Studio DRM Policy Reference (JW Platform)
This article explains the policies that are available when you have Studio DRM with JW Platform enabled for one of your sites. Read Getting started to learn about the benefits of this product and how to properly enable it to protect your content.
If you are using Studio DRM Standalone, please refer to DRM Policy Examples for DRM policy guidance.
After creating a property in your dashboard that is enabled with Studio DRM with JW Platform, several default DRM policies are created that can be applied during playback of your DRM-protected content. A DRM policy specifies the playback restrictions that licenses with this policy will enforce on a DRM video asset.
About Minimum Security Levels
Minimum security levels are only supported in Widevine and PlayReady DRMs. This section does not apply to Apple FairPlay DRM, which has no security levels.
In general, policies with high minimum security levels only permit playback if the device has a content decryption module (CDM) that runs in a hardware Trusted Execution Environment (TEE). In DRM, these are known as "high robustness" devices and can prevent things like access to decrypted video frames in device memory.
Lower security levels will play on devices with software CDMs (low robustness devices) as well as hardware CDMs.
The high minimum levels in Widevine (often called "Widevine L1") are HW_SECURE_ALL
and HW_SECURE_DECODE
. The high minimum level in PlayReady is 3000
. Policies using these levels will not play in low robustness devices such as computer web browsers.
You will likely need to experiment with various security levels to find the right mix of device playback support and security.
Default DRM Policies
The default DRM policies are listed and explained below with intended use cases:
Low
Playback of video-on-demand media with DRM leverages the Low Default DRM Policy. Any changes made to the policy may cause playback failure in the dashboard.
Intended for desktop & laptop computers with software CDMs and digital output of your content is allowed without HDCP protection. This policy limits playback to SD and lower resolution content. This policy is compatible with the widest range of playback devices, but is the least secure.
Medium
Intended for desktop & laptop computers where the digital output of your content must be protected by HDCP. This policy limits playback to 720p and lower resolution content and enforces HDCP. Playback with this policy will fail if the device does not support at least HDCP v1.x.
High
Intended for devices with a hardware TEE, such as phones, tablets, and connected TV devices. This policy limits playback to 1080p and lower resolution content and enforces HDCP. Playback with this policy will fail in most desktop browsers as well as mobile browsers that default to a software CDM (such as Android Chrome).
Highest
Intended for native applications content on devices with a hardware TEE and advanced HDCP. This policy limits playback to 3840p and lower resolution content and requires minimum HDCP v2.2. This policy is very restrictive, so playback will only succeed on advanced devices such as Roku and premium smartphones.
Offline
Intended for native mobile applications that allow offline playback of downloaded media. This default policy is the same as the High policy with the addition of the offline playback setting that allows content to be stored and played offline.
Highest | High | Medium | Low | Offline | |
---|---|---|---|---|---|
FairPlay minimum security level | N/A | N/A | N/A | N/A | N/A |
PlayReady minimum security level | 3000 | 3000 | 2000 | 2000 | 3000 |
Widevine minimum security level 1 | L1 ( HW_SECURE_ALL ) | L1 ( HW_SECURE_ALL ) | L3 ( SW_SECURE_CRYPTO ) | L3 ( SW_SECURE_CRYPTO ) | L1 ( HW_SECURE_ALL ) |
Max video resolution width | 3840 pixels | 1920 pixels | 1280 pixels | 640 pixels | 1920 pixels |
Offline Playback 2 (Applies to downloaded media) | No | No | No | No | Yes |
Digital output Applies only to HD and UHD streams | Requires HDCP v2 or later | Requires HDCP v1 or later | Requires HDCP v1 or later | Does not require HDCP | Requires HDCP v1 or later |
License duration | 48 hours | 48 hours | 48 hours | 96 hours | 48 hours |
Playback duration | 360 minutes | 360 minutes | 360 minutes | 360 minutes | 360 minutes |
-
Two manifests must be created in the Delivery API request. For one manifest, apply the L1 DRM policy with 3840p width restrictions. For the other manifest apply the L3 DRM policy with 1280p width restrictions.
-
Offline playback can be added to custom policies by checking the Offline Playback field. When Offline Playback is enabled, the license is stored on the device and the media is accessible for the license and playback duration periods that you have set in the policy.
Supported browsers and suggested policies
The following tables show the browser-policy combinations that we suggest when using the default JW DRM Policies.
