In this edition of the DRM Blog, we take a look at Bitmovin's State of DRM white paper from the end of last year. Download it now.
Note From Our CEO: While this white paper was created in 2018, it's such an excellent DRM resource that we wanted to share it across our network. You can download the entire white paper by clicking the "Read More" links below. Enjoy!
Special thanks to Bitmovin for allowing us to share portions of their whitepaper Digital Rights Management State of the Web 2018. A complete version of the whitepaper is available for download here: https://bit.ly/2DKzbum
What is DRM?
Digital rights management (DRM) systems provide you the ability to
control how people can consume your content. Usually content owners
and producers such as Hollywood studios and TV stations will insist that
their distributors use DRM systems to protect their content according to the
constraints of their licensing agreements.
Hollywood-grade DRM protection is not always needed, and sometimes
it’s enough to provide basic protection through token-based secure
authentication or simple AES encryption of the video without sophisticated
license exchange and policy management.
How Does It Work?
A standard workflow for DRM on the web needs encoding, packaging, playout,
and a communication mechanism to one or more license servers. In the
following sections we will describe these steps in detail.
Encoding & Packaging
From an encoding and packaging point of view there is little difference
whether the video is “just” AES encrypted or Hollywood-grade DRM
encrypted, because AES is used in both cases. The major difference is that
for Hollywood-grade DRMs, further metadata information needs to be
added in the packaging step. Hollywood-grade DRMs such as PlayReady,
Widevine, PrimeTime, and Fairplay don’t differ much on the encryption side;
they differ on the configuration features that are provided.
Multi-DRM with MPEG-CENC
Typically, each platform/browser combination supports just a single
DRM. This means that if you want to achieve maximum device reach it’s
impossible to use just one DRM. You need to use multiple DRMs in parallel.
The MPEG Common Encryption (MPEG-CENC) standard enables this in
the most efficient way as it allows key association from different DRMs
with the same video.
HLS with FairPlay
Apple doesn’t officially support MPEG-CENC and enforces the use of
FairPlay with HLS (Apple HTTP Live Streaming) on Apple devices and
Apple web browsers such as Safari. FairPlay uses SAMPLE-AES for
encryption, where only media samples are encrypted rather than the
entire segment, similar to MPEG-CENC. To cover a wide variety of devices
and platforms—including the Apple ecosystem—with DRM streams, there
is no way around the usage of both MPEG-DASH with MPEG-CENC and
HLS with FairPlay together.
If your content is MPEG-CENC multi-DRM encrypted, a player could
automatically choose the DRM that is natively supported on the given
platform to playback the content, using native apps or HTML5/JS on the web
without the need for plugins. The authentication and license acquisition will
be handled by the player through the HTML5 Encrypted Media Extensions
(EME) using the metadata that is provided with the content. If the DRM is not
supported through the EME, you can fallback to a third-party system such
as Flash and Adobe Access, if supported by the player. In native Android,
iOS and tvOS apps, the operating system provides APIs for working with
Allowing a user to download a video and play it back in an offline
environment is also an option. Currently, the playback of downloaded
content is only possible using native players and not browser based players.
The Bitmovin Video Player provides offline DRM playback where possible,
such as on Android and iOS. It provides lifecycle functions to download
specific tracks, such as different languages, qualities and the required DRM
license for MPEG-DASH and HLS assets. It further allows updating, deleting
and playback of these assets. As the DRM systems are fully integrated into
the operating systems, all Hollywood requirements are met.
The licensing server is the management backend of your DRM setup. It
allows you to create, modify, and revoke licenses for your content and users.
Licensing servers and DRMs differ in their features such as offline playback,
fine-grained policies, rights visibility for users, APIs, different payment
(subscription, purchase, rental and gifting), etc. License servers are provided
by several companies such as Irdeto, EZDRM, ExpresssPlay, or Axinom.
If DRM is a requirement for your project you should take a look at the major
DRM systems. Microsoft, Google, Adobe and Apple provide high profile
DRM systems with various features. In the end you will probably end up with
a Multi-DRM setup where you utilize several or all of these DRMs in parallel
to reach all the major devices.
Maximum Device Reach with Multi-DRM
The Bitmovin Encoding and Player solution allows you to use multiple
DRMs in parallel. This means that you encode, encrypt and package your
content once and you can playback with several different DRMs, such as
Widevine, PlayReady, etc. This is especially important if you
want to increase your device reach. Due to fragmentation in the market it
is not possible to reach all major devices with just one DRM. Therefore, you
need to use multiple in parallel which is possible as all DRM systems use
AES for encryption. If you use the same key in the different DRM systems for
the same video you just need to add additional metadata for each DRM to
this video and then it can be played back with DRM systems.
In detail it’s a little bit more complex as this needs additional logic on the
encoding as well as on the player side but Bitmovin provides you solutions
for both. What you also need for such a setup is a 3rd party Multi-DRM
provider such as BuyDRM.
The DRM market is still very fragmented and if you want to reach a
reasonable amount of the major devices you will need to use a Multi-DRM
provider. Bitmovin provides you an easy to use interface for Multi-DRM
encoding with a low friction API and excellent support. You can encode your
content once and make it compatible with all DRM systems that you want
to support. This not only decreases the storage footprint of the content,
it also makes it more efficient on the distribution side as content can be
reused more effectively.