What is FairPlay DRM (Digital Rights Management)?
FairPlay DRM (Digital Rights Management) was developed by Apple in 2003, and was built into the MP4 multimedia file format as an encrypted Advanced Audio Coding (AAC) layer. It was initially used protect copyrighted works sold on the iTunes Store by preventing unauthorized devices from accessing the files, and limited how many times a file could be burned to a CD. These days, burning songs to CD isn't much of a concern. FairPlay has since been updated to protect streamed content through FairPlay Streaming (FPS).
How does FairPlay work?
FairPlay protects regular MP4 container files by encrypting the AAC audio layer using the Advanced Encryption Standard (AES) algorithm. The encrypted audio layer can be decrypted using the master key, which is stored in the MP4 container files in its encrypted form. The master key can be decrypted using a user key, which users gets when they register a new device through iTunes.
FairPlay Streaming (FPS)
FPS enables playback of encrypted video content on mobile devices with securely delivered keys. The content is delivered using HTTP Live Streaming (HLS). FPS also enable mobile devices to stop playback based on expiration information sent with the content key. Also, an FPS device identifier is sent to the server in a server playback context (SPC) message that allows the server to privately and anonymously identify the device.
Key Delivery Process
The FPS key delivery process transmits the 128-bit AES content key through the Web using the session key and anti-replay mechanism. Once the user and content provider both have the content key, the content provider encrypts the content video and audio streams separately on per frame and per sample basis using the AES-CBC mode with the content key and initialization vector. User then uses the content key he received to decrypt and access the content. H.264 video codec and AAC-LC, HE-AACV1-2, AC-3, and EC-3 audio codecs are supported.
The user's application initiates the content key request in FPS, where it creates a SPC message with the content ID. It also prepares the cryptographic prerequisites necessary for later decryption of the received encrypted content - initialization vector that includes session key, an anti-replay seed, integrity verification and server authentication elements. The SPC message is protected with the content provider's public RSA key which is verified in advance.
Content provider's servers receive the content ID (content server) and the SPC (key server), which enables them to prepare the right content and its initialization vector. Content provider's key server responds with the content key context (CKC) message with content key and initialization vector, which is used by the user's application to initiate the playback.