Meet Widevine At NAB 2017!


Widevine will be in attendance at the NAB show in Las Vegas from April 23 - 25 and we're looking forward to meeting with you. To request a meeting, please email us at meet-widevine@google.com.

Widevine Technologies
Getting Started
 

Update - Chrome 58 - Service certificate workflow

Posted: April 19, 2017

What’s Changing?

The service certificate request workflow change has been pushed from Chrome 58 to Chrome 59.

Widevine’s new browser CDM security feature known as Verified Media Path (VMP), originally scheduled to be introduced in Chrome 58, has been rescheduled to Chrome 59. The VMP feature requires service certificates. No changes to support service certificates are needed for Chrome 58.

Why?

Additional time is needed for our partners to implement and test the necessary updates to accommodate service certificate requests at their license proxy.

When?

Chrome 58 (without service certificate requirement) is scheduled to be released on April 25th. It’s on a gradual rollout schedule.

Chrome 59 (with service certificate requirement) is scheduled to be released on June 6th.

What do I need to do?

The VMP-enabled CDM is currently available in Chrome Canary. Partners should begin testing both canary and beta (starting April 27th) versions of Chrome 59 to understand the service certificate workflow and VMP functionality.

Additional information and documentation about VMP and service certificates will be provided shortly.

Please contact us if we can assist with any questions.

Best,
The Widevine Team




Chrome 58 and Service Certificates

Posted: April 10, 2017

This is a special update to provide early notification of upcoming changes to the Widevine CDM client scheduled to ship with Chrome 58. This update is live and ready to test on the Chrome beta channel.

Please contact us for any issues.

Key Updates

What’s Changing?

Chrome 58 will introduce a new CDM security feature known as Verified Media Path (VMP). VMP requires the use of a service certificate.

Prior to Chrome 58, service certificate requests were only made when certain EME options were enabled (e.g. persistentState, distinictiveIdentifier).

With the addition of VMP in Chrome 58, a service certificate is now required. If a service certificate does not exist, a certificate request will be initiated prior to every license request.

When?

Scheduled for April 25 2017.

Which Platforms?

Chrome on Desktop and Android starting from version 58.

What do I need to do?

License Proxy

A service certificate request will precede each license request. As a result, expect an increase of traffic at your proxy service.

Service certificate requests are smaller in size (2-4 bytes) compared to a license request and must be forwarded as-is (unchanged) to the Widevine Cloud License Service.

License Server SDK

Please ensure that the SDK is initialized with the service certificate as documented on page 7 in our SDK API doc (for Java, it's in WvPLEnvironment.setServiceCertificate).

The service certificate returned to the client will match the service certificate initialized by the SDK. These service certificates must match to allow the browser client to accept licenses from the SDK.

Chrome Browser

The browser player application must set the service certificate to prevent unnecessary certificate requests.

Setting the service certificate to the application can be accomplished by using the EME’s setServiceCertificate API with the following considerations:

  1. setServiceCertificate should be called after the MediaKeys object is created, but before creating sessions with mediaKeys.createSession(...).
  2. The argument type is a BufferSource, which means either an ArrayBuffer or a Uint8Array will be accepted. A hex-encoded or base64-encoded string will not be accepted.
  3. The method returns a Promise that is resolved or rejected when the operation is complete. Sessions should be created after the Promise resolves.

Shaka Player

Shaka Player already supports calling this method at https://github.com/google/shaka-player/blob/ac46792/lib/media/drm_engine.js#L261

An example on how Shaka Player can be configured to set service certificate is as follows:

Troubleshooting

If you are receiving INVALID_LICENSE_CHALLENGE errors, review the internal_status code field. A 134 or 139 translates to service certificate requests that have gone unfulfilled.

Example of an error:

You will need to ensure that your license proxy is passing the service certificate request through for fulfillment by the Cloud License Service.

