Studio DRM with JW Platform Policy Reference

šŸ‘

This article explains the policies that are available when you have Studio DRM with JW Platform enabled for one of your sites. Read Getting started to learn about the benefits of this product and how to properly enable it to protect your content.

If you are using Studio DRM Standalone, please refer to DRM Policy Examples for DRM policy guidance.


After creating a property in your dashboard that is enabled with Studio DRM with JW Platform, four default DRM policies are created that can be applied during playback of your DRM-protected content. A DRM policy specifies the playback restrictions that licenses with this policy will enforce on a DRM video asset.



About Minimum Security Levels

Minimum security levels are only supported in Widevine and PlayReady DRMs. This section does not apply to Apple FairPlay DRM, which has no security levels.

In general, policies with high minimum security levels only permit playback if the device has a content decryption module (CDM) that runs in a hardware Trusted Execution Environment (TEE). In DRM, these are known as "high robustness" devices and can prevent things like access to decrypted video frames in device memory.

Lower security levels will play on devices with software CDMs (low robustness devices) as well as hardware CDMs.

The high minimum levels in Widevine (often called "Widevine L1") are HW_SECURE_ALL and HW_SECURE_DECODE. The high minimum level in PlayReady is 3000. Policies using these levels will not play in low robustness devices such as computer web browsers.

You will likely need to experiment with various security levels to find the right mix of device playback support and security.



Default DRM Policies

The four default DRM policies are listed and explained below with intended use cases:

Highest

Intended for native applications content on devices with a hardware TEE and advanced HDCP. This policy limits playback to 3840p and lower resolution content and requires minimum HDCP v2.2. This policy is very restrictive, so playback will only succeed on advanced devices such as Roku and premium smartphones.

High

Intended for devices with a hardware TEE, such as phones, tablets, and connected TV devices. This policy limits playback to 1080p and lower resolution content and enforces HDCP. Playback with this policy will fail in most desktop browsers as well as mobile browsers that default to a software CDM (such as Android Chrome).

Medium

Intended for desktop & laptop computers where the digital output of your content must be protected by HDCP. This policy limits playback to 720p and lower resolution content and enforces HDCP. Playback with this policy will fail if the device does not support at least HDCP v1.x.

Low

Intended for desktop & laptop computers with software CDMs and digital output of your content is allowed without HDCP protection. This policy limits playback to SD and lower resolution content. This policy is compatible with the widest range of playback devices, but is the least secure.


HighestHighMediumLow
FairPlay minimum security levelN/AN/AN/AN/A
PlayReady minimum security level3000300020002000
Widevine minimum security level 1,2L1
(HW_SECURE_ALL)
L1
(HW_SECURE_ALL)
L3
(SW_SECURE_CRYPTO)
L3
(SW_SECURE_CRYPTO)
Max video resolution width3840 pixels1920 pixels1280 pixels640 pixels
Allow persistent license
(offline playback 3)
YesYesNoNo
Digital output
Applies only to HD and UHD streams
Requires HDCP v2 or laterRequires HDCP v1 or laterRequires HDCP v1 or laterDoes not require HDCP
License duration48 hours48 hours48 hours96 hours
Playback duration360 minutes360 minutes360 minutes360 minutes
  1. Two manifests must be created in the Delivery API request. For one manifest, apply the L1 DRM policy with 3840p width restrictions. For the other manifest apply the L3 DRM policy with 1280p width restrictions.

  2. In JW DRM v1, use the Medium default policy.

  3. With persistence, the license is stored on the device. Two typical use cases are (1) indefinite access to offline playback and (2) temporary access to offline playback. Use the following guidelines for configuring a persistent license. For indefinite access, set the playback duration to 0, the license duration to 0, and offline persistence to true. For temporary access, set the playback duration to a non-zero value, the license duration to a non-zero value that is less than or equal to the playback duration, and offline persistence to true.



Supported browsers and suggested policies

The following tables show the browser-policy combinations that we suggest when using the default JW DRM Policies.


