What Is DRM?

This is another installment in our series of "What Is...?" articles, designed to offer definitions, history, and context around significant terms and issues in the online video industry.

If you plan to distribute premium content from the major U.S. studios, you'll need to encrypt that content, which typically means that you'll have to deploy one or more digital rights management (DRM) technologies. As you'll learn in this article, while many aspects of the migration from plug-ins like Flash and Silverlight to HTML5 playback have simplified video distribution, the shift has made the DRM side much more complex, though new services and service models are available to help.

Before getting to the implementation side, let's define DRM, and see what distinguishes it from other less-sophisticated content protection schemes like simple encryption. In essence, there are four components to DRM; digital rights to manage, encryption, license management, and a DRM-enabled client.

Digital Rights to Manage—DRM technologies enable a broad range of business models, including purchase, subscription, rental, and gifting, enable playback on single and multiple platforms via streaming, downloading or sideloading, and provide playback restrictions that guard against or enable playing via HDMI outputs and the like.

Encryption—DRM technologies use encryption to protect the content prior to or during streaming, downloading or other transfer.

License management—DRMs require a DRM platform to manage the request and issuance of licenses (Figure 1). Some also incorporate domain controllers, which manage the multiple user devices that can play content under a single license, and metering servers that track usage data and total plays for royalty purposes.

Figure 1. Components of PlayReady DRM. Note that not all DRM technologies utilize the concept of domains.

A DRM-capable player—The final element of DRM is a DRM-capable player that can communicate with the DRM platform and enforce all software- and hardware-related playback restrictions. For computer and notebook playback, some DRMs use an existing plugin—like Adobe Access and Flash or PlayReady and Silverlight—while other technologies, like Google Widevine Classic, require a separate download, which is one of the reasons that Google has stopped updating this technology. As discussed in more detail later, the industry is moving from plugin-based DRM to browser-based DRM via the Media Source Extensions (MSE) and Encrypted Media Extensions (EME), where the DRM must be integrated into the browser.

On mobile devices, DRM support can come from the native browser or via a downloadable app. For example, iOS devices support Apple's DRM FairPlay via the Safari browser, but you can use other DRMs if you distribute via a custom app. Typically, Smart TVs, OTT boxes, and other consumer electronic devices have one or more DRM technologies pre-integrated into the platform.

Before getting too deep into our discussion, let's identify the major DRM technologies and companies on the periphery that provide critical DRM-related functionality.

The DRM Marketplace

Let's start with companies supplying the actual DRM, some of which we've already discussed. The main streaming-related DRM providers are:

Adobe Primetime—Adobe's DRM started its life as Access, then Adobe changed the name to Adobe Primetime DRM, but they have since reverted back to Access. Access is primarily accessed in the browser via Flash, or via HTML5 in Mozilla Firefox, but almost exclusively for companies who are also licensing the Adobe Primetime platform.
Apple FairPlay Streaming (FPS)—FPS is Apple's DRM for HTTP Live Streaming (HLS) and it works on iOS, Apple TV, and Safari on OS X. Apple licenses FairPlay to content owners and some premium platform operators. DRM Vendors can offer FairPlay encryption and licensing, but they must get a certificate from the content owner, who in turn gets it from Apple.
Google Widevine—There are two versions of Widevine: Classic, which is available only via a downloadable player, and Modular, which works with HTML5 in Google Chrome and Android Devices. As mentioned, Classic has been deprecated. Today, Modular only works with DASH, but soon may support HLS under CENC.
DivX - Now owned by Neulion, DivX has significant penetration in consumer electronics devices.
Intertrust Marlin—An open standard DRM from the Marlin Developer Community, which was founded by Intertrust, Panasonic, Philips, Samsung, and Sony. Also focused on consumer electronics devices
Microsoft PlayReady—Works with the Silverlight player on older browsers, or with HTML5 on the latest versions of Internet Explorer (on Windows 8.1+) and Microsoft Edge. Also used in the Xbox, and many other Smart TVs and OTT devices.
Veramatrix VCAS—A hybrid solution for pay TV distributors that also wish to distribute to computers, mobile, and OTT devices.

Surrounding these core DRMs are a number of distribution and technology partners/service providers. As you learned, DRM needs a licensing function, and each DRM vendor provides these functions differently—some directly, some with a network of third party value-added resellers.

Many companies also touch the DRM workflow, from on-premise and cloud encoding vendors that encrypt the content files to player vendors that help develop video players that talk to the license servers to retrieve the decryption key and play the video file. We'll look at some of these vendors and discuss how to choose a DRM technology after taking a deeper look at how DRM works.

How DRM Works

Now that we've defined DRM, let's take a quick look at how DRM technologies generally work, borrowing images from a DRM service named DRM Today. The first step is to get the encryption keys from the DRM provider or create them and upload them to the DRM platform. These are used to encrypt the video, with the decryption key and associated metadata sent to a license server accessible by the player. This encryption prevents playback of the content without a decryption key, making it safe to transport to the end user via the internet.

Figure 2. The first step in DRM is encryption. (Image courtesy of DRM Today)

For most DRMs, external products or services can perform the encryption and packaging shown in Figure 2. For example, cloud encoders like Encoding.com can communicate with a DRM platform to acquire encryption keys to encrypt and package the licensed content, as can many enterprise level encoders like Elemental Encoder, Wowza Streaming Engine, and Telestream Vantage. In addition, most DRM services provide separate encoding tools to encrypt and package your video and send the key to the DRM Platform. Once encrypted, the protected content is delivered to a web server for distribution.

When a customer plays the content, the player sends the license request to the content owners' proxy which communicates with an authentication process running on the customer's website. Once the customer's website validates the user's rights to the content, the proxy communicates with the DRM platform to create the license/decryption key which is then returned back down to the customer's proxy and ultimately to the user's player (Figure 3). In the case of content downloaded for offline playback, this verification occurs before the download as well, with any playback rights and restrictions transmitted as well.