AWS Produces Open API Spec to Simplify Encryption for Live, On-Demand Media Workflows

Amazon Web Services (AWS) announced the Secure Packager and Encoder Key Exchange (SPEKE), an open, extensible API specification developed to streamline integration of Digital Rights Management (DRM) with encoders, transcoders, and origin servers (encryptors).

Until recently, most integrations required a custom API for each DRM solutions provider and each encryptor, which proved costly and time consuming, and often delayed the launch of new services. SPEKE solves these challenges by providing a standardized method for key exchange between encryptors and DRM systems. It also enables customers to use SPEKE-enabled key servers or encryptors in on-premises, cloud, or hybrid infrastructures. SPEKE is designed for both live and on-demand media workflows.

Built on the DASH Industry Forum’s Content Protection Information Exchange Format (CPIX) standard for key exchange, SPEKE provides a universal, secure way for SPEKE-enabled key servers and encryptors to encrypt content. An API specification supports HLS, MSS and DASH packaging as well as standard DRM platforms, including Apple FairPlay Streaming, Microsoft PlayReady, Google Widevine, AES-128, and proprietary DRMs.

Multiple APN partners already have implemented SPEKE, including AWS, Axinom, castLabs, EZDRM, INKA Entworks, Insys Video Technologies, Intertrust Technologies, Irdeto, Kaltura, NAGRA, NEXTSCAPE, Verimatrix, Viaccess-Orca, VUALTO, and WebStream.

“SPEKE is an exciting development for our industry. Building on the CPIX API, it further improves operational efficiencies and reduces both the time and costs involved in launching OTT services,” says Will Law, founding board member and Vice-Chairman, DASH Industry Forum.

“Prior to SPEKE, integration required a custom API tailored to each DRM solutions provider and each individual encoder, transcoder, and packager,” says Michael Callahan, Head of Media Solutions Marketing at AWS Elemental. “This often resulted in delayed new service launches for customers. SPEKE simplifies DRM integration to a single secure API. Any SPEKE-enabled DRM key server works with any SPEKE-enabled encryptor out of the box without the need for proprietary integration.”

Password must contain the following:

A lowercase letter

A capital (uppercase) letter

A number

Minimum 8 characters