4. Keys and License Server
The Content Provider can either generate the encryption keys manually using specialized software or using certains tools provided by the DRM vendors (Google Widevine, Microsoft PlayReady, etc.).
When we encrypt some content with a particular key, we need to create a association between the encryption key, or KEY, and the content that has been protected. To identify the content, it is used a KeyID, or KID. It is a unique string of characters generated at the time of creating an encryption key for a particular content.
The KEY and the KID are stored in a secure server (keystore) that works alongside a DRM license server. Without the KID, the license server can’t lookup a specific key.
When a client needs to play an encrypted content, it requests the DRM license server for the key by providing that particular content's KID. If the DRM license server is happy with the request (authentic request), it will ask the Key Store to provide the KEY associated with that KID.
The KID is sent along with the MPEG-DASH (MPD) manifest to the client. The client parses the manifest, finds the KID, and asks the DRM License Server for the KEY associated with that KID.
