A player-issued request to use a specific component within the server must include a specific device signature, the signer data, and the content id for the server to be able to grant the license.
The licensing server information can be contained either in the manifest (like MPEG-DASH or embedded in HLS ), in a player’s configuration, or within the individual segments.
If the license is cached locally, this request can happen before the content is decrypted or played back.
In order to decrypt protected content, the player or playback software initializes a request to the licensing server. However, the EME never interfaces with the playback client application and the decrypted content is only available to the CDM. The EME interfaces with the CDM at the Operating System or browser level, AND handles the decryption of the segments. The sessions are also updated by the CDM when the player calls the appropriate function on the EME interface. All of the decryption work is done by the CDM, the EME is simply the interface for the module. License requests are generated by the CDM and passed to the player through the EME. When a web player identifies protected content, it calls on processes and interfaces defined by Encrypted Media Extensions (EME), which are used in browsers to initiate a license request process. The encryption process is further explained in another blog post: Fun with Container Formats pt. The content will then be decrypted by a Content Decryption Module (CDM), which decrypts each encrypted audio and video segment. In fact, parts of the process are treated as a black box – and as a result, debugging can be even harder on devices (for example SmartTVs or Set-Top Boxes with older versions of DRM software). In order to improve security and decrease the risk of reverse engineering DRM systems, there are typically no clear log statements. Their application can vary greatly based on many unique factors – having to select an algorithm that matches the content distributor’s delivery & playback needs (based on which devices are supported) can introduce a lot of complexity to the DRM implementation process. There are at least three types of encryption formats (algorithms) for video, most notably: Widevine, FairPlay, Playready. It’s important to note that only the audio and video data within a segment is encrypted, but metadata is not. These two modes differentiate how a payload is encrypted. Standard content encryption is done according to the Advanced Encryption Standard (AES), using 128-bit keys and a Cipher Block – usually either Counter Mode (CTR) or Cipher Block Chaining (CBC). CENC is also used for HLS if the segments are in an fMP4 container. The MPEG-CENC standard is comprised of XML style formats and requires a minimum of a key and key id to run. Each segment is encrypted according to the MPEG Common Encryption (CENC) specification for ISO-BMFF and/or MPEG-TS streams, where either all content is encrypted or only subsamples, like i-frames. To begin the “security” cycle, communications between the requesting playback software and the license server are encrypted. Regardless of DRM hardware or software implementation types, all providers seeking to protect their content will see their files pass through an encryption & decryption cycle (as seen below). What DRM/Content Protection Systems do you use?Ĭurrently, DRM can be implemented as both a software and/or hardware solution. The following graph shows the current distribution in the application of DRM systems within the Developer community: This segmented market of encryption algorithms is equally represented by a highly fragmented application, as indicated by our 2019 Video Developer Report. Image source: Data Rights Management Basics Webinar ft. Supported on Windows, most set-top boxes and TVs, uses WRMHEADER tag objects as metadata format.Īdditional DRM types can be seen in Irdeto’s graphic below:
Used on Android Devices natively, in Chrome, Edge (soon), Roku, Smart TVs, uses protobuf format for metadata.
DRM is also used offline to provide copyright protection for CDs, DVDs, and BluRays.
Without DRM, content can be easily copied – it is, therefore, necessary in an online video distribution architecture, but it is not visible to the consumer. Digital Rights Management refers to the algorithms and processes that were created to enforce copyright compliance when consuming video content.