Best,
The Widevine Team




Widevine Quarterly Partner Update- Q1 2017

Posted: March 31, 2017

Welcome to another quarterly update from the Widevine team. Our aim is to improve transparency and facilitate discussions around improving ease of use, integration and deployment of Widevine DRM.

Key Updates

NAB 2017

Widevine will be attending the NAB show in Las Vegas from April 23 to April 26. If you would like to arrange a discussion, please contact us via meet-widevine@google.com

We are featuring the use of Progressive Web Apps for premium content delivery, especially for mobile Android in emerging markets. A fully-featured demo will be on hand for display in the Google booth located at SU218. A full list of Google events is available here.

Chrome Browser

Please refer to this document for upcoming changes scheduled to ship with Chrome M58, due in mid-April 2017.

Secure Origin and Transport

Codecs

  • Codec (video and audio) types must be explicitly set for playback in the MPD

Best practices to enforce client behavior

  • The document provides recommendations on how to enforce behavior on video playback based on desired client capabilities using EME

Shaka Player

Version 2.0.7 has been released.

Widevine Cloud License Service

Please contact us to discuss the Queries Per Second (QPS) requirements for your service. Performance or load testing must be executed on our production systems only. We will need to know the expected traffic (QPS, duration) for any testing.

Cloud Signing Key Rotation

Signing keys for access to the Widevine Cloud License Service can now be enabled to expire and new signing keys will be auto-generated. Please contact us if you are interested in enabling this function.

Widevine Training Program

Our next training session is scheduled for June 5 - 8, 2017. Registration is available at www.widevine.com under CWIP > Portal Login > Offered Classes.

Please contact us if we can assist with your DRM implementation questions.

Best,
The Widevine Team




Chrome and EME Changes

Posted: January 27, 2017

This is a special update to provide early notification of upcoming changes scheduled to ship with Chrome M58, due in late April 2017.

Please refer to this document for a full description.

Key Updates

Secure Origin and Transport

This refers to the HTTPS transport requirement for all media and license calls with Chrome M58.

Codecs

Codec (video and audio) types must be explicitly set for playback.

Best practices to enforce client behavior

Recommendations on how to enforce behavior on video playback based on desired client capabilities using EME.

Please contact us if we can assist with any questions.

Best,
The Widevine Team




Widevine Quarterly Partner Update- Q4 2016

Posted: January 09, 2016

We had a successful show at IBC 2016 in Amsterdam and would like to highlight recent updates. Our aim is to improve transparency and facilitate discussions around improving ease of use, integration and deployment of Widevine DRM.

Key Updates

CES 2017

The Widevine team is attending CES 2017. Please contact us if you would like to take the opportunity to have a discussion.

Widevine Training Program

We have added a training session for our APAC partners in Singapore, scheduled for March 13-16, 2017. Please register and sign up from www.widevine.com under CWIP > Portal Login > Offered Classes.

Widevine Cloud License Service

Please contact us to discuss the Queries Per Second (QPS) requirements for your service. Performance or load testing must be executed on our production systems only.

Please contact us prior to any testing to schedule when this can be conducted. We will need to also know the expected traffic (QPS, duration) for any testing.

Chrome Browser

In a recent blog post, Chrome has announced the roadmap for Flash deprecation. This includes the deprecation process and how Flash will continue to work for high traffic sites. PC World has a helpful link to explain behavior and impact.

HTTPS everywhere is being highlighted by upcoming version of the Chrome browser. For content protection use-cases, the emphasis is on the HTTPS requirement for EME (including the content and license urls due to mixed content restrictions). As a general guideline, the deadline for these changes to take effect is approximately late Q1 2017.

Android

Android N (7.0) enabled CDM support for multiple encryption schemes as described in the latest Common Encryption specification. While the encryption scheme is supported, you may need to implement the appropriate MediaExtractor in your player to parse the content correctly.

Shaka Player

The Shaka Player Browser Support test page will report the capabilities exposed by your browser instance. In addition, Shaka Player error handling is documented here.

The Shaka Player Demo site will be updated to require HTTPS in February 2017 to support the HTTPS everywhere initiative.

