Protected Content
Process for playing protected content
On the Senza platform, the Remote Player uses the Widevine CDM (content decryption module) to decrypt protected content.
License Server
To play protected content, a player like Shaka must be configured to connect to a license server . When the player tries to play protected content that requires a license, the CDM in the player connects to the license server to request a license, optionally including details about the user and the content they are trying to watch.
If the license server determines that the user should be allowed watch the content, it returns a license containing the required decryption keys. The license also contains policies that determine how the content can be played, for example the maximum resolution or the required level of HDCP protection. The CDM is then responsible for enforcing these policies.
Foreground Mode
When playing video in foreground mode, Senza uses the same process as a typical web app. For example, you can use the Shaka player to play protected content. As shown in the Shaka DRM Configuration tutorial, all you have to do is configure the player so it knows what license server to use:
player.configure({
drm: {
servers: {
"com.widevine.alpha": "https://foo.bar/drm/widevine"
}
}
});
Background Mode
When playing video in background mode, your app can interact with the Remote Player to play protected content. When the Remote Player stars playing protected content, it sends a license request to your app by emitting a license-request
event. Your app can then make a request to your license server, obtain a license, and send it back to the Remote Player by calling the event's writeEventResonse()
function. The Remote Player class takes care of all the details regarding communication between your app and the cloud connector.
- See the End-to-end license flow section below for a more detailed description of the process.
- The Remote Player documentation explains how to respond to the
license-request
event. - The Protected Content tutorial features step-by-step instructions on writing an app that plays protected content.
Note that the Device Simulator does not support playing protected content in background mode, so you'll want to test on a physical Cloud Connector device.
Senza Shaka Player
Your app can use Senza's Shaka Player subclass to make streaming protected content super easy. Rather than interacting with the Remote Player directly, when you use the Senza Shaka Player in your app it takes care of all the details of interacting with the Remote Player for you. That includes playing protected content, including the process of requesting a license.
- Configure the player with a link to the license server as you normally would, as shown in the code above.
- When the Shaka player requires a license, it will request one using the usual flow.
- When the Remote Player requires a license, the subclass will handle listening for the license request, making a request to the server that the player has been configured with, and sending the response back to the Remote Player. This all happens under the hood so you don't need to do any additional work.
Note that your license server will routinely receive two requests each time you play protected content: one for the local player, and one for the remote player. These are separate because the video is playing in two different environments, so the requests will be different.
Technical details
- Encrypted content shall use the DASH
cenc
scheme and the Widevine UUID (edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
). See DASH-IF UUID. - Widevine CDM & OEMCrypto are v17 and compliant with the
CE CDM
profile, with the exception that offline and entitlement licenses are not supported. - The platform supports tracks encrypted with separate keys (i.e for audio and video), as per Widevine best practice.
Decoding requests
The Widevine integration console decodes license requests and responses (in Base64 form) and serves as a useful integration aid.
End-to-end license flow

- User selects an asset to play (1) and the Web App invokes the remote player (2 & 3) with the asset URL.
- The remote player fetches the DASH manifest (4 & 5) and extracts the PSSH metadata (6).
- The PSSH is sent to the Widevine CDM (7 & 8) to generate a license request.
- The CDM generates the license request (9) and sends it to the Web App as an asynchronous
license-request
event (10). - A typical Widevine server interaction will require an access token (11 & 12), and possibly other metadata such as a unique content ID (not shown). The Web App acquires the token and metadata and Base64 decodes the
licenseRequest
field of thelicense-request
event (13). - The Web App formats a license server request (exact format is specific to the license server) using the token, metadata and decoded license request and sends the request to the host platform license server (14).
- Upon receiving the license response (15), the Web App sends the response to the remote player by invoking the
writeLicenseResponse
method of thelicense-request
event (16). Note that the license server response may require additional unpacking such that the Widevine license response (in Base64 form) is available. - The remote player sends the license response to the CDM (17) such that keys are made available for decryption.
- The remote player enters a playback loop (18,19 & 20) acquiring media segments from the CDN, decoding and playing. At this time the CDM will also enforce the license rules (HDCP level, key lifetime, etc).
- When the UI moves back to foreground mode (21), the remote player is stopped (22) and CDM session is closed (23).
- An optional license renewal flow may also exist during playback, which from the Web App POV is identical to steps 10-16.
Updated about 1 month ago