Playback Enabled
Casting
Casting | Highest | High | Medium | Low | Offline |
---|---|---|---|---|---|
AirPlay Via the player AirPlay icon |
✅ |
✅ |
✅ |
✅ |
--- |
Desktop
HTML5 Browsers | Highest | High | Medium | Low | Offline |
---|---|---|---|---|---|
Chrome 3 most recent stable versions |
--- |
--- |
--- |
✅ |
--- |
Edge 2 most recent versions |
--- |
--- |
--- |
✅ |
--- |
Firefox 2 most recent versions |
--- |
--- |
--- |
✅ |
--- |
Safari 2 most recent versions |
✅ |
✅ |
✅ |
✅ |
--- |
Mobile
Highest | High | Medium | Low | Offline | |
---|---|---|---|---|---|
Android (native) 6.0+ | ✅ |
✅ |
✅ |
✅ |
✅ |
Chrome (Android) 3 most recent stable versions |
--- |
--- |
--- |
✅ |
✅ |
iOS (native) 12.0+ | ✅ |
✅ |
✅ |
✅ |
✅ |
Safari 2 most recent versions |
✅ |
✅ |
✅ |
✅ |
--- |
OTT
Highest | High | Medium | Low | Offline | |
---|---|---|---|---|---|
Android TV | --- |
✅ |
--- |
--- |
--- |
Apple TV 12.0+ | --- |
✅ |
--- |
--- |
--- |
Chromecast | --- |
--- |
✅ |
--- |
--- |
Fire TV 6.0+ | --- |
✅ |
--- |
--- |
--- |
LG | --- |
--- |
✅ |
--- |
--- |
Roku 2 most recent versions |
--- |
✅ |
--- |
--- |
--- |
Samsung | --- |
--- |
✅ |
--- |
--- |
Screen Recording Blocked
DRM blocks screen recording (screen capture) via browser extensions and add-ons or applications such as QuickTime or OBS (Open Broadcaster Software) on the application level. However, this behavior is not guaranteed for all web browsers at all times. Blocking is dependent on the Content Decryption Module (CDM) used in the browser and may vary with browser updates and versions1.
The table below shows the screen capture prevention levels for different Operating Systems by screen capture method per browser. When screen capture is blocked, the file of the recording will show a black screen. The audio may still be available.
Desktop
HTML5 Browsers | Highest | High | Medium | Low | Offline |
---|---|---|---|---|---|
Chrome 2 most recent stable versions |
N/A |
N/A |
✓ |
✓ |
N/A |
Edge (MacOS) 2 most recent stable versions |
N/A |
N/A |
--- |
--- |
N/A |
Edge (Windows) 2 most recent stable versions |
N/A |
N/A |
✓ |
✓ |
N/A |
Firefox 2 most recent stable versions |
N/A |
N/A |
--- |
--- |
N/A |
Opera 2 most recent stable versions |
N/A |
N/A |
✓ |
✓ |
N/A |
Safari 2 most recent stable versions |
✓ |
✓ |
✓ |
✓ |
N/A |
Mobile
Native | Highest | High | Medium | Low | Offline |
---|---|---|---|---|---|
Android | N/A |
N/A |
N/A |
--- |
✓ |
iOS 13.0+ | ✓ |
✓ |
✓ |
✓ |
✓ |
Browser | Highest | High | Medium | Low | Offline |
---|---|---|---|---|---|
Chrome (iOS) iOS 13.0+ | ✓ |
✓ |
✓ |
✓ |
N/A |
Edge (Android) | N/A |
N/A |
N/A |
--- |
N/A |
Edge (iOS) iOS 13.0+ | ✓ |
✓ |
✓ |
✓ |
N/A |
Firefox (Android) | N/A |
N/A |
N/A |
--- |
N/A |
Firefox (iOS) iOS 13.0+ | ✓ |
✓ |
✓ |
✓ |
N/A |
Create a custom DRM policy
You have the option to create customized DRM policies. You should have a strong understanding of DRM robustness settings. An incorrectly customized DRM policy has the possibility of providing viewers too much access to your content or halting content playback for all devices. To ensure proper DRM playback when using Studio DRM with JW Platform we strongly suggest using one of the default DRM policies.
Use the following steps to create a custom DRM policy:
- From the Properties page, click (property name) > Content Protection.
- In the Digital Rights Management section, hover over a DRM policy row. The More menu icon appears at the end of the row.
- Click the More menu icon > Clone. The DRM Policy panel appears.
- Update the settings for your use case.
- Click Save.
Updated 4 months ago