Buyer's Guide to DRM 2016
A simple guide through the complex landscape of multiple DRM technologies. Learn what DRM is, and how to choose and deploy the best solution for each platform.
Learn more about the companies mentioned in this article in the Sourcebook:
DRM technologies protect content from unauthorized viewing. In the not-so-distant past, streaming producers could use a single DRM technology managed by a plug-in to reach most of their target viewers. With the proliferation of playback platforms, including mobile, gaming platforms, smart TVs, and other CE devices—along with the trend away from browser plug-ins toward HTML5-based playback—most publishers will have to deploy multiple DRM technologies to reach their targets.
At a high level, choosing and deploying an appropriate DRM technology is straightforward, even though it involves several moving parts. First, you have to identify the platforms that you’re targeting and DRM technologies compatible with those platforms. Then you need to find a multi-DRM licensing partner that can supply and package the selected DRM. In some cases, you might want to offload the encryption to your encoder platform or provider. Finally, you need to make sure that your selected off-the-shelf player technology or mobile SDKs (if any) are compatible with those DRMs.
Sometimes, the licensing partner is the same as your encoding or packaging facility (such as Microsoft Azure), but sometimes they’re separate (such as Wowza Streaming Engine and BuyDRM). Sometimes your concerns cover both pay TV and streaming, and you should address all DRM concerns with a single vendor (say hello to Verimatrix or NAGRA).
Okay, so it’s not straightforward. But in this article, I’ll attempt to make it so by walking you through the decision process and introducing you to the various technologies and technology providers. Let’s start with a brief overview of what DRM actually is.
There is no precise definition of DRM; it’s what the content owner requires it to be. If you’re the content owner, you get to define the level of protection, but third-party content owners get to mandate what’s acceptable for their own content. At the very least, most content owners require encryption, which makes the content unplayable without a decryption key. However, encryption alone isn’t sufficient for most premium content distributors.
For example, one DRM technology defined in the DASH standard is ClearKey. Using this system, the decryption key can be supplied from any web server, and playback can be built directly into the browser, where the decryption key can easily be captured. This technique provides minimal security and isn’t acceptable to most content owners. Neither is the use of ClearKey for HTTP Live Streaming (HLS), which suffers from the same deficiencies.
In contrast, so-called true DRMs involve a third-party licensing server to issue the decryption keys, a secure playback environment to protect the decryption keys, and finally, content rights expressed in the license key file. True DRMs can also provide additional protection by rotating keys, syncing with a local system clock, and providing support for third-party output protection schemas.
If someone in an elevator asked you to distinguish encryption from DRM, and you had three floors to answer, you could answer: 1) separate licensing server, 2) secure player, and 3) digital rights to manage. These three aspects give you some idea as to why DRM is so complicated, and why most organizations use a third-party licensing partner.
For example, all DRM technologies have strict rules about setting up, managing, and protecting license servers, which are a major component of keeping the content secure. Even when only one DRM technology is necessary, many content distributors use third-party licensing companies rather than assuming this responsibility themselves; now that multiple DRMs are necessary to reach a broad target audience, third-party licensing partners are even more attractive.
The second point, the secure player, is best viewed in light of the transition from browser plug-ins to HTML5 playback. During the plug-in era, the Flash or Silverlight plug-in managed all communications with the licensing server in a secure environment. During the HTML5 era, the browser itself, and not the plug-in, has to function as the secure environment, which means that the secure player must be baked into the browser; it can’t be supplied after installation.
Just to make sure you have your acronyms right, the technology that makes this happen is called the Encrypted Media Extensions (EME). Using EME, browsers incorporate DRM technologies using what’s called a Content Decryption Module, or CDM.
The major browser vendors got to choose which technology to deploy within their browsers (Figure 1). Not surprisingly, the three browser vendors with DRM technologies, Google (Chrome), Microsoft (Internet Explorer and Edge), and Apple (Safari), all used their own technologies—Widevine, PlayReady, and FairPlay, respectively. Firefox chose Adobe Access (now called PrimeTime DRM), while Opera chose Widevine.
DRM support by browser (Source: castLabs DRMtoday)
So as I said, step one in this exercise is to identify all the platforms that you want to play on. If you want to play on all the major browsers using EME, which few producers actually try to do, you need to be able to support PlayReady, Widevine Modular, FairPlay, and Adobe PrimeTime DRM. Since you’ll also have to support legacy browsers that don’t yet support EME, you’ll need a backup plan, which typically means fallback to Flash, Silverlight, or Widevine Classic. For the record, Widevine Modular is the version that supports EME; Widevine Classic requires a separate downloadable player to enable browser-based playback
In the mobile realm, you have two options: browser-based playback and playback within an app. In terms of browser-based playback, the vendors remain true to form; Apple supports FairPlay in iOS 6+, Google supports Widevine Classic in Android 3+ and Widevine Modular in Android 4.3+ and iOS 7+, while Microsoft supports PlayReady in Windows Phone. Of course, apps provide much more freedom of choice. For example, Figure 2 shows the app compatibility matrix provided by BuyDRM, which enables PlayReady on all mobile devices, with Marlin, an open-standard DRM technology, on iOS and Android devices.
Using an app broadens your DRM choices on mobile platforms using third-party player/DRM Agent SDKs. (Source: BuyDRM)
In OTT, PlayReady dominates, with support in most platforms, except Apple TV, which of course supports FairPlay. Widevine is also available on most Google devices, but not Amazon Fire TV. Most smart TVs support PlayReady, with a smattering of support for Widevine and Marlin. Both Xbox and PlayStation support PlayReady, while older Sony devices also support Marlin.
Spatafore now warns people in newsgroups that they risk a visit from the FBI if they continue to download movies illegally. But few take heed.
A service provider's perspective
When it comes to digital rights management and content protection, Microsoft PlayReady and Adobe Flash Access aren't the only names in town, but they're the biggest. Here's a look at the latest features in each.
The video industry has learned from the music industry's disastrous example, and created fair rights management systems.
This session discusses the impact of EME and HTML5 and what it means for service providers and app developers. Learn the impact of mandatory hardware-based DRM protection and its impact on OEMs and content owners.
Customers can now license the four major DRM systems with one account in cloud or on-prem implementations.
How it works, the leading technologies, licensing options, business models, and pricing: This guide includes everything content owners need to know to secure their valuable assets.