The KMS Configuration depends on the KMS type that is chosen. While adding a new KMS server or editing an existing KMS server, one can view the relevant fields for a specific KMS type.
Simulcrypt
Simulcrypt enables scramblers and content protection systems to exchange information about the encryption keys.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Simulcrypt). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Huawei PlayReady
The fields shown in the below figure are mandatory for Playready KMS. It is essential to configure the Certificates for the Certificate and Private Key to reflect in the dropdown list.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Huawei PlayReady). |
Port | Port number. |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Certificate | Certificate for negotiating with the KMS. |
Private Key | Private Key for negotiating with the KMS. |
Verimatrix VMX
Verimatrix (VMX) provides content security for digital television services. It includes software and IP-based security through its Verimatrix Video Content Authority System (VCAS). The MCM9000 connects directly to the VCAS or MCAS systems to retrieve the key for descrambling VMX encrypted sources.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Verimatrix, VMX). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Key Server Manifest URL | The Manifest URL from which to retrieve the Manifest files. |
Replace URL | The URL to replace within the Manifest files. |
Verimatrix MultiRights
The fields shown in the below figure are mandatory for Verimatrix MultiRights KMS.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Verimatrix, MultiRights). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL | The Server URL to connect to. |
Token | The Token to use for the connection to the server. |
SKY CKS
The Customer Key Server (CKS) is a system that the customer hosts entirely on their premises in the container-storing platform of their choice.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (SKY, CKS). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL | The Server URL to connect to (Please follow the suggested URL structure). |
Username | Username to access the KMS. |
Password | The password to access the KMS. |
Asset IDs | Asset IDs to be replaced in the URL. |
Download repetition Rate | The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys. Click on the toggle switch to disable the Download repetition Rate. |
Irdeto
Irdeto offers Security Key Server Technology solutions enabling customers to access premium content from any device securely.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Irdeto). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL | The Server URL to connect to. |
Token Request URL | Token URL to use when negotiating a connection. |
Grant Type | A URL that is used to send the request to the KMS system. |
Username | Username to access the KMS. |
Password | The password to access the KMS. |
Audience | Audience URL to use when sending the request to the KMS system. |
Client ID | Client ID to use when sending the request to the KMS system. |
Realm | Realm ID to use when sending the request to the KMS system. |
CPIX
**From version 5.6.0 onwards MCM9000 supports Content Protection Information Exchange Format (CPIX) KMS.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (CPIX). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Certificate | Certificate for negotiating with the KMS. |
Private Key | Private Key for negotiating with the KMS. |
Server URL | The Server URL, in the format of: https://<server>:<port>/<directory> path to the authentication server. For example, https://test_server.com:4443/ovrm/ovrr/ |
Asset Ids | Asset IDs to be replaced in the URL. |
Download Repetition Rate | The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys. Click on the toggle switch to disable the Download repetition Rate. |
**From version 5.6.4 onwards MCM9000 supports BISS-2, SynMedia and Axinom KMS types.
BISS-2 Anchor KMS Types#biss KMS Types#biss
KMS Types#biss | |
KMS Types#biss |
Basic Interoperable Scrambling System (BISS) is a point to point encryption for use on digital contribution circuits (satellite, IP etc.).
...
**A new event #431 is available from version 5.6.4 onwards - this event is triggered for any key/descrambling issues with the BISS sources.
SynMedia Anchor KMS Types#syn KMS Types#syn
KMS Types#syn | |
KMS Types#syn |
SynMedia KMS encryption is available on MCM9000 from version 5.6.4 onwards.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (SynMedia). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL | The Server URL provided by SynMedia, in the format of: https://synmedia_url/cpix/v2/configAlias/${asset_id} path to the authentication server. |
Asset Ids | Asset IDs to be replaced in the URL. For HLS source, add the asset ID (if it’s more then 1 separate them with comma). For MPEG-Dash source, asset ID is not required. |
Download repetition Rate | The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys. Click on the toggle switch to disable the Download repetition Rate. |
Axinom Anchor KMS Types#axinom KMS Types#axinom
KMS Types#axinom | |
KMS Types#axinom |
Axinom KMS encryption is available on MCM9000 from version 5.6.4 onwards.
