1 bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5
2 2008 Adobe Systems Incorporated. All rights reserved. Adobe Flash Media Rights Management Server 1.5 Overview for Microsoft Windows, Linux, and UNIX Edition 1.2, November 2008 If this guide is distributed with software that includes an end user agreement, this guide, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. Except as permitted by any such license, no part of this guide may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written permission of Adobe Systems Incorporated. Please note that the content in this guide is protected under copyright law even if it is not distributed with software that includes an end user license agreement. The content of this guide is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Adobe Systems Incorporated. Adobe Systems Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide. Please remember that existing artwork or images that you may want to include in your project may be protected under copyright law. The unauthorized incorporation of such material into your new work could be a violation of the rights of the copyright owner. Please be sure to obtain any permission required from the copyright owner. Any references to company names, company logos and user names in sample material or sample forms included in this documentation and/or software are for demonstration purposes only and are not intended to refer to any actual organization or persons. Adobe, the Adobe logo, Adobe AIR, Flash, and LiveCycle are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Java is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Mac OS is a trademark of Apple Inc., registered in the United States and other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. UNIX is a trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. All other trademarks are the property of their respective owners. Protected by U.S. patents 5,200,740; 5,233,336; 5,255,357; 5,929,866; 5,943,063; 6,563,502; 6,754,382; 7,002,597; 7,006,107; 7,071,941; 7,305,617; 7,333,110; 7,353,287; 7,434,048. Patents Pending in the U.S. and/or other countries. This product contains either BSAFE and/or TIPEM software by RSA Security Inc. This product includes software developed by the IronSmith Project (http://www.ironsmith.org/). Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, USA. Notice to U.S. Government End Users. The Software and Documentation are Commercial Items, as that term is defined at 48 C.F.R , consisting of Commercial Computer Software and Commercial Computer Software Documentation, as such terms are used in 48 C.F.R or 48 C.F.R , as applicable. Consistent with 48 C.F.R or 48 C.F.R through , as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished-rights reserved under the copyright laws of the United States. Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA , USA. For U.S. Government End Users, Adobe agrees to comply with all applicable equal opportunity laws including, if appropriate, the provisions of Executive Order 11246, as amended, Section 402 of the Vietnam Era Veterans Readjustment Assistance Act of 1974 (38 USC 4212), and Section 503 of the Rehabilitation Act of 1973, as amended, and the regulations at 41 CFR Parts 60-1 through 60-60, , and The affirmative action clause and regulations contained in the preceding sentence shall be incorporated by reference.
3 Contents About this document... 4 Who should read this document?... 4 Additional information Key features... 5 Workflows... 5 Content integrity... 6 Identity-based licensing... 6 How Flash Media Rights Management Server works... 6 Administration Console... 8 Flash Media Rights Management Server packaging... 8 Flash Media Rights Management Server CLIs... 8 Content distribution... 9 Content consumption... 9 Typical deployment scenario... 9 System requirements...10 Hardware requirements...10 Third-party infrastructure support...10 Media player client...10 Policies
4 About this document Adobe Flash Media Rights Management Server provides content distributors with the ability to protect FLV and F4V files that are delivered to Adobe Media Player and Adobe Air applications. This document provides an overview of Flash Media Rights Management Server. Who should read this documentation set? This documentation set provides information for two primary audiences: IT administrators: Gets the system up and running, and maintains scalability, availability, reliability, and so on. Content publishers: Uses the system to protect their content and manage the rules. Additional information The resources in this table provide additional information about Rights Management Server. For information about The Flash Media Rights Management Server solution, development environment, run-time environment, and each Rights Management Server component Installing, configuring, and deploying Flash Media Rights Management Server Managing administrative users and user roles Customizing and configuring Flash Media Server The Java interfaces and classes used to create custom service providers Securing video content and playlists by using the Flash Media Rights Management Server command line tools and Java APIs Delivering content in Adobe Media Player Using Adobe Media Player to find and view content See Overview Installing and Deploying Flash Media Rights Management Server User Management Help Adobe Flash Media Server Administration and Configuration Guide Adobe Flash Media Rights Management Server API Reference Securing Video Content Adobe Media Player Content Developer Kit Adobe Media Player Help 4
