Sunday, April 7, 2019

What is Widevine Digital Rights Management - Explained | SingleWindowTech

Widevine DRM

It’s good to see that John Baird is not alive today. The craze and popularity he achieved after his invention of television are vanishing day by day. Credits to Tim Burners-Lee whos Internet invention is the one stop solution to fetch any services one can imagine. To be very honest even the daily soaps are seen through streaming services. But what happens to technical compatibility and portability issue if the streaming is not valid or failed to use in some mobile handsets.

You may have noticed similar problems when trying to watch videos on the highest quality settings from these services on desktop monitors or laptops, and possibly even a few other smartphones. The reason for the lockout is that these services are protected by Digital Rights Management (DRM), to prevent the copying and unauthorized redistribution of these video files. To trust that Android smartphone and many other devices are secured from piracy, these popular streaming services make use of Google’s Widevine DRM platform. As one of the industry’s oldest DRM services, Google DRM estimated to be installed on some 4 billion devices around the world.

What is Widevine Digital Rights Management?

This is an open-source adaptive bitrate for streaming video across the internet. Like it’s ABR predecessors, DASH leverages standard protocols like HTTP using existing web infrastructure to deliver video to every device. This is a JavaScript-based API currently being reviewing by the W3C to be ratified as a standard. EME manages the exchange of DRM license keys between servers and devices. Using EME a single solution can be used to encrypt content for every device.

Google DRM offers publishers control over their encryption, key management, distribution and consumption of their assets. Content creators apply their policies, digital rights and encryption to all inbound assets registered with Widevine and the CMS. The assets are then uploaded to a destination partner network or CDN. Widevine’s DRM then delivers the files to all devices, and DASH ensures playback across all devices.

How does Widevine work?

Johnny Depp for sure must be very uncomfortable every time the word piracy hits the world. After all, he is pirates of all pirates. But here we are not here to discuss the geography of Trinidad and Tobago and making any plan to go to Tortuga. 
  • Widevine implements a selection of industry standards to protect content as it’s transferred over the internet and played back on devices. 
  • For a quick overview, it makes use of a combination of CENC encryption, licensing key exchange, and adaptive streaming quality to manage and send video to users. The idea is to simplify the amount of work on the service provider’s end, by supporting multiple levels of streaming quality based on the security capabilities of the receiving device.
To achieve this, Widevine protects content across three levels of security, simply named L3, L2, and L1. Your device will need to be certified to meet the full L1 specification if you want to stream HD content from services like Netflix. Security Level 2 only requires that cryptography but not video processing be carried out inside the TEE. L3 applies either when the device doesn’t have a TEE or when processing is done outside of it. However, appropriate measures must still be taken to protect cryptography within the host operating system.

Android and Widevine:

On Android 3.0 and higher platforms, the Widevine DRM plugin is integrated with the Android DRM framework and uses hardware-backed protection to secure movie content and user credentials. Security is not limited to a single point but instead relies on the integration of hardware, software, and services. The combination of hardware security functions, a trusted boot mechanism, and an isolated secure OS for handling security functions is critical to ensuring content security.

Widevine developed a DRM plugin which is built on top of the Android DRM framework which offers advanced copy protection features on Android devices. The Widevine DRM plugin provides the capability to license, securely distribute, and protect playback of multimedia content. Protected content is secured using an encryption scheme based on the open AES (Advanced Encryption Standard – Classic Widevine), or EME (Encrypted Media Extensions – Modular Widevine). An application can decrypt the content only if it obtains a license from the Widevine DRM licensing server for the current user. Google Widevine DRM functions on Android in the same way as it does on other platforms.

Widevine DRM Features:

  • Widevine DRM is based on HTML5 DASH player.
  • Videos files of different bitrates are each encrypted with CENC.
  • The license partner communicates with Widevine license server to send the content decryption keys.
  • Automating the whole upload + DRM licensing process.
  • Widevine CDM (pre-installed) with chrome, firefox & android is used to play encrypted playback in browsers and Android.

Widevine Tokenization:

Tokenization offers a basic level of protection that can prevent most users from unauthorized viewing and sharing of content. This system works by creating a URL with a key or token that grants access but has a short expiration period, preventing the use of that URL by other users once it has expired. This system is simple and cheap to implement, doesn’t require any advanced software on users’ devices, and is supported almost universally.

This is frequently used to implement content restrictions such as availability based on time, GeoBlocking, and IP restrictions. Tokenization is limited in that it only protects access to the content. Once a motivated and technically proficient user gains access to the content, they are often able to capture that content using widely available tools. Tokenization is typically implemented in conjunction with your CDN, and you should contact your CDN provider to get instructions on how to deploy this technology.

How Widevine is Implemented?

Android devices support either L1 or L3 security levels, depending on hardware and software implementations, as does Chrome OS. Chrome on desktops will only ever support L3 at maximum. If your device is only L3 compliant, you’re capped at sub-HD resolutions. Only L1 secure devices with processing taking place entirely in the TEE can play back HD or higher quality content from Widevine secured services. Instead, hardware manufacturers only need to pass a certification process. 
This includes the completion of various legal agreements, implementation of some software libraries, and client integration testing to verify support, among other steps. Apparently, this process is designed to be streamlined for easy adoption, and all chipsets used for Android smartphones support the necessary technologies, so it’s only likely that manufacturer oversight or lack of testing time is to blame if smartphones aren’t compatible. Fortunately, it seems that it’s possible for smartphone OEMs to address any lack of compliance after release. 

Also read:

Write comments

Featured Post

WhatsApp New Privacy Polices Explained - Updated

WhatsApp New Privacy Policy & Its Issues There is a constant tussle going around data privacy. The data fiduciaries and soc...