Digitalization of media assets such as video, audio, software, images, and PDFs has challenged traditional copyright laws. Sensitive documents, video footage, premium content have a very high value than the cost incurred to create. These multimedia contents are often illegally reused, remixed, and later republished. Hence comes the need for a proper protection mechanism of digital assets. With digital storage, there is always a risk of unwanted access to your library. No one wants their files to be illegally downloaded, shared or uploaded on unauthorized networks. Distributors and asset owners now have access to a range of content protection technologies like DRM (Digital Rights Management). These technologies make your video content secure, prevent unauthorized access or downloads, watermarking, and more to make them digitally safe and secure. Even Netflix and major OTT platforms use DRM via Widevine CDM to protect their content.
Table Of Content:
- Why Video DRM, Encryption & Security are needed
- How to avail Advanced Video Security options like DRM
- What is Widevine CDM or Content Decryption Module
- How Content Decryption Module handles video encryption and security
- How Encrypted Media Extensions & CDM provides the best Video Security
- CDM Key Exchange Mechanism and Trusted Playback
- Widevine CDM or Content Decryption Module Errors
- Easiest way to Integrate Widevine DRM protection
Why Video DRM, Encryption & Security are needed
In recent years, there has been a boom in the number of e-learning video platforms and OTT mediums. These platforms rely on their premium content to generate revenue. With the rise in piracy, this content becomes freely available over the web. Anyone can access the resources without spending a penny. This results in organizations losing billions of dollars. Here arises the need for video encryption. In simple words, video encryption means the file or message is encoded in a way that an encryption key is required to access the content. This restricts unauthorized video views or downloads.
Mainly, Video encryption technologies are classified on the basis of video being live or pre-recorded. For example:
Available Video Encryption Technologies for Pre-recorded videos,
- HLS-E – HLS with AES-128
- AES- 128 Encryption
- DRM encryption (recommended)
Available Video Encryption Technologies for Live videos,
- HTML5 DRM standard
- RTMFP and RTMP(E)
How to avail Advanced Video Security options like DRM
To avail DRM security you need to first know about the available types of DRM/CDM providers. These providers are mostly tech giants like Google & Apple as they have integrations and dependencies in almost all video viewing devices and softwares. Also, Google & Apple keep releasing regular security updates as soon as they find a video security breach.
Types of CDM or Content Decryption Module respective DRM technology providers:
- Google Widevine used in Chrome, Firefox, Opera
- Apple FairPlay for Safari in Mac OS
- Adobe Primetime CDM
- Microsoft PlayReady used Edge & IE11
Now comes the part where you need to apply this technology to safeguard your videos. These tech giants provide you only will basic documentation about their APIs and implementing DRM with CDM specific dependencies can be difficult. Usually, companies like Netflix have their in-house DRM solution specific tech teams. A team is required as it is not only the DRM protection part you need to handle but also other features like adaptive bitrate and CDN distribution.
A good part here is that some media tech brands like Vdocipher provide you with a complete package of all these advanced video security features. The complete package lets you safeguard your video on all devices supported by inbuilt Google Widevine or Apple Fairplay. These packages also include Amazon AWS Server hosting with CDN distribution, Adaptive bitrate streaming for various bandwidths and multi-device support.
What is Google Widevine CDM or Widevine Content Decryption Module?
Owned by Google, Widevine is an encryption framework offering DRM solutions to secure high-quality videos and audio. With being royalty-free, Widevine delivers protected premium content at the highest possible quality. Having over 800 partners and serving 5 billion devices, Widevine is trusted by OTT networks like Netflix, HBO, Prime Videos, Hulu and more. Widevine ensures secure content delivery by preventing unauthorized downloading or copying of licensed media. It’s designed to prevent video piracy and combines encryption, license key exchange and other streaming quality features. It comes pre-installed in many browser android devices and chromium-based devices. To play DRM protected media and HTML5 videos, the browser needs the Widevine module enabled.
For Desktop/PC, Google Widevine CDM is integrated by default, ensuring a seamless user experience on DRM-requiring sites. The Widevine CDM operates within a sandbox environment, enhancing security and user privacy. Users are notified of CDM usage and retain the option to disable the CDM, although this may impair functionality on certain websites.
