Video Protection

8 min read

How does Google's Widevine DRM protect your Videos?

Google's Widevine DRM is a powerful tool for protecting your content. This blog dives deep into how it works, its security levels, and the benefits it offers for creators and viewers alike. Learn how Widevine safeguards your videos, empowers legitimate access, and combats illegal distribution.

Feature image
How does Google's Widevine DRM protect your Videos?

What is Widevine DRM?

Widevine DRM is the most widely used DRM licensing and encryption software in premium content protection. Owned and maintained by Google, it plays a key role in safeguarding your content from piracy and illegal free distribution via browsers like Chrome, Firefox, and Edge.

Schedule a Demo with Our Video Expert!

Discover how Gumlet can help you build a cutting-edge video streaming infrastructure.

You may have noticed that certain Android devices or Chrome browsers do not support playback of Netflix, Disney+ videos in HD resolution (1080p or above). This is because Widevine DRM technology prevents devices with lower security compatibility from streaming high-definition content. The primary reason is to protect their content from piracy-led malicious practices which significantly impact their revenue.

Widevine DRM is compatible with devices such as Android OS phones, TVs, set-top boxes and embedded in browsers such as Chrome, Firefox, and Edge. It also supports streaming protocols like MPEG Dash and HLS.

Widevine DRM is leveraged by major OTT platforms like YouTube, Netflix, Prime Video, Disney+, Paramount+, Hulu, and more.

Widevine DRM adheres to the following standards in content protection:

  • Encrypted Media Extensions (EME)
  • Common Encryption (CE)

ISO/IEC 23001-7 - Common encryption in ISO base media file format files

ISO/IEC 23001-9 - Common encryption of MPEG-2 transport streams

Widevine Classic

Widevine Classic is the older version of Widevine, which is now only available across legacy devices like smart TVs and older (version 3.1 - 5.1) Android phones. A key requirement of Widevine Classic is that the content should be in the .wvm format—which is a proprietary format.

Widevine Classic is no longer supported by newer devices and services since Google introduced the modular version of Widevine.

Widevine Modular

Widevine Modular is the newest version of Widevine that is supported by all major Chromium-based browsers (with the exception of Chromium) as well as Android devices. It has a range of new specifications which make it compatible with video streaming protocols such as MPEG-DASH, HLS, and MSS. Widevine Modular also supports CMAF, CENC, and HTML5 standards such as MSE (Media Source Extensions) and EME (Encrypted Media Extensions).

How Does Widevine DRM Work?

Here's a brief overview of how Google's Widevine works:

1. Encryption: The content provider encrypts the audio or video content using Widevine's encryption technology, which generates a unique key for each device and session. This encryption ensures the content cannot be viewed or played without the proper decryption key.

2. License acquisition: When a user attempts to play the encrypted content, the device requests a Widevine license from a license server. The license server verifies the user's credentials and checks the playback rules associated with the content. If the user is authorized to play the content, the license server issues a license that contains the decryption key.

3. Decryption: Once the user's device has received the license, it can decrypt the encrypted content using the key provided in the license.

4. Playback: The user can now play the decrypted content on their device. During playback, the device periodically requests additional licenses from the license server to ensure the user is still authorized to access the content. However, the Widevine DRM system may include restrictions on how the content can be used, such as limiting the number of devices that can access the content or imposing time limits on viewing.

Widevine is designed to be highly secure, using advanced encryption algorithms and secure key exchange protocols to prevent unauthorized access to the content. It is also designed to be highly scalable, supporting large volumes of content and users.

How does Widevine DRM work?

Components of Widevine DRM: How do they work?

There are three key components in the Widevine DRM ecosystem:

  1. Widevine Cloud Licensing Service
  2. License Proxy Server, and
  3. Client Devices

Widevine Cloud Licensing Service is under the direct operation of Google. It generates a DRM license upon receiving a request from the license proxy server and sends it back to the license proxy server. Only users with organization-specific authentication can access cloud licensing services.

