We are very excited to announce that AES dynamic encryption is also now available in Azure Media Services for your live streams. With Azure Media Services, you can configure AES dynamic encryption and deliver the encrypted live stream with our supported streaming protocols, such as Http-live-streaming (HLS), Smooth Streaming and MPEG-DASH.
At a high level, here is how it works:
- Set an AES key, key authorization policy and content delivery policy on the asset you want encrypted. One of the options we provide for key authorization is token authentication, when used the client requesting the key must first supply a valid token in order to be issued the key.
- As mentioned above dynamic encryption can be chained with our existing dynamic packaging capabilities so that from a single set of MP4s you can produce multiple combinations of formats and encryption types. For instance you could produce AES encrypted HLSv3 and AES encrypted MPEG-DASH.
- We have also shipped an OSMF flash player plugin which has built in support for recognizing the encryption header in the manifest and automatically submitting the key request. This allows you to play AES encrypted Smooth Streaming in desktop browsers. We have also validated that our AES encrypted HLS works with the native HLS playback built into iOS and Android.
- After your live event is over and the corresponding asset has transition to being VOD it will continue to be AES encrypted.
Please refer to the diagram below for AES dynamic encryption with live streaming capability.
Here are some of the Q&A for this services:
- Does Azure Media Services provides AES key delivery services ?
Yes, Azure Media Services provides AES key services as part of the platform capability.
- Is there any additional charges on AES dynamic encryption for Live streaming?
No, however if you also use our AES key delivery services there is a charge. We charge $.05 per 100 keys delivered for preview period, and $0.1 per 100 keys delivered when the services move to GA. Meanwhile, this feature requires you have a Streaming Unit, which you may already have for live streaming set up, which charged at $139 per month, pro-rated on daily basis.
- If I use Token Authentication for AES key services, do I need to build my own Token Issuer Services?
Yes, we allow you to configure Token authentication for AES key delivery service. Currently, we support SWT(Simple Web Token). You will need to build your own Token Issuer Services to issue valid token to your authorized user. Of course, you can utilize Token Issuer service such as ACS (Access Control Service). Here is a blog to show you how: how to configure AES with Media Services key service.
- Do you provide PlayReady protection for live stream?
Not for now. However, if you are interested in using this service, feel free to reach out to me (yanmf@microsoft.com), and I’d love to understand your scenarios further.
- What kind of player I could use to play AES dynamic encrypted live stream?
Desktop: OSMF flash plugin for playing back AES encrypted Smooth Streaming
IOS: IOS SDK natively supports AES encrypted HLS playback, you need to inject the token if you configure token authz on your key
Android: Android SDK also natively support AES encrypted HLS playback
Windows 8/Windows 8.1 store app: We ship a sample code for playing back AES encrypted Smooth Streaming
- How can I configure AES dynamic encryption with Live stream?
We don’t currently have support in the portal to configure this feature. However, we have REST API and a .NET SDK which allows you to set AES encryption on your live asset. Here is a walkthrough on how to do that: how to configure AES encryption for live stream using Azure Media Services.
If you have any questions, feel free to reach out to me at yanmf@microsoft.com. I’d love to explain further.