Every term used across the modules. Hover over inline terms in module text to see a tooltip; click through to the full definition here.
Content Decryption Module — the on-device software/hardware component that holds keys and decrypts samples.
In browsers the CDM is loaded by the browser through EME. On Android the equivalent is exposed via MediaDrm. The CDM negotiates licenses with the license server and decrypts media samples just before they are decoded and rendered.
Common Encryption (ISO/IEC 23001-7) — the standard that lets one encrypted file work with multiple DRMs.
CENC defines how MP4 files store encryption metadata (cenc/cbcs schemes, sample auxiliary information, PSSH boxes). The same CENC-packaged content can be played on Widevine, PlayReady or FairPlay; only the license server differs.
The AES key used to decrypt media samples. Always wrapped — never sent in the clear.
Content keys are delivered inside the license, encrypted under a session key that the device negotiates with the license server. On L1 devices, content keys never leave the TEE.
Dynamic Adaptive Streaming over HTTP (MPEG-DASH) — segmented streaming with an XML manifest.
Defines an MPD (Media Presentation Description) listing adaptation sets, representations and segment URLs. Pairs with CENC for DRM. Widevine PSSH appears in the MPD as a ContentProtection element.
Digital Rights Management — a system that controls how protected content can be played, copied, or redistributed.
DRM combines content encryption, key delivery, and policy enforcement on the playback device. The encrypted content alone does nothing without a license. The license, delivered to a CDM/TEE, contains keys plus rules about how those keys may be used (resolution caps, output protection, expiry, persistence).
Encrypted Media Extensions — the W3C JavaScript API that lets browsers play DRM-protected content.
EME defines requestMediaKeySystemAccess, MediaKeys, MediaKeySession, and the encrypted/message events. It is intentionally generic so the same JavaScript can drive Widevine, PlayReady or FairPlay CDMs depending on what the browser supports.
Google's Android media player (now Media3) — handles DASH, HLS, SmoothStreaming, with Widevine integration.
ExoPlayer abstracts the dance between MediaExtractor, MediaCodec, MediaDrm and MediaCrypto. Most Android apps integrate Widevine via ExoPlayer's DefaultDrmSessionManager rather than calling MediaDrm directly.
Group of Pictures — an IDR frame plus all the frames coded relative to it.
Random access only happens on IDR boundaries. Segment duration in DASH/HLS is usually a multiple of the GOP length so each segment starts on an IDR frame.
High-bandwidth Digital Content Protection — link-level encryption between source and sink (HDMI/DP).
Studios commonly require HDCP 1.4 minimum for HD and HDCP 2.2+ for UHD/HDR. Widevine policies can express this requirement; the CDM enforces it before allowing decryption.
HTTP Live Streaming — Apple's segmented streaming protocol with .m3u8 playlists.
Originally TS-segment, now also fragmented MP4 (fMP4). For DRM, fMP4 + CENC + Widevine is the common multi-DRM choice. Apple's own DRM for HLS is FairPlay.
Instantaneous Decoder Refresh frame — an I-frame that lets the decoder restart from scratch.
An IDR frame can be decoded without reference to previous frames, and prevents subsequent frames from referencing anything before it. Required at every random-access point.
DRM-specific bytes the player extracts from the media and forwards to the CDM to identify content.
Comes from PSSH boxes (cenc init data) or from the MPD. The CDM uses it to build a license request.
An identifier for a content key — referenced in PSSH and license requests, not the secret itself.
Each encrypted track in a CENC stream is associated with one or more KIDs. The license server maps KIDs to actual content keys, applies policy, and returns the keys (encrypted) inside the license.
Changing the content key periodically while the same content stream continues to play.
The packager rotates keys on a fixed boundary (e.g. every N seconds). The CDM requests subsequent licenses via the renewal/key rotation flow. Common in long-running live streams to limit the value of a stolen key.
Widevine security levels — describe how content keys and decoded samples are protected on the device.
L1: keys + decode in TEE. L2: keys in TEE, decode outside. L3: software only. Studios cap content tier (SD/HD/UHD) by level.
Refreshing a license while playback continues, e.g. when the original is about to expire.
Triggered by the CDM emitting a 'license-renewal' message. The application sends it to the server, gets a new license, and feeds it back via update().
Android wrapper around a MediaDrm session that the codec uses to decrypt samples in-place.
Created from a MediaDrm session ID. Passed to MediaCodec.configure() so the codec can decrypt encrypted buffers it dequeues from the extractor.
Android API (android.media.MediaDrm) for interacting with on-device DRM modules including Widevine.
MediaDrm exposes openSession, getKeyRequest, provideKeyResponse, getProvisionRequest, provideProvisionResponse, and getPropertyString/ByteArray. Sessions returned by MediaDrm are consumed by MediaCrypto, which the codec uses to decrypt samples.
Media Presentation Description — the XML manifest used by DASH.
Lists periods, adaptation sets, representations, segment templates and ContentProtection elements. The player parses it to choose tracks and to discover DRM init data.
The trusted core of Widevine on a device — runs in the TEE on L1 hardware.
OEMCrypto is the silicon-vendor-implemented TEE-side library that handles content keys, performs decryption, and enforces output rules. Its API is defined by Widevine and ported by each chipset vendor.
Rules about what physical outputs (HDMI, analogue, screencap) are allowed for protected content.
Encoded in the license policy. A device that can't satisfy the policy (e.g. no HDCP) must refuse to play, downgrade resolution, or block specific outputs.
A license stored on the device so content can be played offline later, possibly without network.
Used for download-to-go scenarios. Subject to a separate set of policy fields: persistence allowed, expiry, max play count. The device must be capable of secure persistent storage to be allowed persistent licenses by studios.
The one-time process where a device receives its unique Widevine identity and keys from Google.
Provisioning happens before any license can be issued. The device proves it has a valid device certificate (factory-installed for L1, dynamically provisioned for L3). Without provisioning the CDM cannot speak to a license server.
The current Widevine provisioning model with per-app/per-origin device certificates.
Provisioning 3.0 isolates apps so a token leaked from one app is not reusable by another. Older provisioning models granted broader certificates and are being phased out.
Protection System Specific Header — a box in CENC-encrypted media that carries DRM-specific init data.
Each DRM has a unique system ID. Widevine's is edef8ba9-79d6-4ace-a3c8-27dcd51d21ed. The PSSH box contains data the CDM needs to recognise the content and request a license — typically the key IDs and Widevine-specific blob.
Google's open-source JavaScript video player with built-in EME / DASH / HLS support.
Shaka Player is the canonical reference implementation for EME on the web, often used as a starting point for integrators. Mirror project for Android exists (Shaka Packager handles the encoding side).
A license that exists for the duration of a playback session and is not stored.
Most VOD playback uses streaming (in-memory) licenses. They cannot be reused after the player tears down the session.
Trusted Execution Environment — a hardware-isolated execution context (ARM TrustZone, Intel SGX, etc.).
Code and data inside the TEE are protected from the rich OS. On Widevine L1 devices, content keys and decrypted samples live inside the TEE so even root on the rich OS cannot extract them.
Google's DRM, integrated into Chrome, ChromeOS, Android, smart TVs and many set-top boxes.
Widevine is one of the three major studio-approved DRMs (alongside Apple FairPlay and Microsoft PlayReady). It uses a Content Decryption Module (CDM) on the device, identified by a unique device certificate provisioned by Google.