AWS Customers Can Use SPEKE and DRMtoday for Video Security

The Secure Packager and Encoder Key Exchange (SPEKE) specification defines the standard for communication between encryptors and packagers of media content and digital rights management (DRM) key providers. SPEKE itself is an API based on the DASH-IF Content Protection Information Exchange Format (CPIX), which is an XML document format designed to standardize how content key exchanges are performed.

Our DRMtoday cloud licensing service was among the first DRM key providers to offer interoperability with SPEKE, making integration with SPEKE available for streaming video workflows.

DRMtoday is SPEKE-compliant and allows AWS Media Services users to easily:

  • Deploy required resources to interact with DRMtoday and SPEKE through a simple AWS CloudFormation template
  • Support protected MPEG-DASH, HLS, Smooth Streaming through CMAF packaging workflows
  • Process secure content key exchanges for Widevine, FairPlay Streaming, and PlayReady DRM systems
  • Take advantage of Common Encryption (CENC) use cases
Key security

End-to-end Key Security

Content keys are extremely sensitive data. SPEKE and DRMtoday establish a secure end-to-end key transit channel to deliver encrypted media content.

DRMtoday and SPEKE Workflow Integration

DRMtoday is compatible with AWS Elemental MediaConvert and AWS Elemental MediaPackage for cloud-based workflows, and AWS Elemental Live and AWS Elemental Delta for on-premises workflows. AWS security requires key service components to be located in a customer’s account. To facilitate this, we provide an ‘adapter’ as an AWS CloudFormation template that acts as the bridge between AWS and DRMtoday workflows. This allows for rapid deployment of DRMtoday for AWS Media Services.

This combined solution consists of two main components: fully configured Amazon API Gateway and AWS Lambda functions. The Amazon API Gateway allows for IAM role authentication within the AWS ecosystem (i.e. it facilitates IAM authentication between AWS Media Services and the key server proxy). This calls the AWS Lambda function, which in turn calls DRMtoday.

File-based SPEKE VOD workflow example

File-based SPEKE VOD workflow example

Get Started Today

castLabs is an AWS Advanced Technology Partner and an ideal consultant for your content security needs. Contact us to learn more about our integration with AWS Media Services by submitting the form below or emailing us at

Request a FREE DRMtoday trial

Learn more

Request a FREE DRMtoday trial through the AWS Marketplace

Learn more


Posted by

Bryce Pedersen

Bryce Pedersen
Global Marketing Strategy

View more blog posts