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Axinom). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Tenant ID | Tenant ID provided from Axinom. |
Management Key | Management Key provided from Axinom. |
Widevine Protection Info | Widevine Protection Info URL in the format: https://key-server-management.axtest.net/api/WidevineProtectionInfo |
Widevine Protection Info Credentials | Widevine Protection Info Credentials URL in the format: https://key-server-management.axtest.net/api/WidevineProtectionInfoCredentials |
Key Request | Query structure of the key request json. |
Asset Ids | The asset IDs of the streams from the Packager. |
Download repetition Rate | The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys. Click on the toggle switch to disable the Download repetition Rate. |
Static Anchor KMS Types#Static KMS Types#Static
KMS Types#Static | |
KMS Types#Static |
** Static KMS encryption is available on MCM9000 from version 5.6.6 onwards.
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Static). |
Static Keys | Configure a static KMS with the format <keyid>=<key>:<iv>,<keyid>=<key>:<iv>. Can add more than one entry by using “,” or “;” For example, 221bd4b8e8413a18a6663f1dad126d86=726f1f4a7cc6420dee6e8db7314e64c8:510ac1a9694f0e63c92bd851147aaf3f |
Kaltura UDRM
** Kaltura UDRM encryption is available on MCM9000 from version 5.7.1 onwards.
...
Fields | Description |
Name | Name of the KMS. |
Type | Type of KMS (Kaltura UDRM). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Server URL | The Server URL provided by Kaltura in the format: <configured_url>?custom_data=<base64query>&signature=<base64Signature> For example, https://udrmv3.kaltura.com/cenc/widevine/encryption |
Private Key | The private key is the key used for the signature in base64. For example, MahHgAP2AUbXGF32TXJVPOHCMtPTIyKh1xXLL5AWfRA= |
Asset Ids | Asset Ids are the content ids / asset ids for the key pulling (can be defined with the channel). For example, CNN_1082 |
Custom data | This is the Kaltura query request. The default one is: {"ca_system":"OTT","account_id":"2657661","content_id":"${asset_id}","files":"","policy":null} If “account_id=….” is defined, we replace it in the query. For example, account_id : 2657661 Also the whole query can be set in this field instead. |
Options | Yet to be implemented. |
Download repetition Rate | The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys. Click on the toggle switch to disable the Download repetition Rate. |
Buy DRM
** Buy DRM encryption is available on MCM9000 from version 6.0 onwards.
Fields | Description |
---|---|
Name | Name of the KMS. |
Type | Type of KMS (Buy DRM). |
Network | Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system. |
Certificate | Certificate for negotiating with the KMS. |
Private Key | Private Key for negotiating with the KMS. |
Server URL | The Server URL provided by Kaltura in the format: <configured_url>?custom_data=<base64query>&signature=<base64Signature> For example, https://buydrmv3.testkaltura.com/cenc/widevine/encryption |
Options | Yet to be implemented. |
Note: The MCM9000 offers these supported decryption methods and protocols:
- Simulcrypt, AES-128-CBC
- Verimatrix, AES-128-CBC
- Generic, AES-128-CBC
- Irdeto, AES-128-CBC
- BISS-2, AES-128-CBC (From version 5.6.4 onwards)
- Huawei PlayReady, AES-128-CTR
- Verimatrix, MultiRights, CENC
- SKY CKS, CENC
- Irdeto, CENC
- CPIX, CENC (From version 5.6.0 onwards)
- SynMedia, CENC (From version 5.6.4 onwards)
- Axinom, CENC (From version 5.6.4 onwards)
- Static, CENC (From version 5.6.6 onwards)
- Kaltura UDRM, CENC (From version 5.7.1 onwards)
- buyDRM, CENC (From version 6.0 onwards)
- Simulcrypt, DVB-CSA
- Simulcrypt, AES-128-ECB