DRM – Bitmovin

New Firefox AV1 support for Encrypted Media Extensions

Andy Francis — Thu, 30 May 2024 01:12:17 +0000

This post covers some recent updates, focusing on the new Firefox AV1 support in Encrypted Media Extensions. Bitmovin has been supporting and advocating for use of the AV1 codec for several years, even though there have been gaps in playback support preventing adoption for some workflows. Slowly but surely, those gaps are being filled and the reasons not to use AV1 are going away. Keep reading to learn more.

Firefox 125 adds support for encrypted AV1

A couple of years ago, Bitmovin began testing several different combinations of AV1 encoding, muxing and DRM support across browsers and playback devices. We were somewhat surprised to learn that even though Firefox was the first major browser to support AV1 playback, they had not implemented support for encrypted AV1 as they had for other codecs. We found there was actually an open bug/request filed 5 years ago.

Shortly after we began watching closely, there was an update…

Ouch. Once the ticket got reassigned, Bitmovin got involved and gave our feedback that for premium/studio content, this support would be needed soon. We also provided a Widevine-protected sample for them to use in testing. Fast-forward to this spring, we saw some action on the ticket and support for AV1 with Encrypted Media Extensions was officially added to Firefox 125!

This means premium content workflows can now use AV1 on all of the major desktop browsers. Apple added support to Safari last fall, including with FairPlay Streaming, but for now it’s limited to devices with AV1 hardware decoders (iPhone 15 Pro, iPad Pro, new Macs with M3 processors).

Previous Bitmovin and Firefox AV1 collaboration

Way back in 2017, before the AV1 spec was finalized, Bitmovin and Firefox collaborated on the first HTML5 AV1 playback. Because the bitstream was still under development and subject to change, Bitmovin and Mozilla agreed on a common codec string to ensure compatibility between the version in the Bitmovin encoder and the decoder in Mozilla Firefox. It was made available in Mozilla’s experimental development version, Firefox Nightly, for users to manually enable.

Even earlier in 2017, Bitmovin demonstrated the first broadcast quality AV1 live stream at NAB, winning a Best of Show award from Streaming Media Magazine.

Other recent AV1 playback updates

Android adds dav1d decoder

In March 2024, VideoLAN’s “dav1d” became available to all Android devices running Android 12 or higher. Apps need to opt-in to using AV1 for now, but according to Google, most devices can at least keep up with software decoding of 720p 30fps video. YouTube initially opted to begin using dav1d on devices without a hardware decoder, but may have reverted that decision, likely due to battery concerns on phones. For plug-in Android devices, dav1d is still a great option and a welcome addition to the ecosystem.

iPad Pro gets AV1 playback support with M4 processor

In early May 2024, Apple continued their march toward full AV1 support with the announcement of their new M4 chip, which will power the new iPad Pro. The Media Engine of M4 is the most advanced to come to iPad, supporting several popular video codecs, like H.264, HEVC, and ProRes, in addition to AV1.

Ready to get started with AV1?

Bitmovin has added AV1 codec support to our Per-Title and 3-pass encoding optimizations and made AV1 encoding available in our dashboard UI, so now you can perform your first AV1 encode without any code, API calls, or configuration necessary! Bitmovin’s AV1 encoding has supported DASH streaming together with Widevine content protection for a long time, but we’ve now also added support for fMP4 in HLS playlists together with FairPlay content protection to take advantage of Apple AV1 support for premium content. It’s also available in our free trial, so there’s never been a better time to check it out and begin taking advantage of the bandwidth savings and quality improvements that AV1 can provide.

Website: Bitmovin’s AV1 hub

Blog: State of AV1 Playback Support

Blog: Everything you need to know about Apple’s AV1 Support

Blog: 4K video at SD bitrates with AV1

The post New Firefox AV1 support for Encrypted Media Extensions appeared first on Bitmovin.

The Ultimate Guide to HTML5 Video Players [2024]

Adam Massaro — Thu, 07 Dec 2023 14:32:29 +0000

Developers know that a lot goes into video streaming. The content must be produced, encoded, transcoded, and distributed globally. For this reason, delivering seamless over-the-top (OTT) video experiences often requires piecing together a handful of technology components. The addition of a paywall or ads to monetize the content only complicates this further.

For viewers, though, the process is simple. Simply press play and voilà. As far as end users are concerned, the HTML5 video player is the only piece of the streaming tech stack that matters.

Video players act as the face of streaming platforms, giving viewers control over what they watch, which devices they watch it on, and when the content plays. Players also tie everything together. All viewer requests to control video playback originate from the media player, making player API access critical to the entire workflow.

In this Ultimate Guide to HTML5 Video Players, we cover what to look for when choosing a player, when to go with a free or open-source option vs. a premium paid solution, and the best HTML5 video players to build on top of in 2024.

What is an HTML5 video player?

HTML5 video players are the online interfaces through which viewers access, control, and view streaming content. The FuboTV video player that pops up on subscribers’ smart TV and the ClassPass player that participants use to stream fitness classes on their mobile devices are both examples of this.

ClassPass HTML5 Video Player

Because streaming devices now take many different forms, HTML5 video players ensure a consistent experience no matter what screen the content is being consumed on. Online video players also add additional functionality to the viewing experience — such as content recommendations and call-to-action buttons.

History of HTML5 video players

First, there was Flash

Let’s zoom in on the HTML5 part of the HTML5 video players. Back in the day of HTML4, platform developers needed plugins to embed audio and video content into web pages. This is when Adobe Flash Player reigned supreme. Because native video playback wasn’t possible, more than 98% of browsers had Flash installed.

But this changed as the internet became more open. This first draft of HTML5 was published in January 2008, making browser-based multimedia support a possibility. Shortly thereafter, Steve Jobs published his infamous Thoughts on Flash, making it known that Apple’s products would never support Flash as a means to play video.

Jobs explained:

“[We] strongly believe that all standards pertaining to the web should be open. Rather than use Flash, Apple has adopted HTML5, CSS and JavaScript — all open standards…

Adobe has repeatedly said that Apple mobile devices cannot access “the full web” because 75% of video on the web is in Flash. What they don’t say is that almost all this video is also available in a more modern format, H.264, and viewable on iPhones, iPods and iPads. YouTube, with an estimated 40% of the web’s video, shines in an app bundled on all Apple mobile devices, with the iPad offering perhaps the best YouTube discovery and viewing experience ever. Add to this video from Vimeo, Netflix, Facebook, ABC, CBS, CNN, MSNBC, Fox News, ESPN, NPR, Time, The New York Times, The Wall Street Journal, Sports Illustrated, People, National Geographic, and many, many others. iPhone, iPod and iPad users aren’t missing much video.”

Then came the push for plugin-free video technologies

As a result of this memo, companies like Netflix began working on several HTML5 Premium Video Extensions to power a plugin-free future of video streaming. This was important: While HTML5’s support for and tags was a welcome addition, this still didn’t natively support live and on-demand streaming within the browser. Specifically, the video element lacked the video controls users need to stream videos, as well as the logic to switch between different renditions to avoid buffering.

As such, web developers needed a way to control how streaming video would load and play when embedded on a webpage. HTML5 also had limitations around digital rights management (DRM), subtitle switching, and including multiple audio files so industry leaders worked to lay the groundwork for browser-independent player technology with standards like Media Source Extensions (MSE).

This made it possible to move away from proprietary media players like Flash and Silverlight. But the online video world still needed a player technology to tie it all together.

The HTML5 video player became the future of streaming

Once HTML5 became a standard, OTT platforms quickly made the move to HTML5 video players. Netflix, YouTube, and our team at Bitmovin helped drive this transformation.

While Netflix and YouTube built their own proprietary media players from the ground up, we at Bitmovin launched our HTML video player to make it easy for platform developers to stream content to their audiences.

The Bitmovin website and online video player circa 2016

Since then, organizations ranging from Periscope to fuboTV have built their platforms using our media player. And today, HTML5 video players like ours are the reason why video experiences are prevalent and seamless on every device.

“Bitmovin gives us greater control over the video player than any other player in the market. We were able to get our implementation to production with markedly better experience than our previous player. We’re looking forward to exploring more ways to work together.”

– Sung Ho Choi (Co-founder, fuboTV)

Benefits of video streaming with an HTML5 video player

HTML5 video players aren’t just a necessity to embed videos onto websites. They’re also key to delivering flawless viewer experiences. Ensuring playback quality on any screen is a key benefit of media players. Beyond that, though, web video players offer additional capabilities that boost viewer engagement.

Here’s a look at the key benefits of video players for content providers and viewers:

Scalable delivery. HTML5 video players enable content distributors to build cross-platform experiences that power online video streaming on a wide range of devices and browsers. Whether your viewers are on a desktop computer, smartphone, tablet, or smart TV, video players help you overcome compatibility issues.
User-friendly interface. We’ve all come to expect intuitive digital experiences. With the right online video player, you make it easy for viewers to interact with your content using video controls. The play button, pause button, volume adjustment, seek bar, and different modes like full-screen all enhance the user experience.
High-quality playback. Intelligent video players ensure smooth and uninterrupted playback with adaptive bitrate streaming. Called ABR, this technology allows the video content to adapt on the fly based on each user’s bandwidth and device resources. For instance, if a viewer’s internet connection changes for the worse, the player can downgrade video quality — thus reducing buffering and disruptions.
Accessibility. Video players ensure that your content is accessible to the largest audience possible with features like closed captions, subtitles, and multiple audio tracks. This also helps with compliance.
Interactivity. Whether you’re looking to build low-latency live streaming experiences or want to display 360° video with VR, today’s video players make the internet more interactive by supporting these capabilities.
Enhanced engagement and personalization. Content recommendations are now a standard part of video consumption. But that’s not the only way a web video player can boost engagement. OTT fitness platforms like ClassPass integrate information about the viewer’s performance and heart rate into the video content to create fully personalized experiences.
Content monetization. Whether the platform you’re building uses ad-based monetization, subscription-based, or a combination of both, video players make monetization possible. Support for DRM, client-side and server-side ad insertion (CSAI and SSAI), and even static overlays help achieve this.
Content and audience insight. Because most streaming workflows are made up of disparate systems and vendors, it can be difficult to pinpoint the source of streaming issues and drill into the user experience. But video players that also offer analytics make it easy to troubleshoot errors and gain actionable insight into viewer behavior.

How to choose an HTML5 video player: 10 Key features

The sheer number of open-source and proprietary video players out there can make it difficult to select the right one. The feature sets vary with each provider, so we’d recommend considering the following to help narrow down your options.

Integration effort

The ease of integrating an online video player into your workflow will significantly impact your development timeline and the associated costs. Teams looking to get their services to market fast should pick a solution with developer tools to make it easy to embed the HTML5 player into their application.

Look for a video player that provides:

API documentation
Dedicated software developer kits (SDKs)
Support for popular programming languages
Development guides
Code samples
Community forums
24/7 technical support
Automated testing solutions

Launching cross-platform video experiences is already complex. So any opportunity to simplify things will speed up time to market — which translates to new subscribers and reduced churn. You’ll also want to find an online video player with preset configurations for different use cases to minimize headaches when your dev team is getting started.

Customization

Your video player is a primary customer touchpoint. So your brand’s identity needs to shine through it. As such, you should look for an HTML5 player that allows extensive customization over the user interface (UI).

The ability to adjust the appearance, control buttons, and add interactive elements will help maintain your branding and deliver the differentiated experience you’re aiming to build. Additional playback features like preview thumbnails and variable playback speeds only further enhance your UI.

That said, when speed-to-market is a priority, you don’t want to start from scratch. Finding a flexible HTML5 video player that can be tweaked without having to build the entire UI is a great middle ground.

Device and browser coverage

Don’t lose sight of all the devices that we stream content on today. Smart TVs, set-top boxes, gaming consoles, web browsers, and smartphones all have different requirements. For this reason, you’ll want to find a web video player that’s compatible with a variety of devices and browsers to maximize your audience.

HTML5 video players with frequent releases are better equipped to support the many devices out there. You’ll also save a ton of time if you go with a video player that offers dedicated SDKs for individual devices.

Performance

When evaluating different media players, you should demand more than just smooth streaming. The performance of a video player is also defined by things like fast video startup time, seamless source switching, and seeking.

Here’s a closer look at each:

Startup time: You want to ensure immediate playback without any perceived delay when your viewers click play. Why? It’s simple. The longer a viewer has to wait for video assets to load, the more likely they are to tune out.
Seeking: Not only do today’s viewers lack patience, they also demand full control. The time it takes for video content to resume playback after the user jumps to a random position in a timeline should also be a consideration when comparing video players.
Source switching: Finally, you’ll want to make it easy for users to switch between channels. With the rise of FAST channels, this is critical for OTT providers looking to recreate the experience of linear TV over cable.

See how Bitmovin Player compares to leading open-source video players in terms of these metrics in this blog.

DRM support

Digital rights management (DRM) is essential to protect your video content from unauthorized access — especially if you’re distributing premium shows and movies to subscribers. DRM technologies encrypt the video files and control access to decryption keys. When users attempt to access the content, the HTML5 video player communicates directly with the DRM server to confirm that the license is valid. Once the license is authenticated, the video player obtains the decryption key, granting access to play the content securely.

You’ll want to double-check that the HTML5 video player you select supports industry-standard DRM technologies like Widevine, PlayReady, FairPlay, and Adobe Primetime.

“DRM is often framed as a suite of technologies for protecting against content piracy, but its role is much broader than that. DRM is at the heart of the revenue side of a streaming services business, ensuring that an operator can set up a series of business rules that permit different viewing rights at different price points or monetization models.”