The license proxy server ensures compliance to user authorization and authentications with respect to the DRM license requests it receives from client devices. It then sends licenses sanctioned by the Widevine cloud licensing service back to client devices.

Client devices typically include Android smartphones, set-top box, TV, browsers like Chrome and Firefox. Widevine-supported devices are manufactured under a dedicated contract with Widevine, which allows access to the key box and Widevine CDM module.

For third-party DRM solutions providers to obtain a license proxy server and deliver Widevine licences, they must qualify for the Certified Widevine Implementation Partner (CWIP) program.

Widevine DRM Security Levels: L1, L2, L3

Before we look into Widevine's three levels of security — L1, L2, and L3 — let's briefly understand what a Trusted Execution Environment (TEE) is.

TEE is a critical segment of a primary processor that ensures that the code and loaded data are safeguarded in compliance with confidentiality and integrity standards. TEE is key to DRM since it significantly boosts security and protects the decryption keys and decrypted videos from being leaked or stolen.

Now, let's briefly look at Widevine Levels, L1, L2, and L3:

  • L1 Security Level: This is the topmost level of security offered by Widevine, which requires devices to be certified basis L1 security specifications to stream HD content. Any rendering, hardware-level decryption, decryption of videos, and content decoding at widevine level 1 is carried out within the TEE. OTT platforms like Netflix and Prime Video deliberately restrict full HD resolution playback to devices with L1 security compatibility. The main reason behind this is that L1 devices can 100% prevent screen captures initiated by mobile apps.
  • L2 Security Level: At this Widevine level, content decoding and rendering are carried out by security hardware or a protected security co-processor. Security keys and decrypted media is not accessible to the host CPU. However, media decryption happens within TEE. It should also be noted that Widevine level 2 is not applicable for mobile devices.
  • L3 Security Level: L3 refers to a software-only solution. At this Widevine level, only low-end hardware decryptions are carried out (without a TEE) in a software CDM. L3 offer the lowest level of security; devices with L3 security are blocked by content broadcasters for HD video playback.

Widevine DRM Compatibility with Browsers and Devices

Support across different HTML5 browsers

HTML5 browsers Widevine
MODULAR
Widevine
CLASSIC
Chrome
WINDOWS, MACOS, ANDROID, CHROME OS, LINUX
✖️
Chrome
IOS/IPADOS 13.1+
✖️ ✖️
Firefox
WINDOWS, MACOS, LINUX
✖️
Firefox
IOS 13.1+
✖️ ✖️
Microsoft Edge
WINDOWS, MACOS, ANDROID
✖️
Microsoft Edge
WINDOWS
✖️ ✖️
Microsoft Edge
IOS/IPADOS 13.1+
✖️ ✖️
Safari
MACOS, IOS 11.2+, IPADOS
✖️ ✖️
Opera
WINDOWS, MACOS
✖️
Opera
IOS/IPADOS 13.1+
✖️ ✖️
Internet Explorer 11
WINDOWS 8.1+
✖️ ✖️

Support across different mobile phones and tablets

Mobile phones & tablets Widevine
MODULAR
Widevine
CLASSIC
Android (6+) ✖️
Android (4.4 – 5.1)
Android (3.1 – 4.3) ✖️
iOS/iPadOS ✖️ ✖️
Huawei (EMUI & HarmonyOS) ✖️
Windows Phone ✖️ ✖️

Source - CastLabs

Benefits & Challenges of Widevine DRM

Benefits of Widevine DRM

Here's looking at the top benefits of a Widevine DRM:

  1. Top-class content protection: Widevine DRM is compatible with a host of client devices and works in conjunction with other content protection systems (multi-DRM) to protect premium content from piracy and unlawful leakage.
  2. Standardized format: Since Widevine DRM supports current media containers like ISO BMFF (MP4) and WebM, you can enjoy playback of single encrypted content on any device.
  3. Seamless playback support: Google's Widevine DRM has a built-in HTML5 player which offers a range of accessibility features for adaptive streaming across different client devices. An example is Google's open-source Shaka Player, which supports streaming protocols like DASH and HLS—and works synergistically with multi-DRM content systems present in modern web browsers and devices.
  4. Unmatched device security: Content services can ensure top-notch device security by leveraging hardware-based solutions in decryption and rendering, which use factory-provisioned decryption key boxes and decryption videos.

