* Another ContentKeyPolicy with license_type="nonpersistent", ContentKeyPolicyRestriction with claim on "nonpersistent", and its StreamingLocator.
233
+
* The two StreamingLocators have different ContentKey.
234
234
235
235
Depending on business logic of custom STS, different claims are issued in the JWT token. With the token, only the corresponding license can be obtained and only the corresponding URL can be played.
236
236
@@ -241,17 +241,17 @@ five different security levels are outlined. This section explains how the secur
241
241
242
242
The Google's "Widevine DRM Architecture Review" doc defines the following three security levels:
243
243
244
-
1. Security Level 1: All content processing, cryptography, and control are performed within the Trusted Execution Environment (TEE). In some implementation models, security processing may be performed in different chips.
245
-
1. Security Level 2: Performs cryptography (but not video processing) within the TEE: decrypted buffers are returned to the application domain and processed through separate video hardware or software. At level 2, however, cryptographic information is still processed only within the TEE.
246
-
1. Security Level 3 Does not have a TEE on the device. Appropriate measures may be taken to protect the cryptographic information and decrypted content on host operating system. A Level 3 implementation may also include a hardware cryptographic engine, but that only enhances performance, not security.
244
+
* Security Level 1: All content processing, cryptography, and control are performed within the Trusted Execution Environment (TEE). In some implementation models, security processing may be performed in different chips.
245
+
* Security Level 2: Performs cryptography (but not video processing) within the TEE: decrypted buffers are returned to the application domain and processed through separate video hardware or software. At level 2, however, cryptographic information is still processed only within the TEE.
246
+
* Security Level 3 Does not have a TEE on the device. Appropriate measures may be taken to protect the cryptographic information and decrypted content on host operating system. A Level 3 implementation may also include a hardware cryptographic engine, but that only enhances performance, not security.
247
247
248
248
At the same time, in [Azure Media Services documentation on Widevine license template](widevine-license-template-overview.md), the security_level property of content_key_specs can have the following five different values (client robustness requirements for playback):
249
249
250
-
1. Software-based white-box crypto is required.
251
-
1. Software crypto and an obfuscated decoder is required.
252
-
1. The key material and crypto operations must be performed within a hardware backed TEE.
253
-
1. The crypto and decoding of content must be performed within a hardware backed TEE.
254
-
1. The crypto, decoding, and all handling of the media (compressed and uncompressed) must be handled within a hardware backed TEE.
250
+
* Software-based white-box crypto is required.
251
+
* Software crypto and an obfuscated decoder is required.
252
+
* The key material and crypto operations must be performed within a hardware backed TEE.
253
+
* The crypto and decoding of content must be performed within a hardware backed TEE.
254
+
* The crypto, decoding, and all handling of the media (compressed and uncompressed) must be handled within a hardware backed TEE.
255
255
256
256
Both security levels are defined by Google Widevine. The difference is in its usage level: architecture level or API level. The five security levels are used in the Widevine API. The content_key_specs object, which
257
257
contains security_level is deserialized and passed to the Widevine global delivery service by Azure Media Services Widevine license service. The table below shows the mapping between the two sets of security levels.
@@ -266,11 +266,11 @@ contains security_level is deserialized and passed to the Widevine global delive
266
266
267
267
There are two ways to improve download speed:
268
268
269
-
1. Enable CDN so that end users are more likely to hit CDN instead of origin/streaming endpoint for content download. If user hits streaming endpoint, each HLS segment or DASH fragment is dynamically packaged and encrypted. Even though this latency is in millisecond scale for each segment/fragment, when you have an hour long video, the accumulated latency can be large causing longer download.
270
-
1. Provide end users the option to selectively download video quality layers and audio tracks instead of all contents. For offline mode, there is no point to download all of the quality layers. There are two ways to achieve this:
269
+
* Enable CDN so that end users are more likely to hit CDN instead of origin/streaming endpoint for content download. If user hits streaming endpoint, each HLS segment or DASH fragment is dynamically packaged and encrypted. Even though this latency is in millisecond scale for each segment/fragment, when you have an hour long video, the accumulated latency can be large causing longer download.
270
+
* Provide end users the option to selectively download video quality layers and audio tracks instead of all contents. For offline mode, there is no point to download all of the quality layers. There are two ways to achieve this:
271
271
272
-
1. Client controlled: either player app auto selects or user selects video quality layer and audio tracks to download;
273
-
1. Service controlled: one can use Dynamic Manifest feature in Azure Media Services to create a (global) filter, which limits HLS playlist or DASH MPD to a single video quality layer and selected audio tracks. Then the download URL presented to end users will include this filter.
272
+
* Client controlled: either player app auto selects or user selects video quality layer and audio tracks to download;
273
+
* Service controlled: one can use Dynamic Manifest feature in Azure Media Services to create a (global) filter, which limits HLS playlist or DASH MPD to a single video quality layer and selected audio tracks. Then the download URL presented to end users will include this filter.
0 commit comments