Low-Latency Live Streaming Technology Comparison
In-depth comparison of WebRTC, LL-HLS, and SRT low-latency live streaming technologies: principles, latency data, and selection recommendations.
Read More →Deep understanding of DRM technology systems for secure video content distribution
DRM (Digital Rights Management) is a technology system for protecting digital content from unauthorized access and copying. In the video field, DRM ensures that only authorized users can play video content through encryption technology, serving as core infrastructure for online video platforms, paid movies, educational content, and other scenarios.
Many people confuse DRM with regular video encryption. Regular AES-128 encryption (such as AES-128 in HLS) simply encrypts video content, with keys typically transmitted in plaintext within M3U8 files, offering lower security. DRM systems, on the other hand, provide complete key management, device authentication, permission control, and secure playback environments, delivering much higher security.
Currently, there are three mainstream DRM systems, led by Google, Apple, and Microsoft respectively, forming a tripartite landscape.
Widevine is a DRM system developed by Google. It is currently the most widely used DRM solution, especially dominant in the Android and Chrome ecosystems.
FairPlay is a DRM system developed by Apple, primarily used in the Apple ecosystem, including iOS, macOS, tvOS, and Safari browser.
PlayReady is a DRM system developed by Microsoft, widely used in the Windows ecosystem and some smart TVs.
The working process of a DRM system can be divided into three main stages: content encryption, license acquisition, and secure playback.
Content providers use encryption tools to encrypt video content and write encryption information into the metadata of video files. The encryption process uses symmetric encryption algorithms (such as AES), and encryption keys are uniformly managed by a key management system.
When a user plays a video, the player first sends a license request to the DRM license server. The request contains device information, user authentication information, and the content ID. After verification, the license server generates a license containing the decryption key and returns it to the player.
After the player obtains the license, it uses the key within it to decrypt the video content. On devices with higher security levels, the decryption and decoding processes are completed in a Trusted Execution Environment (TEE), so even if the system is compromised, plaintext content cannot be obtained.
Modern browsers provide DRM support through the EME (Encrypted Media Extensions) API. EME defines a standard set of JavaScript APIs that allow web applications to interact with DRM systems.
// Check DRM support
async function checkDRMSupport(keySystem) {
const config = [{
initDataTypes: ['cenc'],
videoCapabilities: [{
contentType: 'video/mp4;codecs="avc1.42E01E"'
}]
}];
try {
const access = await navigator.requestMediaKeySystemAccess(
keySystem,
config
);
return true;
} catch (e) {
return false;
}
}
// Check Widevine support
const widevineSupported = await checkDRMSupport(
'com.widevine.alpha'
);
// Check FairPlay support
const fairplaySupported = await checkDRMSupport(
'com.apple.fps.1_0'
);
const video = document.getElementById('video');
const licenseUrl = 'https://drm.example.com/widevine/license';
async function setupDRM() {
const keySystem = 'com.widevine.alpha';
const config = [{
initDataTypes: ['cenc'],
videoCapabilities: [{
contentType: 'video/mp4;codecs="avc1.42E01E"'
}]
}];
const access = await navigator.requestMediaKeySystemAccess(
keySystem,
config
);
const mediaKeys = await access.createMediaKeys();
await video.setMediaKeys(mediaKeys);
video.addEventListener('encrypted', handleEncrypted);
}
async function handleEncrypted(event) {
const session = video.mediaKeys.createSession();
session.addEventListener('message', (e) => {
fetch(licenseUrl, {
method: 'POST',
body: e.message,
headers: {
'Content-Type': 'application/octet-stream'
}
}).then(response => response.arrayBuffer())
.then(license => session.update(license));
});
await session.generateRequest(
event.initDataType,
event.initData
);
}
The license server is the core component of a DRM system, responsible for verifying user permissions and issuing decryption keys. Building a license server requires consideration of the following aspects:
You can choose to use commercial DRM services (such as Castlabs, EZDRM, ExpressPlay, etc.) or build your own license server. The advantages of commercial solutions are fast deployment, high stability, and good multi-DRM support; self-built solutions offer better control over costs and data security.
Encryption and packaging of DRM video content is the first step in the entire process, typically completed using professional packaging tools.
# Encrypt DASH content using Shaka Packager
packager \
input=input.mp4,stream=video,output=video_enc.mp4 \
input=input.mp4,stream=audio,output=audio_enc.mp4 \
--enable_widevine_encryption \
--key_server_url https://keyserver.example.com/ \
--content_id "content-12345" \
--signer "content-provider" \
--aes_signing_key "abc123..." \
--aes_signing_iv "def456..." \
--mpd_output output.mpd
To cover all platforms, it's usually necessary to support multiple DRM systems simultaneously. The CENC (Common Encryption) standard allows the same encrypted content to adapt to different DRM systems — the player simply selects the corresponding DRM scheme to obtain a license based on the device.
Don't rely on a single DRM system. It's recommended to use CENC encryption while supporting Widevine, FairPlay, and PlayReady to cover as many devices and browsers as possible.
Have a fallback plan for devices or browsers that don't support DRM. You can use AES-128 encrypted HLS as an alternative — although less secure, it at least provides basic protection.
Encryption keys are the core asset of DRM and must be properly safeguarded. It's recommended to use a professional Key Management Service (KMS), and keys should never be stored in plaintext in client code or configuration files.
The DRM license acquisition process should be transparent to the user, avoiding excessive wait times. You can preload licenses or obtain them in advance before the user clicks play to reduce waiting.
DRM is an important technical means for protecting video content security. The three major systems — Widevine, FairPlay, and PlayReady — each have their own focus, dominating different ecosystems. Through the EME API, web applications can implement secure DRM video playback in browsers.
In practical projects, it's recommended to adopt a multi-DRM approach combined with the CENC standard, using one set of encrypted content to adapt to multiple DRM systems. At the same time, implement a good fallback strategy to ensure basic content protection and playback experience even on devices that don't support DRM.
If you want to learn more about HLS playback and video encryption technology, check out our HLS.js Guide, or directly use our M3U8 Online Player to experience streaming media playback.
More great articles and useful tools
In-depth comparison of WebRTC, LL-HLS, and SRT low-latency live streaming technologies: principles, latency data, and selection recommendations.
Read More →Explore how WebAssembly accelerates video processing, including FFmpeg.wasm usage, performance comparison, and development considerations.
Read More →Video QoS metrics, log analysis, anomaly detection algorithms — building a complete video service monitoring system.
Read More →Use our free M3U8 Online Player — no code required, play HLS video streams directly in your browser
Try It Now ➡