Please contact us if we can assist with your DRM implementation questions.

Best,
The Widevine Team




Widevine Quarterly Partner Update- Q3 2016

Posted: October 11, 2016

We had a successful show at IBC 2016 in Amsterdam and would like to highlight recent updates. Our aim is to improve transparency and facilitate discussions around improving ease of use, integration and deployment of Widevine DRM.

Key Updates

HTML5

Google AdWords supports ads in HTML5. Please see this link on how to switch to HTML5 ads.

Common Encryption

Widevine would like to reinforce our recommendation of using separate content keys to encrypt each video and audio track. In particular, the emphasis is on using separate content keys for each SD, HD, 4K (UHD1), 8K (UHD2) and AUDIO stream.

In-line with the latest CENC specification, Widevine supports the additional protection schemes for AES-CBC. The Widevine PSSH proto has been updated with new fields to enable support for these protection schemes.

Cloud License Service

The Widevine Cloud License Service now supports new track types - UHD1 for 4K and UHD2 for 8K content respectively.

License generation for UHD1 and UHD2 tracks should:

  • Ensure the license is not stored (can_persist=false)
  • Enable HDCP 2.2

A small-sized (under 10 bytes) license request payload normally indicates a certificate request that must be fulfilled to allow a Widevine CDM to operate. This request does not need to be signed and must be passed unchanged to the license service. The license response will indicate the request type of CERTIFICATE.

Chrome Browser

Flash deprecation continues with new updates to Chrome. The upcoming M56 release will require a one-time user action to re-enable Flash on a web page, otherwise Flash is automatically disabled by default.

Chrome 53 demonstrates significant battery life improvements and will continue to be a core focus moving forward.

By the end of 2016, HTTPS transport will be required when using EME’s requestMediaKeySystemAccess API. This includes both the manifest and encrypted video chunks. All MSE (Media Source Extension) API calls for video segments or downloads will need to be conducted over HTTPS.

Android

In line with Android M requirements, going forward, Android N devices will not ship with WV Classic clients. Effectively, starting with Android 6.0, there is no expectation of a Widevine Classic client to exist on any Android device.

Widevine is VR-ready on Daydream devices with support for multiple secure video paths.

Chromecast

With AES-CBC compatibility, Widevine support on the Chromecast has been expanded to include HLS. This requires appending additional tags to specify Widevine compatibility and PSSH - please check the Shaka Packager update in this announcement. Contact us for details if you are interested to learn more.

The new Chromecast Ultra has support for 4K, HDR and Dolby Vision with expanded codec support (HEVC Main and Main10, VP9 profile 0 and 2).

Shaka Player

Version 2.0.0 has been officially released. New features include native Chromecast support, improved error reporting and robust subtitle support.

Shaka Packager

Formerly known as the eDASH Packager, we have re-branded as the Shaka Packager in-line with our Shaka Player client.

The latest 1.5.1 release incorporates support for CENC v3, HLS (Sample-AES only), HEVC, WebM (VP9) and Opus support. In addition, docker support has been expanded to include Windows, Mac OS X and Linux. WebM formats are now streaming optimized just like MP4 files.

Please contact us if we can assist with your DRM implementation questions.

Best,
The Widevine Team




Widevine Quarterly Partner Update- Q2 2016

Posted: July 20, 2016

As we head into summer and extended vacations, it is timely to highlight recent updates. Our aim is to improve transparency and facilitate discussions around improving ease of use, integration and deployment of Widevine DRM.

Key Updates

Progressive Web Apps (PWA)

Progressive Web Apps are cross-browser and cross-platform initiatives to standardize on application development. PWA gain superior performance and capabilities on modern browsers that support the latest web standards. Currently, PWA is applicable to Chrome on Android and ChromeOS.

A partial list of well-known sites running PWA are Flipkart, AliExpress, Snapdeal, Jalantikus, Babe, Geo TV, 5miles, AirBerlin, Washington Post and NFL Now.