In Android & Apple, DRM content playback is facilitated by Android DRM and Apple Fairplay DRM framework which uses hardware-backed protection to secure premium content and user credentials. These frameworks enable Android/Apple devices to support various DRM technologies, ensuring that protected content can be securely streamed and played. The content protection provided by the DRM framework depends on the security and content protection capabilities of the underlying hardware platform. For example, L1 security level provides maximum security in comparison to L3 compatible devices.
How does Widevine CDM handle video encryption and security?
The whole process of safe playback of encrypted content hinges on two vital components: the Content Decryption Module (CDM) and the OEMCrypto Module.
A Content Decryption Module (CDM) is installed on every device designed to play encrypted content, the CDM is unique to the type of device. Its core responsibilities include:
- Detecting encrypted content during playback. Using information such as the MPD and PSSH (Protection System Specific Header), the CDM determines the DRM system to employ.
- Creating an encrypted license request. This request is initially sent to the player, which in turn communicates it to the Widevine license server.
- Handling the encrypted license information from the License Server. This information is crucial for content decryption. The CDM collaborates with the OEMCrypto Module to decrypt the content.
OEMCrypto Module is situated in the Trusted Layer of the device and integrated with the device’s hardware, this module manages the decryption process. It harnesses the encrypted license data to decrypt the media, preparing it for playback on the video stack.
Widevine CDM decrypts the video stream and links to the Widevine DRM license server. However, before the decryption and content display, a CDM file containing proprietary code requests the licenses from the Widevine license server. Let us see how this happens.
When a user sends a content stream request, the Widevine CDM receives the header request from the respective content provider. Next, the CDM utilizes the encryption method information to generate a license request to the Widevine license server. In turn, the license server sends back the license containing the content keys. The CDM then uses these content keys for content decryption, following which the user views the content.
Date | Event Description |
September 29, 2022 |
New CDM was released on the Canary channel. Google initiated the updated CDM rollout by releasing it on Chrome’s experimental Canary channel.
|
October 25, 2022 |
Chrome 107 will be released in the stable channel and will include the new CDM.
|
November 15, 2022 |
All other Chromium-based browsers like Edge or Opera for M95 and above will get the new CDM.
|
December 6, 2022 |
Older CDM versions will be revoked and deactivated and cannot be used any longer.
|
Widevine security levels, their usage and requirements:
Level of Widevine | Key Provisioning | Key Usage | Secure Hardware Requirement | Stream Path to Display |
L1 | Factory-provisioned (embedded in device) | Secure processing area for decryption | Yes (with secure bootloader) | Secured (e.g., HDCP) |
L2 | Factory-provisioned (embedded in device) | Secure processing area for decryption | Yes (with secure bootloader) | Partially Unprotected |
L3 | Factory-provisioned (embedded in device) | Device’s CPU for decryption | No (but has secure bootloader*) | Partially Unprotected |
How Encrypted Media Extensions & CDM provides the best Video Security
Encrypted Media Extensions by W3C (The World Wide Web Consortium) offer API to enable interaction of web apps with content protection systems and allow playbacks of encrypted media. Regardless of the underline protection system, EME enables the same apps and encrypted files in any browser. Standardized APIs and Common Encryption do this.
As the name suggests, EME is an extension of HTMLMediaElement specification. Being an extension, browser support is optional. The external components used in EME implementation are Key System, Content Decryption Module (CDM), License (Key) server and Packaging service. EME gets keys from the DRM license server to enable decryption while user identity and authentication is not its part. On the other hand, service providers like Netflix authenticate users and determine identity and privileges within their web apps.
Image source: w3 org
EME & CDM Technical Process Flow
- A web app like Netflix attempts playing audio or video, having one or multiple encryption streams.
- The browser now recognizes the media is encrypted (metadata of the media container file contains this information in ISO BMFF or WebM formats). Therefore, the browser and the metadata (initData) obtained from the media fire an encrypted event.
- The application now handles the encrypted event.
- When no MediaKeys object has been associated with the media element – select an available key system using the navigator.requestMediaKeySystemAccess(). Then create MediaKeys object for an available Key System using the MediaKeySystemAccess object.
