Transcript
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
>> ROGER PANTOS: Good
morning, everyone.
Welcome to this year's
Worldwide Developers Conference.
This is your first real session.
So, welcome.
Today -- thank you.
Today we are going to be talking
about a pretty exciting addition
to HTTP Live Streaming.
You know, we are always looking
at whatever it is that's
preventing you guys
from using HLS to deploy your
content the way you want to,
and content protection, which
is to say allowing your users
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
and content protection, which
is to say allowing your users
to watch your content,
listen to your content
without making unauthorized
use of it,
has always been a really
difficult problem that a lot
of you have had to
sort of contend with.
And, as the bit rates
get higher,
and the resolutions get higher,
those demands are only
going to get louder.
And that's why I am
extremely pleased, finally,
to be able to announce
today FairPlay Streaming.
So what is it?
First and foremost, it is
our best content protection
technology, packaged in a
way that allows you to use it
to protect your HLS content.
Now, it is not new.
We have been working for the
past three years with some
of our major content partners
to help them deploy
FairPlay Streaming
in their apps and on Apple TV.
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
And at this point, it has
been used to protect a lot
of content, including some
of the most popular movies
and television shows
in the world.
Now, you can use it on iOS,
on Apple TV, and on OS X.
Of course, on our mobile
devices, battery life is king.
And so, when we designed
FairPlay Streaming,
every choice we made
was predicated
on giving you good battery life.
The codecs we chose,
the encryption we chose,
how we implemented it, even the
hardware we took advantage of.
And, so, you get great security,
but you also get
great battery life.
And it is also integrated
with AirPlay, seamlessly.
And, so, with full protection.
Now, you may be saying, okay,
well, that sounds pretty good,
but I've got a lot of content.
I mean, is Apple -- how is
Apple going to make me pay
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
I mean, is Apple -- how is
Apple going to make me pay
for this FairPlay
Streaming thing?
Is going to be like
a per movie charge,
per playback, as a flat rate?
We went back and forth on that,
and we eventually did
settle on a flat rate.
Zero. If you guys are paying
your 99-dollar a year developer
fee to us, you will not need
to pay Apple a penny more
to use FairPlay Streaming
as much as you want.
So, now, at this point,
any marketing folks
in the audience are like:
Oh, that sounds awesome!
And the engineer sitting
next to you is like: No,
no, really, what is it?
Okay. So, it is really
very simple.
What we did is, we attacked the
most essential building block
of a DRM system, which
is key protection.
And so FairPlay Streaming
is essentially
and really only a secure
key delivery system.
It's a way to transfer the keys
from your server on the Internet
to the device, and use it on
that device without allowing it
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
to the device, and use it on
that device without allowing it
to be obtained by an attacker so
they can decrypt your content.
We designed it to be easy to
use and also easy to adopt.
We recognized that a
lot of you, particularly
if you are streaming premium
content or subscription content,
you are already talking to
some kind of secure back end.
And so we designed
FairPlay Streaming
so that the delivery
part is agnostic,
the protocol you're using.
If you have got a
secure connection,
you can adopt FairPlay
Streaming extremely easily.
And if you don't, you
can just use HTTPS.
It's a great choice.
Finally, a lot of folks have
asked me about HDCP in the past.
With FairPlay Streaming
is the answer to this.
If your device is
connected to a television
or another external
input, it must be HDMI,
and HDCP must be active
or any FairPlay Streaming
content playback will fail,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
or any FairPlay Streaming
content playback will fail,
no exceptions.
Now, when we designed it,
we knew that there's a lot
of difference, business
rules and logic,
and everybody has
their own flavor.
And so we didn't want to
build a big, complicated thing
and force you into our box.
So we built just the
key delivery mechanism.
We didn't build a big rights
expression language evaluator
or create a long
list of policies
that you need to adhere to.
And that means that if your
business logic requires those
things, you are in control.
You are still the gate keeper.
So, once you give the media
stack a FairPlay Streaming key,
we will play it.
No questions asked.
We will protect the key,
we'll go and play it.
And so, if you need to do
some policy enforcement
or user authentication or
per device slot management,
then you can do that on
top of FairPlay Streaming.
And so again, it goes into
being easy to integrate.
So now let's talk about
some concrete steps.
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
So now let's talk about
some concrete steps.
That's kind of what
FairPlay Streaming gives you.
Let's talk about the steps that
you need to do to adopt it.
Basically there are three steps.
The first one and
probably the largest one is
because FairPlay Streaming is
an online key delivery protocol,
you must be online
to get your key,
and once the playback
stops, the key goes poof.
