Widevine
The official Widevine logo
Original author	Google
Initial release	1999; 26 years ago (1999)
Stable release	1.4.9.1088
Written in	C++
Operating system	Cross-platform
Type	Digital rights management
Website	www.widevine.com

Widevine is a proprietarydigital rights management (DRM) system that is included in most majorweb browsers and in the operating systemsAndroid andiOS. It is used bystreaming services—includingNetflix,Amazon Prime Video, andHulu—to allow authorized users to view media while preventing them from creating unauthorized copies.

Widevine was originally developed in 1999 by Internet Direct Media, who later rebranded as Widevine Technologies. Following several rounds of funding, the company was acquired byGoogle in 2010 for an undisclosed amount.

Widevine was created bySeattle-based Internet Direct Media in 1999 as Widevine Cypher.^[1] The company, founded by executive Brian Baker and cryptography researcher Jeremy Horwitz, changed its name to Widevine Technologies.^[2][3]

In February 2001, Widevine Technologies released Widevine Cypher Enterprise; at the time, techniques such asscreen recording andnetwork request monitoring were common. Widevine Cypher usedDES-X encryption to prevent these techniques.^[4] Widevine Technologies partnered withBellevue-based streaming company Midstream Technologies in April.^[5] Baker returned to the company in 2001, leading it through a restructuring process; the process involvedrecapitalizing the company and firing many of its employees.^[6]

In June 2003, Widevine Technologies secured US$7.8 million in funding fromventure capital firms Constellation Ventures and Pacesetter Capital.^[7] That same year, Widevine Technologies partnered withTaiwanese telecommunications companyChunghwa Telecom in an effort to secure theirvideo-on-demand service.^[8] Widevine Technologies would receive further funding in 2004 from Constellation Ventures and Pacesetter Capital, along with Phoenix Capital Partners, in a funding round led by VantagePoint Venture Partners, netting the company $13 million.^[9]

Widevine Technologies branched out intodigital watermarking in 2005, partnering with content processing companyTVN Entertainment (now Vubiquity) for its Mensor system.^[10] Widevine Mensor inserts a 64-bit payload into the signal, a computationally inexpensive operation.^[11]

In April 2006, Constellation Ventures, Pacesetter Capital, Phoenix Capital Partners, and VantagePoint Venture Partners joined digital communications companyCisco Systems and Canadian telecommunications companyTelus to invest $16 million into Widevine Technologies. Cisco's involvement in the investment followed its acquisition of set-top box manufacturerScientific Atlanta for $7 billion.^[12] In a six-year agreement, Widevine was awarded a contract with Telus to use its technology in Telus's platforms.^[13]

On August 3, 2007, Widevine Technologies filed a patent infringement lawsuit against content security companyVerimatrix.^[14] The two companies reached a settlement in March 2010.^[15]

Vendors utilizing Widevine steadily increased up until 2010. In August 2008,CinemaNow used Widevine to expand its reach to multiple devices, including theNintendo Wii, disc players fromLG andSamsung, and theiPhone andiPod.^[16] To implement DRM intoMicrosoft Silverlight for browsers not usingMicrosoft Windows,Microsoft worked with Widevine Technologies.^[17] Widevine was also implemented into several streaming services usingAdobe Flash, including content fromSony andWarner Bros. distributed in the virtual social networkGaia Online.^[18]

In December 2009, Widevine received an additional $15 million in funding from telecommunications companyLiberty Global and Samsung Ventures, the venture capital subsidiary of Samsung.^[19] Samsung would expand its use of Widevine in June 2010.^[20]LoveFilm signed a deal with Widevine in July 2010.^[21]

On December 3, 2010,Google announced that it had acquired Widevine for an undisclosed amount.^[22] The acquisition occurred on the same dayViacom filed an appeal inViacom v. YouTube, a case regarding Google's role in users uploading content owned by Viacom ontoYouTube.^[23] ACNN report in February 2011 revealed that Google had paid $150 million for Widevine, despite an internal valuation of the company being between $30 million and $40 million, making it the company's ninth largest acquisition until that point.^[24]