5 1 What s new With Adobe Flash Media Rights Management Server, you can protect media content that is delivered to Adobe Media Player and Adobe Air applications. This cross-platform solution easily integrates into your existing network and allows you to maintain more control of audio and video content no matter how widely it is distributed. Flash Media Rights Management Server helps protect and monetize content with confidence and provides the flexibility to manage how and where your media is experienced. Flash Media Rights Management Server gives content distributors the ability to rapidly distribute content and recuperate production costs through direct (user-paid) or indirect (advertising-paid) compensation by their consumers. Flash Media Rights Management Server also gives consumers the flexibility to view this content as they have with traditional media but also with access to more online media and a viewing experience that is intuitive, non-intrusive, convenient, and engaging. Using Adobe Air, developers can develop their own custom media players. Using the service provider interface (SPI) on the server, developers can automate Flash Media Rights Management Server capabilities, including authorization and authentication, and integrate the authorization engine into the customer environment. The following features have been added to Flash Media Rights Management Server. A Java API has been added so that you can automate the functionality within the command-line tools for securing content. It is now possible to fetch the license as soon as the user downloads the content rather than when the user starts playback. This will help customers to have offline access to content. Multi-tenant deployment has been added so that you can host a single LiveCycle ES server or a server cluster that provides licenses to multiple content publishers. You can configure a playback window to specify the playback time within the expiration period. 5
6 Overview Key features 6 Key features Flash Media Rights Management Server has these key features: Identity-based licensing: Tie permissions to specific user identities, preventing consumers without proper permissions to view the content. Multiple authorization levels per content package: Designate different authorizations for various pieces of a content package. For example, retailers may want to make a single FLV file in a playlist freely available but charge for the remaining content. Offline viewing: Let consumers view content offline, as well as online. Offline viewing is still subject to Automated Audit and Analytics. User authentication: Authenticate against existing retailer systems. This is part of identity-based Flash Media Rights Management Server. Horizontal server scaling: Scale servers horizontally for performance, reliability, and redundancy. Java API: Automate usage of the command-line tools for securing content. Server-Side SPI: Automate Flash Media Rights Management Server capabilities (including authorization and authentication) and integrate the authorization engine into your environment. Multi-tenant deployments: You can host a single LiveCycle ES server or a server cluster that provides licenses to multiple content publishers. Reach as many people as possible: Protect content almost anywhere due to the platform independence of Adobe Media Player and Adobe AIR applications. Cross-platform content delivery: To help simplify your publishing efforts, you can deliver content across Microsoft Windows and Mac OS platforms to users who use Adobe Media Player, which provides feature-rich playback or Adobe AIR applications to deploy rich internet applications (RIAs). Content protection with Adobe Media Player: Help ensure that advertisements cannot be replaced or removed, and that content cannot be reused or remixed without your consent. Persistent content protection: Help protect access to your media whether the user is online or offline, even after the content is shared. Precise usage control: Specify a range of parameters that let you assign initial access and expiration dates to a file, limit access to an individual or group, or any combination. Dynamic rights management: Stay in control with the flexibility to change usage rights even after a file is distributed and the ability to leverage access rights from an existing content management system. Offline access auditing: Track usage of your content when viewed through Adobe Media Player or Adobe AIR applications, even when consumers are offline. Monetize content: License assets according to the identity of the consumer and explore revenue-building distribution models, including rental arrangements for limited usage or download-to-own licensing with fewer restrictions. Security solution integration: Take advantage of tight integration with Adobe Media Player and Adobe AIR applications for a complete media deployment solution and the flexibility to work smoothly with existing access protocols, including LDAP and Active Directory, as well as custom portal management environments.