You need to integrate what
we call a key security module
into your key server.
And so that's the biggest
step, and we'll go into a lot
of detail about that
in a second.
But the second thing is, then
you need to add a little bit
of code to your application,
called an AV asset
resource loader delegate.
And that code is going
to be responsible
for relaying the key
requests from AV foundation
to your back end, and then
returning the response
from your back end
back to AV foundation.
Then finally what you need to
do is, prepare your content.
And that means you
need to encrypt it,
using the AES Sample encryption.
This is the format
that we introduced, oh,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
This is the format
that we introduced, oh,
three years ago, coincidentally.
And so, rather than the
traditional bulk entire segment
encryption that HLS
is using originally,
this just encrypts small slices
of each sample and it ensures
that we can drive the decryption
down to the lowest
level of the system.
And so you need to pick a
content key, store that away
in your back end database,
encrypt your content,
and then put a reference to that
key into your playlist so that
when you your little bit
of code receives a request
for that key it knows which
one to ask your back end for.
And so what I would like
to do next is have us go
into greater detail on
all three of those steps.
And to do that, I would like to
introduce a colleague of mine
who works on the FairPlay
team, Gianpaolo Fasoli.
Welcome.
[Applause]
>> GIANPAOLO FASOLI:
Thank you, Roger.
Good morning, everyone.
My name's Gianpaolo Fasoli,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
My name's Gianpaolo Fasoli,
and I am a FairPlay
Streaming Engineer at Apple.
So, with Roger's overview in
mind, I'd like to talk to you
about what it takes to design
a FairPlay Streaming system.
And the first thing I'm going
to talk about is the purpose
and the importance
of what we refer
to as the FairPlay
Streaming credentials.
Next up, I'm going to
identify the actors
in the system and
the data flows.
Then I'm going to talk
about what Apple provides
in the things that you are
going to build and in the things
that you are going to build,
we're going to start by talking
about the server side and how
to integrate the key security
module that Roger was talking
about into your key server.
We're going to talk about
how to test that integration.
We're going to move on to
the client side and how
to integrate FairPlay
Streaming into your application,
and then we're also
going to be talking
about the updates you
are going to be making
to your content authoring
workflow, in order to encrypt
that content and
verify the changes
that you are making
to your workflow.
So when we talk about
FairPlay Streaming credentials,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
So when we talk about
FairPlay Streaming credentials,
the reason we have those is
so that we can differentiate
your FairPlay Streaming
deployment from other FPS
deployments out there.
And the reason they are required
is because you need them
so that your customers can
actually play their content
on the customer devices.
For those reasons,
it is critical
that you protect those FairPlay
Streaming credential assets
at all times, when they are
deployed in your server,
and when they're
used in your server.
Make sure they are protected.
So now moving on to the diagram,
we've got the server components
on the left-hand side,
namely your key server
that has the FairPlay Streaming
key security module integrated
in it; the key database that
contains the content key values
that were used to
encrypt your streams.
And then on the right-hand side
we've got the client actors,
namely your application,
the AVFoundation Delegate
Roger was talking about,
and AVFoundation that's provided
us part of the operating system
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
and AVFoundation that's provided
us part of the operating system
with our iOS or Mac OS X.
So lLet's talk about
what happens
when the user hits play
in your application.
First thing that's
going to happen is,
your application is going
to invoke AVFoundation
and provide it with the m3u8
URL to the encrypted content.
AVFoundation is going to pull
that playlist from the Internet,
it's going to parse
it, and when it notices
that the content is encrypted,
it is going to call back
into your delegate, telling it
that it needs a key
to play the content.
The delegate is going to
handle that by calling
into AVFoundation and asking
it to create what we refer
to as the Server
Playback Context.
In FPS parlance we
use SPC for short.
And what that is,
is a key request
that your delegate then is
going to post to your key server
in order for the key
server to do its job
and deliver the content key.
What is important to note here
is that the SPC is created
in a FairPlay Streaming
delivery context on the client.
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
in a FairPlay Streaming
delivery context on the client.
And that is a session-specific
context that only
that device was able to create,
for which that device
will only be able
to process the response
from the server.
It is tied to the device
and to that session.
So then your server is going
to make use of the KSM to crack
that SPC queue request open,
validate it from a format point
of view and from a
cryptographic point of view,
and look up the corresponding
content key
in the key server database.
It's going to then wrap
that content key value
into what we refer to as
a content key context,
or CKC for short,
and the last step
that your app delegate
is going to perform,
is provide that CKC
back to AVFoundation.
So, at this point the device
has everything it needs
to decrypt and play the content.
