Widevine Modular Content Protection

Ooyala provides support for Widevine Modular to meet the content protection requirements for high-quality content online in on-demand and live streaming formats. Widevine’s multi-platform DRM provides the capability to license, securely distribute and protect playback of multimedia content on any consumer device. Content owners and digital media providers can use Widevine’s solutions to ensure revenue generating services keep flowing to whatever device consumers desire.

Note: If you are currently using Widevine Classic, please contact Technical Support or your account manager to help you transition to Widevine Modular.
Note: Ooyala integration with Widevine Classic DRM has been deprecated and is scheduled to be disabled. For details and alternatives, see the OVP Release Notes.

To give you the capacity to protect your content using Ooyala and Widevine, you need to understand how Widevine works and how to use Widevine with your Android or Connected TV device. This document describes how to do this.

Widevine Modular is part of a set of comprehensive content protection features that work together to provide you with the ability to secure your content. These features include:

  • User Authentication through token-based options such as the Ooyala Player Token. For information about setting up and using this feature, see Ooyala Player Token for Player V4.
  • Content Authorization through mechanisms such as Widevine. Information about Widevine is provided in this document.
  • Authorization API, which is a mechanism that handles all authorization requests. For more information about the Authorization API, see Player Authorization API for Player V4.
The content protection that Ooyala offers work standalone or in combination to provide multiple levels of content protection. Ooyala enables you to combine these features to create your content protection strategy. To learn about additional content protection features (such as Adobe Pass), contact Sales, your Customer Success Manager, or Technical Support.

Supported Platforms and Formats

If you want to have content that is DRM-protected with Widevine, you need to use the supported platforms formats appropriate for Android apps and Connected TVs.
Platform Supported Formats Notes
Android 4.4+ MPEG-DASH CENC
Mozilla Firefox 48+ MPEG-DASH CENC
Note: Widevine Modular is supported on a wide range of hardware and operating systems (https://www.widevine.com/supported_platforms.html). However, not all hardware platforms are entirely compatible. Issues when using Widevine on devices with x86-based hardware have been widely reported, and we have been able to reproduce these issues, so we consider x86-based devices unsupported by Widevine.

Ooyala and Widevine DRM Workflow

Customers who want Widevine need to work with Ooyala Customer Success Managers or professional services to enable Widevine Modular support. When you use Ooyala’s Widevine server, the licenses exist in the Widevine cloud.

With the implementation of Widevine DRM, each content viewer needs an individual license as the content is encrypted and is useless without license. Widevine does not perform the encryption, content from the CDN is already encrypted. Widevine just provides a secure cloud for license key storage and retrieval.

If you want to integrate with Widevine, you need to understand how securing your content works with the various parts of the Ooyala content protection features. The following diagram illustrates how Widevine is related to the Ooyala Player Token (an optional but recommended user authentication feature) and the Ooyala Authorization API that handles the user authentication requests.

Widevine Content Protection Workflow

The following table describes the workflow steps for using Widevine for content protection.

Step Action Responsible Party Additional Documentation
1. The video player App, authenticates the user against the content provider. App developers and content provider’s services Ooyala Player Token for Player V3 (Deprecated)
2. The content provider provides an Ooyala Player Token to the app that indicates the authentication status of the user. App developers and content provider’s services Ooyala Player Token for Player V3 (Deprecated)
3. The video app makes an authorization request to Ooyala that includes the Ooyala Player Token. App developers Ooyala Player Token for Player V3 (Deprecated) and Player Authorization API for Player V4
4. Ooyala's authorization request returns a stream url and the authorization cookie. App developers Player Authorization API for Player V4
5. Device native playback components will contact Ooyala for DRM licenses. Ooyala  
6. Ooyala provides the license to playback DRM content. Ooyala  

Using Widevine with Ooyala SDK-based Apps

To use Widevine with our Android player, you need to download and use our native SDKs to create the client-side pages. To download the Ooyala Android SDK, go to Ooyala Downloads. To learn about implementing Android, see Mobile SDK for Android . That’s all you need, as once you have the Widevine Modular feature enabled, the Ooyala SDK-based apps should work seamlessly with Widevine.

Using Widevine with Connected TVs

If you want to use Widevine with connected TVs, you need to:
  1. Implement Widevine Modular in accordance with the device specific SDKs. You pre-configure your device SDK and Widevine setup according to the SDK instructions.
  2. Initialize Widevine and the device SDK in the SDK-specific language (this will vary from device to device). Set up your app in accordance with the applicable platform programming guide.
  3. You will make a call to the Authorization API (this is a JSON RESTful API call).
  4. You will make the call to get the Widevine URL or stream data.
  5. You need to map the elements of the retrieved URL to the corresponding values of the Widevine fields. Plug in the values described below.
For this segment... Provide...
video url the stream URL
portal, provider, or owner id ooyala
device id optional, unique identifier for the device, you generate the id

Device Registration

When using Widevine Modular, the device_id that is cached in the browser might get removed in the following situations:

  1. clearing the browser privacy settings/history/cache
  2. uninstalling or reinstalling the browser

Device registration will fail if the device limit is exceeded because the same device would then have a new device_id and be tracked as a new device, see Device Registration API.