In addition, the recently announced support for Android apps on Chromebooks will allow the native execution of Android apps on ChromeOS using Widevine in L3 mode.

4K and UltraHD

The Widevine team met with major studios this past quarter to discuss 4K and UltraHD compliance. Widevine Level 1 client security model meets current studio requirements. We are continuously having on-going discussions with studios to maintain our product line and keep them up-to-date.

Common Encryption

The Common Encryption specification is being updated to support AES-CBC. Initial support for AES-CBC is available on the Chromecast and Android N devices.

The Widevine PSSH structure will be changing to require either content_id or key_id. Please check our latest version of the Encryption API document that describes the updated PSSH format. To support 4K and UHD, additional track_types are being defined and will be available in Q3 2016.

Cloud License Service

The Proxy Integration guide has been updated to reflect the following changes:

  1. The content_id parameter is now optional in the license request payload.
  2. Content keys injected by the proxy may now be optionally encrypted during transmission.
  3. A new parameter - always_include_client_id - has been introduced for improved license renewal support.

Chrome Browser

The initiative within the W3C to improve security of Powerful Features will require streaming media playback to be conducted over HTTPS. Connections using EME must be using https by end of 2016. On a related note, this is in line with Apple’s requirement to enforce https streaming for iOS by the end of 2016.

Flash will be automatically disabled by default by the end of 2016. Firefox has recently announced a similar timeline.

We strongly recommend using SetServerCertificate when invoking EME MediaKeys to allow the Chrome platform to support the use and definition of custom user-specific values (e.g. provider client token).

As a point of clarification, the Chrome browser does not support the HLS streaming format.

The recommended security level setting for VIDEO tracks will be to specify SW_SECURE_DECODE. The only supported security level setting for AUDIO tracks is SW_SECURE_CRYPTO. Security level settings are specified by your license proxy implementation on a per track basis. The table below provides the recommended security level settings per Chrome platform.


Platform Video Audio
Desktop (PC, Mac, Linux) SW_SECURE_DECODE (L3) SW_SECURE_CRYPTO (L3)
ChromeOS SW_SECURE_DECODE (L3)
HW_SECURE_ALL (L1)
SW_SECURE_CRYPTO (L3)

It is recommended all partners test their current deployment on Chrome M50 (or later) to verify that their current implementation of security level does not impact playback of either video or audio content. If there are issues, please verify you are setting your AUDIO security levels as indicated above.

Widevine would like to reinforce our recommendation of using separate content keys to encrypt each video and audio track. In particular, the emphasis is on using separate content keys for each SD, HD, UHD and Audio stream.

Platform Updates

Android

In line with Android M requirements, going forward, Android N devices will not ship with WV Classic clients. Effectively, starting with Android 6.0, there is no expectation of a Widevine Classic client to exist on any Android device.

Chromecast

As mentioned earlier on AES-CBC compatibility, Widevine support on the Chromecast has been expanded to include HLS. This requires appending additional tags to specify Widevine compatibility and PSSH - please check the Shaka Packager update in this announcement. Contact us for details if you are interested to learn more.

Roku

Widevine support is part of firmware version 7.2 with full Level 1 compatibility.

Shaka Packager

Formerly known as the eDASH Packager, we have re-branded as the Shaka Packager in-line with our Shaka Player product.

The latest 1.5.0 release incorporates support for CENC v3, HLS (Sample-AES only), HEVC, WebM (VP9) and Opus support. In addition, docker support has been expanded to include Windows, Mac OS X and Linux.

Mozilla

Firefox 47 launched (June 7th) with Widevine CDM, HTML5 and VP9 support.

Please contact us if we can assist with your DRM implementation questions.

Best,
The Widevine Team




Widevine Quarterly Partner Update- Q1 2016

Posted: April 15, 2016

We had a busy year in 2015 launching new and updated products like the iOS SDK; Shaka Player with offline playback, captioning and cast support; and key security improvements for Chrome and Android. We have a ton of exciting things planned for 2016 and look forward to sharing more details in the coming months!

