TAG’s Decryption feature enables secure, scalable, and efficient handling of encrypted video streams by integrating directly with leading Key Management Systems (KMS). Supporting standards such as AES-128 (CBC/CTR), BISS-2, CENC for multi-DRM, and DVB Simulcrypt, it allows operators to monitor both live and VOD content across broadcast, IPTV, and OTT environments.
By connecting with KMS partners including Verimatrix, Irdeto, Huawei PlayReady, Axinom, and others, Decryption ensures seamless key exchange and removes the need for additional DRM infrastructure. This simplifies workflows while maintaining security and compliance.
The system scales easily across on-premises, cloud, and hybrid deployments, delivering high-throughput decryption with minimal overhead. Operators gain the ability to probe encrypted streams in real time, ensuring fault detection, regulatory compliance, and service reliability without adding costly hardware.
Decryption empowers broadcasters, operators, and content providers to maintain full visibility into protected content, reduce operational friction, and ensure both revenue protection and viewer trust.
Technical Overview
TAG’s Decryption integrates at the key-management layer to unlock encrypted contribution and distribution streams for real-time probing and visualization- without adding proprietary hardware or re-packaging steps. The system supports common CAS/DRM and encryption schemes used across broadcast, IPTV, and OTT, including AES-128 (CBC/CTR), BISS-2, DVB Simulcrypt, and CENC (for multi-DRM workflows). Keys are retrieved via direct integrations with leading KMS / DRM providers (e.g., Verimatrix, Irdeto, PlayReady ecosystems, Axinom), enabling secure key exchange and rotation aligned to provider policies.
Decryption operates on live video and across ABR ladders (HLS/DASH), ensuring each rendition can be probed for video/audio/metadata integrity with minimal added latency. For broadcast/uncompressed pipelines, decryption runs inline with TAG’s 10-bit processing path so downstream QC tools (waveform, vectorscope, histograms) and monitoring checks remain accurate after content is unlocked.
Operationally, all decryption states and failures (key request errors, entitlement/rights mismatches, unsupported ciphers) are surfaced as events and exposed via the API and MCS for dashboards and automations. Deployments can be on-prem, cloud, or hybrid, and scale horizontally-multiple TAG nodes can share KMS connections and policies while preserving per-stream isolation and auditability. Because decryption is handled within the TAG platform, engineers can immediately correlate protected-content health with SCTE markers, captions/subtitles, SSIM/Content Matching, HDR metadata, and more-turning encrypted workflows into first-class monitored paths rather than black boxes.