- After creating the MediaKeys object, setMediaKeys() associates the MediaKeys object with an HTMLMediaElement, so that its keys can be used during playback or decoding.
- The app calls createSession() on the MediaKeys to create a MediaKeySession, representing the lifetime of a license and its key.
- The application passes the media data obtained in the encrypted handler to the CDM to generate a license request by calling generateRequest() on the MediaKeySession.
- The CDM fires a request message event to acquire a key from a license server.
- The app sends a message to the license server after the MediaKeySession object receives the message event.
- App now passes the media data obtained in the encrypted handler to the CDM to generate a license request. Then, using the update() method of the MediaKeySession, it passes the data to the CDM.
- Using the keys in the DRM license, CDM decrypts the media. A valid key needs to be used from any session within the MediaKeys associated with the media element. Indexed by Key ID, CDM will access the key and policy.
- And finally, Media playback resumes.
CDM Key Exchange Mechanism and Trusted Playback
Central to Widevine’s architecture is the principle that encryption keys never surface directly to the user. A stream’s header, sent to the client, carries minimal information about the encryption method. This data flows to the CDM installed in the user’s client or browser. The CDM, fortified with obfuscation techniques like Arxan, is pivotal for content decryption. Through the CDM, a license request is sent to Widevine’s license server. In return, the server dispatches a license containing content keys to the client, enabling the CDM to decrypt the content for user viewing.
At the heart of this process lies trust. When users access a media file or stream encrypted with a symmetric key (usually an AES-128 variant), they not only need the decryption key but also a trusted environment for playback. Modern browsers encapsulate this environment, thanks to the CDM. But who establishes this trust? The content provider. It’s paramount for content publishers to trust that the user’s system will uphold the set content usage policy, making the content accessible for, say, “48 hours only.”
This trust entails a hardware-backed Trusted Execution Environment or equivalent and a plethora of proprietary software safeguarding techniques. The software and hardware must be fortified against breaches, ensuring the decryption process and its keys are inaccessible to attackers.
Furthermore, the delivery of content keys to users incorporates a cryptographic challenge/response mechanism involving PKI. The device’s identity is verified through key requests, while the key responses are encrypted with the device’s public key. This process ensures that even if a user captures the key file, its distribution to other devices remains improbable due to unique PKI material.
Widevine CDM or Content Decryption Module Errors
There are multiple issues when you get the ‘’Widevine content decryption module’ error. Below is a complied error list with the proper fixes.
Outdated Chrome Components Widevine CDM Update or Content Decryption Module Chromium Update & download
You may face the ‘chrome components Widevine CDM update’ issue due to outdated CDM. To update, follow these steps:
- Into your chrome browser, type ‘chrome://components/.’
- In the list, go to Widevine Content Decryption Module and click ‘Check for update’.
- Refresh the page to check status as ‘Up-to-date’.
- Restart your system and try playing the video.
Widevine CDM lacks permissions – Change Chrome Permissions For Widevine CDM
This error arises when the Widevine CDM crashes or lacks complete permissions. To set the permissions, follow the below steps:
- Press Windows + R to open Run.
- In the Run dialogue box, enter ‘%userprofile%/appdata/local’. This will navigate to AppData ->Local folder of the PC.
- Now navigate to Google > Chrome > User Data
- Right-click on ‘WidevineCdm’ and go to ‘properties.’
- Under the Security tab, check whether the login has full access.
- Uncheck all the boxes under f Deny column.
- Restart the PC and update the plugin using the first method.
- Once the CDM is updated, restart the PC again.
Delete Outdated Widevine CDM Plugin Folder and Update
- Access Run by pressing Windows + R
- Follow the above steps (1-3). Right-click on ‘WidevineCdm’ and ‘Delete’.
- Open ‘Task Manager’ and select ‘Run as administrator.
- End all chrome tasks by right-clicking on Chrome related items and click ‘End task’.
- Now update the plugin using step one ( Update Widevine Content Decryption Module)
- Restart the PC after updating.
Update Widevine CDM by temporarily disabling antivirus and Firewall
Antivirus and security software like McAfee, Norton prevents plugins to update for safety reasons. So, to update the Widevine CDM, you can temporarily disable security applications and antivirus, Once updates, enable them back.