So now that we've covered
the actors and the data flows
in a FairPlay Streaming system,
let's talk about
what Apple provides.
We provide AVFoundation,
of course.
And part of AVFoundation in
iOS and Mac OS is the API
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
And part of AVFoundation in
iOS and Mac OS is the API
that you are going to be using
to implement the delegate.
Another thing we provide is
the FairPlay Streaming SDK
on developer.apple.com.
And that SDK contains a
certain number of things.
First of all, it contains
a protocol specification
that has all the
details on how the SPC
and the CKC messages
are formatted,
and which cryptographic
primitives you are going to use
to process the incoming
key requests
and also generate
the key response.
It contains a key security
module server reference
implementation in NCC.
It contains a full suite
of server test vectors
and validation tools
that you can use
for your server development.
It contains some
client-side example content.
And the last bit it contains is
a set of client example code.
So the responsibilities of your
key server are going to be,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
So the responsibilities of your
key server are going to be,
as Roger pointed out, first
of all, the decryption
and the validation of
the SPC key request.
Then it is going to look
up the content key based
on the asset identifier that
the customer wants to play,
and then it is going to
produce the CKC response.
It's the first and third
operation that are going
to be taking place in your KSM.
And the way you go about
implementing that is two fold.
You can either decide
to implement the logic
from scratch using the protocol
specification that's provided
in the FPS SDK.
Or you can just take the
C reference implementation
and customize it either by
using your language of choice
or by integrating it directly
into your existing key server.
So now that that's integrated,
let's talk about how you
are going to test the KSM.
Well, the first thing we
recommend you do is obviously
use the supplied test vectors
that are part of the SDK
to validate the correctness
of the responses
that your KSM is
going to produce.
And the way you go about doing
that is using the
supplied SPC test vectors,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
that is using the
supplied SPC test vectors,
feed them to your
KSM implementation,
and then run the output
CKC that your KSM produced
through the validation tool to
make sure they are correct both
from a cryptographic
point of view
and from a format point of view.
It is important to note that
the test vectors we provide
in the SDK are based on
development credentials.
And they are there exclusively
for your development effort.
They cannot be used
to deploy a solution
to live customer devices.
To do that you're going to
need production FairPlay
Streaming credentials.
So now that we've talked
about the server side,
let's talk about
the client side.
What does it take to
integrate FairPlay Streaming
into your application?
Well, the first thing
you're going to want
to do is register an AV asset
resource loader delegate
with AVAsset, and
the responsibilities
of that delegate are three fold.
The first thing it's going to
be doing is generating the SPC.
And you do that by
implementing these two steps.
You're first going to handle
'should wait for loading
of requested resource'
for the key requests.
And then second of
all you're going
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
And then second of
all you're going
to call 'AVAsset resource
loading request streaming
content key request data
for app' to produce the SPC.
Once you've got that SPC
in hand, you're going
to send it to your key server.
And when your key server
responds, you're going
to provide the CKC response
to 'AVAsset resource
loading request.'
So we've got the
server side implemented;
we've got the client
side implemented.
Let's talk about
the workflow updates
in your content authoring.
What are you going to have
to do to encrypt the content?
Well, the first thing you should
do is go pull the HLS Sample
Encryption specifications
from developer.apple.com,
and that will provide you with
all the details you need to know
about encrypting the bit stream
itself, whether audio or video.
Once you have got that bit
stream encrypted you're going
to have to update the
m3u8 playlist to signal,
first of all, what type of
encryption mode you use.
And that, you do that by
setting the method tag
in the m3u8 playlist
to Sample-AES.
Another signal you want to
send to the client is the fact
that you want to use FairPlay
Streaming for the key delivery.
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
that you want to use FairPlay
Streaming for the key delivery.
And the way you do that is
an update to another tag
in the m3u8 playlist,
that's the key format tag,
you want it to set it to
com.apple.streamingkeydelivery.
The fact that we've deployed it
for over three years now means
that there's quite some
third-party support
in the encoders out
there right now.
And you can choose to go with
one of those as an alternative
to making updates to
the workflow yourself.
Once you have got your workflow
updated, here is how you go
about checking the correctness
of that encryption workflow.
You can do basically
two comparisons.
But they both start
in the same way.
You start by taking a
clear text piece of content
from the sample SDK and run
that through your new workflow.
And then you can
compare it either
to the same encrypted asset in
the SDK, or you can compare it
to an encrypted version
of that asset that you run
through the HLS media
file segmenter.
The reason why the second
point is interesting is
because you can do it with
your own content as well rather
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
because you can do it with
your own content as well rather
than the sample content.
