Digital Rights Management (DRM) is a content protection framework used to prevent unauthorized access, copying, or redistribution of digital video assets. It involves encryption, licensing, authentication, and policy enforcement. Major DRM systems"Google Widevine, Microsoft PlayReady, and Apple FairPlay"are integrated across streaming platforms to secure video playback on supported devices.
DRM System Architecture
Encryption
Content is encrypted using AES-128 or SAMPLE-AES during the packaging stage. Each content stream is encrypted with a unique content encryption key (CEK), which is protected using license-specific keys exchanged between the client and license server.
Licensing
A license server issues decryption keys after authenticating the user and validating content access rights. The license payload may include playback duration, output restrictions, or content type permissions such as SD, HD, or UHD.
Playback Flow
The player first requests encrypted video segments. It then initiates a license acquisition request via the Content Decryption Module (CDM). The license server validates this request and returns the required decryption keys. The video is then decrypted and rendered securely.
Widevine (Google)
Format Compatibility
Widevine supports containers like MP4 (fMP4) and WebM, using AES-CTR or CBC encryption modes. It supports MPEG-DASH and HLS via CMAF. Key rotation is available through content encryption metadata using PSSH boxes.
Security Levels
Widevine Level 1 enables full-resolution playback with hardware-backed protection via TEE. Level 3 operates in software mode and limits playback to standard definition.
CDM Integration
Widevine integrates with browsers and Android devices through CDM. Browsers such as Chrome, Firefox, and Edge provide support via Encrypted Media Extensions (EME).
PlayReady (Microsoft)
Format Compatibility
PlayReady works with MP4 used in Smooth Streaming and MPEG-DASH with CENC. It supports AES-CBC or AES-CTR encryption.
License Models
PlayReady supports persistent licenses, subscriptions, and metered playback scenarios such as view limits or time-restricted playback.
Platform Integration
Native support is available on Windows 10+, Xbox, and the Edge browser. PlayReady is also integrated with Silverlight and UWP development APIs.
FairPlay (Apple)
Format Compatibility
FairPlay supports MPEG-2 TS and fragmented MP4 containers. Encryption is done using SAMPLE-AES. It is limited to HLS and does not support MPEG-DASH.
Key Delivery
Decryption keys are delivered using the FairPlay Streaming Key Server Module (KSM). Device authentication relies on Apple certificates and secure tokens.
Platform Integration
FairPlay works natively on Safari for macOS and iOS, and in Apple TV. Decryption is handled through the Secure Enclave or FairPlay system stack.
Interoperability and Packaging
Common Encryption (CENC)
CENC allows a single encrypted asset to be used across multiple DRM systems by associating the stream with DRM-specific pssh boxes in MPEG-DASH.
Packaging and Tooling
Multi-DRM packaging is handled using tools like Shaka Packager, AWS MediaConvert, Bitmovin Encoding, or Axinom DRM. These tools support encryption, manifest conditioning, and license provisioning.
Development Considerations
Manifest Conditioning
For HLS, FairPlay uses EXT-X-KEY tags to declare encryption. In MPEG-DASH, PlayReady and Widevine rely on ContentProtection elements embedded in the MPD.
License Acquisition Example
For Widevine, use the EME API:
video.mediaKeys.createSession().generateRequest('cenc', initData)For FairPlay:
fetch('https://license-server/fairplay', {
method: 'POST',
body: spcMessage,
headers: { 'Content-Type': 'application/octet-stream' }
})For PlayReady (using EME):
const session = mediaKeys.createSession();
session.generateRequest('cenc', initData);
session.addEventListener('message', (event) => {
fetch('https://license-server/playready', {
method: 'POST',
body: event.message,
headers: { 'Content-Type': 'application/octet-stream' }
}).then(response => response.arrayBuffer())
.then(license => session.update(license));
});