Skip to main content

Security

I want to provide only certain resolutions for Widevine L3 security level. How do I do that?​

You could customize it with the Entitlement Message by applying different policies with different Widevine device security levels to different keys. As L3 is the default, you can keep the default Widevine device security level for keys associated with L3 quality levels. Alternatively, you can explicitly specify L3 for reasons of clarity. For the keys that require a security level higher than L3, you need to specify it explicitly.

How to handle unauthorized DRM calls that third parties could make?​

Generally, third parties should not be able to use our license services as they can't create valid license tokens. To create a valid token, they need the exact communication key which is a secret. When the license server receives an invalid license token, the license service will not return a license for that request.

If they have captured valid tokens by, e.g., registering as a user and then continuing to "misuse" the token by using it in their own calls, then a solution could be to:

  • Ban such users

  • Also make sure the tokens generated by you are short-lives(as short as reasonably possible), so the mis-use would be limited to a short time frame.

  • Finally, it is also possible to limit access to only certain devices. Whether this is viable and how exactly it should be done depends on the details. For example, it is possible to whitelist or blacklist certain specific devices or models or certain platforms. Most such restrictions would need to be implemented in a custom proxy that allows/denies licenses based on additional device information returned by our services.

Was this page helpful?