– Olga Kornienko (COO & Co-founder, EZDRM)

Advertising support

If you’re monetizing your video content with ads, you’ll want to make sure that they render in an efficient and high-quality manner. Support for the ad formats you’re using, seamless integration with ad partners, and flexibility for different types of ads (pre-, mid-, and post-roll; overlays; increasingly interactive formats, etc.) are all key capabilities to look for.

According to our annual Video Developer Report,server-side ad insertion (SSAI) and client-side ad insertion (CSAI) are both prevalent in the video streaming industry. Not all online media players support the latter, so that’s something to take into account if you’re implementing CSAI.

What ad architecture are you using today?

Video Developer Report : What ad architecture are you using today?

It’s also a good idea to keep an eye on ad performance. Because OTT advertising is often purchased in terms of cost per 100 impressions, measuring this is crucial. Impressions, click-through rates, and quick load times all indicate a good viewer experience. Better ad performance leads to more revenue, so you’ll want a video player that pre-integrates with an analytics tool for insight into these metrics.

Adaptive bitrate (ABR) playback

One of the key benefits of HTML5 players is the ability to dynamically adapt the content based on each individual viewer’s device and internet speed. Called adaptive bitrate streaming or ABR, this is why you sometimes notice a stream you’re watching switch from fuzzy to sharp in a matter of seconds.

While content must be encoded and prepared to enable ABR, the video player plays a crucial role. As shown in the diagram above, ABR players switch between different video renditions as connectivity changes. Users with poor connections get an uninterrupted experience despite resource constraints; whereas those with speedier connections enjoy the highest-quality file available.

Subtitle and audio tracks

Subtitles and multi-audio tracks aren’t just for accessibility. Many viewers prefer to consume video content with closed captions today. And delivering the flexibility for viewers to enjoy your content in their preferred language is a no-brainer.

For this, you’ll want to look for an online video player that lets viewers instantaneously switch to alternate audio tracks and toggle through subtitle options during playback.

Third-party integrations

Consider the player’s compatibility with third-party tools and services. Whether you need analytics capabilities, interactive overlays, or content security solutions, ease of integration with your favorite tools should be a key criterion when researching video players.

Finding an HTML5 player with an extensive partner network will also accelerate the time to market. And beyond just speeding up your deployment, these integrations can help offset development costs.

Testing and analytics

A reliable HTML5 video player is essential for ensuring a high-quality viewing experience. Unfortunately, when it comes to streaming, content distributors often fail to catch errors until it’s too late.

The best tactics for preventing errors are testing in advance and monitoring in real time. For that, you’ll want to look for a video player that integrates with testing and analytics solutions. At Bitmovin, we developed Stream Lab to ensure the quality of experience (QoE) when using Bitmovin Player, and also offer Bitmovin Analytics for additional insights for error debugging and quality of experience improvements.

Free and open-source vs. paid video players

When building an OTT platform — or any software application — the consideration between free and open-source vs commercial tech is bound to pop up.

And here at Bitmovin, we’re major proponents of an open internet. Our CTO Christopher Mueller co-created the open MPEG-DASH standard as an alternative to proprietary technologies, and he regularly contributes to open-source tools.

Open-source video players make it possible to build bespoke end-user experiences nearly from scratch. But that means a bigger time investment, not to mention a burden on in-house resources.

Both free and paid video players have their advantages. So the right choice comes down to your unique requirements. Here’s a quick side-by-side of how the two compare.

Open-Source Video Players	Commercial Video Players
Free to use and deploy.	Purchased on a pay-as-you-go basis, as a subscription, or as part of a custom plan.
Supported by a large community of independent developers.	Comes with dedicated technical support, SLAs, and developer tools.
More flexibility.	Better performance.
Can be modified and customized limitlessly.	Minimal code is required to deploy essential use cases.
May lack out-of-the-box capabilities and integrations.	Often comes with dedicated integrations with third-party tools and partners.
Contributor-built plugins allow additional functionality.	Has a more extensive feature set built in.
Must be maintained.	Maintained and hosted by a dedicated team.
Bigger drain on in-house resources and timelines.	Frequent releases help developers stay ahead of industry trends.

What’s more common: open-source vs. commercial video players

In this year’s Video Developer Report, we saw a dramatic increase in the number of participants choosing to build an in-house HTML5 video player with open-source code. We also learned that 25% of development teams spend 7+ days each month maintaining their video player solution.

How many hours per month does your development team spend on maintaining your video player solution?

And this is really at the crux of the consideration between an open-source and a commercial video player. While builders love extensibility, businesses often require turnkey solutions that can be deployed quickly.

Luckily, though, it’s not always an either/or consideration. We’ve been enhancing the Bitmovin Player to deliver both speed and the flexibility to create your own solution.

Our Lead Engineer Tom Macdonald explains:

“in order to allow our customers to support their own use cases, we will be releasing an open-source plug-in template. This template will enable our clients, partners, and developer community to create their own plug-ins for Player Web X and enhance their service to achieve an optimal and unique viewer experience. This is particularly powerful for teams that want to have the flexibility of an open-source web player with the performance and stability of a commercial player.”

Let’s dive into some of the other areas to evaluate in the buy vs. build debate.

Evaluating Quality of Experience (QoE)

Insight into the quality of experience (QoE) is crucial when delivering OTT video. Plus, your video streaming platform’s data belongs to you, so it should be easy to access. Unfortunately, though, QoE monitoring can be a challenge when using open-source video players. Most lack out-of-the-box integrations with video analytics solutions, and it’s often difficult to test how streams will perform on real devices.

Measuring ROI of your online video player

Infrastructure investment, development costs, maintenance expenses, content performance, and user retention all affect your bottom line. For this reason, you should find an online video player that makes it easy to cut costs across the streaming pipeline.

Open-source HTML5 video players lacking pre-integrations or technical support can eat into profits. Afterall, both time-to-market and ongoing maintenance impact the total cost of ownership (TCO).

When comparing the Bitmovin Player with open-source HTML5 video players, it’s clear that proprietary video players deliver cost savings both in the short- and long-term.

TCO Comparison: Building a website with video using open-source vs. Bitmovin

Video player security issues

Open-source software can present security risks ranging from vulnerabilities to targeted attacks. Because the code of these HTML5 video players is inherited from a community of contributors, there’s less organization and standardization to how new features are added.

As such, companies relying on open-source applications are more vulnerable to attacks. If you do go the open-source route, proper implementation and maintenance are necessary safeguards.

Video player software development kits (SDKs)

Video player SDKs make it easy to deploy your solution on different devices, ensuring flawless playback on every screen. This helps organizations reach additional viewers with ease and can save hundreds of hours of development time.

Commercial HTML5 video players with SDKs also provide access to the latest features in their code set — ensuring a unified viewer experience regardless of how your audience streams the content.

With open-source HTML5 video players like Shaka Player, SDKs to ensure native playback on different devices are limited. This leaves engineering teams open to development issues and setbacks.

Branding and customizing your video player

Open-source HTML5 video players can be branded and customized, but it’ll require more effort than a paid solution with easy-to-configure UI styling. Additional support for branding elements like overlays is also hard to come by, and many open-source players lack the breadth of codec and protocol support that HTML5 video players like Bitmovin deliver.

When is an open-source video player the best option?

If you’re unwilling to spend money on your media player or need limitless flexibility, then open-source may be the way to go. Just know that launching your solution and customizing the HTML5 video player will take time and effort on your part — and your TCO will likely be higher.

Here are a couple of scenarios where opting for an open-source HTML5 video player may be the right choice:

Flexibility requirements:

Scenario: Your development team requires extensive customization and wants to modify the player’s code to meet specific requirements.
Reasoning: Open-source HTML5 video players provide the flexibility to tailor the experience to your unique use cases and requirements — assuming you have the time and money to invest.

Budget constraints:

Scenario: Your project has budget constraints, and you’re unable to make any HTML5 video player investments upfront.
Reasoning: Open-source players are generally free to use and deploy, making them an attractive option when financial resources are limited.

Bonus: A look at Bitmovin Video Player

Bitmovin Player ensures the highest-quality video experiences across the most devices and platforms on the market. Our HTML5 video player is flexible and easy to deploy, with dedicated SDKs for every device imaginable.

Bitmovin Player can be used for any monetization model (SVOD, AVOD, FAST, and HVOD) and it can be easily deployed on any device. It offers DRM, optimal adaptive bitrate streaming settings, UI design, and quick integration with a vast ecosystem of OTT streaming tools.

For ad-supported streaming, the Bitmovin Player supports server-side and client-side ad insertion (SSAI and CSAI) and can be integrated with any ad server using standard formats like CAST, VPAID, IMA, and VMAP. It’s also easy to create different types of ads with code examples — whether overlay, interactive, or clickable.

Bitmovin Player Advertising Capabilities

What’s more, with the Bitmovin Player, streaming platform developers gain access to a full suite of OTT infrastructure solutions for live and VOD encoding, streaming analytics, and more. Bitmovin’s products provide API coverage and full SDKs across the workflow, making it easy for anyone to build an end-to-end streaming solution. Plus, relying on a single vendor for multiple video streaming capabilities helps eliminate complexity and maximize value.

The Bitmovin Player can be customized to a T — providing a unique branded experience to your audience. In addition to adjusting the styling and adding preview graphics, you can apply CSS styles to its video player controls, progress bars, and overlays. Our HTML5 video player also enables additional functionality like Chromecast, fast channel switching, and picture-in-picture.

Bitmovin’s HTML5 Player

Finally, the Bitmovin Player is supported by documentation, a global community, and a team of video experts — helping to guide developers through integration, upgrades, and optimizations.

Key features:

Support for HLS, MPEG-DASH, Low-Latency HLS, and low-latency CMAF for DASH.
Out-of-the-box integration with Bitmovin Analytics.
Supports a variety of video and audio codecs, including H.264, H.265/HEVC, VP9, AAC, and MP3.
Multilanguage audio and subtitles.
SLAs and support from video experts
Displays 360° video with VR, 4K, and 8K.
Casting support.
Offline playback.

Compatibility:

The Bitmovin HTML5 Video Player is a highly versatile media player that’s compatible with a wide range of platforms, devices, and browsers, including:

Web browsers: Chrome, Firefox, Safari, Edge, Opera, and Internet Explorer
Mobile devices: iOS (iPhone, iPad), Android (smartphones, tablets), and Windows Mobile
Smart TVs: Samsung Tizen, LG WebOS, Android TV, Apple TV, Hisense, and Vizio
Game consoles: PlayStation 4, PlayStation 5, Xbox One, and Nintendo Switch

Pros:

Pre-integrated support for countless gaming consoles, Smart TVs, consoles, browsers, and mobile devices.
A wide range of features to make it easy to get started and integrate into your workflows.
Reduces the need for obligatory player maintenance and architectural updates.
Over 1000 player tests performed on real devices daily to ensure stability.
Extensive advertising and monetization capabilities.
Patent-pending low-latency ABR algorithm to ensure broadcast-like latency in the highest quality possible.
Supported by Stream Lab testing and Birmovin Analytics to guarantee quality.
200+ customizable features and partner integrations to tailor the player to any use case.
Frequent releases ensure device support and feature compatibility.
Up-to-date product roadmap.

Cons:

After 10k free impressions per month, the pay-as-you-go plan charges $1.5 for every additional 1k impressions.

Conclusion

HTML5 players influence every aspect of an OTT platform. Your ability to generate ad revenue, reach users across different devices, and deliver an unmatched experience all starts with the video player that you build upon. That’s why it’s key to make sure that the solution you choose plays well with the rest of your tech stack.

Delivering the same experience across living room TVs, mobile screens, and web pages requires a flexible HTML5 video player that can be deployed anywhere. It’s also important to stream videos in multiple file formats to ensure scalable playback. For that, you’ll either need a video player like Bitmovin that offers broad protocol support or you’ll have to combine several open-source options in your workflow.

Whether opting for the extensibility of open-source or the turnkey efficiency of a commercial video player like Bitmovin, the goal is the same: Deliver an unparalleled viewing experience that captivates audiences and drives success in the competitive landscape of online video streaming.

This is where additional mechanisms for boosting viewer engagement come into play. You want to give users the ability to adjust playback speed, use casting devices, select the video size, turn full-screen mode on, and intuitively use player controls. Both open-source video players and commercial solutions can be configured to this end, but free options like Shaka Player will require a lot more elbow grease to elevate beyond the basic playback options.

By using Bitmovin as your HTML5 player, you won’t just benefit from professional-grade technology. We also deliver dedicated customer support and seamless integration across our partner network.

Our video player guarantees playback quality on any screen and is backed by the world’s first stream QoE testing service, Stream Lab. What’s more, the pre-integrated Bitmovin Analytics provides actionable insights to identify cost-saving and engagement-boosting opportunities.

That’s not all though. Bitmovin Streams helps simplify VOD and live streaming, serving as a single platform for transcoding, CDN delivery, video playback, security, and more. As an all-in-one solution that’s built for the cloud, it eliminates the complexity of building your infrastructure in-house. Alternatively, Bitmovin’s encoding, playback, and analytics products provide API access and full SDKs across the workflow, making it easy to pick and choose the best products for your OTT platform.

So what are you waiting for? Start your free trial today.

HTML5 video player FAQs

What does it mean for an HTML5 player to be open source?

