Products
Products
Video Hosting
Upload and manage your videos in a centralized video library.
Image Hosting
Upload and manage all your images in a centralized library.
Galleries
Choose from 100+templates to showcase your media in style.
Video Messaging
Record, and send personalized video messages.
CincoTube
Create your own community video hub your team, students or fans.
Pages
Create dedicated webpages to share your videos and images.
Live
Create dedicated webpages to share your videos and images.
For Developers
Video API
Build a unique video experience.
DeepUploader
Collect and store user content from anywhere with our file uploader.
Solutions
Solutions
Enterprise
Supercharge your business with secure, internal communication.
Townhall
Webinars
Team Collaboration
Learning & Development
Creative Professionals
Get creative with a built in-suite of editing and marketing tools.
eCommerce
Boost sales with interactive video and easy-embedding.
Townhall
Webinars
Team Collaboration
Learning & Development
eLearning & Training
Host and share course materials in a centralized portal.
Sales & Marketing
Attract, engage and convert with interactive tools and analytics.
"Cincopa helped my Enterprise organization collaborate better through video."
Book a Demo
Resources
Resources
Blog
Learn about the latest industry trends, tips & tricks.
Help Centre
Get access to help articles FAQs, and all things Cincopa.
Partners
Check out our valued list of partners.
Product Updates
Stay up-to-date with our latest greatest features.
Ebooks, Guides & More
Customer Stories
Hear how we've helped businesses succeed.
Boost Campaign Performance Through Video
Discover how to boost your next campaign by using video.
Download Now
Pricing
Watch a Demo
Demo
Login
Start Free Trial
Video on Demand (VOD) platforms use Digital Rights Management (DRM) systems like Widevine and FairPlay to protect content from unauthorized access and redistribution. DRM relies on encryption with Content Encryption Keys (CEKs) to secure content during transmission and playback. Reusing the same CEKs for extended periods increases the risk that a compromised key could be used to decrypt large amounts of content. Key rotation (periodically updating the encryption keys) minimizes this risk. Key Rotation Strategies for Widevine Widevine reduces key compromise risk by rotating Content Encryption Keys (CEKs) through session-specific issuance, periodic replacement, segment-based assignment, and device-aware distribution. It also supports prompt key revocation and renewal to maintain secure playback. Periodic Key Rotation During packaging, content can be encrypted with new CEKs at fixed intervals, such as per title, per episode, or per defined time slices. Each CEK is associated with a unique Key ID (KID) embedded in the media containers. When a client requests a license, the Widevine license server returns the CEK that corresponds to the requested KID. This ensures that any single key is valid only for a limited segment of a library, reducing the exposure if compromised. Segment-Based Key Rotation Widevine supports key rotation based on content segmentation. For example, a new CEK can be applied every 10 minutes of video or per chapter. Tools like Shaka Packager or other MPEG-DASH/HLS packagers insert KIDs at boundaries, and the player requests licenses with the appropriate KID to decrypt each segment. This approach guarantees that if one CEK is compromised, only a fraction of the video is exposed. License-Based Controls (Leases & Renewals) Although CEKs themselves are bound to packaging, license policies can enforce time-limited usage. Widevine licenses can carry short expiration periods (e.g., valid for 24 hours), after which the client must request a new license to continue playback. With this approach, even if a license is leaked, it quickly loses value. Revocation and Renewal If a compromise is detected, the Widevine ecosystem allows publishers to revoke device certificates or expire licenses immediately. Future content can be re-encrypted with new CEKs, and license mappings updated. Already-issued content typically cannot be re-encrypted silently, so operators rotate CEKs during future repackaging or when releasing new content. Key Rotation Strategies for FairPlay FairPlay uses a combination of packaging-level CEK rotation and playback license rules to confine risks of key exposure. CEKs in FairPlay are distributed via Content Key Contexts (CKCs), obtained from license servers after a client submits a Server Playback Context (SPC). Periodic Key Rotation Content owners can rotate CEKs on intervals aligned with content sensitivity, for example, 1 CEK per title, per episode, or per broadcast window. These CEKs are embedded during packaging with unique KIDs. During playback, the licensing server returns the appropriate CKC mapped to that KID. Segment-Based Key Rotation HLS with FairPlay supports multiple keys via the #EXT-X-KEY tag. This allows different CEKs to be mapped to segments or playlists. A single movie might have a new CEK every 10 minutes, or even every segment, ensuring that a compromised key cannot decrypt the entire stream. License, Lease, and Renewal In FairPlay, licenses control how long a CEK is valid for playback. The license server can assign time-limited leases (e.g., 24 hours), requiring the client to periodically request a new CKC. This effectively enforces automatic key rotation at the license level without repackaging content. Revocation and Renewal If a CEK compromise is suspected, operators invalidate the affected content keys and repackage new versions of content with fresh CEKs. Compromised devices or licenses can also be blocked. Future license requests will receive updated CKCs, cutting off unauthorized users.
Video Hosting
Image Hosting
Galleries
Video Messaging
CincoTube
Pages
Live
