How Netflix protects its content — Part 1
Understanding content security and multi-DRM
Understanding content security and multi-DRM
In Q1 2019, Netflix is still dominating the OTT streaming industry among many other streaming services. (Ref. #1)
One of the biggest concerns for paid content providers like Netflix is that their content can be illegally leaked and the number of paid subscribers may decline or growth may slow.
To prevent such illegal content leakage, Netflix and other OTT services (Ref. #2) protect the contents by using technologies called ‘DRM’ and ‘watermarking’.
In this article, we will divide into two parts and discuss what we call ‘Multi-DRM’ and ‘Forensic Watermarking’ respectively.
What is DRM?
Digital Rights Management (DRM) is a term that refers to all technologies used by copyright holders to control the use of digital material they distribute and to limit the use of the content to their intention. (Ref. #3)
It is primarily used to prevent unauthorized use of digital content such as e-books, sound recordings, and videos, by allowing only authenticated users to use the content for the authorized period of time.
The functions of DRM are divided into ‘encryption and decryption of contents’ and ‘encryption key management’.
By default, the original content is encrypted through a process called ‘DRM packaging’ and passed to the user. Without the encryption key information used to encrypt the content, the user cannot decrypt it for playback.
With Netflix as an example, the Netflix iOS / Android app allows users to download some TV shows and movie content to their mobile device via the ‘Save’ feature, and to view them offline at a later time.
Because the video content is encrypted with DRM, it is impossible for unauthorized users to play it with a general video player even if they copy the content files.
For users who have the right to use the content, the ‘encryption key’ and ‘usage right information’ are transmitted separately from the content. It is a key technology of a DRM solution to transfer and manage the ‘DRM license’ securely.
Supporting DRM in Web Browsers
Members can watch as much as they want, anytime, anywhere, on any internet-connected screen. — About Netflix
Netflix supports a variety of client devices (see ref. #4) that ‘providing Netflix services to all devices with screens’ is a Netflix vision statement. Among the client devices, supporting web browsers for PC and laptop users is very important for most online video content services.
However, you need various technologies to play DRM-enabled video content on a web browser.
Let’s check the brief history of the development of video streaming, DRM, and web standard technologies.
Past — Single DRM and Plugins
Since Netflix launched its online content service in the early 2000s, and for the next decade, most content services have protected content with a single DRM solution provided by specific DRM vendors.
Various DRM solutions such as Microsoft PlayReady, Google Widevine Classic, Adobe Access, Intertrust Marlin and INKA Entworks Netsync DRM were used at the choice of content service providers. These ‘Single DRM’ solutions had a common problem called ‘plug-in based browser support’.
These ActiveX controls have been used to secure web content and applications in many security solutions familiar to most internet users.
Traditional single DRM solutions also required the use of a separate browser plug-in, such as Flash, to protect the audio/video content played in the web browser.
However, for various security issues and performance issues, web browsers discontinued the plug-in support and plug-in based DRM solutions disappeared from the market.
Present — Multi-DRM, No More Plugin
Several standards have been added to the HTML5 standard to address these plug-in issues.
With the help of the EME specification and the ‘Media Source Extension(MSE)’ specification, web browsers can support the playback of DRM contents without plug-in.
We use the term ‘multi-DRM’ because different browsers support different DRMs.
Microsoft’s IE and Edge browsers only support PlayReady DRM from Microsoft.
Similarly, Google Chrome supports Google Widevine Modular DRM, and Apple’s Safari supports Apple’s DRM, FairPlay Streaming. (Mozilla Foundation’s Firefox browser supports Widevine Modular DRM as Chrome does)
Therefore, to provide convenient service to PC users in various OS environments, you need to apply three different DRMs (PlayReady, Widevine Modular and FairPlay Streaming) to your contents.
There is also a difference in the streaming method supported by each DRM.
PlayReady and Widevine support MPEG-DASH and FairPlay DRM supports HLS (HTTP Live Streaming) streaming.
You can use these multi-DRM content not only in web browsers but also in various mobile and OTT client devices supporting multi DRM such as smart phones, tablets, smart TVs.
Multi-DRM application can support most user environments. If you want to support old devices that do not support multi-DRM, you need to use legacy DRM contents too, like Netflix does.
Future — Single Content with CMAF
Multi-DRM allows browsers to support DRM without plug-ins, which requires duplicated content packaging in two different streaming formats.
According to the MPEG-CENC (Common Encryption) specification, PlayReady and Widevine DRM can be applied to the same DASH content, but FairPlay DRM requires HLS content separately.
To solve the problem of requiring two pieces of DASH/HLS content, the Common Media Application Format (CMAF) specification has been announced.
The goal of CMAF is to support all browsers and platforms with a single content. It required updates of each DRM specifications and client platforms. Most of the problems are solved by cooperation between Microsoft, Apple, Google and related companies.
However, because there are client devices (such as old Android phones) that still can not support CMAF with DRM, it needs more time to apply CMAF single content to a commercial OTT service.
Besides the unification of DRM contents, the main advantage of CMAF is ‘Ultra Low Latency’ function (Ref. #6) through ‘Chunked Transfer Encoding’ technology.
Low latency technology is the most important factor for live content streaming in real-time, such as sporting events. Recently, CMAF Low Latency technology has become a hot topic in the live OTT service industry.
We will discuss the DRM contents unification through CMAF and Ultra Low Latency support in a separate article.
Multi-DRM — Convenient but Complex
Multi-DRM, which can support browsers without plug-ins and support various mobile and OTT devices, is a much more convenient technology than the earlier DRM solutions for end users.
However, for content service providers who apply multi-DRM, it is a complex and difficult technology to integrate different DRMs and streaming formats as described above.
To apply this complex multi-DRM technology easily and quickly, I recommend using a multi-DRM solution that integrates several DRM technologies and provides a unified API and integrations with various media related solutions such as encoder and player.
It provides various guides and APIs to enable easy and quick integration of multi-DRM.
In addition, PallyCon provides stable service to large-scale license requests from many users through its experience of providing long-term service to various customers at home and abroad. (Ref. #7)
In part 2, we will discuss ‘forensic watermarking’ technology, which is essential for premium content security as well as multi-DRM.
- #1 Streaming Report: Netflix Is Still Dominating — IndieWire : https://www.indiewire.com/2019/04/streaming-report-netflix-hulu-amazon-1202054983/
- #2 Over-the-top media services — Wikipedia : https://en.wikipedia.org/wiki/Over-the-top_media_services
- #3 Digital rights management — Wikipedia : https://en.wikipedia.org/wiki/Digital_rights_management
- #4 About Netflix : https://media.netflix.com/en/about-netflix
- #5 EME WTF? : https://www.html5rocks.com/en/tutorials/eme/basics/
- #6 Low Latency CMAF — Wowza Blog : https://www.wowza.com/blog/low-latency-cmaf-chunked-transfer-encoding
- #7 PallyCon Case Study — Vidio.com : https://pallycon.com/blog/case-studies/kmk-online-vidio-com/