---
title: "Live Stream Blocking via License Renewal and Blacklist"
description: "This document outlines an advanced implementation strategy for real-time live stream blocking using the DRM license renewal mechanism and blacklist API."
---
> For the complete documentation index, see [llms.txt](/llms.txt).

This guide provides a technical overview of implementing **real-time live stream blocking** using DOVERUNNER’s Multi-DRM platform. The solution leverages continuous license validation through **DRM license renewal mechanisms** and immediate playback control via [DRM Blacklist API](/content-security/multi-drm/license/drm-blacklist-guide/).

```mermaid
sequenceDiagram
    participant A as End User<br/>(Client Player)
    participant B as Streaming Platform
    participant C as DOVERUNNER<br/>DRM Server
    opt For normal users
    A ->> C: Periodic license renewal request
    C ->> C: Validate token and blacklist data
    C ->> A: Issue renewal license
    A ->> A: Keep playing live stream
    end
    B ->> B: Monitor illegal streams and find suspicious user IDs
    opt Block verified illegal users
    B ->> C: Register user IDs on DRM blacklist
    C ->> C: Store the ID in Blacklist DB
    A ->> C: Request license renewal (Blacklist targets)
    C ->> C: Validate token and check blacklist
    C -->> A: Deny license renewal
    A -->> A: Terminate live stream playback
    end
```

This document is intended for streaming platform architects, backend engineers, and DRM solution integrators seeking scalable and responsive live content protection.

## Functional Overview

### License Renewal

`License renewal` enables the DRM client (browser or app) to **periodically validate** its session with the license server. Players trigger renewal requests based on the `renewal_duration` specified in the DRM license token. License renewal allows enforcement policies to be dynamically applied during playback, ensuring ongoing session validity.

:::note 

The triggering behavior of renewal requests depends on the DRM type and the player.

- Widevine clients
  - Renewal requests are **triggered automatically** by Widevine CDM regardless of player. 
- PlayReady and FairPlay clients
  - Player needs additional configuration to **trigger renewal requests manually**. The manual trigger interval should match the `renewal_duration` set in the license token.

For more details about PlayReady and FairPlay client settings, please refer to the [CSL guide](/content-security/multi-drm/license/csl-guide/).

:::

### DRM Blacklist

[DRM Blacklist](/content-security/multi-drm/license/drm-blacklist-guide/) is an enforcement layer used to deny license issuance or renewal based on specific `user ID` registered for blocking. Upon the next license renewal attempt, the session will be rejected with a predefined error code, terminating the stream playback for that user.

:::note 

The `user ID` used in the DRM blacklist feature is the value of `user_id` in the token data used for DRM license acquisition. If you do not enter this value when creating a token, or enter a random value that is not related to the end user, you cannot apply the blacklist for the user ID.

The `DRM Blacklist` feature also supports blocking of specific `device ID` as well as `user ID`. However, you cannot block a live stream with device ID blacklist because Widevine's renewal license requests don't include the device ID data.

:::

### Piracy Monitoring

As a streaming platform provider, you need to monitor your service for illegal streaming or suspicious activities to find end users to block during live events. DOVERUNNER Multi-DRM service does not include such piracy monitoring.

> If you need help with the monitoring, please [contact us](https://doverunner.zendesk.com) for consultation.

## Implementation Guide

### 1. License Token Configuration

To enable periodic renewal, the DRM license token must have the `renewal_duration` value under `playback_policy`. A DRM license with the policy is only valid for that period of time. And it must be renewed at the intervals to allow players keep playing the DRM-protected stream.

Example license token JSON:
```json
{
  "policy_version": 2,
  "playback_policy": {
    "persistent": false,
    "renewal_duration": 60
  }
}
```

- `renewal_duration` defines the license renewal interval (in seconds).
- Adjust the interval to balance enforcement responsiveness vs license server load and cost.

:::note 

Shorter renewal interval makes the system block streams faster after blacklisting. But it may result in more license requests and higher fees.

:::

> Please refer to the [Subscription and Billing](#subscription-and-billing) section for more details.

### 2. Player-Side Integration

#### Triggering Renewal Requests 

As mentioned earlier, PlayReady and FairPlay client environments require additional configurations on the client player to enable the license renewal.

> Please refer to the [Concurrent Stream Limiting Guide](/content-security/multi-drm/license/csl-guide/) for more details.

#### Refreshing DRM License Tokens

Tokens have a **validity period(default: 600 seconds)** which can be configured on [DOVERUNNER Console](https://console.doverunner.com). If a license renewal request occurs after token expiry, the license server will reject it with **error code 7011 (License Token Expired)**.

To prevent license renewal failures due to token expiration, the client must request a new token to the streaming platform's backend before the token expires. The player may need to get the license token from the streaming platform when a DRM license renewal event occurs.

:::note 

In proxy type license integration model, the token proxy server in your backend system can automatically generate fresh tokens when relaying renewal requests. In this case, no additional implementation of token renewal is required on the client player.

:::

> If you need technical supports about the token management, please create a ticket on [our Helpdesk](https://doverunner.zendesk.com).

### 3. Blacklist Enforcement

When you have identified end user IDs that need to be blocked during a live event, you can register the `user ID` to the DRM Blacklist either automatically via API integration or manually in the [web console UI](https://console.doverunner.com).

> Detailed instructions available in the [DRM Blacklist Guide](/content-security/multi-drm/license/drm-blacklist-guide/).

## Considerations

### Subscription and Billing 

Unlike typical DRM licenses, where requests are made only at the start of playback, license renewals are periodic requests during playback, resulting in much more license issuance. As a result, the license renewal feature incurs additional charges.

| Plan | Description | Notes |
| --- | --- | --- |
| MAU (Monthly Active Users) | Renewal licenses billed separately from the number of active users. | To enable license renewal, you must add an optional item to your subscription. |
| MAL (Monthly Active Licenses) | Renewal licenses count toward the total number of licenses issued. | No need to add the optional subscription item. |

#### License Usage Estimation

```sh
total_licenses = number_of_viewers × (event_duration / renewal_duration)
```

For example, a live event with 10,000 viewers and a 60-second renewal interval will generate approximately 600,000 licenses per hour.

### Comparison: License Renewal vs. Key Rotation

The live stream blocking use case uses `DRM license renewal` for continuous authorization during playback sessions. You can also use the `DRM key rotation` feature for this purpose, but the scalability issues with key rotation make it unsuitable for large-scale services.

| Aspect | License Renewal | Key Rotation |
| --- | --- | --- |
| Periodic authorization during a playback session | Yes | Yes |
| Change the content key (rotation) | No (license extensions only) | Yes |
| Scalability | High (Distributed license requests based on when playback starts) | Low (Concurrent requests cause traffic spikes) |
| Use cases | Real-time live stream blocking. Concurrent stream limiting (CSL) | Enhanced security for small-scale live streaming. Applying security policies based on program type. |

### Comparison: CSL vs. Live Stream Blocking

Both [Concurrent Stream Limiting](/content-security/multi-drm/license/csl-guide/) and `Real-time Live Stream Blocking` are features that take advantage of DRM license renewals. However, there are the following differences between the two features:

| Aspect | Concurrent Stream Limiting (CSL) | License Renewal Blocking |
| --- | --- | --- |
| Purpose | Limit excessive account sharing | Block illegal users during live events |
| When to control | At the start of playback | At the start of playback and mid-session | 

## Conclusion

Implementing live stream blocking via license renewal and blacklisting offers a scalable, responsive defense against unauthorized streaming.
It enables mid-session intervention without affecting legitimate users, making it ideal for protecting high-value live events and premium content.

---