The necessity for streaming capabilities amongst the video content distributors is touching an all-time high! Both consumers and developers are racing to find and distribute the best content at their disposal. But unfortunately, this increased demand for video content is typically undermined by a lack of security around the original content. As a result, creators and distributors alike are finding themselves in position where they need to protect themselves; enter DRM technologies- what exactly are they? And how do they work?
What is DRM System?
Digital Rights Management refers to the algorithms and processes that were developed to implement copyright compliance when consuming the video content. Without DRM system, content can be easily copied, hence it is necessary in online video distribution architecture, but it is not visible to the consumer. DRM is also used offline to provide copyright protection of CDs, DVDs and BluRays. Some of the most common DRM technologies include:
- Fair play: Cipher Block Chaining encryption, the only option for Safari and only used by the Apple devices.
- Widevine: It is used on the Android devices.
- Play Ready: It is developed and maintained by Microsoft. Supported on Windows, most set-top boxes and TVs.
Currently, DRM system can be implemented both as a software or hardware solution. Irrespective of the DRM hardware or software implementation types, all the providers seeking to protect their content will see their files pass through an encryption and decryption cycle.
To start the ‘security cycle’, communications between the requesting playback software and the license server are encrypted. Each segment is encrypted according to the MPEG Common Encryption specification for ISO-BMFF, where either all content is encrypted or only subsamples, like the i-frames. The MPEG-CENC comprises of XML style formats and needs a minimum of a key and key id to run. CENC is also used for HLS if the segments are in a Fmp4 container. Standard content encryption is done according to the Advanced Encryption Standard, using 128 bit keys and a Cipher block- usually Counter Mode (CTR) or Cipher Block Chaining (CBC). Both these modes differentiate how a payload is encrypted.
It is essential to note that only the audio and video data within a segment is encrypted, but meta data is not. There are at least three types of encryption formats for video- Widevine, Fair Play and Play Ready. Their application can change based on many unique factors- having to select an algorithm that matches with the content distributor’s delivery and playback needs can bring a lot of intricacy to the DRM system implementation process. In order to enhance the security and minimize the risk of reverse engineering as a black box; debugging can be even harder on devices. The content will then be decrypted by a Content Decryption Module (CDM), which further decrypts each encrypted audio and video segment.
When any web player identifies protected content, it actually calls on process and interfaces defined by the Encrypted Media Extensions (EME), which are used in browsers to begin a license request process. License requests are created by the CDM and are passed to the player through the EME. All of the decryption work is done by the CDM; the EME is simply the interface of the module. Moreover, the sessions are also updated by the CDM when the player calls the apt function on the EME interface. The EME interfaces with the CDM at the Operating System, AND manages the decryption of the line segments. However, the EME never interfaces with the playback client application and the decrypted content is only available to the CDM.