7 Overview Video rights management 7 Video rights management With video rights management, the content publisher can protect content with user credentials. For example, a consumer wants to download a television program but does not want to watch the accompanying advertisements. To avoid watching the advertisements, consumers pay the content publisher a premium. They download the program from the content publisher s website to their Adobe Media Player, which caches their user credentials. After the program is downloaded, they only have to open it to view it at any time, even when offline. The content, however, is protected by user credentials and cannot be shared with other users. Adobe AIR application developers can also incorporate encrypted content in their custom applications. To enable this workflow, the content publisher runs Media Packager on the unprotected content and specifies protections. The protected content can then be distributed. When a user tries to play the content, Flash Media Rights Management Server contacts the content publisher s system through their service provider interface (SPI) to query whether the user is allowed access to the content and, if so, for how long. As such, user credentials are mandatory. However, video rights management also supports anonymous access. The policy determines whether anonymous access is allowed and how it is applied. A policy is a collection of information that can include confidentiality settings and a list of authorized users. The list of authorized users is not embedded in the encrypted content. The confidentiality settings that are specified in a policy determine how a recipient can use the media file to which the content publisher applies the policy. A policy also enables the permissions on a media file to be changed dynamically. It enables content publishers to change the security setting, revoke access to the media file, or switch the policy. Using policies, content publishers can assign the following properties to media files: Optional start and end dates Number of days to cache the license for offline viewing in Adobe Media Player or the Adobe AIR application List of approved playback application IDs (optional) Authentication domain (required for credentials) Configurable playback window Policies are stored in the Policy database on the server for Flash Media Rights Management Server. Policies use the SPI for authorization. How Flash Media Rights Management Server works Flash Media Rights Management Server comprises four main components in which the life of a piece of content, as well as the life and security handling of its keys and licenses, are described in the following sections: LiveCycle Administration Console Flash Media Rights Management Server packaging Content distribution Content consumption
8 Overview LiveCycle Administration Console 8 The following illustration shows how major components interact with Flash Media Rights Management Server. Red indicates a Flash Media Rights Management Server component. LiveCycle Administration Console Adobe LiveCycle Administration Console gives administrators access to tools so that they can configure and manage users, groups, and roles. For content publishers who require their customers to have credentials to access content, Flash Media Rights Management Server must be configured to authenticate the customers. IT administrators use the Domain Management user interface in LiveCycle Administration Console to configure user authentication. After the customer credentials are created, they are stored in the content publisher s database. To authenticate a customer s credentials, an interface between Flash Media Rights Management Server and the content publisher s database must be developed by using the Flash Media Rights Management Server SPI. (See Developing Service Providers.) To use Rights Manager and Media Packager for Flash Media Rights Management Server packaging, users require a special role, specifically, the Services User role. IT administrators assign this role by using the User Management web pages in LiveCycle Administration Console.