An open-source HTML5 player is a media player that offers its source code to the public for use, modification, and redistribution. This makes it easy and free for anyone to download the source code and use it for any purpose. Open-source HTML5 video players can be modified and customized endlessly and are supported by a community of independent developers. That said, they require a lot of development and maintenance time and must be self-hosted.

What are the benefits of using a premium video player?

Premium HTML5 video players like Bitmovin Player are maintained and hosted by a third-party team and often offer better performance and stability than an open-source solution. Because these commercial HTML5 video players are delivered by a service provider, they come with SLAs and dedicated technical support. Premium players are also quicker to integrate and launch, which can reduce time-to-market and total cost of ownership (TCO) by over 60%.

What factors should I consider when choosing an online video player for my business?

When choosing an online video player, you want to consider the ease of integration, ability to quickly customize the technology, device coverage, player performance, DRM and advertising support, third-party integration, and accessibility through subtitle and audio tracks.

Depending on how you’re monetizing your video content, integration with different vendors will be required. It’s a good idea to research how easily each HTML5 player you’re considering can be combined with the rest of your tech stack. From there, we’d recommend familiarizing yourself with the development tools and technical support available, as that varies with each media player.

How do OTT platforms manage the costs of delivering content to users in different regions around the world, given differences in internet infrastructure and bandwidth?

Next-generation video encoding is key to cost-effectively delivering video content to users across the globe. Because end-user devices and connectivity vary, it’s become common to prepare the content in such a way that it can adapt to each viewer’s resources. This is called adaptive bitrate streaming, and it’s an essential capability that’s become standard across the best HTML5 video players.

Additionally, multi-codec delivery allows you to match each user with the highest-performing codec available. This maintains support for legacy devices, while also expanding 4K coverage for users with AV1-compatible devices.

Finally, per-title encoding can help reduce the bandwidth of your content by customizing the encoding ladder to each video. This yields additional opportunities to reduce bandwidth while still exceeding your audience’s expectations.

Many of the capabilities above are enabled earlier in the streaming workflow — when the video content is being transcoded and prepared for end-user delivery. Nonetheless, you’ll want to consider how your HTML5 player supports different codecs, protocols, and more.

Should I just use the standard video player element?

While the standard tag makes it easy to add video to your website, it doesn’t allow you to control streaming content. Rather, the element only supports embedded videos. Advanced features like ABR, live streaming, ad insertion, and DRM all require going beyond the standard video tag and using an HTML video player. Players also ensure a consistent experience across different browsers and devices.

Will new technology — such as 5G and improvements in video compression algorithms — impact the cost of running a video platform over time?

The cost of running a video platform is dynamic and impossible to forecast. Improvements in compression algorithms and encoding technology yield cost savings, but end-user demands for higher resolution and complex workflows supporting low-latency live delivery can drive costs up. Balancing quality with costs is key to OTT success, making your backend infrastructure a crucial factor when approaching monetization.

Per-title encoding capabilities, video analytics, and sustainability-focused playback features can all curb wasteful practices and deliver cost savings. For these, you’ll want to find an infrastructure provider like Bitmovin that’s focused on making it easier for OTT platforms to monetize their content.

Which criteria did you use to evaluate the online video players listed above?

If you search ‘video player’ on GitHub in 2024, you’ll see 31.5k+ repositories pop up. Because there’s no shortage of online media players, we created this guide to make it easier to compare all the options when building a professional streaming platform.

Our list of the best HTML5 video players was created by evaluating:

Streaming performance
Integration effort and availability of developer tools (e.g., API access, mobile SDK support, documentation, etc.)
Range of features (e.g., tools for secure streaming, video controls like multiple playback speeds, full-screen displays, etc.)
Compatibility across devices and browsers
Protocol and codec support
Ability to support additional requirements like low latency, VR, etc.

Because many of the online video players out there are tailored to a specific protocol (HLS vs. DASH) or operating system (Android vs. OS), compatibility across devices and browsers is limited. Additionally, the integration effort will always be greater with an open-source solution, so we focused more on the availability of plugins and documentation to extend these video players.

The post The Ultimate Guide to HTML5 Video Players [2024] appeared first on Bitmovin.

DRM (Digital Rights Management): The Definitive Guide [2023]

Wolfram Hofmeister — Thu, 27 Jul 2023 20:07:09 +0000

Welcome to our complete guide to digital rights management in 2023.

This page provides digital content creators with everything they need to understand how DRM works today to protect video content from unauthorized users.

As the digital media landscape evolves, challenging copyright laws and threatening intellectual property like never before, DRM solutions play an increasingly vital role in protecting copyright infringement of digital assets.

Start at the beginning, or use the table of contents below to jump to the most relevant chapter:

What is Digital Rights Management?

The meaning of DRM

Digital Rights Management refers to the algorithms and processes that were created to enforce copyright compliance when consuming digital content.

Without DRM, your content can be easily copied by the end-user. A process typically referred to as pirating.

It is, therefore, necessary in an online video distribution architecture, but it is not visible to the consumer.

DRM is also used offline to provide the copyright holder with protection for CDs, DVDs, and BluRays.

The benefits of digital rights management

The necessity for streaming capabilities amongst the media industry and video content distributors at large is at an all-time high.

Consumers and developers are racing to find and distribute the best content at their disposal.

Unfortunately, this high demand for video content is often undermined by a lack of security around original digital assets.

As a result, creators and distributors are finding themselves in positions where they need to protect themselves and their copyrighted material from unauthorized users; enter DRM technologies.

How DRM works to protect streaming services

Currently, Digital Rights Management can be implemented as both a software and/or hardware solution; and in most instances it’s implemented as a combination of both.

Regardless of DRM hardware or software implementation types, all providers seeking to protect their digital content will see their files pass through an encryption & decryption cycle.

Here’s an example of that process:

Video Workflow: DRM (Digital Rights Management)

The Encryption Cycle

To begin the “security” cycle, communications between the requesting encoding software and the licence server are encrypted.

Each segment is encrypted according to the MPEG Common Encryption (CENC) specification for ISO-BMFF.

What is ISO-BMFF?

ISO-BMFF is a standardized file format and serves as a container for audio and video content. A well-known implementation of ISO-BMFF (and often used synonymously with it) is the MP4 or fragmented MP4 (fMP4) file format. In the DRM workflow, the multimedia content is encrypted and the ISO-BMFF container is enhanced by DRM-specific metadata and encryption algorithms.

DRM systems utilize ISO-BMFF to store and transport encrypted media data, and enables the association with a DRM license. When users attempt to access the protected media, the DRM system verifies if the user is allowed to based on the associated license.

In short, it enables secure storage, delivery, and control of digital media within DRM frameworks.

Segments can either be fully encrypted, or partially encrypted, where only some frames, or even only parts of frames are encrypted.

The MPEG-CENC standard defines how a segment is encrypted and maps which decryption key needs to be used for which segment (or parts of it) by associating a key id to it. MPEG-CENC is used for DASH and HLS streams if the segments are in the fMP4 container format.

Standard content encryption is done using the Advanced Encryption Standard (AES) algorithm, using 128-bit keys. Depending on the DRM system being used, it is either used in the Counter (CTR) or the Cipher Block Chaining (CBC) mode.

These two modes differentiate how a payload is encrypted.

It’s important to note that only the raw audio and video data within a segment is encrypted, but the metadata added in the container is not.

There are three main DRM providers: Google Widevine, Apple FairPlay, and Microsoft Playready.

Their application can vary greatly based on many unique factors – having to select a provider that matches the content distributor’s delivery & playback needs (based on which devices are supported) can introduce a lot of complexity to the DRM implementation process.

In order to improve security and decrease the risk of reverse engineering DRM systems, there are typically no clear log messages.

In fact, parts of the process are treated as a black box – and as a result, debugging can be even harder on devices (for example SmartTVs or Set-Top Boxes) with older versions of DRM software.

In the browser or operating system, the content will then be decrypted by a Content Decryption Module (CDM), which decrypts each encrypted audio and video segment.

The Decryption Cycle

When a web player identifies DRM-protected content, it calls on processes and interfaces defined by Encrypted Media Extensions (EME), which are used in browsers to initiate a license request process.

The EME is used to interface with the Content Decryption Module (CDM) that is implemented in the browser and may or may not rely on operating system features like HDCP.

When DRM protected content is played back, license requests are generated by the CDM and passed to the player through the EME.

All of the decryption work is done by the CDM. Crucially, the decrypted content stays within the CDM – it is not, and must not be, accessible to the playback software as otherwise it would be possible to create decrypted copies of the content.

In order to playback protected content, upon detecting that the content is protected, the player or playback software issues a license request to the licensing server.

If the license is cached locally, this request can be skipped and the cached license can be used instead.

The license request sent by the player of playback software always includes metadata that uniquely identifies the content being played back, and the format of that metadata depends on the used DRM solution.

This DRM metadata can be contained either in the manifest (like MPEG-DASH or embedded in HLS), in a player’s configuration, or within the individual segments.

Although it is not a requirement, the request typically includes additional data from the requesting device, like an ID that can be used to uniquely identify it.

If all mandatory information is provided, the server may grant a license to the player or playback software with the decryption keys necessary to allow secure playback of the requested content on the client.

The returned license agreement may include information about the content’s required decryption security level, for example: decrypting content using software is significantly less secure than decrypting over hardware.

From the perspective of the player – the license acquisition using the EME starts from the playback client creating a so-called key session. Using that key session and the DRM metadata taken from the segments, manifest or other sources, the player starts the license request process using the EME.

The CDM then generates a signed key message which is sent to the license server by the player or payback software.

The license server returns the requested license – with the resulting decision of whether or not the client is granted playback rights to the requested content; if not, playback is halted and an error is shown.

Alternatively, the license server can also determine, that e.g. the player is only allowed to play back SD representations of the content.

If the license request was successful, the client updates the key session with the returned license.

The content decryption is then handled fully by the CDM.

In some circumstances, the license is cached for a set time and can be used to playback protected content offline (ex: Netflix).

The workflow is very similar for non-Web platforms, such as native Android, iOS, or tvOS apps. Each platform has their own set of APIs, similar to the EME on Web, to interact with the underlying, integrated CDM.

The license and the decrypted data must not be accessible to clients other than the licensed content user.

Therefore, the private keys and decrypted data are kept in a secure environment within the browser, operating system, or even hardware (if supported), like Trusted Execution Environments.

The usage of different container formats, like fMP4 and MPEG-2 TS, made it hard to distribute the same content across all platforms.

However, the rapid adoption of CMAF and the standardization of CENC across hardware manufacturers and software developers are reducing the complexity of implementation for the industry.

Although CMAF and CENC still allow AES CTR and AES CBC usage, DRM providers are gradually converging towards the use of AES CBC.

DRM Technologies in use today

Here are some of the most common DRM technologies :

Apple Fairplay: Cipher Block Chaining encryption, the only option for Apple devices, such as the iPhone, iPad, AppleTV, and for the Safari browser, and is also used by iTunes.

Widevine: Developed by Widevine Technologies, bought by Google. Used on Android Devices natively, in Chrome, Edge, Roku, Smart TVs. Widevine uses protobuf format for metadata.

Microsoft PlayReady: Developed and maintained by Microsoft. Supported on Windows, XBox gaming consoles, most set-top boxes and TVs, uses XML-based WRMHEADER tag objects as metadata format.

Additional DRM vendors can be seen in Irdeto’s graphic below:

Fragmentation of DRM technology vendors

This segmented market of DRM providers is equally represented by a highly fragmented application.

The following graph from the latest Bitmovin Video Developer Report shows the current distribution in the application of DRM systems within the video developer community:

Bitmovin VDR: What type of content protection do you use?

Preventing copyrighted content being copied from other rights-holders

Suppose you are hosting an online video on demand platform that can be used to watch all kinds of different Hollywood movies. The right holder of the content you’re distributing wouldn’t want your users to be able to just create copies of that content.

The provider of the platform may therefore be contractually required to use some form of content protection to honor the rights of the content right holder.

This is often the case for broadcasters that not only host their own content, but for example live TV or other movies or series. DRM systems can be used to protect the content from being copied by the users of that service illicitly.

Choosing the best DRM services

There are a number of options when looking to control access to your digital content, restricting it only authorized users. When we asked our video developer community how they were implementing digital rights management into their workflow, 52% said they were using a commercial DRM provider:

Bitmovin VDR: How are you implementing DRM in your workflow?

DRM provider’s offer solutions and services to content creators, publishers, and distributors.

They specialize in developing and implementing technologies, tools, and systems that enable the protection, distribution, and management of your digital content. They also ensure compliance with licensing terms and copyright laws.

Solutions like encryption, access control, license management, content protection, and monitoring can all be provided by a good DRM partner.

Choosing a DRM provider

There are a number of high quality partners out there. So make sure that the one you choose covers all of the bases when it comes to DRM.

A typical suite of services will look something like this:

DRM System Integration: DRM providers integrate their technologies into existing content distribution platforms, websites, or streaming platforms, enabling seamless DRM functionality and protection for digital content.

Content Encryption: Encryption solutions safeguard digital content from unauthorized users and online piracy. A good partner will apply robust encryption algorithms to protect your content during storage, transmission, and playback.

License Management: License management systems handle the creation, issuance, and management of DRM licenses. These systems ensure that users have the necessary permissions and rights to access your protected content.

Rights Enforcement: These mechanisms enforce usage rights defined by DRM licenses. This may involve restricting the number of devices on which your content can be accessed, enforcing time-limited access, or controlling the ability to copy or share content.

Analytics and Monitoring: DRM providers offer analytics and monitoring tools to track content usage, detect potential breaches, and gather insights into user behavior.

