Fallback HDCP

In this topic, you will learn about using HDCP-protected content to block streaming on unauthorized devices, with a standard definition fallback for devices that do not support HDCP.

What is HDCP?

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection used to protect high definition (HD) video and audio signals from being copied on unauthorized devices. The transmitting device first checks if the receiver is authorized to receive data. If yes, then the transmitter sends encrypted data to prevent eavesdropping.

The receiving setup must be HDCP compliant, including devices, cables, adaptors, and software drivers. If the receiver is not HDCP compliant, then video will play in standard definition (SD) only. In general, newer HDTVs and HDMI or DVI cables should be HDCP compliant.

To make a device HDCP compatible, the manufacturer must obtain a license from the Intel subsidiary, Digital Content Protection LLC, and pay an annual fee. There are three types of security rules:

  • Data traveling through HDCP-enabled cabling is encrypted to stay hidden from cyber criminals
  • Digital devices that have been compromised have their keys taken away, so the device can no longer get data
  • Authentication prevents data and content from being sent to devices that don’t have a license

For details about HDCP, see the Wikipedia page about High-bandwidth Digital Content Protection.

Learn how Hardware Security levels relate to HDCP.

How does Brightcove protect your content using HDCP?

Content owners may want to protect their content with DRM and force HDCP for specific hardware setups. For devices that don't support HDCP, Brightcove will provide a fallback experience using lower quality SD renditions.

To accomplish this, we use multiple keys that unlock different renditions. The player uses a DRM keychain for multiple keys and switches as needed. There will be three keys for each protection type instead of just one.

There will be one key for each:

  • audio
  • HD
  • SD

Workflow

  1. Enable your account for Fallback HDCP.
  2. The player makes a request to the Playback API for video content.
  3. If the player finds HDCP-protected video data, then it will check the device.
  4. For HDCP-enabled devices, the player will use the associated DRM key and play the encrypted HD renditions.
  5. For hardware that is not HDCP compliant, playback will use SD renditions with a lower level of protection.

Notes:

  • All renditions will be protected with DRM
  • Each key is set to unlock multiple renditions, allowing Brightcove to continue to deliver the best rendition for the device being used

How do I enable my account?

This feature is available for any account that is enabled for DRM protection. Contact your Customer Success Manager to enable this feature.

For details about DRM, see the Overview: Digital Rights Management (DRM) document.

Hardware Security

Each DRM type implements a set of industry standards to protect content as it is distributed over the internet and played back on devices. They do this by providing security levels for devices.

FairPlay

This table shows how hardware security levels relate to HDCP.

Hardware security levels and HDCP
Security level Description Devices
Not required HDCP is not enforced. All devices
Type 0 required HDCP type 0 content streams is enforced. Streams are transmitted by the HDCP repeater to all HDCP devices.
Type 1 required (Highest) HDCP content type 1 (HDCP version 2.2 or later) is enforced. Streams may not be transmitted by the HDCP repeater to HDCP 1.x-compliant devices or HDCP2.0-compliant repeaters.

Widevine

A common implementation solution is to stream premium HD content only on devices supporting L1 security. Most Android devices for instance support L1 security. L2 and L3 devices (such as Chrome on Desktops) on the other hand receive standard-quality video streams.

This table shows how hardware security levels relate to HDCP.

Hardware security levels and HDCP
Security level Description Devices
Level: L1 (Highest) Video decryption and processing is performed in a hardware Trusted Execution Environment (TEE). Most Android and ChromeOS devices
Level: L2 Video decryption occurs in a hardware Trusted Execution Environment (TEE), but video processing occurs outside TEE.
Level: L3 Does not have a TEE, but may include a hardware cryptographic engine. Legacy Android and ChromeOS devices

PlayReady

PlayReady provides security levels that define how robust the client is against unauthorized use. For details, see Microsoft's Security Level document.

This table shows how hardware security levels relate to HDCP.

Hardware security levels and HDCP
Security level Description Devices
SL2000 For hardened devices and applications consuming commercial content. For devices and applications.
Assets, client secrets, or content secrets are protected through software or hardware means.
SL3000 (Highest) For hardened devices with the highest security consuming the highest quality of commercial content. For devices only.
Assets, client secrets, and content secrets are protected through hardware means, using a Trusted Execution Environment (TEE) of the processor. Uses a superset of the compliance and robustness requirements.

How are renditions managed?

Video renditions are managed as follows:

Video resolutions
Resolution Video dimension
Standard Definition (SD) height < 720
High Definition (HD) height >= 720 and height < 2160
Ultra High Definition (UHD) height >= 2160