Challenges of Widevine DRM.

Here's looking at the challenges of a using Widevine DRM:

  • Cost: Implementing and maintaining Widevine DRM can be expensive, especially for smaller providers.
  • Complexity: Implementing and managing Widevine can be complex, requiring technical expertise and ongoing maintenance.
  • Interoperability issues: Widevine might not be compatible with other DRM systems, limiting content reach across different platforms.
  • Battery drain: Decrypting DRM-protected content can consume more battery life on devices.

Comparison of Widevine DRM with other DRM solutions

Feature Widevine DRM PlayReady FairPlay
Provider Google Microsoft Apple
Cost Varies depending on usage Free for non-commercial use, licensing fees for commercial use Free for Apple devices, licensing fees for non-Apple devices
Device compatibility Broad compatibility Primarily Microsoft devices and platforms Apple devices and Safari browser
Security Considered secure, but vulnerabilities exist High level of security High level of security
Offline playback Supported with limitations Supported Supported
Ease of use Moderately easy to set up More complex setup Complex setup
License Proprietary Proprietary Proprietary

How do you set up Widevine DRM for your videos?

Setting up Widevine DRM for your videos involves several steps and requires technical expertise. Here's a general overview of the process, but consulting with a video drm expert is important for proper implementation. Here are the steps to set it up for your videos:

1. Obtain a Widevine license:

  • You must register with Google Widevine and obtain a license to use their DRM technology. This involves a fee and requires meeting specific eligibility criteria.

2. Prepare your content:

  • Your video content must be encoded in a format compatible with Widevine DRM, such as H.264 or VP9.
  • You'll also need to generate encryption keys and prepare a content manifest file containing information about your video and DRM configuration.

3. Choose a DRM integration method:

  • There are several ways to integrate Widevine DRM into your video workflow, such as using:
    • A DRM packaging tool: This software prepares your video content and generates the necessary DRM elements.
    • A DRM server: This server handles license requests from playback devices and delivers decryption keys.
    • A cloud-based DRM solution: This provides a complete DRM solution with packaging, licensing, and security features. Gumlet can easily help you integrate Widevine with your videos.

4. Configure your playback environment:

  • You need to configure your video player or streaming platform to support Widevine DRM playback. This involves integrating a Widevine Content Decryption Module (CDM) and setting up communication with your DRM server or cloud service.

5. Test and deploy:

  • Thoroughly test your DRM setup to ensure smooth playback and proper security.
  • Once satisfied, deploy your DRM-protected videos to your chosen platform.

Conclusion

Widevine DRM offers an unmatched experience for streaming digital content whilst preventing illegal distribution and modification of copyrighted material.

Google Widevine is one of the most widely used DRM systems across the web, alongside Apple’s Fairplay DRM—-and Gumlet supports both systems.

FAQs

Is Widevine L1 better than L3?
Yes, L1 is vastly superior. It offers higher security, HD/UHD quality, and wider device compatibility compared to L3's limited SD playback and lower security.

Does Widevine DRM affect video quality or playback?
Widevine DRM itself doesn't impact quality, but L1 certification allows higher resolutions supported by your device and streaming service.

Can I use Widevine DRM with other DRM technologies?
No, Widevine doesn't directly work with other DRM technologies. Devices need specific certifications for each.

Is Google's Widevine safe?
While generally secure, no DRM system is foolproof. L1 offers better protection thanks to its hardware-based encryption.

How to install Widevine DRM?
To install Widevine DRM, download the installer from the Widevine website and follow the instructions. Depending on your device, you may need additional software or hardware to install Widevine. Once installed, you can access content protected by Widevine DRM.

Similar readings

Share this Article:

For more such content