Recommended DRM providers from our partner network

Irdeto

Irdeto is a global industry leader in digital platform security, catering to businesses in video entertainment, video games, connected transport, and IoT connected industries. They empower customers to safeguard their revenue, innovate with new offerings, and combat cybercrime effectively.

Irdeto

With 50 years of security expertise, Irdeto currently protects over 5 billion devices and applications for renowned brands worldwide. Their stated mission is to create a secure future, enabling people to embrace connectivity without compromising on safety and trust.

NAGRA

NAGRA, the digital TV division of the Kudelski Group (SIX:KUD.S), specializes in offering comprehensive security and multiscreen user experience solutions for the monetization of digital media.

NAGRA

Their expertise lies in equipping prominent content providers and digital TV operators across the globe with secure, open, and seamlessly integrated platforms and applications for broadcast, broadband, and mobile platforms.H4: Verimatrix

Verimatrix

Verimatrix stands as a global provider of trusted security and analytics solutions, dedicated to safeguarding devices, services, and applications across a wide range of markets.

Verimatrix

Countless service providers and industry innovators place their trust in Verimatrix to protect the essential systems that people rely on every single day.

Verimatrix offers user-friendly software solutions, cloud services, and advanced silicon IP, ensuring robust security measures and empowering businesses with valuable insights and intelligence.

PallyCon

PallyCon, powered by INKA ENTWORKS, is a pioneering industry leader providing the first cloud-based SaaS solution for comprehensive content security.

Pallycon

Their end-to-end solution encompasses a wide range of features including Multi DRM, Forensic watermarking, Visible watermarking, Anti screen capture, Anti-piracy services, and App security, all seamlessly integrated into a single workflow.

With over 20 years’ of experience in content security, PallyCon empowers customers to safeguard their revenue with a scalable, globally accessible, reliable, and cost-effective solution.

Intertrust ExpressPlay

Intertrust ExpressPlay provides a suite of protection and anti-piracy services designed for rights owners and distributors of both live and VOD content.

Intertrust ExpressPlay

Their cloud-based ExpressPlay Media Security Suite offers solutions such as the ExpressPlay multi-DRM service, ExpressPlay XCA broadcast security solution, and ExpressPlay Anti-Piracy and Watermarking services.

They are known for their scalability and are trusted by major OTT streaming platforms worldwide. Additionally, ExpressPlay DRM Offline ensures secure streaming of premium content through an offline multi-DRM platform.

EZDRM

EZDRM is an expert in Digital Rights Management as a Service (DRMaaS), providing all-in-one solutions for safeguarding and monetizing video content. They have been around since 2001.

EZDRM

They use a hosted and managed multi-DRM offering designed to simplify the support for live, on-demand, downloadable, and offline video delivery services. They are very flexible when it comes to accommodating various business models.

Their Universal DRM combines Google’s Widevine and Microsoft’s PlayReady using Common Encryption (CENC) over DASH, alongside EZDRM’s Apple FairPlay Streaming.

BuyDRM

BuyDRM is a prominent provider of Content Security Services, catering to industries such as entertainment, education, enterprise, and hospitality.

BuyDRM

Operating under OVHcloud, BuyDRM’s KeyOS content security platform is used widely by well-known brands in the media and technology sectors.

They are very experienced at implementing commercial content security solutions and media technologies and have a good track record with major brands including ABC (Australian Broadcasting Corporation), AMPAS (The Academy), Blizzard Entertainment, Cinedigm, Crackle, Crunchyroll, Daily Rounds, Deluxe Digital, EPIX, FuboTV, POPS Worldwide, Rakuten Viki, Redbox, SBS Belgium, Sinclair Digital, and Zee5.Crunchyroll, Daily Rounds, Deluxe Digital, EPIX, FuboTV, POPS Worldwide, Rakuten Viki, Redbox, SBS Belgium, Sinclair Digital, and Zee5.

Axinom

Axinom is a well-known provider of digital solutions, catering to major brands in the media and entertainment industry.

Axinom

Their OTT portfolio encompasses content management (CMS), DRM, and pre-built reference applications (Apps) for on-demand, live event, and live linear content.

Axinom can deliver a comprehensive solution that covers the entire workflow, from video acquisition to delivery across various devices such as HTML5, iOS, Android, Windows 10, Xbox, set-top boxes, and Smart TVs.

Axinom’s focus is on building the next generation of OTT video solutions that ensure a swift time-to-market.

Friend MTS

Friend MTS is a trusted provider of content security solutions for media and entertainment companies.

Friend MTS

Their advanced services encompass comprehensive measurement, monitoring, detection, and disabling of content piracy. By offering a holistic approach to combating online piracy, Friend MTS provides businesses with a clear understanding of the constantly evolving piracy landscape.

They proactively stay ahead of sophisticated online piracy behavior and technologies, ensuring that revenue can grow and creativity can flourish in a secure environment.

DRM Case Study: fuboTV Enhances Viewer Experience and Content Security with DRM Integration

Client Background

fuboTV, a prominent Live Sport OTT provider with over 65 channels, competes with traditional pay TV offerings by streaming highly demanded sports content. In an intensely competitive marketplace, fuboTV prioritizes delivering a high-quality viewing experience to retain their valued viewers.

Challenge

To safeguard their valuable content and maintain superior streaming quality, fuboTV recognized the critical need for robust DRM solutions. Their objectives included implementing DRM technologies, managing encryption key initialization, protecting content across multiple IP addresses, and ensuring seamless playback regardless of the number of times viewers accessed the content.

Solution

fuboTV partnered with Bitmovin, a leading video technology company, to address their DRM requirements comprehensively. Bitmovin provided a cross-platform Video Player, cloud-based encoding, and encryption services through the Bitmovin Encoding Service. The integration involved utilizing BuyDRM’s KeyOS Encryption Key API for encryption key initialization and the KeyOS MultiKey multi-DRM service for content protection. To securely deliver content across nine Showtime channels, fuboTV leveraged Zixi Feeder technology.

Collaboration and Implementation

The collaboration between fuboTV and Bitmovin was characterized by close cooperation and efficient communication from the first time their development teams came together.

Bitmovin’s engineering team seamlessly integrated with fuboTV’s internal team, resulting in streamlined workflows and rapid implementation. The use of Bitmovin’s Video Player provided unparalleled control and flexibility, surpassing competing players in the market. With careful attention to detail, the implementation ensured a significant improvement in user experience compared to the previous player used by fuboTV.

fuboTV Testimonial

Through the successful integration of DRM solutions provided by Bitmovin and BuyDRM, fuboTV significantly improved the viewer experience, ensured robust content security across multiple IP addresses, and addressed the challenge of initializing encryption keys. Moreover, the implementation enabled seamless playback, regardless of the number of times viewers accessed the content.

“Bitmovin’s engineering team has been great to work with. We were able to rely on them to become an extension of our engineering team. Bitmovin gives us greater control over the player than any other player in the market. We were able to get our implementation to production with markedly better experience than our previous player. We’re looking forward to exploring more ways to work together.

– Sung Ho Choi (Co-founder, fuboTV)
Source

As a result, fuboTV strengthened their position in the OTT market and continued to deliver exceptional sports streaming services to their loyal audience.

Conclusion

Clearly, digital rights management is a complex subject with no one-size-fits-all approach. But it is an essential part of the video workflow for anyone looking to protect or monetize their digital video content. It’s an area of continuous development as those intent on piracy look for new ways to circumvent your content protection for their own gain.

Fortunately, Bitmovin has the experience, expertise, technology and network of partners to keep you several steps ahead. Get in touch with us to discuss your specific requirements and let us do some of the heavy lifting when it comes to DRM.

Originally published June 2019, this blog was updated July 2023 with the latest information.

DRM FAQS – Commonly Asked Questions About Digital Rights Management

How does a DRM work?

DRM prevents unauthorized use of works by encrypting the segments of a stream so that they can not be played back without acquiring an authentication license first.

Who uses DRM?

DRM is widely used across various industries to protect digital content from unauthorized copying and distribution. Industries such as media and entertainment, gaming, publishing, software, education, and government agencies rely on DRM to safeguard their content and intellectual property rights.

What still uses DRM?

DRM is used in almost all major online video platforms, but also on CDs, DVDs or BluRay Discs.

Does Netflix use DRM?

Yes, Netflix uses DRM, most likely Widevine, PlayReady and Fairplay.

What does DRM mean?

DRM stands for Digital Rights Management.

What is an example of DRM?

One example of DRM is the copy protection used on DVDs or the protection used by Netflix.

What is DRM licensing?

DRM licensing refers to the process of obtaining licenses from DRM (Digital Rights Management) providers to utilize their technology and services for digital content protection and distribution.

What is the problem with DRM Software?

DRM (Digital Rights Management) has faced criticism due to concerns around restrictions on user rights and limiting the ability to enjoy purchased content. It can lead to compatibility issues and vendor lock-in, limiting user choices. Digital rights management systems can also become obsolete, making it difficult to access purchased content in the future. Balancing the need for content protection with user rights and freedoms remains a challenge in the ongoing DRM discussion.

What is DRM technology used for?

Digital Rights Management technology is used to prevent content from being multiplied without the permission of the content’s right holder.

What are the pros and cons of DRM?

DRM systems can be used to prevent unauthorized copying of protected content. But it adds additional complexity in the encoding, distribution and playback of the content.

How do you get DRM?

DRM workflows are usually implemented in the encoding process.

What are some reasons why DRM is not effective?

DRM systems usually require some hardware support. If those DRM systems are implemented in hardware, and that hardware cannot easily be updated, once a system is broken, it can’t easily be patched. This is why you can easily copy a DVD nowadays. As web based players must be online to function, and can therefore usually be updated easily, that is not a big concern for video playback on the web.

The post DRM (Digital Rights Management): The Definitive Guide [2023] appeared first on Bitmovin.

Analysis of DRM Ciphers for Samsung Tizen

Saravanan Silvarajoo — Mon, 05 Dec 2022 17:12:57 +0000

Digital rights management (DRM) is a complex world with many different rabbit holes to venture into. The good news is we’ve done a lot of heavy lifting by navigating in, out, and around many of these complex situations to provide you with an overview and the knowledge you need to make the best decisions for the security and playback experience of your content.

This blog post showcases our latest findings on digital rights management for Samsung Tizen TVs. With the Connected TV viewership increasing steadily, we’re excited to share this information with you, and we’re confident that you’ll find it useful. Additionally, if you want to see more devices analyzed, tell us which ones by joining our developer community and starting a discussion.

So, with no further wait, let’s get into it!

DRM & Cipher Modes

To start with, it may be worth having a refresher on the types of DRM and the most common DRM technologies available on the market. In one of our previous blog posts, you can find an in-depth outline of the types of DRM, available DRM offerings, and how they work. To quote a part of it regarding how content is encrypted:

“Standard content encryption is done according to the Advanced Encryption Standard (AES), using 128-bit keys and a Cipher Block – usually either Counter Mode (CTR) or Cipher Block Chaining (CBC). These two modes differentiate how a payload is encrypted”.

DRMs fundamentally apply the AES encryption algorithm, which supports various cipher blocks, with CTR, and CBC being the standard. The ISO standard ISO/IEC 23001-7 defines the four common encryption modes.

Table of common encryption details

In the table below, you can see which DRM supports each cipher block.

DRMs and the ciphers supported

As you can see, Widevine and PlayReady support CTR, and CBC for specific devices, while Fairplay only supports CBC. In the next section, we’ll take a closer look at the support for MSE/EME stack specifically, as TV DRM & Cipher support can vary between their native player and the MSE/EME player.

Tizen Support for Cipher Modes

With Bitmovin’s Stream Lab and our work with Samsung, we have detailed all of our findings/results in the matrix below:

Samsung TVs and the ciphers each MSE/EME supports

As a rule of thumb, for TVs older than 2019, CBC support is limited. Another rabbit hole worth watching out for in regards to every TV is if it indicates support for CBC, it is worth validating it’s for MSE/EME stack and NOT the native player stack.

What is the best DRM setup for Samsung Tizen?

You will notice from the table above that Widevine + CTR cipher covers a large proportion of the Tizen TVs. You can use the Bitmovin Encoding CENC API encryptionModeCTR to package video with Widevine + CTR. Check out this tutorial to see how you can set it up.

Looking forward, Tizen TVs for 2022 and beyond look like they are heading in the CBCS-friendly direction. Hopefully, in about 5 years, when 2022 TVs become the standard version, it might be possible to have a single copy for all three DRMs.

On a related note, if you intend to serve only CBCS devices, Bitmovin Encoding CENC API also allows you to output a single copy for all three DRMs just by specifying encryptionModeCBC.

Additionally, you may find it helpful to have the following links at your disposal: the Playready CBCS documentation and the Tizen TV DRM specification.

What devices would you like analyzed next?

That wraps up the Samsung DRM cipher analysis. Let us know if you found it useful and if there is more information or guidance we can help you with by starting a discussion on the Bitmovin developer community.

Also, while you’re there, let us know which additional devices you’d like this analysis done for next, and if you want, you can also test out the Bitmovin Player for yourself with our 30-day free trial.

The post Analysis of DRM Ciphers for Samsung Tizen appeared first on Bitmovin.

ICYMI – DRM Security and Protection Week Displays Best Industry-Wide Anti-Piracy Practices

Joshua Shulman — Wed, 18 Nov 2020 17:55:01 +0000

As anyone involved in the video workflow development process might tell you, getting high-quality content to prospective consumers is not an easy build and requires many input factors. Some of the oft-overlooked and possibly more complex factors are the content protection measures that ensure the video isn’t being pirated. According to our 2020 Video Developer Report, 33% of respondents don’t use any DRM Security and Protection measures, while an impressive 22% indicated that they’ve built their very own in-house solutions.