As we head into spring, we thought it timely to highlight some recent updates. Our aim is to improve transparency and facilitate discussions around improving ease of use, integration and deployment of Widevine DRM.

Key Updates

HTML5 Video

Web and mobile video is growing rapidly, with watch time increasing by 60% year-on-year. As demand increases, the underlying technology is also developing rapidly. For many top media sites, HTML5 video has now replaced Flash as the preferred platform for web and mobile delivery. HTML5 video is a proven technology with billions of hours of content delivered monthly and a large and thriving ecosystem. Recent HTML5 video technology advances make it a fully-featured platform, allowing full custom player control, digital rights management (DRM), and adaptive bitrate streaming support for both on-demand and live video. Interested in learning more? Please read the Moving to HTML5 Video whitepaper.

Securing Content Delivery

There is a new initiative within the W3C to improve security of Powerful Features. This requires streaming media playback to be conducted over HTTPS. You may have already seen content specific notifications start to appear in browsers when HTTPS is not in use.

Streamlining Security Policies in Chrome

Starting with Chrome M50, the recommended security level setting for VIDEO tracks will be to specify SW_SECURE_DECODE. The only supported security level setting for AUDIO tracks is SW_SECURE_CRYPTO. Security level settings are specified by your license proxy implementation on a per track basis. The table below provides the recommended security level settings per Chrome platform.


Platform Video Audio
Desktop (PC, Mac, Linux) SW_SECURE_DECODE (L3) SW_SECURE_CRYPTO (L3)
ChromeOS SW_SECURE_DECODE (L3)
HW_SECURE_ALL (L1)
SW_SECURE_CRYPTO (L3)

It is recommended all partners test their current deployment on Chrome M50 to verify that their current implementation of security level does not impact playback of either video or audio content. If there are issues, please verify you are setting your AUDIO security levels as indicated above.

Widevine would also like to take this opportunity to reinforce our recommendation of using separate content keys to encrypt each video and audio track. In particular, the emphasis is on using separate content keys for each SD, HD and Audio stream. We will be publishing additional guidance on best practices for this topic ahead of our next quarterly update.

Shaka Player

Shaka Player v2.0 beta has been announced, including a simplified configuration interface, a new plugin architecture, support for live content, and support for all major browsers (Chrome, Edge, IE 11, Safari 9, Firefox, and Opera). Please sign up on the Shaka Player mailing list and send us your feedback!

VP9

Streaming Media published an article discussing the AOM (Alliance for Open Media) and AV1 codec, covering HTML5 video, VP9 and HEVC.

In addition, there have been recent announcements by encoding companies adopting VP9, extending support for YouTube Live:

Platform Updates

Android

We have published a guide on how to implement key rotation using mediaDrm on Android to supplement the available source code in ExoPlayer. This illustrates the capability to support live streaming. There are also a number of exciting updates planned that will be announced during Google I/O.

For device manufacturers, we have streamlined our Android CDM integration process and migrated to a repository.

Firefox

Mozilla has announced they are testing support for the Widevine CDM in Firefox Nightly. Please refer to Mozilla for updates and support for the Widevine CDM.

iOS

The distribution of the iOS CDM client has moved to a standard repository. The CWIP Portal page has been updated to reflect these changes. All certified members automatically have access based on your CWIP Portal login. We are hard at work on a major redesign of the iOS SDK. This will greatly simplify the interfaces while also providing more robust functionality.

Platform Support

Widevine Platform Support

Certified Widevine Integration Partner Training (CWIP)

Starting in Q2 of 2016, we are updating the Certified Widevine Implementation Partner (CWIP) training program with a greater focus on developers. We are also significantly increasing training capacity. Beginning in June 2016, the courses will be expanded to accommodate more than 75 students.

Beginning in Q1 2017, all Classic-certified partners will need to be retrained and recertified with the latest version of Widevine DRM to maintain CWIP certification status.

Please contact us if we can assist with your DRM implementation questions.

