What is Widevine DRM?
Widevine DRM is the most widely used DRM licensing and encryption software in premium content protection. Owned and maintained by Google, it plays a key role in safeguarding your content from piracy and illegal free distribution via browsers like Chrome, Firefox, and Edge.
You may have noticed that certain Android devices or Chrome browsers do not support playback of Netflix, Disney+ videos in HD resolution (1080p or above). This is because Widevine DRM technology prevents devices with lower security compatibility from streaming high-definition content. The primary reason is to protect their content from piracy-led malicious practices which significantly impact their revenue.
Widevine DRM is compatible with devices such as Android OS phones, TVs, set-top boxes and embedded in browsers such as Chrome, Firefox, and Edge. It also supports streaming protocols like MPEG Dash and HLS.
Widevine DRM is leveraged by major OTT platforms like YouTube, Netflix, Prime Video, Disney+, Paramount+, Hulu, and more.
Widevine DRM adheres to the following standards in content protection:
- Encrypted Media Extensions (EME)
- Common Encryption (CE)
ISO/IEC 23001-7 - Common encryption in ISO base media file format files
ISO/IEC 23001-9 - Common encryption of MPEG-2 transport streams
Widevine Classic
Widevine Classic is the older version of Widevine, which is now only available across legacy devices like smart TVs and older (version 3.1 - 5.1) Android phones. A key requirement of Widevine Classic is that the content should be in the .wvm format—which is a proprietary format.
Widevine Classic is no longer supported by newer devices and services since Google introduced the modular version of Widevine.
Widevine Modular
Widevine Modular is the newest version of Widevine that is supported by all major Chromium-based browsers (with the exception of Chromium) as well as Android devices. It has a range of new specifications which make it compatible with video streaming protocols such as MPEG-DASH, HLS, and MSS. Widevine Modular also supports CMAF, CENC, and HTML5 standards such as MSE (Media Source Extensions) and EME (Encrypted Media Extensions).
How Does Google Widevine DRM Work?
Here's a brief overview of how Widevine works:
1. Encryption: The content provider encrypts the audio or video content using Widevine's encryption technology, which generates a unique key for each device and session. This encryption ensures the content cannot be viewed or played without the proper decryption key.
2. License acquisition: When a user attempts to play the encrypted content, the device requests a license from a license server. The license server verifies the user's credentials and checks the playback rules associated with the content. If the user is authorized to play the content, the license server issues a license that contains the decryption key.
3. Decryption: Once the user's device has received the license, it can decrypt the encrypted content using the key provided in the license.
4. Playback: The user can now play the decrypted content on their device. During playback, the device periodically requests additional licenses from the license server to ensure the user is still authorized to access the content. However, the Widevine DRM system may include restrictions on how the content can be used, such as limiting the number of devices that can access the content or imposing time limits on viewing.
Widevine is designed to be highly secure, using advanced encryption algorithms and secure key exchange protocols to prevent unauthorized access to the content. It is also designed to be highly scalable, supporting large volumes of content and users.
Components of Widevine DRM & How they work?
There are three key components in the Widevine DRM ecosystem:
- Widevine Cloud Licensing Service
- License Proxy Server, and
- Client Devices
Widevine Cloud Licensing Service is under the direct operation of Google. It generates a DRM license upon receiving a request from the license proxy server and sends it back to the license proxy server. Only users with organization-specific authentication can access cloud licensing services.
The license proxy server ensures compliance to user authorization and authentications with respect to the DRM license requests it receives from client devices. It then sends licenses sanctioned by the Widevine cloud licensing service back to client devices.
Client devices typically include Android smartphones, set-top box, TV, browsers like Chrome and Firefox. Widevine-supported devices are manufactured under a dedicated contract with Widevine, which allows access to the key box and CDM module.
For third-party DRM solutions providers to obtain a license proxy server and deliver Widevine licences, they must qualify for the Certified Widevine Implementation Partner (CWIP) program.
Widevine DRM Security Levels: L1, L2, L3
Before we look into Widevine's three levels of security — L1, L2, and L3 — let's briefly understand what a Trusted Execution Environment (TEE) is.
TEE is a critical segment of a primary processor that ensures that the code and loaded data are safeguarded in compliance with confidentiality and integrity standards. TEE is key to DRM since it significantly boosts security and protects the decryption keys and decrypted videos from being leaked or stolen.
