Widevine DRM

Widevine DRM introduction, security and integration

Widevine DRM is a widely used DRM licensing and encryption technology owned and maintained by Google. It protects your videos from being downloaded illegally on browsers such as Chrome, Firefox, and Edge. It also protects content on devices such as Android devices, Android TV, and Chromecast. Widevine DRM is compatible with streaming by MPEG DASH and HLS.

One of the main reasons several OTT and e-learning platforms use Widevine DRM is to ensure they earn maximum revenues from their content by restricting illegal free distribution of their content due to video piracy.

Widevine Security Levels

Google Widevine DRM provides three security levels based on either the security used on hardware or software level. The three levels are Widevine L1, L2 & L3.

Before we go further into the security levels, it is important to know about TEE or Trusted Execution Environment. What TEE essentially does is that it makes sure that either of the decryption keys and decryption videos remains protected and can’t be stolen.

Widevine DRM Security LevelsWidevine DRM Security Levels

Widevine DRM Security Levels

Widevine L1

Widevine L1 is the highest level of security in Widevine. Here the security is at the hardware level. Most modern Android devices support Widevine L1 but still, there are a considerable number of devices with L3 security.

Many movie platforms like Netflix purposefully restrict full HD playback to only L1 devices. This is due to the fact that L1 devices can block screen capture with 100% security in mobile apps.

Though this decision of basing the quality of video on Widevine security level, is a sole choice of platform/content provider and there are no compulsory rules around it. Many other movie platforms and course video websites/apps provide HD playback in all security levels.

For Widevine L1, TEE does all the video decryption, decoding, and processing.

Widevine L2

In Widevine L2 only video decryption happens in TEE, while video processing happens out of TEE.

Widevine L2 is not used for mobile devices.

Widevine L3

Widevine L3 is the first level of Widevine security. L3 Devices don’t have TEE, and the protection here is only software-based. Many old phones, especially budget phones have L3. Desktop Chromium based browers also implement L3.

Google Widevine DRM Compatibility

These are the devices that support Widevine DRM playback.

  • Desktop/Laptop Chrome, Firefox, Edge Browsers (Windows Version 7 & higher)
  • Android Chrome, Edge, Firefox browsers. (Android Version 5 & higher)
  • Android App (Android Version>5). Native Apps are supported, web view apps are not well supported.
  • Android TV
  • Chromecast

How Does Widevine DRM Work?

In Widevine DRM, secure decryption is done via a series of exchanges between the Content Decryption Module and the Widevine DRM license server. The HTML5 video player acts as a mediator for these exchanges. Although, by itself, the player cannot read the encrypted license or video.

Widevine playback and key exchange.Widevine playback and key exchange.

Widevine playback and key exchange.

These are the following steps that take place to decrypt a video for playback:

  1. Video is received from the CDN or Content Delivery Network
  • When you press the ‘play button, at first your browser’s media engine will identify whether the video is encrypted or not. After identifying it, ‘initData’ or initialization data is taken by the browser and is sent to your player.
  1. Data is passed to the CDM or Content Decryption Module
  • After this, your video player sends the data to CDM.
  1. Player receives the license request from CDM
  • After receiving the data from the player, CDM creates a license request and then passes the license back to the player
  1. Widevine License server receives the request from the player
  • In the next step, the Widevine license server receives the license request from your video player..
  1. Player receives the license from server
  • Upon receiving the request, the license server sends the Widevine licence to the video player through an encrypted message.
  1. CDM receives the license from the player
  • The Player then sends the license to CDM
  1. OEMCrypto Module receives the data from CDM
  • The OEMCrypto module then receives the data from CDM and the actual decryption happens.
  1. Video player receives the video chunks from OEMCrypto Module
  • After the video is decrypted and decoded, it is then sent to your video player in small chunks. The viewer is able to play the video and security is also ensured. And voila, you get video playback on your device.

Did this page help you?