So now that we've talked
about what it takes
to develop the client
side and the server side,
and updates to your
workflow, that leads us
to functional local playback.
I would like to now talk to you
about FairPlay Streaming
support in AirPlay.
And the support we have
for FairPlay Streaming
and AirPlay is through
the AirPlay video path.
And what that means is
that when you transition
from local playback in your
application to the Apple TV,
it is actually the Apple
TV that is pulling the bits
from the Internet, right?
It is not the sender
device anymore.
And the good news here is that
no new additional code needs
to be written either
in your application
or on the server side.
The KSM supports processing
increment key requests,
both whether they are
coming from an Apple TV
or from an iOS device.
To be clear, the SPC is still
generated on the Apple TV
and the CKC response that your
key server is producing will
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
and the CKC response that your
key server is producing will
also be processed
on the Apple TV.
However, your app
is still responsible
for relaying the messages
between the Apple TV
and the key server.
So the sending device
has to be present.
This gives us the same level
of security as local playback
because the SPC and CKC
messages both originate and end
on the device that is
actually playing the content,
the Apple TV, in this
case, in the AirPlay case.
One important point
to note is the fact
that FairPlay Streaming
content will not be rendered
in AirPlay Mirroring mode.
That also applies to
screen shots and recordings
for FairPlay Streaming
content that's played
on your local device.
So now that we've
spoken about how
to consume the content locally
on your app or through AirPlay,
I'm proud to announce this year
that we are adding FairPlay
Streaming support to El Capitan.
And the way we go about,
the way you would go
about integrating this
into your website is
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
through the encrypted media
extensions that are part
of HTML5, that's a
W3C specification
that you can download
on their website.
The way you go about
integrating with EME is
by writing your key
delivery code in JavaScript
on your website, and
we provide an example
of such an implementation
in the SDK.
It is more of a snippet.
The good news here is
that both on the KSM side
and on the AirPlay side there
is no new code that is needed.
It will work out of the box
and everything is fully
supported once you have got your
JavaScript written.
So now let's talk about the
JavaScript you are going
to be writing to add support
for FairPlay Streaming
in your Webpage.
The first thing you're going
to do is set the m3u8 URL
as a source attribute of the
HTML5 video tag as you would
for a non-encrypted
piece of content.
Then you are going to
add an event listener
for the Web kit need key
call to the video element.
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
for the Web kit need key
call to the video element.
That event listener
when triggered is going
to set the EME content
decryption module
to FairPlay Streaming.
It is also going to create
a key session on video/MP4
to relay the messages
between the key system
and your key server.
And you're going to
add an event handler
for web kit key message
to that key session.
That event handler is going to
be the one that's responsible
for sending the SPC key
request to your key server
and then processing
the CKC response
by updating the key session.
In terms of the data flow,
we've got very similar actors
on the left-hand side.
We have the same ones
on the right-hand side.
We have got Safari now
that Apple provides,
along with the EME stack.
Within Safari we have got
your site, and the new piece
of JavaScript code that
you are going to be writing
to support FairPlay
Streaming content playback
in your website.
Let's talk about what happens
when the user hits
play in Safari.
So, the user hits play.
The first thing that is going
to happen is, obviously,
the m3u8 is going to hit
the EME and AVFoundation
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
the m3u8 is going to hit
the EME and AVFoundation
in the operating system,
and EME is going to notice
that the content is encrypted,
which is going to cause it
to trigger the Web
kit need key message
that your event listener
is going to receive.
Then your event listener is
going to create the key session
and is going to wait for
the Web kit key message,
which in turn is going
to trigger the handler,
and that handler is
going to receive the SPC,
send it over to your key server,
which is going to process it
as usual, pull the content key
and then create the content key
response, send that CKC back
to your JavaScript, which
will provide it back
down to the EME layer
for playback.
As Roger described, we've had
this solution deployed now
for over three years, and over
the years we've learned a few
tips and tricks on how to
troubleshoot integrating issues
with FairPlay Streaming.
And the typical issue
you may be facing,
if unfortunately something goes
wrong with your integration,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
if unfortunately something goes
wrong with your integration,
is that content doesn't play.
So how do you go about
debugging that situation?
Well, one thing we
recommend you do is --
and this is for debug purposes
only, we don't recommend
that you do this in a
production environment, but --
set your key format tag in
the m3u8 playlist to identity,
instead of
com.apple.streamingkeydelivery.
What this does is, it allows
the same content to get
to your client, but
instead of decrypting it
with FairPlay Streaming,
it decrypts it
with a clear text AES key.
