The Changing Face of DRM: Where Do We Stand in 2015?
Digital rights management (DRM) is one of many ways to protect content from piracy and other misuse. DRM is distinct from other content protection alternatives, and in this introductory-level article I identify those differences, as well as primary DRM providers. I then discuss criteria to use when choosing among them, and describe how technologies such as the Media Source Extensions (MSE) and Encrypted Media Extensions (EME) are changing the way we acquire and deploy DRM.
Content Protection Vs. DRM
While DRM is a form of content protection, it’s only one alternative, and one used by only a tiny percentage of websites. As an example, there are thousands of websites that distribute monetized video content; the vast majority of these sites protect their content with a paywall, which prevents viewers from accessing the videos unless they purchase a subscription or otherwise pay to play.
In this schema, once the viewer gets access to the video, it’s totally unprotected; any viewer with a video downloader, such as the popular Firefox plug-in Download Helper, can download and distribute the file. This is particularly true if you’re distributing a single stream in MP4 format, which is the easiest to capture. In contrast, using adaptive formats, such as HTTP Live Streaming (HLS), HTTP Dynamic Streaming (HDS), or Dynamic Adaptive Streaming over HTTP (DASH), provides another layer of protection, because these chunked formats are inherently harder to capture and assemble. Still, anyone with access to the video may be able to grab, re-assemble, and distribute the videos.
When distributing your own content, the decision of whether to protect your video with measures beyond the paywall is a balancing act, an assessment of whether you’ll lose more in revenue than it will cost to protect your video. In most cases, organizations decide that they won’t, so they implement the paywall, and that’s it.
If you decide that you need additional protection, there are several levels that aren’t considered full DRM. For example, HLS encryption encrypts the video chunks before delivery, which means even if the chunks are captured, they can’t be viewed without a decryption key. In the HLS scheme, however, the key is often easily captured in a browser during viewing, which is one reason it’s not considered full DRM. That said, unless your content is valuable to a very broad range of viewers, it’s unlikely that a third party would go through the trouble to capture the content and key and distribute your videos.
On the other hand, if you’re setting up a service to distribute third-party content, such as Hollywood movies, you’ll be required to use one of the full DRM schemes described below. These DRM technologies encrypt the bits and provide other protections, such as the ability to prevent unprotected playback over digital connections such as HDMI. In addition, to fully monetize their content, and support the diverse viewing platforms of their customers, movie studios require DRM technologies that support a range of business models—including subscription, rental, and purchase—and allow viewers to watch the content on multiple platforms, such as computers, tablets, and consumer electronics (CE) devices. All these are features that stand-alone encryption simply can’t support.
What is Full DRM?
Let’s discuss what full DRM actually is. While there is no precise definition, there are generally four elements: digital rights to manage, encryption, license management, and a DRM-enabled client.
Digital Rights to Manage—Full DRM technologies enable a broad range of business models, including purchase, subscription, rental, and gifting; enable playback on single and multiple platforms via streaming, downloading, or sideloading; and provide playback restrictions that guard against copying via HDMI outputs and the like.
Encryption—Full DRM technologies use encryption to protect the content during downloading or other transfer.
License Management—Full DRM technologies require a server to manage the request and issuance of licenses (Figure 1). Some also incorporate domain controllers, which manage the multiple users than can play content under a single license, and metering servers which track usage data and total plays for royalty purposes.
Components of PlayReady DRM
For most DRMs, the packaging and distribution functions shown in Figure 1 can be performed by external products or services. For example, Encoding.com and other cloud encoders can communicate with licensing servers to encrypt and package the licensed content, as can many enterprise level encoders such as Elemental Server or Telestream Vantage.
In most instances, a standard HTTP web server can distribute encrypted packages, though in some cases, there are advantages to using a streaming server. One example is the DRM AddOn to the Wowza Streaming Engine, which can dynamically encrypt and package live and VOD content (Figure 2).
The DRM AddOn to the Wowza Streaming Engine adds dynamic, multiple format encryption and packaging with support from multiple vendors.
A DRM-Capable Player—The final element of true DRM is a DRM-capable player that can communicate with the license server and enforce all software and hardware-related playback restrictions. For computer and notebook playback, some DRMs use an existing plug-in— for instance, Adobe Primetime uses Flash, while Microsoft PlayReady uses Silverlight—while other technologies, such as Google Widevine and DivX, require a plug-in download. On mobile devices, most DRMs require a downloadable app created with SDKs provided by each DRM vendor, while DRM support on consumer electronics and other devices typically require some level of custom development.
As we’ll discuss later, the industry is moving toward browser-based DRM via the Media Source Extensions (MSE) and Encrypted Media Extensions (EME), so the browser become the DRM-capable player. With these technologies, it will be much simpler for content distributors to support additional platforms, and consumers shouldn’t need to download an app or a plug-in to access their content.
Meet the DRM Technologies
If you’re distributing Hollywood content, you’ll have to choose a DRM acceptable to the content owner. If you’re implementing DRM to protect your own content, you should also consider those technologies acceptable to Hollywood content owners since they’ve done all the due diligence to ensure the adequacy of each scheme. In both instances, a good place to start is with the technologies selected by the Digital Entertainment Content Ecosystem (DECE) for UltraViolet.
Support for Adobe Primetime on mobile devices requires a custom app.
According to Wikipedia, UltraViolet is a “free, cloud-based, digital rights library that allows users of digital home entertainment content to stream and download licensed content to multiple platforms and devices.” UltraViolet is deployed by DECE, which is an alliance of 85 companies including film studies, retailers, CE manufacturers, and other companies. In essence, UltraViolet ensures that once acquire the right to watch or listen to content, whether by purchase of a physical disc or download, you can consume the content on a range of devices. For example, if you buy a Blu-ray movie disc, you’d be able to pay a small extra fee and watch the movie on your smartphone or tablet. You don’t upload the movie to the cloud; it’s up there already, and by registering your purchase with UltraViolet, it’s added to your library.
Obviously, DRM is critical to UltraViolet, and DECE has approved the use of the following DRM technologies for content deployed within the system:
- Adobe Primetime DRM
- DivX Plus
- Google Widevine
- Marlin DRM
- OMA CMLA-OMA v2
- Microsoft PlayReady
Note that Apple’s Fairplay, which is used in iTunes, is not listed, primarily because Apple is not a DECE member, and because until very recently, Fairplay had never been offered for third-party use. More on this below in the EME discussion.
Choosing a DRM Technology
While there are many technical differences between the DECE-approved technologies, all are considered adequate for Hollywood content. When choosing between these technologies, this turns the analysis to more practical, business and implementation-oriented factors.
If you’re distributing third-party content, check first with the content provider for a list of approved technologies—just because it’s UltraViolet-approved doesn’t mean that a particular content owner has approved it. Next, check to make sure that your candidate technologies support the media formats you’ll be distributing. For example, if you’re distributing movies and music, it would be simpler, logistically, to use a single DRM technology for both formats. Next, make sure each technology you’re considering supports all required business models, as discussed above, as well as all required delivery models.
The CEO wants company videos shared in-house, but doesn't want trade secrets ending up on YouTube. Here's a primer on video security for the enterprise.
The 2015 OTT Superguide Is Now Available
A missing component isn't missing any longer, as Adobe promises additional browser support coming later this year.
The video industry has learned from the music industry's disastrous example, and created fair rights management systems.
DRM has no protective value. It's time to stop using it and seek out other ways to monetize online audio and video.
Companies and Suppliers Mentioned