Studio DRM with JW Platform Policy Reference
IMPORTANT
This article explains the policies that are available when you have Studio DRM with JW Platform enabled for one of your sites. Read Getting started to learn about the benefits of this product and how to properly enable it to protect your content.
If you are using Studio DRM Standalone, please refer to DRM Policy Examples for DRM policy guidance.
After creating a property in your dashboard that is enabled with Studio DRM with JW Platform, four default DRM policies are created that can be applied during playback of your DRM-protected content. A DRM policy specifies the playback restrictions that licenses with this policy will enforce on a DRM video asset.
About Minimum Security Levels
Minimum security levels are only supported in Widevine and PlayReady DRMs. This section does not apply to Apple FairPlay DRM, which has no security levels.
In general, policies with high minimum security levels only permit playback if the device has a content decryption module (CDM) that runs in a hardware Trusted Execution Environment (TEE). In DRM, these are known as "high robustness" devices and can prevent things like access to decrypted video frames in device memory.
Lower security levels will play on devices with software CDMs (low robustness devices) as well as hardware CDMs.
The high minimum levels in Widevine (often called "Widevine L1") are HW_SECURE_ALL and HW_SECURE_DECODE. The high minimum level in PlayReady is 3000. Policies using these levels will not play in low robustness devices such as computer web browsers.
You will likely need to experiment with various security levels to find the right mix of device playback support and security.
Default DRM Policies
The four default DRM policies are listed and explained below with intended use cases:
Highest
Intended for native applications content on devices with a hardware TEE and advanced HDCP. This policy limits playback to 3840p and lower resolution content and requires minimum HDCP v2.2. This policy is very restrictive, so playback will only succeed on advanced devices such as Roku and premium smartphones.
High
Intended for devices with a hardware TEE, such as phones, tablets, and connected TV devices. This policy limits playback to 1080p and lower resolution content and enforces HDCP. Playback with this policy will fail in most desktop browsers as well as mobile browsers that default to a software CDM (such as Android Chrome).
Medium
Intended for desktop & laptop computers where the digital output of your content must be protected by HDCP. This policy limits playback to 720p and lower resolution content and enforces HDCP. Playback with this policy will fail if the device does not support at least HDCP v1.x.
Low
Intended for desktop & laptop computers with software CDMs and digital output of your content is allowed without HDCP protection. This policy limits playback to SD and lower resolution content. This policy is compatible with the widest range of playback devices, but is the least secure.
| Highest | High | Medium | Low | |
|---|---|---|---|---|
| FairPlay minimum security level | N/A | N/A | N/A | N/A |
| PlayReady minimum security level | 3000 | 3000 | 2000 | 2000 |
| Widevine minimum security level 1,2 | L1 ( HW_SECURE_ALL) | L1 ( HW_SECURE_ALL) | L3 ( SW_SECURE_CRYPTO) | L3 ( SW_SECURE_CRYPTO) |
| Max video resolution width | 3840 pixels | 1920 pixels | 1280 pixels | 640 pixels |
| Allow persistent license (offline playback 3) | Yes | Yes | No | No |
| Digital output Applies only to HD and UHD streams | Requires HDCP v2 or later | Requires HDCP v1 or later | Requires HDCP v1 or later | Does not require HDCP |
| License duration | 48 hours | 48 hours | 48 hours | 96 hours |
| Playback duration | 360 minutes | 360 minutes | 360 minutes | 360 minutes |
-
Two manifests must be created in the Delivery API request. For one manifest, apply the L1 DRM policy with 3840p width restrictions. For the other manifest apply the L3 DRM policy with 1280p width restrictions.
-
With persistence, the license is stored on the device. Two typical use cases are (1) indefinite access to offline playback and (2) temporary access to offline playback. Use the following guidelines for configuring a persistent license. For indefinite access, set the playback duration to 0, the license duration to 0, and offline persistence to
true. For temporary access, set the playback duration to a non-zero value, the license duration to a non-zero value that is less than or equal to the playback duration, and offline persistence totrue.
Supported browsers and suggested policies
The following tables show the browser-policy combinations that we suggest when using the default JW DRM Policies.
Desktop
| HTML5 Browsers | Highest | High | Medium | Low |
|---|---|---|---|---|
| Chrome 3 most recent stable versions |
✓ |
|||
| Edge 2 most recent stable versions |
✓ |
|||
| Firefox 2 most recent stable versions |
✓ |
|||
| Safari 2 most recent stable versions |
✓ |
✓ |
✓ |
✓ |
Mobile
| Highest | High | Medium | Low | |
|---|---|---|---|---|
| Android (native)6.0+ | ✓ |
✓ |
||
| Chrome (Android) 3 most recent stable versions |
✓ |
|||
| iOS (native)12.0+ | ✓ |
✓ |
||
| Safari 2 most recent stable versions |
✓ |
✓ |
✓ |
✓ |
Mobile
| Highest | High | Medium | Low | |
|---|---|---|---|---|
| Android TV | ✓ |
|||
| Apple TV12.0+ | ✓ |
|||
| Chromecast | ✓ |
|||
| Fire TV6.0+ | ✓ |
|||
| LG | ✓ |
|||
| Roku 2 most recent versions |
✓ |
|||
| Samsung | ✓ |
Create a custom DRM policy
You have the option to create customized DRM policies. You should have a strong understanding of DRM robustness settings. An incorrectly customized DRM policy has the possibility of providing viewers too much access to your content or halting content playback for all devices. To ensure proper DRM playback when using Studio DRM with JW Platform we strongly suggest using one of the default DRM policies.
Use the following steps to create a custom DRM policy:
- From the Properties page, click (property name) > Content Protection.
- In the Digital Rights Management section, hover over a DRM policy row. The More menu icon appears at the end of the row.
- Click the More menu icon > Clone. The DRM Policy panel appears.
- Update the settings for your use case.
- Click Save.
Updated 18 days ago