Given that 55% of respondents don’t use any kind of DRM or have taken on the challenge of implementing their own content security measures, we wanted to help ease (or improve) the understanding of the types of measures an organization can apply and how to do so. For this, Bitmovin brought in some of the video streaming industry’s leading experts in Digital Rights Management for a brand new virtual event series: DRM Security and Protection Week. During this series, Bitmovin was joined by BuyDRM, EZDRM, Intertrust, Irdeto, Vualto & Axinom as they covered topics like Heartbeat Monitoring, Multi-DRM implementations in the cloud, Watermarking, and more. In case you missed any of these sessions for any reason, we’ve put together this blog post to summarize the presentations with some high-level takeaways.

Intertrust: Reduce TCO with Direct-to-TV broadcasting using DRM-based converged security

Intertrust kicked off the DRM security and protection week by defining how DRM converged security can bridge the digital gap and support direct-to-TV broadcasting and OTT services, all while saving on the total cost of ownership with a cloud-based network-agnostic infrastructure that can communicate with both a classic conditional access system (CAS) and the digitally-oriented DRM solution.

Intertrust’s ExpressPlay XCA (built on and supported by MarlinDRM) offers this middleware solution by running an operator app that’s enabled by almost all major set-top boxes (STBs), smart cards, and conditional access modules (CAMs)

BuyDRM – Deploying Multi-DRM for CMAF

BuyDRM followed up by discussing the specific processes that go into implementing a dynamic DRM solution to keep up with the ever-evolving Common Media Application Format. BuyDRM supports CMAF across their platform from encryption to license delivery and just announced new support for CMAF in their MultiPack Utility and MultiPack plug-in for Wowza.

DRM Complexities Untangled: VUALTO and Bitmovin demo CBCS encrypted CMAF with VUDRM

For those with limited DRM knowledge or seeking to learn how to two to knock out two birds with one stone with an integrated encoding and content protection system Bitmovin teamed up with VUALTO to display how an organization can implement a CBCS encryption with VUDRM. This session demonstrated how a team would go about building this system with geo-restrictive and concurrency token code samples and case studies.

Irdeto: Concurrent Stream Management at Scale

Perhaps the biggest elephant in the DRM security and protection conversation is account sharing by end-users. Although most streaming organizations would naturally prefer that one account = one stream, the reality is that this model is often very off-putting for consumers who have multiple individuals in a household or would prefer to share an account. The middle-ground solution is to limit users who can stream at one time, otherwise known as concurrency management. However, once an organization reaches a certain scale, managing concurrency can become a challenging endeavor. Irdeto and Bitmovin teamed up to discuss how a streaming organization can gain and retain control over who is viewing the content in a fast, simple, and smart way.
Learn how you can apply concurrency management, what challenges you may face, and what the cost of failing to control stream management will have on your bottom-line in this high-level discussion.

EZDRM: How to implement DRM in 30 mins or less

DRM implementation doesn’t have to be complex or require countless hours to implement into your existing workflow. In this session, Bitmovin and EZDRM came together to discuss the very basics, defining exactly what is Digital Rights Management, why you need it, and how you can set it up in 30 minutes or less using native browser DRMs and SDKs and out-of-box encoding solutions.

Axinom: Mastering DRM license and client configuration in a multi-DRM world

To close out the DRM security and protection week, the content delivery and DRM organization, Axinom explained the license configuration process for Widevine, Fairplay, and PlayReady using Axinom DRM. In this demonstration, Axinom proposed the concept of Entitlement Message codes, which are produced at runtime by the customer backend using a simple JSON structure to display how content can be securely delivered to nearly any player device or service. This method creates a singular DRM tech-agnostic authorization mechanism that’s embedded in a signed JSON Web Token (JWT).
This process can be seen in a full end-to-end delivery worfklow below:

With a few real-life cases, the session displayed how to configure your content protection workflow to handle up to 100,000 DRM requests/second with varying levels of security, license persistence, and multi-key delivery methods.

DRM Security and Protection – How it all Fits

Much like all systems in video workflow, there is rarely a one-size-fits-all solution for any streaming organization. This equally applies to content protection which requires completely different solutions for different needs, from broadcasters to start-ups, to mid-size OTTs, to those who are simply looking to build their process for scale fast, and at an affordable cost. If you’d like to view all of these sessions to understand which solution fits your organization best, check out the full line-up sessions here.
Did you like this post? Check out some of our other great content below:

[PDF Whitepaper] State of the Web: Digital Rights Management
[Blog post] Digital Rights Management (DRM) – Everything you need to know
[Blog post] Guide to Selecting and Implementing DRM & Content Protection
[Content Series] How to Trust Your Player

The post ICYMI – DRM Security and Protection Week Displays Best Industry-Wide Anti-Piracy Practices appeared first on Bitmovin.

How to Trust Your Player: Protecting Content from Origination to Playback

Bitmovin — Thu, 12 Nov 2020 13:38:30 +0000

How to Trust Your Player: Building an OTT Service for Today’s World

Article 5 – From one end to the other: Protecting content from origination to playback, once and for all

Joshua Shulman, Digital Marketing Specialist, Bitmovin
Alan Ogilvie, Lead Product Manager, Friend MTS
Ali Hodjat, Product Marketing Director, Intertrust Technologies

Any player in the OTT world would have a hard time keeping up with the myriad of changes we have seen over the past several months: COVID-19. The dramatic increase in video consumption. The exponential rise in subscriptions to established OTT streaming services. New OTT streaming services. PVOD. Fragmentation of content. But enter the other player – the content pirate – and things become even more complicated.
As we reviewed in our first article, the stakes are high – very high. A recent report from Parks Associates finds that the value of pirate video services accessed by pay-TV and non-pay TV consumers will exceed $67 billion (USD) worldwide by 2023. Another report from ABI Research estimates that more than 17% of worldwide video streaming users access content illegally. The impact on OTT streaming services is a direct and significant blow to the bottom line.

Securing OTT Content

To stay alive in this environment, OTT companies have no choice but to secure content delivery and playback at a multiplayer level, which includes:

Protecting content with technology within and around the video player: the consumer playback experience.
Protecting content from “players”: the pirates – the potential bad actors looking to compromise your service, and steal content. This is the human factor.

If you’re an OTT service launching premium exclusive content, don’t be the one that suddenly discovers your content appearing, and then being distributed through pirate services, within minutes of launch.

Digital Rights Management (DRM)

Often considered the cornerstone of content and revenue protection strategy, digital rights management (DRM) remains a critical part of an effective multi-prong system. In Article 2, Intertrust Technologies discussed the pros and cons of two DRM license acquisition models (direct acquisition model, from a license server, and proxy license acquisition model, from a proxy server).
Intertrust also discussed DRM best practices for leveraging a cloud-based DRM service to protect high-value streaming content. OTT operators must follow these to block the loopholes that hackers otherwise may use to defeat the purpose of DRM technology.

Multiple content encryption keys (CEK) – Setting different CEKs for audio track, as well as for each video resolution, enables OTT streaming service providers to grant access to content distributed to different customers/different devices. They can do this by delivering only the DRM licenses with CEKs for the authorized resolutions based on the consumer’s subscription package.
DRM security levels – Defining the security tier of the DRM stack that is supported by the target device, with two relevant distinctions: software-based DRM client and hardware-based DRM client. Using the right DRM security level allows OTT streaming service providers to map the required security level for each given resolution or track.
Widevine Verified Media Path (VMP) – The requirement enforced by Google Widevine DRM is specifically relevant when a browser-based video player is used to decrypt Widevine-protected content. Given Google’s recent policy to strictly enforce the VMP requirement, Widevine license servers can only issue licenses for content decryption modules that support the VMP feature.

Securing the Playback Experience

Delivering high-value premium content to a web browser can be a risky venture, but one that is critical to reaching audiences today. Browser environments are amongst the farthest-reaching, but least secure, due to their open nature, and require some extra attention when implementing content protection systems.
Bitmovin highlighted in Article 3 how code obfuscation tools and techniques work in browser playback environments where website code (JavaScript) is interpreted and executed. The result is code that is extremely difficult to read and reverse-engineer, either by tinkerers or a more determined actor…such as a content pirate.
Yet executing code on a web browser, following open JavaScript standards, remains impossible to completely secure playback. Someone with enough motivation, and time to spend gathering intelligence and doing research, will eventually be able to reverse-engineer your playback code. In reviewing its web player, Bitmovin detailed how concurrent management and domain locking work as part of a complete defense strategy to deter attacks from content pirates.
Finally, once an OTT provider has secured its distribution chain from source to the playback environment, and has followed best practices to secure the playback experience as much as possible, Bitmovin summarized three golden rules to boost users’ experience – and ultimately, your brand.

Watermarking and Monitoring

For all of its merits, the reality is that DRM only protects the delivery and distribution of content to the point of consumption. Article 4 Friend MTS showed that beyond DRM there is a need to detect pirated content, deter wrongdoers by identifying them in stolen content, and take action to stop further loss of revenue by disabling access to the service.
Although DRM protects the content until it arrives at its intended legitimate destination, additional precautions should be made to stop content from being redistributed by those who have no rights to do so.
Commonly pirates will capture content directly from the screen (with the use of screen recording software) or a device’s digital output with rights management removed. They’re able to rip the stream once the content is decrypted by the authorized devices.
So, if DRM protects only the legitimate path from origination to the point of consumption, the OTT operator must protect the value of video content – whether original or rights-managed – outside of these service boundaries. How? Forensic subscriber-level watermarking can be employed on any delivered video in the service. Doing so affords the ability to identify the ‘subscriber’, your legitimate user. Using a combination of active monitoring of piracy groups and sites – suspected pirate materials are identified through known reference fingerprints, and an extraction process can take place to obtain the subscriber identifying data within the watermark. This can rapidly signpost the “bad actors”, low volume content sharers, and industrial-scale pirates. Action can then be taken to stop the content from being accessed and used for piracy.
With an effective subscriber-level watermarking solution, you can close the loop and start to lock down piracy at its source.
Friend MTS reviewed the pros and cons of A/B variant (server-side) and client-composited (client-side) watermarking and looked at how they are deployed and function. Client-composited is the clear winner with its rapid detection of content theft, lower overall cost, reduced deployment complexity, faster time-to-market, and higher adaptability to attacks on watermarks.
In looking at the characteristics of an effective client-composited watermarking service, Friend MTS outlined its Advanced Subscriber Identification (ASiD) service, which has retained its agility to fend off attacks and has proven robustness in both broadcast and OTT environments. They highlighted the importance of a watermarking provider not only keeping up with the latest pirate schemes but staying ahead of them. They also detailed the key watermarking features of speed, global reach and ability to deliver through a multi-CDN service – all within the context of live sports and entertainment, pay-per-view and on-demand content.
Article 4 also highlights the need to understand the ‘human factor’ in your OTT service – the end-users who are consuming content. Friend MTS advised starting with a position of ‘zero trust’ for your users – assume some users of your service will attempt to circumvent security controls or use your service in a way you didn’t intend. Errant or undesired behavior within your service can be broken down into various ‘personas’ and the article takes you through several of these.
Once user behaviours are understood, you can plan your monitoring architecture, and how your business support systems should respond to service misuse.

Conclusion

Today’s OTT world is radically different than it was in early 2020. Bad actors abound. Content and revenue are at risk literally every minute of every day around the world. But you do not need to be a victim.
It’s possible to take steps upfront to secure content, working with a multi-pronged strategy that integrates DRM, client-composited forensic watermarking, player security, and robust monitoring to produce a real solution to the problem of content piracy. In today’s world, “end-to-end” is not just an IT buzzword. It’s a way of delivering streaming media to a playback client in the most secure and protective environment that we can achieve.
______________________________________________________________________
Join us for our Webinar on the 18th of November. We’ll be continuing the discussion on the content distribution chain and the importance of delivering streaming content in the most secure ways possible while protecting both your content and revenue.

Visit How to Trust Your Player

Check out the full blog series below:

View the webinar on the How to Trust Your Player Page
View the fireside chat series:

Download this article as a PDF
Download the full series as a PDF
______________________________________________________________________
“How To Trust Your Player” is a collaborative effort between Bitmovin, Friend MTS and Intertrust Technologies. The goal is to educate media and content providers on the importance of delivering streaming content in the most secure ways possible, from the video player to the end consumer, while protecting both content and revenue.

Bitmovin

Bitmovin is a developer of video streaming technology. Built for technical professionals in the OTT video market, the company’s software solutions work to provide the best viewer experience imaginable by optimizing customer operations and reducing time to market.
Bitmovin’s solution suite – a video encoder, player, and analytics platform – lets content owners redefine the viewer experience through API-based workflow optimization, fast content turnaround, and scalability.
Founded in 2012, the company is based in San Francisco, with offices in major cities in Europe, North America and South America. With more than 250 enterprise customers around the globe, Bitmovin helps power clients like BBC, fuboTV, Hulu Japan, RTL, and iFlix.

