Why am I not allowed to send the DRM key to video player?


I don’t know exactly, and I am still thinking.

This is the current DRM flow: I, as the content provider, use a key to encrypt my video, and send to player, e.g. JW Player. I send the key to Third Party DRM Provider, e.g. DRMToday, and DRMToday sends the key to JW Player.

I cannot send my key to JW Player unless I have a contract with DRM OEM, e.g. Google WideVine. Why is a contract required? I think it is related to the fact that DRM is never open source; it’s security-by-obscurity. The contract would say: WideVine provides SDK to DRMToday to obscure the key, and DRMToday promises to keep obscuring process a secret. Otherwise, unauthorized party may get the key in clear text and therefore decrypt the video and defeat the DRM.

Advertisements