Your DRM setup can be configured to better protect your video content against screen recording. Axinom DRM provides all the necessary configuration options.

DRM Protection and Screen Recording

If you protect your videos with DRM, only eligible users are able to acquire a DRM License and play the video.

But there is a threat: a malicious user can act as a regular user (e.g. purchase a subscription) and play a video using a screen recording tool. Screen recording output is DRM-free and can be further shared in a way not intended by the video owner.

DRM technologies do provide some tools to prevent screen recording. However, you also face some tough trade-offs between usability/interoperability and security when using these tools.

Security Level

Widevine and PlayReady allow setting the Security Level that a device must meet to be eligible for playback. The essential difference between Security Levels lies in hardware support. Security Level 3000 (PlayReady) and Security Level 1 (Widevine) ensure that the DRM system Client Decryption Module (CDM) is supported by hardware on the device. This way, the whole media path can be secured and it can be assured that even the CPU never gets access to unencrypted content. Specifically, with this Security Level, it is possible to effectively prevent screen recording. Pure software-based CDMs (Security Level 2000 in PlayReady, Security Level 3 in Widevine) are typically not able to prevent screen recording by software tools.

You could acquire a higher security level and prevent screen recording.

However, by doing this, you restrict the range of devices where the video can be played. This applies especially to some popular browsers on desktop systems. For example, Google Chrome or Firefox on desktop systems support Widevine, but cannot meet Security Level 1. They support only Security Level 3 (note that Google Chrome on Android is not affected by this issue, it comes with support for Security Level 1).

Recently, Google announced an upcoming version of the Widevine CDM for Windows 10 systems:

Note
“This beta is to support the upcoming release of the browser CDM for Windows 10 with hardware support (equivalent to L1). More information on this new CDM will be forthcoming.“

This upcoming CDM version will protect browsers with Widevine support against screen recording on Windows 10 desktop systems.

How to Set the Security Level with Axinom DRM

When you generate an entitlement message, set the following parameters:

"content_key_usage_policies":
[
    {
        "name": "Policy A",
        "widevine":
        {
            "device_security_level": "HW_SECURE_ALL",
            ...
        },
        "playready":
        {
            "min_device_security_level": 3000,
            ...
        }
    },
...
]

Widevine device_security_level parameter accepts the following values:

Value Security Level Comment

SW_SECURE_CRYPTO

Level 3

Default, lowest security

SW_SECURE_DECODE

Level 3

HW_SECURE_CRYPTO

Level 2

HW_SECURE_DECODE

Level 1

HW_SECURE_ALL

Level 1

Highest security

PlayReady min_device_security_level supports the following values:

Value Security Level Comment

150

Software-based

Only for testing purposes, not suitable for production,Lowest security

2000

Software-based

Default

3000

Hardware-based

Highest security

Output Protection

DRM systems let you configure the output protection. You can decide whether you want to let the consumers attach an external display to their device and enjoy playback there. This applies to both cabled and wireless connections (e.g. via Chromecast). You can even go as far as defining which version of the HDCP protocol on the HDMI cable is acceptable for you. It is more convenient for an end-user to be able to do this. At the same time, it is more secure to not allow it. There are capturing devices available (in many countries, they cannot be purchased legally) that plug into an HDMI connection and let you record even HDCP protected streams.

It is even possible to assign different settings to the same asset but for different quality levels. For example, you could let end users use devices with Security Level 3 (Widevine) for lower resolutions, and require Security Level 1 for your high-quality HD streams.

Google Widevine has published some recommended settings (they most likely reflect the often seen requirements by content owners from Hollywood):

Output Protection

How to Set the Output Protection Level with Axinom DRM

When you generate an entitlement message, set the DRM provider-specific parameters inside the element content_key_usage_policies:

"content_key_usage_policies":
[
    {
        "name": "Policy A",

        "widevine":
        {
            "device_security_level": "SW_SECURE_DECODE",
            "cgms-a": "once",
            "hdcp": "2.0"
        },

        "playready":
        {
            "min_device_security_level": 2000,

            "analog_video_opl": 100,

            "compressed_digital_audio_opl": 200,
            "uncompressed_digital_audio_opl": 300,
            "compressed_digital_video_opl": 400,
            "uncompressed_digital_video_opl": 500,

            "source_id": 258,

            "play_enablers":
            [
                "786627D8-C2A6-44BE-8F88-08AE255B01A7",
                "5ABF0F0D-DC29-4B82-9982-FD8E57525BFC"
            ],

            "analog_video_output_protections":
            [
                {
                    "id": "e8103fec-76d3-401e-abfc-812f58df19a2",
                    "config_data": "6BA/7HbTQB6r/IEvWN8Zog=="
                }
            ],

            "digital_video_output_protections":
            [
                {
                    "id": "6f727eaa-831e-4f99-9c83-292a5f305e21",
                    "config_data": "b3J+qoMeT5mcgykqXzBeIQ=="
                }
            ],

            "digital_audio_output_protections":
            [
                {
                    "id": "72098751-6f56-49b6-b072-02b35cba6ae9",
                    "config_data": "cgmHUW9WSbawcgKzXLpq6Q=="
                }
            ]
        }
    }
]

For a full list of supported parameters, check the Entitlement Message format specification.

Revision History

The table below outlines the document versions and any changes between them.

Version Date Description

1.0

September 23, 2020

  • Initial version.

1.1

March 23, 2021

  • Updated the "play_enablers" GUID values.

1.2

July 23, 2021

  • Updated information about Google CDM.