As part of our filing for Chapter 11 bankruptcy relief, Akamai has acquired select assets from Edgio, including certain customer contracts from our content delivery, applications, and security businesses, but not including Uplynk. We encourage any active Edgio delivery, applications, or security customers that are not already engaged with Akamai to migrate their services, to contact their local Akamai office or support@edg.io as soon as possible to help avoid service interruptions. Service will end on January 15, 2025.


Any Edgio Uplynk customers can reach out to support@uplynk.com for any questions or concerns.

Edgio

Apple FairPlay Streaming (FPS) Digital Rights Management (DRM)

FairPlay Streaming (FPS) supports:
  • HTTP Live Streaming (HLS) playback of encrypted video content.
  • iOS, Apple TV, and Safari on macOS 10.10.3 or later.
    Playback on Safari requires Encrypted Media Extensions (EME). Playback on Safari on a mobile device also requires iOS 11.2 or later.
  • Stopping playback on mobile devices and Apple TV when an expired Content Key (CK) is detected.
  • Identifying individual devices without compromising anonymity via a device identifier within the Server Playback Context (SPC) message.

Quick Start

Set up playback via Apple FairPlay Streaming (FPS) by performing the following steps:
  1. Register as a licensed content owner with Apple and request a deployment package. Request FPS deployment package from Apple.
  2. Request Studio DRM activation by submitting the following information via the Apple FairPlay Streaming page:
    • Your application public key certificate.
    • Your RSA private key passphrase.
    • Your application secret key.
    • Your RSA private key in PEM format.
  3. Verify that both the Require a token for playback and the Require a studio approved DRM for playback options have been enabled on the desired CMS asset, live channel, or live event.
  4. Make your application compatible with our service by performing the following steps:
    • Point your player to a HLS version of the playback URL that corresponds to the content identified in the previous step.
    • Construct and digitally sign this playback URL.
      Query String
      Append the following value to the end of the playback URL:
      plaintext
      1?rmt=fps
      Studio DRM Policies
      Define the desired set of Studio DRM policies by adding either a Studio DRM policy configuration or the desired individual policies to the playback URL’s query string.
      plaintext
      1?rmt=fps&drm_policy_name=wvpolicy1
      Use a Studio DRM policy configuration and/or the expansion parameter capability to obfuscate your Studio DRM policies.
      Digital Signature: Sign the playback URL.
    • Update the Key Server Module (KSM) URL’s scheme to https://.
    • Submit a Content Key request to our Key Server using the above KSM URL.
    • Use the deserialized Content Key Context (CKC) message to initiate playback.
If you override the EXT-X-VERSION tag defined in the playback URL, do not set it to a lower value.

Activation

FPS encrypts content to prevent unauthorized playback. In order to playback encrypted content, a player must use a Content Key to decrypt it. This Content Key is generated by our key server. Before our key server may generate Content Keys for your account, it requires information provided by Apple as a part of your FPS deployment package.
Submit the following information via the Apple FairPlay Streaming page:

FPS Deployment Data

DescriptionDetails
Application Public Key CertificateUpload the application public key certificate provided by Apple. This X.509 certificate should be in Distinguished Encoding Rules (DER) format and have a .cer or .der file extension.
RSA Private Key PassphraseProvide the passphrase that encrypted your private key during CSR submission.
Application Secret KeyProvide your application secret key, which is a 32-character hex string.
RSA Private KeyUpload your private key by:
1. Opening the .pem file in a text editor.
2. Copying the entire contents of that file.
3. Pasting it in the Private Key (.pem) option.
Verify that this option looks similar to the following copy:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Content Keys

Upon initiating playback, an Apple device should request a Content Key from the Key Server Module (KSM) for the desired content. The KSM will provide the Content Key within an encrypted response.

Update the KSM URL

Before requesting a Content Key, update the scheme defined within the EXT-X-KEY URL attribute from skd:// to https://. The following sample JavaScript function returns an updated KSM URL.
JavaScript KSM construction example:
JavaScript
1function getSPCUrl(initData) {
2 skdurl = arrayToString(initData);
3 spcurl = skdurl.replace('skd://', 'https://');
4 spcurl = spcurl.substring(1, spcurl.length);
5 return spcurl;
6}

Request a Content Key

Request a Content Key via the following:
  • Request URL: Updated KSM URL
  • Request Header: Set Content-Type header to "application/json"
  • Request Body: Set it to the following key-value pair:
    • Key: spc
    • Value: Set it to a Base64-encoded string for a Server Playback Context (SPC) message.
The body of the response will contain a Base64-encoded string for a Content Key Context (CKC) message.
Sample request
1{
2 "spc": "your base 64 string"
3}
Sample response
1{
2 "ckc": "your base 64 string"
3}

Content Key Request Minimization

Reduce rebuffering, improve startup time, and speed up switching between different rays encrypted with the same content key by minimizing content key requests.
Reuse licenses for content, ads, and different rays by performing the following steps:
  1. Contact your account manager to request that your encoding profile be optimized for content key reuse.
  2. Include fpuseki=1 within the playback URL’s query string.
  3. Update your player to cache licenses and associate them with license URLs.
Add logic to your code to request a new license when a request with a cached license fails. This best practice is especially useful when you have defined a duration for content keys within your Studio DRM policy.
By default, a license does not expire. However, if you define a duration for content keys within your Studio DRM policy, it should be set to a time period that is longer than the scheduled program. For example, you should set it to 5 hours for a 4 hour live event.

Playback without Studio DRM Protection

The following information is only applicable once Studio DRM has been activated on your account.
Certain types of content (e.g., slate) should not be protected by Studio DRM.
To Play Content Without Studio DRM Protection
  1. Disable Studio DRM by performing either of the following:
  • Clear the Require studio approved DRM for playback option on the desired CMS asset.
  • ass the drm_optional parameter in the playback URL. Learn more.
  1. Update your player to request a cleartext key via the following URL:

More Information