Friend MTS

Friend MTS helps media and entertainment businesses secure content so that revenue can grow and creativity can thrive.
With advanced services that measure, monitor, detect, and disable content piracy, Friend MTS provides a 360-degree view of the constantly shifting content piracy protection ecosystem. The company stays a step ahead of ever-advancing and sophisticated content piracy behavior and technology with a sharp, deliberate, laser-focused commitment to continual monitoring and innovation.
Businesses and nonprofit organizations throughout the world recognize Friend MTS as the leading authority for content and revenue protection. The company also has donated its digital fingerprint technology to the International Center for Missing and Exploited Children to tackle child abuse content online.
Founded in 2000, Friend MTS is headquartered in Birmingham, England, with operations throughout Europe, the Middle East, Africa, Latin America, and North America. Friend MTS is the recipient of an Emmy® Award for Technology and Engineering, presented by the National Academy of Television Arts and Sciences (2018).

Intertrust Technologies

Intertrust provides the world’s leading digital rights management (DRM) cloud service with a complete ecosystem of security and rights management products. The company empowers businesses to securely manage all of their data and devices, regardless of location, format, or type – enabling innovative multi-party apps and services.
Intertrust Media Solutions provides robust content protection solutions for media and entertainment. Intertrust ExpressPlay consists of a cloud-based multi-DRM service, broadcast TV security, and anti-piracy services with proven scalability in the largest OTT streaming platforms globally.
ExpressPlay DRM is today’s most complete multi-DRM monetization service for OTT streaming, supporting Apple FairPlay Streaming, Google Widevine, Microsoft PlayReady, Adobe Primetime, and the open-standard Marlin DRM. Intertrust also offers ExpressPlay DRM Offline to enable secure streaming of premium content through an offline multi-DRM platform.
Founded in 1990, Intertrust is headquartered in Sunnyvale, California, with regional offices in London, Tokyo, Mumbai, Bangalore, Beijing, Seoul, Riga, and Tallinn.

The post How to Trust Your Player: Protecting Content from Origination to Playback appeared first on Bitmovin.

How to Trust Your Player #4: Beyond DRM – Video Watermarking

Bitmovin — Tue, 27 Oct 2020 13:26:13 +0000

How to Trust Your Player: Beyond Digital Rights Management – Video Watermarking Weighs In

Alan Ogilvie, Lead Product Manager, Friend MTS
Andy Wilson, Senior Product Architect, Friend MTS
Chris O’Brien, Engineering Manager, Friend MTS

In the continually evolving OTT world, we’ve established that savvy pirates are implementing new and advanced methods to steal valuable content – to the tune of more than $67 billion (USD) in value by 2023. Another report from ABI Research estimates that more than 17% of worldwide video streaming users access content illegally.
We also know that launching an OTT service is costly, resource-intensive, and complicated. Getting it right is critical. Beyond building the video consumption environment and content acquisition, companies must incorporate up-to-date content protection methods. In this “How to Trust Your Player” series, we’ve learned about Digital Rights Management (DRM) from Intertrust Technologies, and about content packaging, license acquisition models – and best practices for implementation within the video player environment from Bitmovin.

Understanding Content Protection

But what about the other players? They are the users, the consumers of all this valuable content. To ensure content protection among these players, we have to look at watermarking. Working together with OTT services throughout the world, we have seen how companies are working hard to protect their content at the front end with DRM, but are not commonly implementing readily accessible, advanced watermarking techniques to protect the content once it reaches the end user.
As a result, they are risking subscriber loyalty, growth, and revenue by not covering the last hole in the content delivery system. This scenario is one case where the overused “end-to-end” term is applicable: OTT companies must protect their content end to end in order to truly protect their content and revenue.

Protection Beyond DRM

So what’s an OTT service provider to do?
We know that DRM is absolutely necessary in this journey, and needs careful, considered implementation. As Intertrust pointed out in its article, “Securing Content Access with Digital Rights Management Best Practices”, recommended DRM best practices are essential to:

Maintain a secure interface for delivery of content keys to the encoder and packagers;
Secure session tokens for authentication and authorisation;
Prevent attacks against the DRM license acquisition servers;
Make sure only verified browsers and players can access the media and DRM license in different devices.

A default option for any premium content service provider, DRM is designed to protect audio/video content during transit to the consumer’s player. As discussed in the above-mentioned article, DRM manages the robust content encryption key exchange between the secured playback device (the player) and the license service. DRM is also responsible for setting usage policies for the content, and for enforcing this within the playback environment. However, once the material has started playing, a new threat emerges – the consumer. A common misconception is that playback devices are secure.
DRM can do little to isolate pirated content, or identify the wrongdoers, when content is stolen and made freely available. Once content arrives at its intended legitimate destination, DRM can do nothing to stop it from being redistributed by those who have no rights to do so. The crux of the problem is that DRM protects only the legitimate path from origination to the point of consumption.

See “Beyond DRM: The Complete Content Protection Story,” for further details.
It’s also important to understand that practices to curb sharing and theft of credentials (such as passwords) do not help reduce the distribution of content once it has escaped the boundaries of a video service.
In short, DRM is a key part of any rigorous approach to piracy defence. But if we want to talk about end-to-end protection, there’s more.

Enter Video Watermarking

To protect the value of video content – whether original or rights-managed – outside of these legitimate service boundaries, you’ll need to identify the video itself. Specifically, you’ll need information to confirm its outermost point of legitimate use. With that, you can identify the “bad actors”: the infringing users and industrial-scale pirates.
To accomplish this, video providers can embed information into the video itself, at the point of origin, in the Content Distribution Network (CDN) during distribution, or within the player device. Information might include the device IP address, session details, and subscriber identifier.
The most effective way to do it? Client-composited (client-side) watermarking. It’s clever, as consumers can’t see the watermarks. Only automated analysis can.
Client‑composited watermarking occurs within the consumer device. The embedded player accesses a software library database that replies with a unique identifier. The watermark information is converted into a pattern, similar in concept to a QR code, and then is “composited” with the video via an overlay.

Source: Friend MTS. Image source: frames from (CC) Blender Foundation
Client-composited watermarking is fast. Time to detection of content theft can be as little as a few seconds – important for any service, but particularly so for live sporting events. It’s also lower in cost than other watermarking options, such as A/B watermarking.
For a more thorough discussion of watermarking methods, their advantages and disadvantages, see our “Subscriber Watermarking Technologies – White Paper Quick Facts.”

Best Practices in Video Watermarking: Detect, Deter, Disable

No matter which way you go with watermarking, you must keep the end goals in mind: to deter piracy, detect it when it occurs, and disable the source of the pirated content. The truth is that embedding watermarks alone is not very helpful unless there is a way to use the watermarks to find stolen video content, identify its source, and take appropriate action. Herein lies the hallmark of a robust watermarking solution.
Detecting involves monitoring suspected pirate outlets, and then matching the digital “fingerprint” of a suspected piece of content with a reference fingerprint that generates during the production process. Then, advanced watermarking analysis can see the identifying watermark and extract the information that it contains.
Determent is about defending against pirate “attacks.” To reduce the chances that an instance of stolen content could be traced back to its last legitimate distribution end point (or to the pirates themselves), content thieves may try to make the watermark unreadable by applying “transformations” to the content. These “attacks” make the watermark no longer available or readable. However, a strong, advanced watermarking program has a far better chance of surviving these attacks and remaining readable.
Disabling is about treating the incident after determining the identity of a pirated video stream. This can include direct actions against the pirate, ranging from take-down notices to reporting to law enforcement. Typically, video providers take actions against subscribers whose accounts they detect to be restreaming. Those actions might be interrupting the session, requiring the user to re-enter access credentials, suspending the end user’s account, disallowing the use of the device on the account, or even initiating legal action.

Choosing a Watermarking Service

What do you want from your watermarking service? What should you want from your watermarking service?
Deployment
How widely deployed is the service? How many set-top boxes and OTT players is it securing around the globe? In the OTT world, and in the content protection world, experience does count. Make sure you are getting a system with a proven, demonstrable track record in detecting, deterring and disabling piracy across multiple illegal redistribution channels.
Strength against attacks
OTT players need to choose a watermarking service that is effective. How effective? Ask the provider for details. At Friend MTS, we know that our Advanced Subscriber Identification (ASiD) service has remained secure against every attack made to date in both broadcast and OTT environments.
Keep in mind that staying abreast of attacks is a constantly changing process. Your watermarking provider has to not only keep up with the latest pirate schemes, but stay ahead of them. Those bad actors are clever, and don’t always appear “bad” on the surface. In general, they use a legitimate subscription and easily available screen recording software for screen scraping – or even $10 (USD) switches that can remove HDCP. Commercial pirate distributors can easily capture video output, then re-encode and redistribute the premium video using their own infrastructure to monetise stolen content.
Fragmentation of content – which happens when consumers need to subscribe to more than one streaming service to get access to all the content they want to watch – makes it even harder for legitimate content owners and providers to compete with illegal subscription services. These pirate content aggregators, not restricted by licensing agreements, monetise stolen content by offering the end user a one-stop shop for the best sports and entertainment programming.
Be sure the service you are considering is highly adaptable to ever-evolving pirate attacks.
Speed
As explained, client-composited watermarking will provide the fastest identification of piracy. If you’re dealing with live sports and entertainment, pay-per-view, and on-demand content, this factor should play an important part in your decision on the type of watermarking system to deploy. Think about it in these terms: Several years ago, a major broadcaster – the original source for 60% of the sports channel piracy in its market – introduced ASiD. OTT piracy reduced to less than 1% within weeks.
Global reach
With today’s technology and the speed of the Internet, OTT players will need to protect content in markets throughout the world. Even if you are servicing customers in one country or on one continent, remember that content thieves can and do act without physical borders.
Multi-CDN service
Some watermarking mechanisms may incur additional charges to support multi-CDN usage. Since OTT services have enough expense and complexity, know that it is possible to find a robust service that incurs no additional expenses for multi-CDN content delivery.
Every OTT operator will have its own criteria, but the bottom line is to carefully select a watermarking service that is cost-effective and results-driven.

Understanding the Human Factor

One of the most challenging aspects of securing an OTT service is the understanding of the human factor in content protection: the end-users who are consuming content.
It is essential to start at a level of zero trust, assuming that some users of your service will attempt to circumvent security controls or use your service in a way you didn’t intend. This could mean something as simple as sharing their credentials with family or friends, or a more direct attack against your content security systems by bypassing/overcoming licensing restrictions.
To overcome this challenge, understand that the point of zero trust begins as early as sign-up for your service. Protection steps include validation of the presented user profile, location checks, payment fraud detection (such as comparison with other existing users), and enforcement of a suitably complex password with multi-factor authentication to prevent brute force attacks.

Video Viewer Personas

Errant or undesired behavior within your service can typically be broken down into the following personas.
The Over-Consumer
Running an OTT service is expensive. The cost of delivering compressed video to your consumers is one of the most costly aspects, even with high competition driving CDN pricing down. Your service pricing and tiers model against costs, and per–user delivery/CDN cost – driven by view time per user session – is a major factor. Is a user’s consumption patterns far more than your predicted model suggests? That could indicate the “over-consumer”.
The Frequent Mover
Here, an authenticated and authorised user’s sessions change IP addresses frequently in a short period of time, spanning multiple geographies. This is a good indication of a compromised account, with multiple users accessing the service unbeknown to the legitimate account holder.
The Account Sharer
The Account Sharer is characterised by multiple authentication authorisations over time, with different IP addresses/ISPs, and possibly different geographies. As with the Frequent Mover, this pattern could indicate a compromised account. But, it is also possible that a legitimate user has shared their credentials with friends and family – or worse, with a much wider group.
The Out-of-Bounds Viewer
In this case, the user viewing the content is outside of a designated geographic area. Initial authorisation attempts may have been genuine, but other data sources may reveal the user’s true location.
The Anonymous IP Viewer
The Anonymous IP Viewer’s traffic comes from a suspected or known, proxy/VPN, or a suspect network source (i.e. cloud infrastructure vendor, rather than ISP).
The Long Viewer
This user watches only live channels, for very long periods in one session.
The Tamperer
The Tamperer’s session data indicates tampering with the playback environment Tamper warnings from the code obfuscation solution may have fired. Session token data mismatches may have been logged. You may also see multiple authorisation attempts, and multiple content license request attempts for a single-use token.
From sign-up forward, every component within your service should provide user behaviour monitoring to aid in the identification of patterns that could indicate fraudulent or suspicious activity. This analysis is important to protect your interests under the terms of your content licensing deals – and critically important for revenue protection.

Using Watermarks for End-to-End Protection

To combat the increasing number of piracy attacks, OTT services must implement solid watermarking and detection as well as DRM. There’s a lot at stake: content, revenue, and brand – and even investment in the delivery infrastructure of systems, software, operations, and technical support.
Start by developing and enhancing understanding of the full content protection strategy, and continue with following the considerations and best practices we’ve outlined to choose and implement a watermarking service. Only then can you make sure that your players – from one end to the other – are as trustworthy as the technology you’ve implemented.
Check out the corresponding fireside chat:

Visit How to Trust Your Player

Check out the full blog series below:

View the webinar on the How to Trust Your Player Page
Download this article as a PDF
Download the full series as a PDF
_________________________________________________________________
How To Trust Your Player is a collaborative effort between Bitmovin, Friend MTS and Intertrust. Our goal is to educate media and content providers on the importance of delivering streaming content in the most secure ways possible from the video player to the end-consumer while protecting both their content and revenue.

The post How to Trust Your Player #4: Beyond DRM – Video Watermarking appeared first on Bitmovin.