9 Overview Flash Media Rights Management Server packaging 9 Flash Media Rights Management Server packaging In Flash Media Rights Management Server packaging, a policy, dynamically generated or preexisting, is applied to content (FLV and F4V files). Media Packager invokes LiveCycle Rights Management ES to encrypt the content, which includes these tasks: Obtaining a certificate from Adobe (used to sign the encryption metadata) Fetching the policy for the content Creating a license for the content and a unique content encryption key Storing the binding between the content and the encryption key in its database Returning the license/policy/content encryption key to Media Packager After Rights Management ES returns the policy, license, and content encryption key, Media Packager embeds the policy and license into the FLV file or F4V file and encrypts the file body by using the content encryption key. (The encryption key is unique for that particular content and Media Packager discards it after encryption.) Media Packager then stores the encrypted FLV file or F4V file at the path specified on the command line. The retailer s order management system uses the content identifier in the license to determine in real time whether a user should have access to the FLV or F4V file. A license can be requested from the server for a particular computer. When the license is downloaded, it cannot be used on another computer. Note: Because Flash Media Rights Management Server encrypts the file format itself instead of the entire file, metadata remains unencrypted and therefore search engines can still search the file. Flash Media Rights Management Server packaging tools Flash Media Rights Management Server packaging comprises command-line interface tools as well as a Java API that allow content distributors to create and apply Flash Media Rights Management Server policies to encrypt and sign their content. The following tools are available: Rights Manager Media Packager Rights Manager Using Rights Manager, administrators can create, list, view details of, and update policies. With the Rights Manager command line interface, users can specify options on the command line and in the fmrmstools.properties configuration file. Media Packager Using Media Packager, administrators can encrypt FLV files and F4V files and associate a policy with the file. Encrypting files prevents unauthorized users from viewing them. Using the Services User role, users can specify options on the command line and in the fmrmstools.properties configuration file when using the command line interface. Media Packager requires credentials, which are distributed by Adobe.
10 Overview Content distribution 10 Content distribution The content publisher makes the content available for downloading. The content is distributed by using either Flash Media Server or the HTTP server. Content distribution is initiated when either a Flash Media Server or HTTP server fetches the encrypted content. The Flash Media Server streams or the HTTP server transfers the content to Adobe Media Player or a custom Adobe AIR application. Neither Flash Media Server nor the HTTP server needs to decrypt the content. HTTP servers do not inspect the FLV file. Content consumption Content publishers can allow consumers to access encrypted FLV files anonymously or they may require credentials. If the publisher requires credentials, the consumer has likely purchased access to the content. The content publisher can choose to have the content expire a set number of days after it is downloaded, and can specify the permitted playback time. Each consumer who downloads the content then has a set number of days to view it within the specified playback time period. Both the expiration period and the playback period are specified as properties in the policy. It is enforced by setting the expiration date on the voucher. The client tracks playback and determines the appropriate expiration date. The consumer opens secured content in Adobe Media Player or in a custom Adobe AIR application. If the consumer is online, the Flash Media Rights Management Server client checks to see whether it has a cached voucher for the content. If it does, the client gets the key from the voucher. If the client does not have a cached voucher for the content, it contacts the Flash Media Rights Management Server. If the consumer is offline and has previously accessed the content, Adobe Media Player or the Adobe AIR application will have a cached voucher that allows access. Regardless of whether the client is online or offline, the client always looks for a cached voucher first. If the client does not find a cached voucher, it tries to contact Flash Media Rights Management Server to download a voucher. Content publishers can decide whether they want to allow vouchers to be cached on the client and, if so, for how long. These parameters can be set when the policy is created. It is also possible to provide different voucher-caching characteristics for different users by setting the expiration in the custom external authorizer. Protecting licenses To prevent licenses from being stolen over the network, all communication between the client and server takes place over Secure Socket Layer (SSL), and all requests and responses for retrieving licenses have replay protection built in through the use of nonces. The client includes the nonce in the request, and the server includes the same nonce in the response and signs the response. The client verifies the signature and nonce before accepting the license. These measures protect against the theft of a license from one response and replaying it in another request/response. To prevent licenses from being stolen from the license store, every license store has a unique 128-bit AES key that is used to encrypt the entire contents of the license store. This license store key is stored persistently by using DPAPI on Windows and KeyChain on Mac OS, and is also bound to the device to prevent license store lifting. In addition, every license carries the name of the user to whom it was issued to discourage users from sharing licenses.
11 Overview Typical deployment scenario 11 Typical deployment scenario A typical deployment scenario is to have Flash Media Rights Management Server installed on a different computer than Flash Media Server or HTTP server. The other components of Flash Media Rights Management Server, such as Media Packager and administration tools, can be installed elsewhere. For maximum scalability, Flash Media Rights Management Server and the customer s ID management and order management systems should be as close as possible.