Google’s Widevine Modular DRM enables secure distribution and protected playback of content on Android and other consumer devices. Widevine Modular DRM is the successor to Widevine Classic.
What is Widevine?
Google Widevine DRM is integrated with Google Chrome, Chromium, Firefox and Microsoft Edge, and Android-based mobile devices, STBs, and smart TVs. Licensing of premium content is enabled through integration with the hardware security and media capabilities of the device.
Widevine is also the default DRM solution for Android TV Operator Tier, which means operators can go to market without complex DRM integrations. The “other Android TV”, based on the Android Open Source Project (AOSP), can use other DRMs but may require more integration and testing.
Adaptive bitrate streaming formats that can be used include MPEG-DASH, Common Media Application Format (CMAF), and HLS. Support is also provided for standards-based Common Encryption (CENC; ISO/IEC 23001-7:2016). This offers the advantage that an encrypted file-set can be streamed to different devices regardless of the DRM they support. The benefit is a reduced need to create and store multiple file-sets.
Security under Google Widevine DRM
Widevine DRM protects content via three levels of security: L1, L2, and L3. Security level characteristics:
- Widevine DRM L1 offers the greatest level of content protection. Consequently it is usually mandated by content owners for premium content such as HD and Ultra HD. For a client device to display HD videos from a Widevine DRM secured service, it must be L1 certified.
- Widevine DRM L2 and L3 certified devices display SD-quality videos regardless of subscription plan and device capabilities.
The L1-L3 processing requirements are as follows:
- L1: To prevent unauthorized access to media files, all content processing, cryptography, and DRM policies (business rules) must be performed within the Trusted Execution Environment (TEE).
- L2 only requires that cryptography, but not video processing, be carried out inside the TEE.
- L3 applies either when the device is not equipped with a TEE or when processing is done outside the TEE. Appropriate security measures must still be taken to protect the processing within the host OS.
Android devices support either L1 or L3, depending on hardware and software implementations, as does Chrome OS. Chrome on desktops only supports L3, which means that video playback is limited to sub-HD resolutions. Only L1 certified devices may play HD or higher resolution video from Widevine DRM secured streaming services.
The Verified Media Path (VMP)
Another important aspect to consider is the Google Widevine DRM Verified Media Path (VMP). The Widevine DRM Desktop Browser Content Decryption Module (CDM) includes support for VMP, which provides a method to verify the validity of the browser framework. All Widevine DRM browser-based integrations (platforms and applications) must support VMP, but VMP support is not available for Linux platforms.
OTT operators should inform subscribers to update their browser and related components (including the Widevine CDM) to the latest version to avoid service interruption. For more details about the Verified Media Path, please refer to the related FAQ topic.
Intertrust ExpressPlay Multi-DRM Service and Widevine Modular DRM
Intertrust’s cloud-based ExpressPlay multi-DRM service enables DRM protected content playback on all common video devices. The ExpressPlay cloud license service supports Widevine L1 for hardware protection along with separate keys for the audio and video tracks. Support for both are usually mandated by rights owners for protection of premium content.
Android supports Widevine Modular DRM natively on Android version 4.4 and above. On earlier Android versions, as well as on some manufacturers’ devices, Widevine DRM is not available natively. In such cases, the ExpressPlay Binary SDK for Android can be integrated into a native application. The combination will ensure playback of DRM protected content even on devices without a native DRM.
Please refer to the DRM Compatibility matrix for an overview of supported device types. Visit our DRM FAQ for an explanation of technical concepts and terms. More information from Widevine can be obtained here.
Intertrust has amassed more than 20 years of experience in designing, developing, operating and supporting DRM solutions. The cloud-based ExpressPlay multi-DRM service enables the use of all common DRMs and client devices. The Intertrust Professional Services team consists of highly experienced staff, who will make sure each project is executed on time. Moreover, Intertrust is a member of the Certified Widevine Implementation Partner (CWIP) program.