DRM frameworks for video and how to set it up in Widevine

To use DRM in a video Android app there are a couple of components needed. The first step in order to playback DRM video, is to add the copy protection (DRM scheme) so that playback cannot happen unencrypted. In order to encode an asset with DRM, you first need to decide a DRM technology. For maximum device reach, the best solution is to use a multi DRM approach, where the video is DRM encoded with different schemes, for example Widevine for Android. Encoding a video with Widevine means that each video segment that is created, can be encrypted, or only a subset of all the segments, to decrease the overhead of encrypting and decrypting all the segments while at the same time encrypting some so that playback doesn’t happen. During the encoding phase the encoding software contacts the DRM license server (in this case Widevine) with a carefully built request (which includes the content id and other relevant data) which then replies with the key that the encoding software uses to encrypt the content. Once the video has been DRM encoded, it can be played back via a player that supports DRM playback. The video player will be configured with the source URL for the manifest and also a license URL specifying the location of the DRM license server which will be contacted to obtain the license to decrypt the content. When I developed a DRM proxy server, to test the correctness of the Widevine DRM encrypted stream and license server I used the Bitmovin DRM video player which is freely available to use for testing online.

An example Widevine JSON server response to then be proxied back to the player has the following structure:

{ status: "OK",
  license: "CAISmQMKKgoQqlQ/HRzzdu2aF6Gbe7DIpRIQqlQ/+2tFu/UiEormYi4HZwJxaR+sp+ItecrtC29ou52c5QhWxPs39SzpOSDAuJSxAAJ8lp4vmi0TW+ta4U+zF6VN8rIAEaTgoQGVj96CfZXoOCHub<SHORTENED>",
  license_metadata: 
   { content_id: "MjAoNV90ZWFxcw==",
     license_type: "STREAMING",
     request_type: "NEW" },
  supported_tracks: 
   [ { type: "SD", key_id: "GVe96CfZXoOCHubvRfm+vw==" },
     { type: "AUDIO", key_id: "+culCjPPVmqptrt0+JKZkQ==" },
     { type: "HD", key_id: "6VQ5DljWVHP09fKZU7Dz1A==" } ],
  make: "Google",
  model: "ChromeCDM-Mac",
  security_level: 3,
  internal_status: 0,
  session_state: 
   { license_id: 
      { request_id: "qlQ/HRzzdu2aF6Gbe7DIxQ==",
        session_id: "qlQ/HRzzdu2aF6Gbe7DIxQ==",
        purchase_id: "",
        type: "STREAMING",
        version: 0 },
     signing_key: "357HHwLcmxxGFpY+BBnbewSViqTg5btKK+y8UdGbMuDJxnE3R2393/LzHt+iABFOA0Ad4Ti2kSAFVVvU8dAc6Q==",
     keybox_system_id: 7649,
     license_counter: 0 },
  drm_cert_serial_number: "MjMeZDNkNXFhZmM1OTQ5PTkzNmRlY2JnMDI5LGQxNGQ=",
  device_whitelist_state: "DEVICE_NOT_WHITELISTED",
  message_type: "LICENSE",
  platform: "pc",
  device_state: "RELEASED",
  pssh_data: { key_id: [ "MA==" ], content_id: "MjAxNV90ZWFycw==" },
  client_max_hdcp_version: "HDCP_NONE",
  client_info: 
   [ { name: "architecture_name", value: "x86-64" },
     { name: "company_name", value: "Google" },
     { name: "model_name", value: "ChromeCDM" },
     { name: "platform_name", value: "MacOSX" },
     { name: "widevine_cdm_version", value: "4.10.1146.0" } ],
  signature_expiration_secs: 27174574,
  platform_verification_status: "PLATFORM_SECURE_STORAGE_SOFTWARE_VERIFIED",
  content_owner: "widevine_test",
  content_provider: "widevine_test" }

You can use a DRM test proxy server to protect and decrypt content with DRM.

To create DRM video protected content suitable for Android, use Shaka packager for Widevine encryption (or FFMPEG for AES-128 encryption with Key ID and Initialization Vector):

Above an example command using Shaka packager to create a Widevine compliant DRM stream using the Widevine test data.

Check playback on a player to test a stream:

• To test with DRM protected sample DASH content (Tears of Steel) and Widevine Test Proxy you can use this player: https://bitmovin.com/demos/drm
• Tears of Steel content for the Manifest URL, use this value: https://storage.googleapis.com/wvmedia/cenc/h264/tears/tears_hd.mpd
• The test Widevine Proxy service, use this value: https://widevine-proxy.appspot.com/proxy
• If you encounter difficulties use Chrome Web Inspector and in the Network tab check the request from the player to the DRM License server and the key exchange.

DASH Manifest example to be used with DRM encrypted video

The audio and video files should be in separate AdaptationSets tags. Also, both the video and audio files are normally split into variable length segments (usually between 1 and 4 seconds long) and the file location of these segments is programmatically referenced with a progressive increasing integer. Each adaptation set can contain one or multiple Representations tags. For video the Representation tags reference the different bit rate the content is available. This is so that the video player can consume the Adaptive Bitrate stream which is most suitable depending on the context of the client, like internet connection speed and display resolution.

For example a Media Package Description file for DASH with the above defined structure for DRM is: