Microsoft Playready DRM: Infrastructure Implementation
Article provides Playready DRM Architecture, Integration, Advantages & Free 30 Day Trial
Playready is Microsoft’s video DRM architecture protocol which enables content creators/distributors to stream protected media content. Playready is chiefly supported by devices and software running on Microsoft ecosystem that is Edge and IE browsers. Historically Playready DRM had a wider implementation which has now come down due to Google Widevine DRM and Apple Fairplay DRM being implemented across the other major devices and browsers (Android, IOS, Chrome , Firefox etc).
Piracy Protection Features included with Microsoft Playready DRM
- High secure black boxed encrypted playback mechanism which prevents download of raw video. This is currently implementable with HTML5 video player making its adoption smooth. The biggest plus points of Playready DRM now is it natively supports HTML5 video player and DASH streaming protocol. HTML5 video player is increasingly favoured by browsers over Flash-based video playback. In the absence of native HTML5 DRMs content providers had to get users to install a Silverlight plugin or use the Adobe Access DRM through Flash. Both had the negative aspect that they required users to install things to their device. Also, it produced some security risk with Flash. (which is the reason it is increasingly being phased out by browsers)
- Blocks any screen capture tools running on Windows Devices. High-quality movies are often recorded by users using screen capture tools. But use of Playready DRM ensures that no software or plugin can do so. Microsoft restricts such usage at the hardware level.
The ultimate endorsement for any Digital Rights Management system is having certifications from Hollywood studios. They have millions of dollars on the line, when they make their content available via online streaming. Hollywood’s Digital Entertainment Content Ecosystem (DECE) endorses Playready’s DRM for streaming videos. Netflix and Amazon Instant Video use Playready for streaming on Edge. At VdoCipher our aim is to provide a complete video streaming solution that handles everything from user experience to content protection for our users. In this blog, I detail how VdoCipher makes Playready DRM available for all users.
VdoCipher’s Playready Architecture + Streaming Setup
Two Options –
1. Customer handles transcoding, player & streaming; VdoCipher provides DRM
2. Vdocipher provides DRM , transcoding, player, streaming as package.
1. First workflow
2. Second Workflow
- Video Upload – You can upload videos through the dashboard, or using our upload APIs
- Video Processing –
- Encoding – Videos are encoded at multiple bitrates
- File encryption (using CENC).
- Video File packaging and Key generation from DRM license server
- Video Management using APIs
- Encrypted video files are stored on Amazon Cloudfront and Google Cloud Platform CDN Edge locations to ensure fast video streaming
- Video player customizations
- Player theme change
- Overlays/buttons over video
- Secure Video playback
- Embed Code to generate Dynamic URLs (HTTP Post request including client secret key to get unique OTP)
- Unique OTP is then sent by DRM license server
- Encrypted video file is decrypted in Browser/ Device’s trusted environment.The video is rendered via the video player, which can switch across different streams of different bitrates.
- Screen capture block & viewer specific dynamic watermarking
- For content creators wishing to stream across all major devices and browsers, they need a multi-DRM strategy. At VdoCipher we also provide Widevine for Chrome/Android/Opera/Firefox, Fairplay for IOS/safari, with Flash as a fallback. This multi-DRM strategy ensures that content providers can fully rely on VdoCipher for distributing content on all devices.
Playready CDM for Delivering the Best User Experience
No plugins necessary because of Native Playready CDM
VdoCipher’s implementation of Multi-DRM makes sure that videos are played on Desktop devices using the native HTML5 video player.
Highest Quality Adaptive Streaming with DASH
- VdoCipher’s implementation of Playready also makes use of the DASH streaming protocol. It is an open-source and widely adopted video streaming standard. DASH ensures that the same video file can be used across all devices (with the exception of iphone). This considerably reduces the storage requirements on Server/Content Delivery Network, as they only need to store one file container that would stream on most devices.
- The most valuable aspect of DASH protocol is adpative playback, to stream best quality for given network bandwidth. In urban locations where users watch videos, network connection can often fluctuate wildly. This can be because the viewer may be watching while traveling, or that more people are logging in to the shared network at the same time. VdoCipher video player monitors the user’s network quality and, and streams the best possible resolution for that given network quality.