Playback Enabled

Desktop

HTML5 Browsers Highest High Medium Low
Chrome
2 most recent stable versions
---
---
āœ“ 1
āœ“
Edge
2 most recent stable versions
---
---
āœ“ 1
āœ“
Firefox
2 most recent stable versions
---
---
āœ“ 1
āœ“
Opera
2 most recent stable versions
---
---
āœ“ 1
āœ“
Safari
2 most recent stable versions
āœ“
āœ“
āœ“
āœ“
  1. When using MacOS with an HDMI connection, set the content to the Low policy setting. Medium or higher will not work.

Mobile

Highest High Medium Low
Android (native)6.0+
---
---
---
āœ“
Chrome (Android)
---
---
---
āœ“
Chrome (iOS) iOS 13.0+
āœ“
āœ“
āœ“
āœ“
Edge (Android)
---
---
---
āœ“
Edge (iOS) iOS 13.0+
āœ“
āœ“
āœ“
āœ“
Firefox (Android)
---
---
---
āœ“
Firefox (iOS) iOS 13.0+
āœ“
āœ“
āœ“
āœ“
Safari iOS 13.0+
āœ“
āœ“
āœ“
āœ“

OTT

Highest High Medium Low
Amazon Fire TV (3rd Gen.) OS7.2.4
Amazon Silk 100
---
---
---
āœ“
Apple TV (4th Gen.) OSV15.3
Chrome
---
---
---
---
Apple TV (4th Gen.) OSV15.3
Firefox
---
---
---
āœ“
Apple TV (4th Gen.) OSV15.3
Safari
---
---
---
---
Chromecast (2nd Gen.)
Chromecast
---
---
āœ“
āœ“
Roku
PlayReady
---
---
āœ“
āœ“
Roku
Widevine
āœ“
āœ“
āœ“
āœ“
Samsung Tizen Browser 2.1.3
āœ“
āœ“
āœ“
āœ“
Xbox Build in Browser
---
---
---
---


Screen Recording Blocked

DRM blocks screen recording (screen capture) via browser extensions and add-ons or applications such as QuickTime or OBS (Open Broadcaster Software) on the application level. However, this behavior is not guaranteed for all web browsers at all times. Blocking is dependent on the Content Decryption Module (CDM) used in the browser and may vary with browser updates and versions1.

The table below shows the screen capture prevention levels for different Operating Systems by screen capture method per browser. When screen capture is blocked, the file of the recording will show a black screen. The audio may still be available.

Desktop

HTML5 Browsers Highest High Medium Low
Chrome
2 most recent stable versions
N/A
N/A
āœ“
āœ“
Edge (MacOS)
2 most recent stable versions
N/A
N/A
---
---
Edge (Windows)
2 most recent stable versions
N/A
N/A
āœ“
āœ“
Firefox
2 most recent stable versions
N/A
N/A
---
---
Opera
2 most recent stable versions
N/A
N/A
āœ“
āœ“
Safari
2 most recent stable versions
āœ“
āœ“
āœ“
āœ“
  1. This CDM limitation affects other major streaming platforms such as Netflix, Disney+, etc. as well.

Mobile

Native Highest High Medium Low
Chrome (Android)
N/A
N/A
N/A
---
Safari iOS 13.0+
āœ“
āœ“
āœ“
āœ“

Browser Highest High Medium Low
Chrome (iOS) iOS 13.0+
āœ“
āœ“
āœ“
āœ“
Edge (Android)
N/A
N/A
N/A
---
Edge (iOS) iOS 13.0+
āœ“
āœ“
āœ“
āœ“
Firefox (Android)
N/A
N/A
N/A
---
Firefox (iOS) iOS 13.0+
āœ“
āœ“
āœ“
āœ“


Create a custom DRM policy

You have the option to create customized DRM policies. You should have a strong understanding of DRM robustness settings. An incorrectly customized DRM policy has the possibility of providing viewers too much access to your content or halting content playback for all devices. To ensure proper DRM playback when using Studio DRM with JW Platform we strongly suggest using one of the default DRM policies.

Use the following steps to create a custom DRM policy:

  1. From the Properties page, click (property name) > Content Protection.
  2. In the Digital Rights Management section, hover over a DRM policy row. The More menu icon appears at the end of the row.
  3. Click the More menu icon > Clone. The DRM Policy panel appears.
  4. Update the settings for your use case.
  5. Click Save.


Did this page help you?