Recent Posts

DRM is not a black box, part 4: key management

Historical key managament approaches leave it all in the care of the DRM vendor, leading to major lock-in and maintenance headaches that can require solution re-architecting when DRM vendors are changed or added. A modern solution architecture separates key management from DRM and enables flexible integration of solution components from different vendors.

May 22, 2020 15 min read media streaming, content security, DRM is not a black box

DRM is not a black box, part 3: secure playback

Security of DRM relies on keeping secret the cryptographic keys that protect content. The DRM client is the only component on the viewer’s device authorized to handle these keys. In the DRM security model the viewer is the attacker which means that a DRM client operates under very difficult conditions, running on an adversary’s device.

May 15, 2020 13 min read media streaming, content security, DRM is not a black box

DRM is not a black box, part 2: encryption and content

The internet is the birthplace of modern DRM. Even if you deploy an offline solution with local playback, DRM technologies operate with least hassle when your solution uses modern adaptive streaming technologies. A content processing workflow designed for adaptive streaming is a content processing workflow ready for DRM.

May 8, 2020 12 min read media streaming, content security, DRM is not a black box

DRM is not a black box, part 1: why would you use DRM

Apps, websites and services presenting high value video content use DRM technologies to prevent the viewer from making copies of the content. It can be surprising to learn that the website operator is not the one who ultimately benefits from DRM.

May 1, 2020 12 min read media streaming, content security, DRM is not a black box

DRM in HTML: what EME has and has not done for us

The World Wide Web Consortium has recently made a decision to publish Encrypted Media Extensions (EME) as a web standard. This has drawn criticism from many directions because EME standardizes a mechanism that is highly opaque to users, has the potential to jeopardize their privacy and brings considerable legal risk to any researchers that try to study it.
Jul 14, 2017 12 min read content security, standards
See all posts
Sander Saares

Sander Saares

Biography

First and foremost a product creator, having been the architect and technical lead for several innovative products.

Expert in modern video streaming technologies, with focus on:

  • Content security and DRM on both the client and server side
  • Design and implementation of content processing workflows
    • Using open source and commercial toolchains
    • Creating new tools to fill gaps in available functionality

Familiar with modern DevOps practices in cloud and on premise, including:

  • Azure Pipelines
  • GitHub Workflows
  • Docker containers
  • Prometheus & Grafana

Maintainer of the prometheus-net open source library for instrumenting .NET apps with metrics.

Contributor to DASH-IF, an industry association that defines interoperability guidelines and specifications for modern media streaming technologies.

Solid understanding of computer networks, including multicast deployments and custom network protocol design.

Extensive experience with C# development on all versions of the .NET platform, including .NET Core; working familiarity with C+ +, Python, PowerShell, Go, WPF, ASP.NET Core, Entity Framework, NuGet, gRPC, OData, SQL Server, Azure, Packer, Vagrant and other technologies

e07c2f4f2a

Accomplish­ments

Architect and technical lead for several innovative products

Axinom Live TV

Axinom 2017 – 2020
Delivering live channels over satellite to airline passengers without the need to deploy an app on the end-user devices

Axinom Player SDK

Axinom 2012 – 2015
A native multiplatform player for mobile devices, with built-in DRM support and hardware accelerated decoding

Axinom DRM

Axinom 2009 – 2015
One of the first DRM services designed from ground up to target multiple DRM technologies, covering all the popular device platforms

Skills

Software Development

From 2001

Media Streaming

From 2008

DRM

From 2009

Product Development

From 2009

DevOps and Automation

From 2012

Standards Development

From 2014

Experience

 
 
 
 
 

Principal Software Engineer

Microsoft

2021 – Present
Working on the media delivery network that delivers hundreds of millions of calls between its users, powering Teams, Skype and other Microsoft + 3rd party products.
 
 
 
 
 

Senior Software Engineer

Microsoft

2020 – 2021
Working on the media delivery network that delivers hundreds of millions of calls between its users, powering Teams, Skype and other Microsoft + 3rd party products.
 
 
 
 
 

Advisor

Axinom

2015 – 2020
Architect and lead developer of Axinom Live TV, delivering live streams to airline passenger devices over satellite. Contributed to industry standards on content security and online streaming. Performed exploratory R&D to break ground on new technologies for Axinom.
 
 
 
 
 

Streaming Media Unit lead

Axinom

2010 – 2015
Overseeing product development for Axinom DRM and Axinom Player SDK. Work involved coordinating work between two international teams located 10 time zones apart, backlog management, designing the overall technical architecture and ensuring the continuous training of personnel. Successfully implemented the first Scrum-derived team processes in the company.
 
 
 
 
 

Development Team Lead

Axinom

2008 – 2010
Lead small teams of specialists in developing CMS and online streaming solutions, with a heavy focus on feature-rich internet apps created in Silverlight.
 
 
 
 
 

Software Engineer

Fujitsu Services

2006 – 2008
Built components of automated OS test framework infrastructure and associated tools for Symbian, in C++ and C#. Later built web service connectivity features for the Estonian Visa Registry on the Python platform and finally moved on to pure .NET product development and started taking on more of a team lead role.

Contact

sander@saares.eu