Widevine is divided into three security levels. The security level used is dependent on the usage of atrusted execution environment (TEE) in the client device. For example,ARM Cortex-A processors implementTrustZone technology, allowing cryptography and video processing to occur entirely within the TEE.^[25] In Widevine L1, media decryption and processing occurs entirely in a TEE, and content is available in its original resolution. In Widevine L2, media decryption and processing occurs in software or dedicated video hardware, despite the presence of a TEE, and content is available in a fixed resolution. In Widevine L3, media decryption and processing occurs in software and no TEE is present, and content is available in a fixed resolution.^[26]

InAndroid, Widevine L1 can be implemented into Stagefright, Android's media playback engine.^[27] This is implemented inQualcomm chips, where anOpenMAX (OMX) component communicates with the videodriver at thekernel level. Multimedia memory is carved out through thememory management unit driver for ION, a memory manager introduced inAndroid 4.0 to address the various memory management interfaces across Android.^[28] The input/output buffer is then allocated, and the content is decrypted and stored to a secured input buffer in TrustZone.^[29]

Widevine uses multiple standards and specifications, includingMPEG Common Encryption (CENC),Encrypted Media Extensions (EME),Media Source Extensions (MSE), andDynamic Adaptive Streaming over HTTP (DASH).^[30] In addition, Widevine supports theHTTP Live Streaming (HLS) protocol, developed byApple Inc. in 2009.^[31]

In one implementation of Widevine, a browser receives encrypted content from acontent delivery network (CDN). The content is then sent to theContent Decryption Module (CDM), which creates a license request to send to the license server. The player then receives a license from the license server and passes it to the CDM. To decrypt the stream, the CDM sends the media and the license to the OEMCrypto module, required to decrypt the content.^[32] OEMCrypto is an interface to the TEE; most implementations ensure that session keys, decrypted content keys, and the decrypted content stream are not accessible to other running applications. This is usually accomplished through a secondary processor with separatememory.^[33] The content is then sent to the video stack and displayed to the end user in chunks.^[34] License request and license response messages are sent and received usingProtocol Buffers.^[35]

Vendors may implement their ownproxy server within the license server, in cases where user authorization is managed by the vendor's preexisting proxy server.^[36] This setup requires the use of the proxy server as a middleman.^[37] Widevine requires the use of service certificates beginning in Chrome 59, along withiOS and some configurations ofChromeOS.^{[38][note 1]} A proxy server may choose to refuse to issue licenses for browsers that do not implement a "verifiable" framework, otherwise known as Verified Media Path (VMP). Notably, browsers running onLinux are not included in VMP.^[40] Similarly, theHigh-bandwidth Digital Content Protection (HDCP) version used on the client device may be enforced by the proxy server.^[41]

In Widevine L1 devices, certificate provisioning is usually performed once. During provisioning, the CDM creates anonce and derives keys for certificate decryption and integrity checks, as well as dynamically generated buffers. The device key is treated as theRoot of Trust (RoT). The RoT-derived client key protects the request usingHMAC.^[42] The RoT is established through a factory-provisioned component called the "keybox". The keybox is 128 bytes long with two special fields. The integrity of the keybox is checked by verifying the last eight bytes match a magic number ("kbox") followed by acyclic redundancy check (CRC-32).^[43] The other 120 bytes comprise an internal device ID (32 bytes), anAdvanced Encryption Standard key (16 bytes), and a provisioning token (72 bytes).^[44]

Each content key is associated with a 128-bit key control block, specifying security constraints. The key control block ensures data path security requirements on clients such as Android, where video and audio are encrypted separately, and to provide a timeout value to the TEE. The block isAES-128-CBC encrypted with a randominitialization vector (IV), and the fields are defined inbig-endian byte order. The values of the block comprise a verification field, a duration field (expressed in seconds), a nonce, and control bits, all 32 bits each.^[45] The control bits are a series of bit fields controlling the HDCP version that can be used, the data path type, whether or not a nonce should be used, and the Copy General Management System (CGMS) used.^[46] Despite this, vendors may still choose to encrypt audio and video with the same key or may not even encrypt the audio at all.^[47]

