Widevine DRM

Understanding Google Widevine DRM - Complete Guide

6 min read

In this article, We will cover all the relevant information about Widevine DRM. For example - What it is, How it works, and more.

Ashik TS
Ashik TS

13 October 2022

Understanding Google Widevine DRM - Complete Guide

What is Widevine DRM?

Widevine DRM is the most widely used DRM licensing and encryption software in premium content protection. Owned and maintained by Google, it plays a key role in safeguarding your content from piracy and illegal free distribution via browsers like Chrome, Firefox, and Edge.

You may have noticed that certain Android devices or Chrome browsers do not support playback of Netflix, Disney+ videos in HD resolution (1080p or above). This is because Widevine DRM technology prevents devices with lower security compatibility from streaming high-definition content. The primary reason is to protect their content from piracy-led malicious practices which significantly impact their revenue.

Widevine DRM is compatible with devices such as Android OS phones, TVs, set-top boxes and embedded in browsers such as Chrome, Firefox, and Edge. It also supports streaming protocols like MPEG Dash and HLS.

Widevine DRM is leveraged by major OTT platforms like YouTube, Netflix, Prime Video, Disney+, Paramount+, Hulu, and more.

Widevine DRM adheres to the following standards in content protection:

  • Encrypted Media Extensions (EME)
  • Common Encryption (CE)

   ISO/IEC 23001-7 - Common encryption in ISO base media file format files

   ISO/IEC 23001-9 - Common encryption of MPEG-2 transport streams

Widevine Classic

Widevine Classic is the older version of Widevine, which is now only available across legacy devices like smart TVs and older (version 3.1 - 5.1) Android phones. A key requirement of Widevine Classic is that the content should be in the .wvm format—which is a proprietary format.

Widevine Classic is no longer supported by newer devices and services since Google introduced the modular version of Widevine.

Widevine Modular

Widevine Modular is the newest version of Widevine that is supported by all major Chromium-based browsers (with the exception of Chromium) as well as Android devices. It has a range of new specifications which make it compatible with video streaming protocols such as MPEG-DASH, HLS, and MSS. Widevine Modular also supports CMAF, CENC, and HTML5 standards such as MSE (Media Source Extensions) and EME (Encrypted Media Extensions).

How Does Google Widevine DRM Work?

Here is a step-by-step guide explaining how Google Widevine DRM works:

Step 1: It begins when the user presses “Play" —which indicates the application to install and download the mpd file after sourcing it from the CDN.

Once the mpd file is parsed, it is apparent that the video file has been encrypted with the help of Widevine. Following this, the initialization data (InitData) present in the content is extracted by the Browser—which is sent to the player as an event.

At this point, we will assume the user has been authenticated by the application.

Step 2: Next, to decrypt the content, we require specialized software to decrypt the InitData. So, it is sent to the Content Decryption Module (CDM).

Step 3: The CDM initiates a “license request” after receiving the InitData and reverts it to the player.

Step 4: On receiving the license request, the player uses a proxy to transfer it to the Widevine License Server. It should be noted that the license request is encrypted—which ensures it cannot be accessed or cracked during transit.

Step 5: Next, the License Server decrypts the request it has received, extracts the contents of the InitData and locates the license from its database—which is sent back to the player. Within the encrypted message, there is a secure key to decrypt all the contents of the license.

Step 6: Using EME/MSE, the player forwards the license to the CDM. Note that it can not be misused since it is encrypted, nor can it be decrypted in the CDM.

Step 7: The eventual decryption of the license is actually carried out in the OEMCrypto Module, which falls in the Trusted Layer of the device (as opposed to the CDM). The parsing of the container is carried out by the Browser.

Step 8: Only after the content is decrypted and demultiplexed it is relayed in small segments to the client screen. And that's how you get video playback on your device! Bear in mind, the decrypted content is not stored anywhere.

Components of Widevine DRM & How they work?

There are three key components in the Widevine DRM ecosystem:

  1. Widevine Cloud Licensing Service
  2. License Proxy Server, and
  3. Client Devices

Widevine Cloud Licensing Service is under the direct operation of Google. It generates a DRM license upon receiving a request from the license proxy server and sends it back to the license proxy server. Only users with organization-specific authentication can access cloud licensing services.

The license proxy server ensures compliance to user authorization and authentications with respect to the DRM license requests it receives from client devices. It then sends licenses sanctioned by the Widevine cloud licensing service back to client devices.

Client devices typically include Android smartphones, set-top box, TV, browsers like Chrome and Firefox. Widevine-supported devices are manufactured under a dedicated contract with Widevine, which allows access to the key box and CDM module.

For third-party DRM solutions providers to obtain a license proxy server and deliver Widevine licences, they must qualify for the Certified Widevine Implementation Partner (CWIP) program.

Widevine DRM Security Levels: L1, L2, L3

Before we look into Widevine's three levels of security — L1, L2, and L3 — let's briefly understand what a Trusted Execution Environment (TEE) is.

TEE is a critical segment of a primary processor that ensures that the code and loaded data are safeguarded in compliance with confidentiality and integrity standards. TEE is key to DRM since it significantly boosts security and protects the decryption keys and decrypted videos from being leaked or stolen.