How to fix Widevine CDM or Content Decryption Module Mozilla Firefox Error
- Open Firefox and go to the right side hamburger menu.
- Select ‘Add-ons’ and go to ‘Plugins’. You will see ‘Widevine Content Decryption Module provided by Google Inc.’ if installed.
- From the three-dotted menu, select ‘Always Activate’.
- Close and open the browser.
- If the plugin is not installed, go to the menu or hamburger icon on the top of firefox and select ‘Settings’.
- Under ‘General’, navigate to ’Digital Rights Management Content’.
- Check on it to enable Firefox to download the Widevine CDM.
Fix Widevine CDM Update Error in Mac OS
- Hold the ‘Option’ key and click on ‘Go’. Then select ‘Library’.
- Now navigate to ‘Application Support’ > ‘Google’ > ‘Chrome’.
- Delete the folder named ‘WidevineCDM’.
- Type and enter ‘chrome://components’ in Chrome browser.
- Under ‘WidevineCdm’, click ‘Check for update’. Refresh the page.
Widevine CDM or Content Decryption Module Netflix Error M7701-1003
While streaming Netflix on your computer, error code M7701-1003 causes hindrance. This means ‘Widevine Content Decryption Module’ in the browser needs an update. Or, some antivirus in the computer is not allowing Widevine to update. Updating the outdated ‘WidevineCdm’ will resolve the issue.
Widevine CDM Libraries errors In Ubuntu
The browsers installed on your Ubuntu system must have installed Widevine libraries. To verify, run the following command.
- $ sudo apt install mlocate
- $ locate libwidevinecdm.so
If the output has ‘libwidevinecdm.so’, it confirms the presence of Widevine libraries.
To fix unrecognized video format errors in Ubuntu due to limited codec support, install full codecs.
- $ sudo apt install ubuntu-restricted-extras
Widevine CDM Amazon Prime Video Error 7235
The error is more of browser dependent as the app bugs are handled separately via application update via Playstore or App store. To handle the browser issues, do follow the below steps to resolve them.
- Update your Chrome web browser for desktop. Check for available updates through Settings > About Chrome.
- You will get a prompt to download and install any available updates.
- Now, In your Chrome web browser, enter chrome://components in the address bar.
- Click “Check for Update” under Widevine Content Decryption Module and install any available updates.
VdoCipher – Easiest way to get complete Widevine DRM protection
All the above security details around Widevine DRM protection, Updates and Resolutions work synchronously for the protection of your videos. It provides you with the best available protection for videos but implementing a Widevine DRM protection layer on your videos can be tricky.
At this point, media tech brand like Vdocipher takes up all the heavy loaded implementation tasks and provide you with a complete package of all these advanced video DRM security features at your fingertips. Integrations are even supported by a web interface as well as via API for technical and bulk usage. The complete package lets you safeguard your video on all devices supported by inbuilt Google Widevine & Apple Fairplay. Also, you get Amazon AWS Server hosting with CDN distribution, Adaptive bitrate for various bandwidths and multi-device support.
FAQs
How does the Widevine Content Decryption Module work?
The Widevine Content Decryption Module works by decrypting DRM-protected content so that it can be viewed in your browser.
What content has a higher value than the cost incurred to create?
Sensitive documents and Premium Video Footage.
What is the risk of unwanted access to your Video library?
Multimedia content is often illegally reused, remixed, and later republished.
Which piracy protection technology is used by distributors and asset owners?
DRM or Digital Rights Management through VdoCipher.
DRM Technology To Prevent Video Download Piracy
VdoCipher helps media and e-learning platforms to play videos on their website or app in the most secure and smooth manner. VdoCipher ensures their revenues are protected against video piracy. A combination of Hollywood-approved DRM encryption (Digital Rights Management), screen capture blocking, viewer-specific watermarking & licensing technologies ensures that videos can’t be downloaded or shared illegally from a video platform. VdoCipher serves 2000+ business customers from 40+ countries
My expertise focuses on DRM encryption, CDN technologies, and streamlining marketing campaigns to drive engagement and growth. At VdoCipher, I’ve significantly enhanced digital experiences and contributed to in-depth technical discussions in the eLearning, Media, and Security sectors, showcasing a commitment to innovation and excellence in the digital landscape.