Studio DRM Policy Reference (JW Platform)


👍

This article explains the policies that are available when you have Studio DRM with JW Platform enabled for one of your sites. Read Getting started to learn about the benefits of this product and how to properly enable it to protect your content.

If you are using Studio DRM Standalone, please refer to DRM Policy Examples for DRM policy guidance.


After creating a property in your dashboard that is enabled with Studio DRM with JW Platform, several default DRM policies are created that can be applied during playback of your DRM-protected content. A DRM policy specifies the playback restrictions that licenses with this policy will enforce on a DRM video asset.



About Minimum Security Levels

Minimum security levels are only supported in Widevine and PlayReady DRMs. This section does not apply to Apple FairPlay DRM, which has no security levels.

In general, policies with high minimum security levels only permit playback if the device has a content decryption module (CDM) that runs in a hardware Trusted Execution Environment (TEE). In DRM, these are known as "high robustness" devices and can prevent things like access to decrypted video frames in device memory.

Lower security levels will play on devices with software CDMs (low robustness devices) as well as hardware CDMs.

The high minimum levels in Widevine (often called "Widevine L1") are HW_SECURE_ALL and HW_SECURE_DECODE. The high minimum level in PlayReady is 3000. Policies using these levels will not play in low robustness devices such as computer web browsers.

You will likely need to experiment with various security levels to find the right mix of device playback support and security.



Default DRM Policies

The default DRM policies are listed and explained below with intended use cases:

Low

⚠️

Playback of video-on-demand media with DRM leverages the Low Default DRM Policy. Any changes made to the policy may cause playback failure in the dashboard.

Intended for desktop & laptop computers with software CDMs and digital output of your content is allowed without HDCP protection. This policy limits playback to SD and lower resolution content. This policy is compatible with the widest range of playback devices, but is the least secure.

Medium

Intended for desktop & laptop computers where the digital output of your content must be protected by HDCP. This policy limits playback to 720p and lower resolution content and enforces HDCP. Playback with this policy will fail if the device does not support at least HDCP v1.x.

High

Intended for devices with a hardware TEE, such as phones, tablets, and connected TV devices. This policy limits playback to 1080p and lower resolution content and enforces HDCP. Playback with this policy will fail in most desktop browsers as well as mobile browsers that default to a software CDM (such as Android Chrome).

Highest

Intended for native applications content on devices with a hardware TEE and advanced HDCP. This policy limits playback to 3840p and lower resolution content and requires minimum HDCP v2.2. This policy is very restrictive, so playback will only succeed on advanced devices such as Roku and premium smartphones.

Offline

Intended for native mobile applications that allow offline playback of downloaded media. This default policy is the same as the High policy with the addition of the offline playback setting that allows content to be stored and played offline.


HighestHighMediumLowOffline
FairPlay minimum security levelN/AN/AN/AN/AN/A
PlayReady minimum security level30003000200020003000
Widevine minimum security level 1L1
(HW_SECURE_ALL)
L1
(HW_SECURE_ALL)
L3
(SW_SECURE_CRYPTO)
L3
(SW_SECURE_CRYPTO)
L1
(HW_SECURE_ALL)
Max video resolution width3840 pixels1920 pixels1280 pixels640 pixels1920 pixels
Offline Playback 2
(Applies to downloaded media)
NoNoNoNoYes
Digital output
Applies only to HD and UHD streams
Requires HDCP v2 or laterRequires HDCP v1 or laterRequires HDCP v1 or laterDoes not require HDCPRequires HDCP v1 or later
License duration48 hours48 hours48 hours96 hours48 hours
Playback duration360 minutes360 minutes360 minutes360 minutes360 minutes

  1. Two manifests must be created in the Delivery API request. For one manifest, apply the L1 DRM policy with 3840p width restrictions. For the other manifest apply the L3 DRM policy with 1280p width restrictions.

  2. Offline playback can be added to custom policies by checking the Offline Playback field. When Offline Playback is enabled, the license is stored on the device and the media is accessible for the license and playback duration periods that you have set in the policy.



Supported browsers and suggested policies

The following tables show the browser-policy combinations that we suggest when using the default JW DRM Policies.


Playback Enabled

Casting

Casting Highest High Medium Low Offline
AirPlay
Via the player AirPlay icon
---

Desktop

HTML5 Browsers Highest High Medium Low Offline
Chrome
3 most recent stable versions
---
---
---
---
Edge
2 most recent versions
---
---
---
---
Firefox
2 most recent versions
---
---
---
---
Safari
2 most recent versions
---

Mobile

Highest High Medium Low Offline
Android (native) 6.0+
Chrome (Android)
3 most recent stable versions
---
---
---
iOS (native) 12.0+
Safari
2 most recent versions
---

OTT

Highest High Medium Low Offline
Android TV
---
---
---
---
Apple TV 12.0+
---
---
---
---
Chromecast
---
---
---
---
Fire TV 6.0+
---
---
---
---
LG
---
---
---
---
Roku
2 most recent versions
---
---
---
---
Samsung
---
---
---
---


Screen Recording Blocked

DRM blocks screen recording (screen capture) via browser extensions and add-ons or applications such as QuickTime or OBS (Open Broadcaster Software) on the application level. However, this behavior is not guaranteed for all web browsers at all times. Blocking is dependent on the Content Decryption Module (CDM) used in the browser and may vary with browser updates and versions1.

The table below shows the screen capture prevention levels for different Operating Systems by screen capture method per browser. When screen capture is blocked, the file of the recording will show a black screen. The audio may still be available.

Desktop

HTML5 Browsers Highest High Medium Low Offline
Chrome
2 most recent stable versions
N/A
N/A
N/A
Edge (MacOS)
2 most recent stable versions
N/A
N/A
---
---
N/A
Edge (Windows)
2 most recent stable versions
N/A
N/A
N/A
Firefox
2 most recent stable versions
N/A
N/A
---
---
N/A
Opera
2 most recent stable versions
N/A
N/A
N/A
Safari
2 most recent stable versions
N/A
  1. This CDM limitation affects other major streaming platforms such as Netflix, Disney+, etc. as well.

Mobile

Native Highest High Medium Low Offline
Android
N/A
N/A
N/A
---
iOS 13.0+

Browser Highest High Medium Low Offline
Chrome (iOS) iOS 13.0+
N/A
Edge (Android)
N/A
N/A
N/A
---
N/A
Edge (iOS) iOS 13.0+
N/A
Firefox (Android)
N/A
N/A
N/A
---
N/A
Firefox (iOS) iOS 13.0+
N/A


Create a custom DRM policy

You have the option to create customized DRM policies. You should have a strong understanding of DRM robustness settings. An incorrectly customized DRM policy has the possibility of providing viewers too much access to your content or halting content playback for all devices. To ensure proper DRM playback when using Studio DRM with JW Platform we strongly suggest using one of the default DRM policies.

Use the following steps to create a custom DRM policy:

  1. From the Properties page, click (property name) > Content Protection.
  2. In the Digital Rights Management section, hover over a DRM policy row. The More menu icon appears at the end of the row.
  3. Click the More menu icon > Clone. The DRM Policy panel appears.
  4. Update the settings for your use case.
  5. Click Save.