DRMtoday Onboard 3.1: Introducing remote server management
New feature alert! DRMtoday Onboard just received a significant upgrade: The DRM offline solution now integrates remote server management functionality. This new feature adopts automatic keystore provisioning, which streamlines the remote attestation of Trusted Platform Module (TPM) devices, the on-prem DRM servers, to facilitate content key material distribution and synchronization.
The new component saves time for passenger entertainment (PE) customers by reducing the field operations required to maintain DRM servers updated, simplifies device authorization and revocation, and improves security by easing the use of content key material packaging.
DRMtoday Onboard is the offline solution for video protection through on-premise locally hosted environments in areas without web access, or where keys need to be stored locally. At the time of updating key material, some PE customer workflows lead to tedious and time-consuming setups to ensure the DRM server interfaced with the TPM. Securely updating these setups typically entails a repetitive process each time.
With the upgraded DRMtoday Onboard, the setup can be done only once to register the server, and after this, the content key material is automatically and regularly synchronized. This is done in a secure manner, uniquely encrypted to a particular server, and requires a lot less work for in-the-field operations.
How does it work?
In order for a device to receive key material, it must first be registered, a process that also involves human interaction to ensure the security of the device’s registration.
When launching DRMtoday Onboard for the first time, a cryptographic handshake, remote attestation, is executed to confirm the DRMtoday Onboard software is interacting with the intended TPM. Through this we provide a secure communication channel from the DRM server to castLabs’ services, ensuring key material is only delivered to a registered server.
The process to register a server is verified by castLabs’ single sign-on (SSO) and once a server is registered, your DRMtoday Onboard server can be managed by adding tags or metadata, managing server revocation, as well as viewing status reports of a particular server.
This approach allows customers to organize their key material (key seeds, content-encryption keys, and FairPlay Streaming credentials) in a more orderly fashion. Key material can be managed for separate groups of servers and automatically synchronized.
On top of time-saving and improved security, the new DRMtoday Onboard 3.1 features can be summarized as follows:
- Device registration to approve specific devices and manage metadata about the devices.
- Device revocation to remotely manage and remove key material from devices and stop server operations.
- Keybox management tools to store, tag, and manage key material outside of the aircraft, train, bus, cruise ship, or ferry.
- Automatic keybox synchronization to allow customers’ servers to always be updated with the latest keyboxes and to remove existing key material management.
- Granular permissions to separate which users can manage devices and can manage key material.