Guides

Protected Content

Process for playing protected content

Suggest Edits

The Remote Player uses the Widevine CDM (Content Decryption Module) to decrypt protected (encrypted) content.

Senza platform responsibilities

  • All aspects of Widevine CDM provisioning.
  • Widevine CDM initialisation, session creation, decryption, session teardown, etc.
  • The Remote Player is responsible for extracting the PSSH and processing it with the CDM.
  • The Remote Player, in conjunction with Widevine CDM, is also responsible to enforce the license policy.

Integrator responsibilities

  • The Web App is responsible, in conjunction with the host platform's Widevine license server, for processing license requests generated by the CDM and providing the license response to the platform.
  • See Remote player license integration for the required WebApp integration details.

πŸ“˜

The Widevine integration console decodes license requests and responses (in Base64 form) and serves as a useful integration aid.

Technical details

  • Encrypted content shall use the DASH 'cenc' scheme and the Widevine UUID (edef8ba9-79d6-4ace-a3c8-27dcd51d21ed). See DASH-IF UUID.
  • Widevine CDM & OEMCrypto are v17 and compliant with the "CE CDM" profile, with the exception that offline and entitlement licenses are not supported.
  • The platform supports tracks encrypted with separate keys (i.e for audio and video), as per Widevine best practice.

End-to-End license flow

  • User selects an asset to play (1) and the Web App invokes the remote player (2 & 3) with the asset URL.
  • The remote player fetches the DASH manifest (4 & 5) and extracts the PSSH metadata (6).
  • The PSSH is sent to the Widevine CDM (7 & 8) to generate a license request.
  • The CDM generates the license request (9) and sends it to the Web App as an asynchronous license-request event (10).
  • A typical Widevine server interaction will require an access token (11 & 12), and possibly other metadata such as a unique content ID (not shown). The Web App acquires the token and metadata and Base64 decodes the licenseRequest field of the license-request event (13).
  • The Web App formats a license server request (exact format is specific to the license server) using the token, metadata and decoded license request and sends the request to the host platform license server (14).
  • Upon receiving the license response (15), the Web App sends the response to the remote player by invoking the writeLicenseResponse method of the license-request event (16). Note that the license server response may require additional unpacking such that the Widevine license response (in Base64 form) is available.
  • The remote player sends the license response to the CDM (17) such that keys are made available for decryption.
  • The remote player enters a playback loop (18,19 & 20) acquiring media segments from the CDN, decoding and playing. At this time the CDM will also enforce the license rules (HDCP level, key lifetime, etc).
  • When the UI moves back to foreground mode (21), the remote player is stopped (22) and CDM session is closed (23).
  • An optional license renewal flow may also exist during playback, which from the Web App POV is identical to steps 10-16.

Tutorial

See the Protected Content tutorial for an example.

Updated 4 months ago

What’s Next