- DASH is also used for streaming via HTTP, which is not blocked by firewalls, which is the case for streaming formats such as RTMP.
Encrypted Streaming + DRM License
Video Encoding at multiple bitrates
As mentioned in the previous section, video streaming in urban networks requires adaptive bitrate streaming. Video encoding process optimizes the video size to deliver the highest quality at the lowest bitrate. The most popular video codecs in use today are H.264 and VP9. SD resolution streams are encoded using H.264 codec, which has the widest decoder support. On the other hand HD resolution streams are encoded using VP9, for delivery of 1080p streams to devices such as Android TV. Different files of different bitrate and resolution are broken down into fragmented MP4 segments of equal length.
Videos files of different bitrates are each encrypted with CENC
In Playready DRM each individual video track is separately encrypted, using CENC (Common encryption Scheme). CENC ensures that each video segment is encrypted only once. The keys can be reused by different suplinporting DRMs (such as Widevine). Fairplay has not yet made this API available, thus Fairplay streams have to be separately encoded currently.
VdoCipher communicates with Playready license server to send the content decryption keys
On packaging and encrypting the video, VdoCipher packager requests for content decryption keys from the Playready DRM license server. Playready DRM license server subsequently returns this data to VdoCipher.
The information regarding the encryption/ decryption key is then inserted to the Media Presentation Description (MPD). This information can only be understood by the blackboxed Content Decryption module inside the browser/ device. It uses the info to prepare a license request from the Playready license server.
Make Highly Specific DRM Licenses with VdoCipher
Our unified multi-DRM APIs allow you to configure the session duration for playback during generating license. This can be useful when the content is very sensitive.
DRM configuration allows setting up with custom content key which can be a primary key in your video management CMS. This setup allows easy configuration without any major changes in your existing DB. Multi-DRM with unified encryption and licensing API utilizes a single asset ID without raking up technical debt. Unified licensing API takes out the worry from handling multiple streams and devices separately.
Automate Video Workflow with Developer-Friendly APIs
At VdoCipher we have designed our service to be API first. We also have a video dashboard that you can automatically use to manage your videos. Using our APIs you can automate the flow of video that you upload to our AWS servers.
Basic features we provide for automated video management are:
- Upload APIs
- Upload videos using Dashboard
- Import/Upload videos using API
- Import videos from URL through both Dashboard
- Import videos using API
- Add and Retrieve tags using APIs:
- Retrieve video based information (including Poster image, video file size)
- Video Pagination for retrieving list of most popular videos
We also have advanced APIs to enable our users to automate their workflow better. These include options to custom upload poster image (thumbnail) for maximizing user click rate and update specific parameters of your videos. Please get in touch with us if you require any help in automating your video workflow.
Detailed APIs are here.
Encrypted Video Playback with DRM License
Videos are decrypted securely in device by Playready CDM with encrypted license from DRM license server
VdoCipher player acts as a blind messenger between the Playready DRM license server and the Content Decryption Module (CDM) (which is either hardware based or software based). The VdoCipher player itself does not handle any license keys at any point directly. It gets access to the final video stream when the CDM decrypts the stream for playback. In Desktops, CDM is bundled along with browsers. The CDM is part of the hardware creating a Trusted Execution Environment. The video player does not know how the CDM decrypts the key. It only uses the APIs which the Widevine CDM makes available for requesting & receiving the DRM license keys.
Making Available Hollywood-grade security for your videos
You can rest assured that if Hollywood studios, what with their multi-million dollar deals for films with online streaming services, trust a DRM solution, they would have done their due diligence on the security of the DRM. Playready, Widevine, Fairplay is the service that Netflix uses for their encrypted content.
Broadly speaking, Hollywood studios limit video playback at a resolution of 720p for Widevine’s L3 profile. In L3 profile the decryption is software based, and the final video is rendered by the video player itself. Studios limit HD and Ultra-HD resolutions for devices that support L1 profile, which provides hardware-based decryption, decoding, and rendering. L1 profile of Widevine DRM is supported by most Android smartphones and AndroidTV. Please get back to us if you have similar requests.