How to Trust Your Player #3: How to Secure Your Content in Challenging Streaming Environments

Joshua Shulman — Tue, 06 Oct 2020 08:00:42 +0000

Tips and Tricks: Building an OTT Service for Today’s World

Piracy occurs at all levels of video streaming, from illegal downloads to screen captures. How can an OTT provider overcome these issues? Fortunately, there’s a good answer: with a mixed balance of back-end solutions including digital rights management (DRM), watermarking, and/or client-hardening. As a part of a multi-post series between partners Bitmovin, FriendMTS, and Intertrust Technologies, Bitmovin is here to define some of the top tips and tricks to implementing these solutions into your web-based player.
By the time content arrives at a web-based player, a majority of protection measures should already be in place. Although it’s possible to arrive at the player without a concrete DRM, watermarking, and/or client-hardening solution, this is ill-advised, as not all consumer players can be trustworthy enough to simply view content without engaging in some kind of piracy measures.

How to Secure Video Streaming Content in Web-Based Environments

The browser environment, open by default, is a challenging environment to secure. Delivering high-value premium content to a web browser can be a risky venture, but one that is critical to reaching your audience. To reach a maximum audience, the recommendation is to implement a player in as many devices as possible, including app-first or native solutions. Browser environments are amongst the farthest-reaching, but least secure, due to their open nature, and will require some extra attention when implementing content protection systems.
Content licensors (or content owners) are increasingly wary of the impact of content theft at user playback, and will often mandate the use of certain obfuscation techniques as part of authentication and authorization flows. As the second article in our “How To Trust Your Player” series highlights, ensuring that session authorization tokens are securely ciphered and can prevent attacks against DRM license acquisition servers is critical to developing a truly end-to-end end security chain.
For the browser playback environment where website code (JavaScript) is interpreted and executed, masking how to interact with security systems in place is a critical step. This typically takes place through the use of a code obfuscation tool. The goal of this type of tool is to render the source code unintelligible to prying eyes without fundamentally altering how it functions.
Obfuscation entails parsing JavaScript (JS) source code, rearranging the code, and at some points, transforming it by renaming variables and data structures, and refactoring logic structures to mask algorithms. This makes it nearly impossible to understand the code and how data is parsed by it. The result is code that is extremely difficult to read and reverse-engineer, either by a tinker or a more determined actor…such as a content pirate.

How to Bolster Your Video Streaming Defenses

Techniques such as uglify-ing or minify-ing JS code provide some minimal defenses but can be reverse-engineered themselves through automated tooling. While it may not be possible to get back to the original source, it is possible to generate much more intelligible code from tools such as a JS Obfuscator, from which a hacker would have a harder time discerning information beneficial to attacking your code or services.

Improving on Obfuscation

JavaScript protection solutions, such as Jscrambler, provide significant robustness by generating code with polymorphic obfuscation techniques. On top of this obfuscation, code locks are added to restrict the browsers and platforms on which the code can be executed, providing the ability to restrict the code use to a specific user session. They also aid in the generation of self-defending code, where anti-tampering techniques protect functions and objects. These anti-tampering techniques can trigger defenses (such as halting execution and throwing fatal errors), or generate session invalidation events that trigger a service block for future HTTP requests to your security services.
As your code has to execute on a web browser, following open JS standards, it just is not possible to completely secure playback. Obfuscation products are not a foolproof mechanism to create a secure execution environment. Someone with enough motivation, and time to spend gathering intelligence and doing research, will eventually be able to reverse engineer your playback code. However, putting in place multiple layers of JavaScript code obfuscation as part of a complete defense strategy will deter attacks from content pirates.

Concurrency Management

Many content owners require OTT service providers to limit account oversharing – the number of simultaneous video views that can take place from a single authenticated and authorized user account. While this is primarily to ensure that a household’s stream concurrency or device limits are not exceeded, this has the effect of limiting the impact of credential sharing outside of the user’s household. Concurrency management typically takes place by keeping a tally of the number of play/pause/stop events that the player framework’s analytics data generates.
Below is a standard tally-event measurement system that measures users “Alice” and “Bob” based on overlapping timestamps of video views in similar geographic locations. (“P” indicates a video pause.) Although this helps monitor general concurrent usage across shared accounts, this method has its limitations.

Concurrent management tally sample

One is that this method often is not robust enough to limit concurrency. This is because the analytics events can be intercepted and blocked – and are not explicitly tied to a service’s DRM license issuance, and the user’s entitlement store or rights locker. A better practice is to include heartbeat messaging, driven from the player’s message bus with the playhead timeline position (or an offset for VoD), that ties to a specific user’s session. When a stream entitlement check takes place as part of DRM license issuance, a heartbeat identifier should be set, tied to the user’s session, cryptographically signed, and then passed to the player as the heartbeat token.
On playback start, and until the end of the session, the player should communicate with the heartbeat service at a predetermined interval to exchange the heartbeat token. At exchange of a valid heartbeat token, the heartbeat service would respond with the next/refresh token, and the user’s stream entitlement within the user store would be tallied. If the heartbeat token is not validated within the predetermined interval (+/- n seconds), then the heartbeat service would remove the user’s entitlement to playback the content. This, in effect, would remove the ability for the user’s session to obtain further DRM licenses until the session had been reset.
When receiving an error from the heartbeat service, the player (through the heartbeat customization) should invoke the player “stop” functions to tear down the session.

Domain Locking

Whereas concurrency management is a method of monitoring how many users are viewing the same account, domain locking is essentially a technique to allow or deny streaming on certain websites. It will prevent a player from being embedded on a non-approved site, such as one on which an aggregator might want it to look like they have content available – but in reality, are embedding another service’s player.
Bitmovin’s web-based player, as part of the standard security controls, uses an allowlist for player licensing to prevent misuse. The top-level domain name or host for which the player can be used must be added within the “Player — Licenses” section of the dashboard by selecting “+ Domain” before deploying a player.

Bitmovin player dashboard

From this page, it is also possible to add IP address ranges to indicate where the player can be licensed, which can be useful during testing. Localhost is allowed by default. For the mobile/device software development kits (SDKs), the allowlist may also contain the package name and/or bundle ID. In the case of the Roku device, the dev.roku domain is mandatory, along with the Roku channel ID.
Once you’ve secured your distribution chain from source to the playback environment, and have followed best practices to secure the playback experience as much as possible (as above), it’s imperative that you follow these rules to boost your users’ experience – and ultimately, your brand.

Rules to Gaining and Retaining Trustworthy Video Players

1. Make your content available where your users want to watch it

Combining Bitmovin’s encoding and packaging solution to prepare the content for delivery, the robust ExpressPlay DRM system provided by Intertrust to protect delivery, and Bitmovin’s Player, it is possible to support a wide range of browser versions and devices to reach your audience.
Bitmovin’s multiplayer SDKs streamline the development by bringing your apps to all of the platforms your users would be willing to pay to watch it on — e.g., Smart TV, tablet, or mobile device (iOS, Android, etc.). You can find information on the Bitmovin SDK and how to implement it in its documentation.
You can also view all devices and apps supported by the web player.

DRM Systems supported by the Bitmovin Web Player

2. Feature parity with piracy

Create an impactful and feature-rich player that improves the viewer’s quality of experience. Don’t punish legit users by restricting how they view their content, such as with offline play, time to release, and overall quality. In some cases, legitimate content just is not available in high enough resolution, whereas pirated content might offer 4K quality.

3. Provide your content at a reasonable price point

Bitmovin’s player SDK enables an OTT provider to spend less time developing workflows for each potential player implementation by reducing workflow cost with easy-to-use configurations.

Summary: How to Secure Video Streaming

The combination of these three golden rules creates a more favorable user experience than what content pirates can provide. Yet, there is one last problem to overcome once your player is ready: re-streamed content. This is where an effective watermarking service comes in. Not only will it detect, deter and disable leaks, it will work to create a frustrating experience for illegitimate viewers and encourage them to use more legitimate means of consuming content.

Make it harder to pirate content, but easier to pay for content

Check out the corresponding fireside chat:

Visit How to Trust Your Player

Check out the full blog series below:

View the webinar on the How to Trust Your Player Page
Download this article as a PDF
Download the full series as a PDF
_____________________________________________________________________________________
How To Trust Your Player is a collaborative effort between Bitmovin, Friend MTS, and Intertrust Technologies. Our goal is to educate media and content providers on the importance of delivering streaming content in the most secure ways possible, from the video player to the end consumer, while protecting both their content and revenue.

The post How to Trust Your Player #3: How to Secure Your Content in Challenging Streaming Environments appeared first on Bitmovin.

How to Trust Your Player #2: Securing Content Access with DRM Best Practices by Intertrust

Ali Hodjat — Thu, 03 Sep 2020 12:12:36 +0000

This is the second article from the collaborative content series by Bitmovin, Intertrust, and FriendMTS. This post was originally written and hosted by Intertrust.

Authors:
Ali Hodjat, Product Marketing Director, Intertrust
Nicolas Bredy, Senior Solutions Architect, Intertrust

Overview of Online Piracy and Digital Rights

As discussed in the first article of our series on “How to Trust Your Player,” piracy is a big business and leverages the same technology advances as legitimate OTT service operations in streaming and other components.
Globally, the volume of global OTT streaming has grown 63% between Q2 2019 and Q2 2020, according to a report from Conviva, a leading supplier of video analytics technology. Similarly, total losses to piracy of streamed content worldwide are skyrocketing, impacting live and on-demand services alike. Digital TV Research projects that by 2022, global losses to online video piracy will reach $51.6 billion — nearly double the amount lost in 2016.

Piracy and Digital Rights Management

This article will provide an overview of digital rights management (DRM) license acquisition models, and recommended DRM best practices for leveraging a cloud-based DRM service to protect high-value streaming content. These practices are essential to:

Maintain a secure interface for delivery of content keys to the encoder and packagers;
Prevent attacks against the DRM license acquisition servers;
Make sure only verified browsers and players can access the media and DRM license in different devices.

Consider that hackers have honed their technical skills to develop and adopt new ways of defeating defenses and responding to detection with new brands and sites. The least technically sophisticated approaches that pirates use to get around the robust protection of sophisticated DRM systems include high-quality camcording from 4K UHD TV displays. Advanced methods, similar to those of professional pirates, include high-bandwidth digital content protection (HDCP) strippers.
Other attacks target the multi-DRM service to extract the content keys or exploit the DRM license acquisition server to circumnavigate license checking rules and retrieve DRM licenses. Pirates can also capture in-the-clear content from device memory as it awaits playback in the buffering process, in devices that don’t support Trusted Execution Environment (TEE) and Secure Video Path (SVP). In some cases, if the same content keys and licenses are used for different resolutions, pirates will subscribe to the lower-quality content (e.g. SD resolution) and extract the keys to steal and redistribute higher-resolution —such as HD and 4K — variants of the content.
As we discuss and demonstrate DRM best practices in a real-world application (and reveal what a premium service should provide), portions of this article will refer to Intertrust’s ExpressPlay DRM as an example of a cloud-based, multi-DRM service.

Securing Content Encryption Key Acquisition

An integral part of content packaging is the insertion of DRM signaling in the media, such as the common encryption Protection System Specific Header (PSSH). Because the content packaging and playback workflows need to coordinate the DRM signaling and Content Encryption Keys (CEK), it is critical that the content packaging workflow and the multi-DRM system are tightly integrated. The content packager needs to retrieve the CEK from a multi-DRM service provider that manages these keys securely.
To maintain the secure exchange of CEKs, Bitmovin encoders/packagers and Intertrust ExpressPlay DRM have integrated the Secure Packager and Encoder Key Exchange (SPEKE) protocol, which enables secure retrieval of the encryption keys and DRM signaling from the ExpressPlay key store. The content protection industry has broadly adopted the SPEKE protocol. The protocol provides a simple and secure interface for delivery of CEKs and DRM signaling using a standard API that streamlines secure communications between the ExpressPlay DRM and encryptors, which in this case include encoders, packagers, and origin servers.

Preventing DRM License Acquisition Attacks

DRM technology is designed to protect the video content during transport, at rest, and during consumption. Although such technology can involve some very advanced security concepts, OTT streaming service operators still need to pay detailed attention to the overall system architecture that is deployed and avoid loopholes that allow hackers to defeat the purpose of DRM protected content.
In particular, the workflow for DRM license acquisition has to be thoughtfully designed. There are two deployment workflows that are typically used:

Direct license acquisition model: In this workflow, the subscriber’s device or player application communicates directly with the multi-DRM service (e.g. ExpressPlay DRM)
Proxy license acquisition model: In this workflow, the subscriber’s device and player application communicates with a proxy service managed by the OTT service provider, which redirects the requests back to the multi-DRM service (e.g. ExpressPlay DRM)

Moreover, similar to other professional cloud services, a typical multi-DRM workflow requires some form of authorization, which can be implemented by leveraging a secure token. A secure token enables a robust and secure mechanism to deliver several settings and parameters to the multi-DRM service. The secure token is encrypted to ensure confidentiality and includes a digital signature to ensure integrity.

Direct License Acquisition Model

This approach is also commonly referred to as an upfront token authentication workflow. Typically, a secure token is then used by the video player in the target device to perform a DRM license acquisition from the DRM license server. Once the DRM license server receives such a request, it can provide a DRM license that is bound to the requesting client device.