Now, let's briefly look at Widevine L1, L2, and L3:

  1. L1 Security Level: This is the topmost level of security offered by Widevine, which requires devices to be certified basis L1 security specifications to stream HD content. Any rendering, hardware-level decryption, decryption of videos, and content decoding at widevine level 1 is carried out within the TEE. OTT platforms like Netflix and Prime Video deliberately restrict full HD resolution playback to devices with L1 security compatibility. The main reason behind this is that L1 devices can 100% prevent screen captures initiated by mobile apps.
  2. L2 Security Level: At this level, content decoding and rendering are carried out by security hardware or a protected security co-processor. Security keys and decrypted media is not accessible to the host CPU. However, media decryption happens within TEE. It should also be noted that Widevine level 2 is not applicable for mobile devices.
  3. L3 Security Level: L3 refers to a software-only solution. At this level, only low-end hardware decryptions are carried out (without a TEE) in a software CDM. L3 offer the lowest level of security; devices with L3 security are blocked by content broadcasters for HD video playback.

Widevine DRM Compatibility with Browsers and Devices

Support across different HTML5 browsers

HTML5 browsers Widevine
MODULAR
Widevine
CLASSIC
Chrome
WINDOWS, MACOS, ANDROID, CHROME OS, LINUX
✖️
Chrome
IOS/IPADOS 13.1+
✖️ ✖️
Firefox
WINDOWS, MACOS, LINUX
✖️
Firefox
IOS 13.1+
✖️ ✖️
Microsoft Edge
WINDOWS, MACOS, ANDROID
✖️
Microsoft Edge
WINDOWS
✖️ ✖️
Microsoft Edge
IOS/IPADOS 13.1+
✖️ ✖️
Safari
MACOS, IOS 11.2+, IPADOS
✖️ ✖️
Opera
WINDOWS, MACOS
✖️
Opera
IOS/IPADOS 13.1+
✖️ ✖️
Internet Explorer 11
WINDOWS 8.1+
✖️ ✖️

Support across different mobile phones and tablets

Mobile phones & tablets Widevine
MODULAR
Widevine
CLASSIC
Android (6+) ✖️
Android (4.4 – 5.1)
Android (3.1 – 4.3) ✖️
iOS/iPadOS ✖️ ✖️
Huawei (EMUI & HarmonyOS) ✖️
Windows Phone ✖️ ✖️

Source - CastLabs

Benefits of Widevine DRM

Here's looking at the top benefits of a Widevine DRM:

  1. Top-class content protection

Widevine DRM is compatible with a host of client devices and works in conjunction with other content protection systems (multi-DRM) to protect premium content from piracy and unlawful leakage.

2. Standardized format

Since Widevine DRM supports current media containers like ISO BMFF (MP4) and WebM, you can enjoy playback of single encrypted content on any device.

3. Seamless playback support

Google Widevine has a built-in HTML5 player which offers a range of accessibility features for adaptive streaming across different client devices. An example is Google's open-source Shaka Player, which supports streaming protocols like DASH and HLS—and works synergistically with multi-DRM content systems present in modern web browsers and devices.

4. Unmatched device security

Content services can ensure top-notch device security by leveraging hardware-based solutions in decryption and rendering, which use factory-provisioned decryption key boxes and decryption videos.

Conclusion

Widevine DRM offers an unmatched experience for streaming digital content whilst preventing illegal distribution and modification of copyrighted material.

Google Widevine is one of the most widely used DRM systems across the web, alongside Apple’s Fairplay DRM—-and Gumlet supports both systems.

Subscribe to Latest Post

Don't miss out on latest article and more related posts.


Related Readings

Understanding Digital Video - Formats, Codecs, Containers

Understanding Digital Video - Formats, Codecs, Containers

This article will mainly discuss these three terms - Video formats, Video containers, and Video codecs. And how these terms are inter-connected.
Nitin Meena
Nitin Meena

29 Aug 2022 - 7 min read

LCP - What is Largest Contentful Paint?

LCP - What is Largest Contentful Paint?

Largest Contentful Paint is crucial in measuring page load performance. This blog aims to educate readers about LCP and related improvement measures.
Divyesh Patel
Divyesh Patel

9 Oct 2021 - 3 min read

How Page Speed and Image Optimization Affects Website SEO

How Page Speed and Image Optimization Affects Website SEO

Page speed and image optimization directly affect website SEO. Learn how Page Speed Affects SEO Rank and why images affect page speed. Discover the best practices to improve website page speed and how to optimize images for SEO.
Nitin Meena
Nitin Meena

8 Oct 2021 - 4 min read

Ready to get started?

Sign up and start optimizing your videos and images by up to 68% with Gumlet. No credit card is required. No credit card is required. You can also reach out to get a custom pricing estimate or to schedule a demo

Optimizing videos is hard, but
our pricing is not

Simple per-minute pricing with no hidden fees.
Pricing details

Effortlessly integrate Gumlet into your existing stack

Upload with API and set webhooks for output in minutes.
Integration guide