Understanding FlickRocket Content Licenses / DRM
Access to DRM (Digital Rights Management) controlled content from a FlickRocket shop is managed by licenses defined by the content owner together with general device policies by FlickRocket.
The goal behind this is to enable different business models (e.g. rental and permanent rights) with comfortable use by customers while preventing illegal use and sharing.
To reach that goal, the DRM architecture has to deal with the following challenges:
- Content owners may want to restrict the number of devices used
- Content owners may want to impose time limitations
- Content owners may want to impose different restrictions for different content
- Customers may want to use multiple devices (of any type)
- Customers change devices
- Devices may stop working
- Offline usage should be possible
- Offer content only to certain geographical regions
To make dealing with all of this possible, the FlickRocket DRM works based on the parameters in the table below. As a content owner you can define your own licenses in the admin interface or you can use one of the pre-defined licenses.
Content owner controlled (on a per content basis)
| Rights | Description |
| Concurrently active devices |
The number of devices on the content can be accessed. To use a new device after this limit it reached, an older device needs to be de-authorized and cannot be used to access the content after this. This limitation prevents users from sharing their accounts with groups of people to grant them access to the purchased content while allowing legitimate customers to use multiple devices for the content. |
| Expiration after first use | The time frame after which the content expires after first use of the content. This can be combined with “Expiration after purchase” to enable a usage scenario like “watch for 24 hours within 30 days”. |
| Expiration after purchase | The time frame after which the content expires after purchase. This can be combined with “Expiration after first use” to enable a usage scenario like “watch for 24 hours within 30 days”. |
| Expiration at date | (Self explaining) |
| Clock rollback detection action | Defines what happens if a clock rollback – typically attempted user fraud on rental content - is detected. Options are to block the content while the condition persists or delete it entirely. |
| Digital output protection level | Defines the requirements and activations of digital output protection technologies such as HDCP. This includes options to prohibit or allow screengrabs and screensharing via Zoom, Teams, or meeting apps. |
| Analog output protection level | Defines the requirements and activations of digital output protection technologies such as Macrovision or CGMS-A. |
| Export options | Define the allowed output options depending on the content type. For example it is possible to allow output to unprotected ePub or MP3 files. Managed Print options can also be set to limit the number of pages per print session or prevent printing entirely. |
| Burn options | Defines if burning of the content is allowed, how often can be burned and what copy protection technology should be used for the recorded media. |
| Managed users | If enabled, allows the customer to set up managed user accounts which have access to the ordered content under their own accounts. The license restrictions are enforced on the total number of users. |
| Regional restrictions | Allows you to offer the content only to clients in certain geographical regions, automatically detected via their IP address. |
FlickRocket controlled (on a per user basis)
| Rights | Description |
| Maximum concurrent devices |
The maximum number of concurrently authorized devices of a user. This can be more than the number of concurrently active licenses for certain content license a user owns and less than all content licenses combined. However, in any case the total number of concurrently authorized devices must never be exceeded. To add a new device after this maximum has been reached, a previous device needs to be deauthorized. This limitation prevents fraudulent users from sharing their accounts with groups of people to grant them access to the purchased content while allowing legitimate customers to use multiple devices – which might be spread out between different content licenses. FlickRocket Support is able to reset this limitation on request for an individual user. Currently 10 concurrent devices per user are allowed (June, 2015). |
| Maximum annual device authentications |
The maximum number of times that devices can be authorized per year. This means this limit is reached once a certain number of devices have been authorized for a certain user account irrespective of whether or not some or all devices have been de-authorized again. So it is possible to reach the “Maximum annual devices” without reaching the “Maximum concurrent devices” or “content licenses”. This limitation prevents fraudulent users from sharing their accounts and de-authorizing their devices after consumption while still allowing legitimate customers to use up to 10 different devices (while not exceeding other limitations such as the concurrently active licenses and maximum concurrent devices. Once the maximum annual device authentications are reached, the user has to wait until the annual time frame from the first authenticated device from one year back is reached so a new device can be authenticated. FlickRocket Support is able to reset this limitation on request for an individual user. Currently 10 devices can be authenticated per year per user (June, 2015). |
| De/Re-authorization lockout time |
This is the time frame a device cannot be re-authorized after being de-authorized. Enforcing this time frame prevents fraudulent users to “bounce” content licenses with limitations on concurrently active devices between two or more devices by de-authorizing the currently not in-use devices only to re-authorize them on use. Currently the de/re-authorization lockout time is set to 12 hours. |
In addition to the above, there are some special cases to be considered:
- Device de-authorization for offline capable devices with “after first use” time limitation license does not make this license available for other devices (because the current license status cannot be verified - the content may already have been consumed).
- Device de-authorization for offline capable devices with “burn” or “export” license does not make this license available for other devices (because the current license status cannot be verified – the burn or export may already be completed).
As you can see from the above, license control for content is a complex task. However, to keep things simple, FlickRocket offers pre-defined licenses so you don’t have to deal with the details of this.
Addition 1: Link Protection
Since some content owners asked us for our opinion to “link protection” (or sometimes “download protection”) I thought I would drop a line here:
“Link protection” does NOT PROTECT CONTENT AT ALL. While the link might become invalid after use or a certain time, the content itself can be shared publicly (and in many countries also legally) because it is NOT PROTECTED.
So, please keep in mind that “link protection”, “download protection”, “one-time download”, etc. are misleading at best.
Addition 2: Streaming
Sometimes content owners ask about the security advantages of streaming – implying there is an advantage. Let me comment on this here:
In case of download and streaming the content is transferred the same way to the end device and is also stored there – at least temporarily. The only difference is that for download the content persists while in case of streaming it gets deleted after usage. In terms of security this is almost irrelevant – the question is how the content is protected (encrypted), how the license information is stored and enforced, and much more. Almost all streaming sites just stream without encryption and are extremely unsecure. FlickRocket is always encrypted and secure - streaming or not.