Unified Streaming integration

The purpose of this guide is to help you integrate Unified Streaming Origin with the Cloud DRM service. Cloud DRM supports the CPIX 2.3 specification, which enables secure encryption of your content.

Overview

Unified Streaming Origin uses the CPIX 2.3 specification for secure content protection. This integration requires a complete CPIX document that provides the encryption keys and DRM configurations necessary for content protection.

The Cloud DRM service allows you to generate a CPIX document via its API, simplifying the encryption setup process.

Step 1: Obtain a CPIX Document

To obtain a CPIX document from Cloud DRM:

Create a Source CPIX Document
Begin by creating a source CPIX document with the desired encryption configuration. Below are examples of basic CPIX documents for Widevine, PlayReady, and FairPlay.

Example: CPIX Document for Widevine and PlayReady


<?xml version="1.0" encoding="utf-8"?>
<CPIX xmlns="urn:dashif:org:cpix" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
    xsi:schemaLocation="urn:dashif:org:cpix cpix.xsd"
    contentId="content01-dash" version="2.3">
    <ContentKeyList>
        <ContentKey kid="caa47a61-e66f-4b4f-b0a8-da90bf62f82b" commonEncryptionScheme="cenc" />
    </ContentKeyList>
    <DRMSystemList>
        <DRMSystem kid="caa47a61-e66F-4b4f-b0a8-da90bf62f82b" systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" />
        <DRMSystem kid="caa47a61-e66F-4b4f-b0a8-da90bf62f82b" systemId="9a04f079-9840-4286-ab92-e65be0885f95" />
    </DRMSystemList>
    <ContentKeyUsageRuleList>
        <ContentKeyUsageRule intendedTrackType="ANY" kid="caa47a61-E66F-4b4f-b0a8-da90bf62f82b" />
    </ContentKeyUsageRuleList>
</CPIX>

Example: CPIX Document for FairPlay


<?xml version="1.0" encoding="utf-8"?>
<CPIX xmlns="urn:dashif:org:cpix" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
    xsi:schemaLocation="urn:dashif:org:cpix cpix.xsd"
    contentId="content01-hls" version="2.3">
    <ContentKeyList>
        <ContentKey kid="22b3d916-7300-4df7-8e46-c4a6c0e05ef0" commonEncryptionScheme="cbcs" />
    </ContentKeyList>
    <DRMSystemList>
        <!-- FairPlay -->
        <DRMSystem kid="22b3d916-7300-4df7-8e46-c4a6c0e05ef0" systemId="94ce86fb-07ff-4f43-adb8-93d2fa968ca2" />
    </DRMSystemList>
    <ContentKeyUsageRuleList>
        <ContentKeyUsageRule intendedTrackType="ANY" kid="22b3d916-7300-4df7-8e46-c4a6c0e05ef0" />
    </ContentKeyUsageRuleList>
</CPIX>

Send the Source CPIX Document to Cloud DRM
Use the following curl command to send the CPIX document to the Cloud DRM endpoint and retrieve a response:


curl -H "Authorization: Basic [AUTH]" \
     -H "Content-Type: application/xml" \
     -X POST "[KMS_CPIX_Endpoint]" \
     -d '[CPIX_Document]' \
     --output output.cpix

Replace the placeholders: [AUTH] – Your Basic Auth credentials (Base64-encoded login:password) from the Cloud DRM web console. [KMS_CPIX_Endpoint] – The CPIX endpoint from the console (DRM -> Configuration -> KMS -> API -> CPIX). [CPIX_Document] – The source CPIX document.

Bash curl example CPIX request response

Locating Basic Auth Credentials

Find the Basic Auth credentials in the DRM Configuration section of the Cloud DRM console.

DRM -> Configuration -> KMS Cloud Video Kit console

Authentication -> Basic Auth Cloud Video Kit Basic Auth

Step 2: Encrypt Content Using the Generated CPIX Document

Once you have the CPIX document response from Cloud DRM, you can use it to encrypt your content. Below are examples of how to pass CPIX to Unified Streaming Origin for Docker and Standalone installations.

Example: Docker Installation

For Docker installations, use the following command:


docker exec -it -w /var/www/unified-origin origin \
    mp4split -o tears-of-steel-drmdemo2.ism \
    --mpd.cpix=output.cpix \
    --hls.cpix=output.cpix \
    tears-of-steel-aac-128k.mp4 \
    tears-of-steel-ac3-448k.mp4 \
    tears-of-steel-avc1-750k.mp4 \
    tears-of-steel-avc1-1000k.mp4 \
    tears-of-steel-avc1-1500k.mp4 \
    tears-of-steel-en.cmft

This assumes the container is named origin.

Example: Standalone Installation

For standalone installations, use the following command:


mp4split -o tears-of-steel-drmdemo2.ism \
    --mpd.cpix=output.cpix \
    --hls.cpix=output.cpix \
    tears-of-steel-aac-128k.mp4 \
    tears-of-steel-ac3-448k.mp4 \
    tears-of-steel-avc1-750k.mp4 \
    tears-of-steel-avc1-1000k.mp4 \
    tears-of-steel-avc1-1500k.mp4 \
    tears-of-steel-en.cmft

Advanced CPIX Configuration

For more advanced configurations and features supported by Unified Origin, refer to the https://docs.unified-streaming.com/documentation/drm/cpix_intro.html

Overview​

Step 1: Obtain a CPIX Document​

Example: CPIX Document for Widevine and PlayReady​

Example: CPIX Document for FairPlay​

Locating Basic Auth Credentials​

Step 2: Encrypt Content Using the Generated CPIX Document​

Example: Docker Installation​

Example: Standalone Installation​

Advanced CPIX Configuration​