And what we end up is either
in one of two situations.
Your content is still
not playing,
in which case this is probably
facing a content authoring
issue, and those
issues typically fall
into one of four buckets.
Either your sample of
encryption has an issue and in
that case I'd refer you
to the HLS Sample
encryption specification.
It could be an issue with
your PAT/PMT audio set up.
Those are steps that you need
to perform on audio streams
that are encoded,
that are encrypted
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
that are encoded,
that are encrypted
with FairPlay Streaming.
There are a few metadata
updates that need to happen.
It may be the case that
you are not using one
of the supported codecs.
And as Roger mentioned earlier,
what we support right now
in FairPlay Streaming is
H.264, AAC, and encrypted AC3.
Last but not least, it may be
you are rotating your content
key on something that
isn't an HLS segment.
So we recommend that you rotate
your keys either on HLS segments
at the most granular level
or you can also decide
to change your content key
value on a bit rate switch.
If your content is playing after
you update the key format tag
to identity, you are probably
facing a key delivery issue.
And in that case, what you
want to do is you want to trace
through the data
flow that we went
through in the earlier
diagrams, and make sure
that the SPC is properly
generated by the client,
that it's sent to your server,
that your server can process
that key request
without any failures,
that your server is looking up
the right key in the database,
that your server is also capable
of packaging the content key
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
that your server is also capable
of packaging the content key
into content key response,
and that the client is able
to process that without
any errors.
So, now that we went
over all the various ways
of consuming FairPlay Streaming
content in the Apple ecosystem,
I would like to hand it back to
Roger to wrap the session up.
Thank you very much
for your time.
[Applause]
>> ROGER PANTOS:
Thanks very much, GP.
So, let's do a quick recap here.
FairPlay Streaming for HTTP
Live Streaming, it provides you
with industrial strength
tools to protect your content
with HTTP live streaming.
You have got it available
on iOS,
on Apple TV, and now on OS X.
iOS, it's available since iOS
6, so there's a fair amount
of backward compatibility,
and also on Apple TV.
OS X is a little bit newer, and
so you can come down and talk
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
OS X is a little bit newer, and
so you can come down and talk
to us in the labs, and we
will give you the entire scoop
on where you can use it.
It has been deeply
integrated into the OS.
That means that it is down
as low as we can get it,
as secure as we can make it.
It is as power efficient
as we can do.
And so it gives you
great battery life
as well as great security.
And it also supports all
of our ecosystem features
such as AirPlay, such as HDCP,
HTML5, and we will continue
to do so as we roll out
new features going forward.
So, what's next?
First stop is our new
FairPlay Streaming portal
on developer.apple.com.
It's live now, so you
can go there, you know,
you can go there right now.
And you can, from there
you can download the SDK.
You can look at the
overview document
that gives you a little bit
of a deeper insight into some
of the details of
FairPlay Streaming.
And you can also,
through that site,
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
And you can also,
through that site,
apply for your production
developer credentials
that are necessary for you to
do your round trip playback
to an actual iOS
device or Safari.
And the next thing, and I
should also mention, actually,
that on that site, on
that landing page there,
there may be some of you who
don't have an existing back end
or are a little bit
intimidated by the idea
of integrating FairPlay
Streaming into that back end.
So on that landing page
we have a little list
of integration partners we've
worked with, folks like Irdeto,
folks like Adobe, who have
set up some support for folks
who wish to use FairPlay
Streaming
to protect their HLS content.
And so I would recommend
checking
out those folks as well.
If you feel like you
need a little bit
of help getting FairPlay
Streaming up
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
of help getting FairPlay
Streaming up
and running for your content.
It is, it's, I think
it's pretty easy to do,
but not everyone is
in that business.
And so there's help for
you there if you need it.
Also, if you would like to
get HLS and FPS working,
and it feels a little bit
like there're still questions
or you've tried it and
you've got some problems,
if you are not at WWDC,
then your best first stop
is our developer forums.
And we've actually
set up, I believe it's
in the beta section
right now, but we've set
up a new forum specifically
for FairPlay Streaming.
And so check that out.
If you are running
into a problem
or you have got a question,
there's pretty good odds
that somebody else has had the
same question, same problem,
and you might just be
able to find the answer
by looking in the forums.
Failing that, there
is, of course,
your friendly neighborhood
developer tech support
representative who will be happy
to assist you for a small fee.
X-TIMESTAMP-MAP=MPEGTS:181083,LOCAL:00:00:00.000
I think that's it.
Thank you again for coming.
And have a great show!
[Applause]