JWT (JSON Web Token) is a de-facto standard format to carry entitlement claims for a certain asset, in a tamper-resistant way. In the context of digital media, the “assets” in question are DRM licenses.
JWT can carry information regarding a certain user’s ability to obtain a certain type of DRM license for a certain digital content. However, when JWT token acquisition is not properly protected, it may lead to CDN leeching.
Most OTT streaming services will issue JWT tokens to authenticated, legitimate users, so that each user may obtain the DRM license to watch the content(s) they are entitled to.
Is a solution solely based on DRM and JWT sufficient to protect against video piracy?
No.