Now, let's briefly look at Widevine L1, L2, and L3:
- L1 Security Level: This is the topmost level of security offered by Widevine, which requires devices to be certified basis L1 security specifications to stream HD content. Any rendering, hardware-level decryption, decryption of videos, and content decoding at widevine level 1 is carried out within the TEE. OTT platforms like Netflix and Prime Video deliberately restrict full HD resolution playback to devices with L1 security compatibility. The main reason behind this is that L1 devices can 100% prevent screen captures initiated by mobile apps.
- L2 Security Level: At this level, content decoding and rendering are carried out by security hardware or a protected security co-processor. Security keys and decrypted media is not accessible to the host CPU. However, media decryption happens within TEE. It should also be noted that Widevine level 2 is not applicable for mobile devices.
- L3 Security Level: L3 refers to a software-only solution. At this level, only low-end hardware decryptions are carried out (without a TEE) in a software CDM. L3 offer the lowest level of security; devices with L3 security are blocked by content broadcasters for HD video playback.
Widevine DRM Compatibility with Browsers and Devices
Support across different HTML5 browsers
| HTML5 browsers | Widevine MODULAR |
Widevine CLASSIC |
|---|---|---|
| Chrome WINDOWS, MACOS, ANDROID, CHROME OS, LINUX |
✅ | ✖️ |
| Chrome IOS/IPADOS 13.1+ |
✖️ | ✖️ |
| Firefox WINDOWS, MACOS, LINUX |
✅ | ✖️ |
| Firefox IOS 13.1+ |
✖️ | ✖️ |
| Microsoft Edge WINDOWS, MACOS, ANDROID |
✅ | ✖️ |
| Microsoft Edge WINDOWS |
✖️ | ✖️ |
| Microsoft Edge IOS/IPADOS 13.1+ |
✖️ | ✖️ |
| Safari MACOS, IOS 11.2+, IPADOS |
✖️ | ✖️ |
| Opera WINDOWS, MACOS |
✅ | ✖️ |
| Opera IOS/IPADOS 13.1+ |
✖️ | ✖️ |
| Internet Explorer 11 WINDOWS 8.1+ |
✖️ | ✖️ |
Support across different mobile phones and tablets
| Mobile phones & tablets | Widevine MODULAR |
Widevine CLASSIC |
|---|---|---|
| Android (6+) | ✅ | ✖️ |
| Android (4.4 – 5.1) | ✅ | ✅ |
| Android (3.1 – 4.3) | ✖️ | ✅ |
| iOS/iPadOS | ✖️ | ✖️ |
| Huawei (EMUI & HarmonyOS) | ✅ | ✖️ |
| Windows Phone | ✖️ | ✖️ |
Source - CastLabs
Benefits of Widevine DRM
Here's looking at the top benefits of a Widevine DRM:
- Top-class content protection
Widevine DRM is compatible with a host of client devices and works in conjunction with other content protection systems (multi-DRM) to protect premium content from piracy and unlawful leakage.
2. Standardized format
Since Widevine DRM supports current media containers like ISO BMFF (MP4) and WebM, you can enjoy playback of single encrypted content on any device.
3. Seamless playback support
Google Widevine has a built-in HTML5 player which offers a range of accessibility features for adaptive streaming across different client devices. An example is Google's open-source Shaka Player, which supports streaming protocols like DASH and HLS—and works synergistically with multi-DRM content systems present in modern web browsers and devices.
4. Unmatched device security
Content services can ensure top-notch device security by leveraging hardware-based solutions in decryption and rendering, which use factory-provisioned decryption key boxes and decryption videos.
Conclusion
Widevine DRM offers an unmatched experience for streaming digital content whilst preventing illegal distribution and modification of copyrighted material.
Google Widevine is one of the most widely used DRM systems across the web, alongside Apple’s Fairplay DRM—-and Gumlet supports both systems.
FAQs
1. Is Google Widevine free?
Yes, Google provides Widevine integration free of cost.
2. Does YouTube use Widevine?
Yes, YouTube and many other major platforms like Google Play, Hulu, etc., use Widevine.
3. What does Google Widevine do?
Google's Widevine DRM is a digital rights management (DRM) technology that provides content protection and secure playback of encrypted multimedia content across multiple devices and platforms.
4. How to install Widevine DRM?
To install Widevine DRM, download the installer from the Widevine website and follow the instructions. Depending on your device, you may need additional software or hardware to install Widevine. Once installed, you can access content protected by Widevine DRM.