The workflow of the Direct License Acquisition Model

The workflow of this direct license acquisition model involves the following steps:

The OTT service provider receives a request for content, authorizes the user session, then triggers the generation of a secure token. This process is achieved by calling some ExpressPlay multi-DRM APIs and passing all the required parameters to create a DRM license, which includes an identifier of the CEK(s), and desired DRM license policies.
The ExpressPlay multi-DRM service returns a secure token, which is an encrypted, opaque data blob that contains all the information from the previous request.
The OTT service provider inserts the secure token in a DRM license acquisition URL, that is returned to the client application.
The client application initializes the media player with the DRM license acquisition URL, which triggers a DRM license acquisition call to the ExpressPlay multi-DRM service endpoint.
The ExpressPlay multi-DRM validates the secure token, then returns a DRM license with the requested settings.
The video player can start the playback of the encrypted video using the retrieved DRM license.

Benefits and challenges of direct license acquisition model

The main benefits of the direct license acquisition model are:

Using tokens for authorization of the client device is a simple method that is easy to deploy.
The multi-DRM service provider (e.g. cloud-based ExpressPlay DRM service) will manage the authorization steps with the different DRM servers.
The client devices only need to connect directly to the multi-DRM provider license servers and avoid connection with multiple DRM servers.

Since the secure token, also known as the DRM authorization token, is critical for generating and delivering the DRM license to the video player in the target device, a multi-DRM service should prevent attackers from reusing the DRM authorization token when they are not authorized to watch the content. Techniques available to achieving this goal include:

Limit the lifespan of the DRM authorization token to a short specific duration. In this approach the OTT service provider can define the lifespan of the token (e.g., 10 seconds) as one of the parameters sent to the ExpressPlay DRM service. Therefore, the client application will need to retrieve the DRM license before the token expires. This approach prevents an attacker from retrieving the DRM license from the multi-DRM service because the token is not valid after the set time period.
Bind the DRM authorization token to some form of device identifier that will enable only the authorized device to retrieve the DRM license from the multi-DRM service. In this approach, the OTT service provider will pass the device identifier to the ExpressPlay multi-DRM service as one of the parameters, and the token generated by ExpressPlay will include the device identifier. In the case of browser-based playback, this approach is not feasible because browsers do not expose a persistent unique identifier. Both of these methods are supported by ExpressPlay multi-DRM service.

Proxy License Acquisition Model

A more advanced deployment DRM license acquisition can be accomplished through a DRM license proxy service, which enables the video player to directly communicate with an endpoint managed by the OTT streaming service provider (DRM license proxy). In this case, the streaming service provider retrieves a DRM license from the multi-DRM cloud service (e.g. ExpressPlay multi-DRM service) and there is no need for the video player to send a token directly to the multi-DRM cloud service for retrieving the license.

The workflow of this proxy license acquisition model involves the following steps:

The OTT service provider receives a request for content as a DRM license request, authorizes the user session, then forwards the license request to the ExpressPlay multi-DRM service along with the authorization proof. This request is managed by the license proxy server.
The ExpressPlay multi-DRM service validates the authorization proof and generates the DRM license using the requested settings. It returns the DRM license along with the requested policies to the license proxy server.
The license proxy server which is managed by the OTT service provider, will deliver the DRM license to the client device.
The video player can start the playback of the encrypted video using the retrieved DRM license.

Benefits and Challenges of Proxy License Acquisition Model

The main benefits of the proxy license acquisition model are:

DRM license server APIs are not directly exposed to client devices and media players; therefore, they are less prone to direct attacks.
Help in reducing latency, because this approach requires only one API call (on average) by the video player to retrieve the DRM license. In contrast, the direct token-based license acquisition model requires at least two round-trip API calls between the device and multi-DRM service.
OTT service providers can build additional authorization logic to control DRM license requests from the video player such as session bound license. For example:
- Binding DRM license, provided by ExpressPlay DRM service, to that particular user or viewing session
- Enforcing additional restrictions on the client requesting the DRM license, such as geographic location (geo-blocking), or that the request originates only from a legitimate client application (e.g. using the client’s Origin header in case of browsers)
Leveraging a simpler client-side logic that enables:
- Streamlining the DRM license acquisition workflow from the client-side application
- Ability to catch errors in retrieving the DRM license early on the DRM license proxy side
Provides a robust framework to deploy scalable rotation of CEKs for live streaming.

When using the proxy license acquisition model, the OTT service provider is responsible for both scaling up the DRM proxy endpoint as the number of video player and device client requests increase, and for designing and implementing such DRM proxy service according to online services security best practices.

Digital Rights Management Best Practices

On top of the deployment model considerations mentioned above, modern DRM schemes offer a wide range of content protection configurations, policies and restrictions applied to content, whether it is played on devices’ internal screen or on external screens such as through an HDMI cable.

Multiple Content Encryption Keys

Best practices involve setting different CEKs for audio track as well as for each video resolution (e.g. SD, HD, UHD). This approach enables OTT streaming service providers to grant access to content distributed to different customers/different devices by delivering only the DRM licenses with CEKs for the authorized resolutions based on the consumer’s subscription package.
Also, this allows the streaming service operator to fine-tune the DRM policies for each given resolution or track. For example, audio and SD content may not require enforcement of HDCP over an HDMI connection. However, an HD resolution may require HDCP 1.4 to be enforced, and 4K/UHD may require HDCP 2.2 to be enforced in the DRM license. We will cover additional considerations related to the use of HDCP in article four of the How to Trust Your Player series.

Digital Rights Management Security Levels

DRM security level is a concept that defines the security tier of the DRM stack that is supported by the target device. Although different DRM schemes have different definitions of their security levels, there are two relevant distinctions in the security levels:

Software-based DRM client. The DRM client implementation stack is mostly in software, usually protected with white-box cryptography solutions like whiteCryption for code protection and application shielding. The main examples of such security levels are PlayReady Security Level 2000 (SL2000) and Widevine Level 3 (L3).
Hardware-based DRM client. The DRM client implementation stack leverages a Trusted Execution Environment (TEE) on the target device. Such implementations involve the decrypted media to be processed through a Secure Video Path (SVP) without it leaving the secure environment provided by the device hardware and TEE. The main examples of such security levels are PlayReady Security Level 3000 (SL3000) and Widevine Level 1 (L1).

Using the right DRM security level allows OTT streaming service providers to map the required security level for each given resolution or track. For example, audio and SD content may only require a “software-based DRM client,” whereas HD and 4K/UHD may require a “hardware-based DRM client” to be enforced.
In the case of 4K/UHD, there will be additional requirements from the Enhanced Content Protection (ECP) specification by Movielabs (an entity owned by several Hollywood studios). Leveraging the right DRM security level is particularly important because audio codecs are usually implemented in software, and cannot be enforced through “hardware-based DRM clients.”

Widevine Verified Media Path (VMP)

Another important digital rights management best practice is related to the Verified Media Path (VMP) requirement enforced by Google Widevine DRM. This process is specifically relevant when a browser-based video player is used to decrypt Widevine protected content. The W3C Encrypted Media Extension (EME) specification defines the interfaces that web applications can use for provisioning the browser’s media stack with the DRM license required to play protected content.
A critical module of the EME specification is a trusted component that evaluates the rules specified in the DRM license and ensures the content key is handled securely. This component is known as the Content Decryption Module (CDM). Once the media is decrypted by the CDM, it is essential that the browser securely processes the decrypted media.
When the browser uses a native DRM client, at the start of video playback, decrypting media will be through a Secure Video Path (SVP), and it can enforce “Hardware-based DRM client.” When the browser is not using the native DRM client, the CDM is mostly using “Software-based DRM client.” This is the typical situation for Chrome or Firefox browsers running on desktops computers. In these cases, the Widevine desktop browser CDM includes support for VMP, a feature that ensures Widevine has sanctioned the browser media processing implementation.
In the past few years, Google has deprecated all CDM versions that do not contain VMP functionality and is now mandating VMP for all browser CDM implementations to stay current with the stable Chrome releases. This action ensures that the latest updates are applied and that they support the latest APIs. More recently, Google also adopted a policy of strictly enforcing the VMP requirement which means Widevine license servers by default can only issue licenses for CDMs that support the VMP feature.
These best practices are crucial when using Widevine DRM:

OTT streaming service operators need to instruct the subscribers to update their browser and related components (e.g., CDM) to the latest version. This is usually done seamlessly for browsers on Mac OS X and Windows. However, this automatic update is not always successful. Consequently, some users are unwittingly using a Chrome browser version with a deprecated CDM that does not support the VMP feature. They will not be able to play Widevine-protected content.
For desktop Linux browsers that do not support VMP, it is possible to override the default Widevine license server behavior by specifying a dedicated flag, and still issue a license to grant playback. ExpressPlay DRM service will provide a mechanism to override the default Widevine license server if needed.

Combating Online Piracy with Digital Rights Management

Pirates have continued to evolve their technical skills to develop new methods and are now leveraging the same advances in streaming technology used by legitimate OTT service providers. To combat the increasing number of piracy attacks, streaming service operators must follow DRM best practices to block the loopholes that hackers otherwise may use to defeat the purpose of DRM technology.
When leveraging a cloud-based DRM service, it is essential to follow the correct DRM license acquisition workflow, maintain a secure interface for delivery of content keys, and take advantage of DRM security levels and multiple content-encryption keys.
Check out the corresponding fireside chat:

Visit How to Trust Your Player

Check out the full blog series below:

View the webinar on the How to Trust Your Player Page
Download this article as a PDF
Download the full series as a PDF

The post How to Trust Your Player #2: Securing Content Access with DRM Best Practices by Intertrust appeared first on Bitmovin.

Player Version V7 & V8 is Chromecast HLS Compatible with Enhanced DRM Support

Reinhard Grandl — Tue, 01 Sep 2020 09:10:14 +0000

Since the release of player version v5.2, Bitmovin has improved support for HLS streams, including playback on Chromecast and enhanced DRM handling. This support carries across to the latest implementation – Web SDK v8

Chromecast HLS Playback

After introducing HLS streaming to our HTML5 based player, we took the next step and ported it to Chromecast making our HLS streams Chromecast compatible. We have been supporting MPEG-DASH on Chromecast for a while and it has been very well adopted by our customers. Why did we go the extra mile to port our own HTML5/JS-based implementation of an HLS player to Chromecast instead of using the existing Media Player Library (MPL)? Features! Using the HLS support of Chromecast’s MPL might be sufficient for some use-cases, but we wanted to empower our customers to make use of all of the great features from the desktop and mobile player, such as support of separated audio and video tracks, subtitles, and comprehensive API just to mention a few.

Enhanced Configuration Options for DRM

Player version v5.2 also features some important improvements to our DRM support. The player is now capable of interpreting DRM initialization information, usually present in the PSSH box of a segment, given in the manifest file instead. This makes our support for DRM-protected content even more versatile and increases our encoder compliance further.
In addition, we introduced a configuration object that allows the specification of advanced options of the DRM key system, such as distinctiveIdentifier or persistentState. More information about possible configuration options can also be found in our HTML5 Player configuration documentation.
We also introduced the support of HLS segments, not starting with key-frames, improved the startup performance and added additional events and API calls.

What’s Next?

For the next player version, we have planned another major step in the area of increased subtitle support with full WebVTT enablement. The latest improvement to the v8 Web Player includes better Edge browser support. As we see advertising capabilities getting more and more important for many of our customers, we will also extend our VAST support and introduce VPAID to the Bitmovin Video Player. So stay tuned.
To learn more about the Bitmovin Video Player please check out the following pages

The post Player Version V7 & V8 is Chromecast HLS Compatible with Enhanced DRM Support appeared first on Bitmovin.

DRM – Bitmovin

New Firefox AV1 support for Encrypted Media Extensions

Table of Contents

Firefox 125 adds support for encrypted AV1

Previous Bitmovin and Firefox AV1 collaboration

Other recent AV1 playback updates

Android adds dav1d decoder

iPad Pro gets AV1 playback support with M4 processor

Ready to get started with AV1?

Related Links

The Ultimate Guide to HTML5 Video Players [2024]

Table of Contents

What is an HTML5 video player?

History of HTML5 video players

First, there was Flash

Then came the push for plugin-free video technologies

The HTML5 video player became the future of streaming

Benefits of video streaming with an HTML5 video player

How to choose an HTML5 video player: 10 Key features

Integration effort

Customization

Device and browser coverage

Performance

DRM support

Advertising support

What ad architecture are you using today?

Adaptive bitrate (ABR) playback

Subtitle and audio tracks

Third-party integrations

Testing and analytics

Free and open-source vs. paid video players

What’s more common: open-source vs. commercial video players

How many hours per month does your development team spend on maintaining your video player solution?

Evaluating Quality of Experience (QoE)

Measuring ROI of your online video player

Video player security issues

Video player software development kits (SDKs)

Branding and customizing your video player

When is an open-source video player the best option?

Top 4 free and open-source video players in 2024

Shaka Player

Key features:

Pros:

Cons:

Video.js

Key features:

Pros:

Cons:

Dash.js

Key features:

Pros:

Cons:

HLS.js

Key features:

Pros:

Cons:

ExoPlayer

Key features:

Pros:

Cons:

AVPlayer

Key features:

Pros:

Cons:

Bonus: A look at Bitmovin Video Player

Key features:

Compatibility:

Pros:

Cons:

Conclusion

HTML5 video player FAQs

What does it mean for an HTML5 player to be open source?

What are the benefits of using a premium video player?

What factors should I consider when choosing an online video player for my business?

How do OTT platforms manage the costs of delivering content to users in different regions around the world, given differences in internet infrastructure and bandwidth?

Should I just use the standard video player element?

Will new technology — such as 5G and improvements in video compression algorithms — impact the cost of running a video platform over time?

Which criteria did you use to evaluate the online video players listed above?

DRM (Digital Rights Management): The Definitive Guide [2023]

Table of Contents