Widevine is included in most major web browsers, includingGoogle Chrome. Derivatives ofChromium, includingMicrosoft Edge,Vivaldi,^[48] andOpera, also implement Widevine.^[49] Since June 2016,Firefox has supported Widevine directly in an effort to removeNPAPI support.^[50] In addition, Widevine is supported on Android and iOS.^[30] Streaming services utilizing Widevine includeNetflix,Disney+,^[51]Amazon Prime Video,Max,Hulu,Paramount+, andDiscovery+.^[52] SinceAndroid 5, the version of Google Chrome used in Android supports Widevine.^[53] In February 2021, Firefox for Android added Widevine.^[54]

In Android, Widevine is implemented through ahardware abstraction layer (HAL) module plugin. The Widevine library on Android translates Android DRM API calls to Widevine CDM ones, and its role varies depending on the security level implemented; in Widevine L1, the Widevine library acts as a proxy for the TEE, while in L3, the library contains the obfuscated CDM. Additionally, the libraryliboemcrypto.so marshals and unmarshals requests to the Widevine trustlet for Widevine L1 through a specialized TEE driver, such asQSEEComAPI.so for Qualcomm Secure Execution Environment (QSEE).^[55]

iOS does not natively support DASH or CENC. To work around this limitation, Widevinetransmuxes DASH to HLS; the Universal DASH Transmuxer (UDT) parses the DASH manifest using anXML parser, such aslibxml2. The UDT then creates an HLS playlist.^[56]

On May 31, 2021, support for 32-bit Linux was stopped, and DRM-protected content cannot be played on this platform.^[57][58]

Widevine has been exploited multiple times. Researchers atBen-Gurion University of the Negev discovered a vulnerability in Widevine in June 2016; the vulnerability allowed users to obtain a decrypted version of protected content incache.^[59]

In January 2019, security researcher David Buchanan claimed to have broken Widevine L3 through adifferential fault analysis attack in Widevine'swhite-box implementation ofAES-128, allowing Buchanan to retrieve the original key used to encrypt a stream. TheMPEG-CENC stream could then be decrypted usingffmpeg.^[60][61] A similar vulnerability was exploited in October 2020.^[62]

In 2021, the Android version of Widevine L3 was reverse engineered and broken by security researchers.^[63] The same year, Qi Zhao presented the first attack breaking Widevine L1 in Android by recovering the L1 keybox.^[64]

In 2019, a developer tried to bundle Widevine in an Electron/Chromium-based application for video playing and did not get any response from Google after asking for a license agreement, effectively blocking DRM usage in the project.^[65][66] He later got the reply:

I'm sorry but we're not supporting an open source solution like this [sic]

The same has happened to other Electron projects.^[67] Widevine does support Electron and Electron projects through a third-party integrator.^[68]

• FairPlay
• Marlin
• PlayReady

• Google (April 3, 2019).Widevine DRM Proxy Integration.
• Google (March 6, 2017).Widevine DRM Architecture Overview.
• Google (February 25, 2013).WV Modular DRM Security Integration Guide for Common Encryption (CENC).
• Patat, Gwendal; Sabt, Mohamed; Fouque, Pierre-Alain (2022a).Exploring Widevine for Fun and Profit.IEEE.
• Patat, Gwendal; Sabt, Mohamed; Fouque, Pierre-Alain (2022b).WideLeak: How Over-the-Top Platforms Fail in Android.IEEE.
• Santos, Nuno; Gummadi, Krishna; Rodrigues, Rodrigo (June 15, 2009).Towards trusted cloud computing.Association for Computing Machinery.

• Digital rights management systems
• Google software
• 2010 mergers and acquisitions

• Good articles
• Articles with short description
• Short description is different from Wikidata