Best,
The Widevine Team




Widevine Release Announcement - iOS Client SDK v2.0.2

Posted: October 29, 2015

We are pleased to announce the immediate release of our Widevine iOS SDK for Modular DRM v2.0.2. You can now download the iOS SDK directly from the CWIP Portal.

Features

  • Demonstrates CDM Offline support (Download Manager and License Handling)
  • Improved Reference Player Design
  • Support for iOS 9 / XCode 7

Fixed Issues

  • UDT Improvements (Multiple PSSH Support, Timescales, sidx v2)
  • Resolved rotation problem and general playback use in reference player
  • Removal of Storyboards

Don't forget to sign up on our iOS discussion forum for feedback with our developer community. Please keep the feedback coming as your input is key!




Widevine Product Update - August 2015

Posted: August 20, 2015

Google is a strong proponent of embracing a standards-based approach for premium content delivery. Widevine is committed to open web standards and our Modular DRM technology platform utilizes EME, CENC and DASH.

We strongly recommend a transition to our Modular DRM solution and would like to take this opportunity to provide an update on our legacy Widevine Classic platform.


iOS

The latest beta release of iOS9 includes several changes that may be incompatible with our Widevine Classic client. The changes are specific to App Transport Security and multi-tasking support. While there may be existing workarounds, additional changes leading up to iOS9 being finalized could impact Widevine Classic further.

What does this mean?

The changes Apple introduced in iOS9 will likely result in compatibility issues with the Widevine Classic client for iOS. We will continue to monitor iOS9 beta releases for new changes that may impact users and will send updates as they are identified. We are encouraging partners to migrate to the Widevine CDM for iOS as soon as possible. The latest iOS SDK is now available on our CWIP portal. Widevine Classic will no longer receive updates going forward.


Android

Starting with Android 6.0 (Marshmallow), there will no longer be a tested version of the Widevine Classic client and device manufacturers are no longer required to support it.

The Widevine Classic client is tested and validated for Google-approved devices on previously released versions of Android (3.1 - 5.1).

What does this mean?

There will be no new features or updates made to the Widevine Classic client. Additionally, a device running Android 6.0 may not support Widevine Classic. For devices running Android 4.3 and earlier, you can continue to use your existing Widevine Classic solution.

Widevine Modular DRM is available on all devices running Android 4.4 (Kitkat) and later.


Desktop Browsers

Widevine Modular DRM is already available on all Google platforms (Android, AndroidTV, Chrome, Chromecast, ChromeOS,) and Opera. Native support for Widevine DRM on a browser is subject to availability of the Widevine CDM on that browser platform.

Modern browsers (Google Chrome, Microsoft Edge, Mozilla Firefox) are deprecating support for legacy plugin frameworks (like NPAPI), the Widevine Classic Media Optimizer plugin will no longer continue to function in the future. Please reach out to the respective browser teams directly for more information on CDM support.

Please contact us so that we can assist with your Modular DRM migration and let us know if you have any questions.




Widevine Release Announcement - iOS Client SDK v2.0.1

Posted: August 14, 2015

We are pleased to announce the immediate release of our Widevine iOS SDK for Modular DRM. You can now download the iOS SDK directly from the CWIP Portal. We’d like to thank everyone for their continued interest and also welcome all of our Partners.

This release is the result of countless hours of beta testing and great feedback by the participants of our Early Access program. Your feedback helped to simplify and improve the SDK which will benefit all of our Partners. We are proud of the release and will continue to update and improve the iOS SDK. Please keep the feedback coming as your input is key!

Features

  • iOS8 - iOS9 support with 64 Bit app compatibility
  • Dynamic Library and XCode 6.3+ to ease implementation
  • Reference Application and Simulator support
  • Jailbreak detection
  • Offline*
  • CDM 3.0 and OEMCrypto v9*
  • *Coming in Q4

Please contact us so that we can assist with your Modular DRM migration. You can also use our new iOS discussion forum for feedback with our developer community.