Guides
Talk to Us

DRM Application Specific Token Authentication

Suggest Edits

Multi-DRM License Servers

License servers communicate with the DRM software on the client device. The client device prepares a license request and sends it to the server with the authorization token. The server validates the license request, and if validated, returns a license response.

The following claims apply to license server JWTs.

"aud" (Audience) claim

Required. The "aud" (audience) claim identifies the recipient that the JWT is intended for. It must match the purpose that the key is registered for.

"sub" (Subject) claim

Required. The "sub" (Subject) claim identifies the content. It MUST match the value used for the identifier when the keys are requested.

This claim MUST be present in the payload of the JWT.

"subscriber" (Subscriber ID) claim

Optional. The "subscriber" (Subscriber ID) claim identifies the subscriber that the token was issued for.

Verimatrix recommends that you populate this claim only if there is a business requirement to identify the subscriber. If there is no requirement for subscriber identification, Verimatrix recommends that this field is not populated. If populated, use subscriber IDs that only the middleware can recognize to identify subscribers.
If included, this claim MUST be present in the payload of the JWT.

"device" (Device ID) claim

Optional. The "device" (device ID) claim identifies the device that the token was issued for.

Verimatrix recommends that you populate this claim only if there is a business requirement to identify the device. If there is no requirement for device identification, Verimatrix recommends that this field is not populated.
If included, this claim MUST be present in the payload of the JWT.

"security_policy" claims

Optional. The security policy claims create a mapping between a policy ID and DRM specific rights for controlling device output hardware. The security policy contains an object for each of the different DRMs; 0 or more of these objects can be present. If a DRM request does not have a matching security policy, then the system defaults are used.
Each policy is identified by a UUID.

“security_policy”: {
“EB119443-186B-4DEA-A7B7-8E5089FDD6B6”: {
“widevine”: { … }
},
“B04CAC99-6AC2-412A-A60B-E764723E768D”: { … }
}

"default_security_policy" Default security policy mapping claim

Optional. This claim selects a default policy that is applied before any track specific policy. It should reference a security policy by id. The security_policy_id must be specified as a UUID.

default_security_policy: security_policy_id

"track_policy" (Track to security policy mapping) claim

Optional. The "track_policy" claim maps key identifiers to security policies. It is a dictionary that maps security policies to Key IDs. Security policy IDs and Key IDs are both UUIDs.

If there is no track policy defined for a particular key ID then the “default_security_policy” is used. If "default_security_policy" is not specified then the DRM system defaults are used.

track_policy: {
key_id: security_policy_id
}

"track_type_policy" (Track type to security policy mapping) claim

Optional. If the key identifiers are not known when the token is generated, you can map track types to security policies instead. This requires Key IDs to have been tagged with a track type during content encryption.

Verimatrix recommends the use of the following track type values:

  • AUDIO
  • SD
  • HD
  • UHD1
  • UHD2

The "track type policy" claim maps track type identifiers to security policies. It is a dictionary that maps security policies to Key IDs based upon the key track type. The security policy IDs are UUIDs.

If there is no track type policy defined for a particular key’s track type then the “default_security_policy” is used. If "default_security_policy" is not specified, then the DRM system defaults are used.

track_type_policy: {
track_type: security_policy_id
}

NOTE When there are multiple policies that reference the same Key ID, the most restrictive policy is used.

"policy" claim

Optional. Defines the playback policies to be configured for a license request. Policy claims, like security claims, are broken down by DRM type. However, they are not referenced by an ID and instead are considered over the entire asset. Policy claims allow for control of lease or rental operations.

“policy”: {
“widevine”: { … }
}

Updated over 1 year ago

What’s Next