I have been trying to encrypt media(Video and audio content) from a nodejs server to a client like android or iOS. I heard of DRM but could not get a reliable implementation of DRM.
I wanted to make my own implementation of protecting my content, But am not sure issues i would have with my implementation.
THIS IS MY IMPLEMENTATION.
Clients like android would first get authenticated from my server, then my server would pass a token to the android client, then this android client would request for the protected media with some request like
id is the video content id and the
token in this case is like the key, if the client doesn't have a valid token then the data will not be given to client.
QUESTION: Will this implementation work, can it protect my content from unauthorised clients, what are some of the drawbacks of using this?
I heard of DRM but could not get a reliable implementation of DRM
There is a good reason for this: DRM is a hard problem, and a solution to it could be leveraged to obtain incredible amounts of money. Doing a cursory search for "why DRM doesn't work" yields an abundance of articles explaining the whats and whys.
To win at DRM, let's say you have some piece of information you want only particular clients to have limited/regulated access to. The problem is that information can be copied, so once a client has received the information in question, you need some way to prevent them from copying it. If they can copy it, then they can save the data for a later time, or share it with others en masse.
Assuming that clients have complete control over the device that receives/displays the information, there is little that you can do to prevent them from copying the information using the device itself.
Practical solutions to DRM include:
Will this implementation work, can it protect my content from unauthorised clients, what are some of the drawbacks of using this?
If your goal is to be the exclusive provider of the protected information, then your implementation probably will not succeed - This not because authenticating clients and associating their permissions with session tokens is no good, but because preventing clients from sharing the information after it has been received is very difficult.
You can prevent unauthorized clients from capturing the content off the network as it streams to the the authorized client by encrypting the content - However, you are still trusting the client to not share/record the content, once it is decrypted.
Drawbacks of DRM measures generally may include a less positive user experience - Successful DRM measures are generally invasive.
External links referenced by this document: