Products
Products
Video Hosting
Upload and manage your videos in a centralized video library.
Image Hosting
Upload and manage all your images in a centralized library.
Galleries
Choose from 100+templates to showcase your media in style.
Video Messaging
Record, and send personalized video messages.
CincoTube
Create your own community video hub your team, students or fans.
Pages
Create dedicated webpages to share your videos and images.
Live
Create dedicated webpages to share your videos and images.
For Developers
Video API
Build a unique video experience.
DeepUploader
Collect and store user content from anywhere with our file uploader.
Solutions
Solutions
Enterprise
Supercharge your business with secure, internal communication.
Townhall
Webinars
Team Collaboration
Learning & Development
Creative Professionals
Get creative with a built in-suite of editing and marketing tools.
eCommerce
Boost sales with interactive video and easy-embedding.
Townhall
Webinars
Team Collaboration
Learning & Development
eLearning & Training
Host and share course materials in a centralized portal.
Sales & Marketing
Attract, engage and convert with interactive tools and analytics.
"Cincopa helped my Enterprise organization collaborate better through video."
Book a Demo
Resources
Resources
Blog
Learn about the latest industry trends, tips & tricks.
Help Centre
Get access to help articles FAQs, and all things Cincopa.
Partners
Check out our valued list of partners.
Product Updates
Stay up-to-date with our latest greatest features.
Ebooks, Guides & More
Customer Stories
Hear how we've helped businesses succeed.
Boost Campaign Performance Through Video
Discover how to boost your next campaign by using video.
Download Now
Pricing
Watch a Demo
Demo
Login
Start Free Trial
Widevine DRM encrypts video content using AES-128 or AES-256 encryption before distributing it through CDNs. The encryption process generates keys and license policies that enforce access control. CDNs store and serve the encrypted content while delegating license acquisition to Widevine license servers. The following pseudocode demonstrates a typical encryption request to Widevine: CDN Edge Caching and Tokenized Authorization CDNs cache encrypted segments at edge locations to reduce latency. Widevine integrates with token-based authentication systems to validate requests before serving content or issuing licenses. A typical token payload includes: { 'issuer': 'streaming_provider', 'exp': 1735689600, 'content_key_id': 'a1b2c3d4e5', 'ip_range': '192.0.2.0/24' } Explanation : issuer : Identifies the entity generating the token. exp : Sets token expiry time in Unix epoch. content_key_id : Links the token to a specific encrypted asset. ip_range : Restricts access to a specific IP subnet. Key Delivery and License Acquisition Workflow Client Requests Encrypted Content from CDN The client application works on a mobile or desktop platform and initiates an HTTP request targeting a Content Delivery Network (CDN) endpoint. The request includes a signed access token containing parameters such as expiration time, user ID, IP address constraints, and a cryptographic signature for authentication. CDN Validates Token and Serves Encrypted Segments Upon receiving the request, the CDN parses the token and verifies its integrity by checking the signature against a shared key or public key infrastructure. Validation includes confirming the token’s expiration timestamp and comparing the client IP address against any embedded IP restrictions. If the token passes all checks, the CDN responds with AES-encrypted media segments, encodes using Common Encryption (CENC), and segments as per MPEG-DASH or HLS packaging specifications. Client Sends License Request to Widevine Server After retrieving the file, the client extracts the Protection System Specific Header (PSSH) box, which includes system ID, content ID, and initialization data encoded for Widevine DRM. The client constructs a license request message and incorporates the PSSH payload & device-specific credentials provisioned via Widevine DRM APIs. The request is transmitted to the Widevine license acquisition endpoint over HTTPS. Widevine Verifies Rights and Issues Decryption Keys The Widevine license server evaluates the license request by checking the device security level, provisioning status, content entitlement, and playback policy defined by the content provider. If the license request satisfies all conditions, the server generates a content key and encrypts it using the device’s keybox. The license response includes the encrypted key and associated license metadata. Client Decrypts and Renders Content The client’s Widevine Content Decryption Module (CDM) operates within a Trusted Execution Environment (TEE) or Secure Element (SE), unpacks the license response, and unwraps the content key using the device’s keybox. Then, the CDM applies the unwrapped AES key to decrypt the incoming media segments during playback. Decryption and decoding are performed in a secure path to protect media throughout the rendering pipeline. Widevine DRM in Mobile Video Streaming Workflows Mobile-Specific CDN Optimizations for Widevine Mobile streaming workflows use adaptive bitrate (ABR) protocols like HLS or DASH, which rely on CDN caching for efficient delivery. Widevine supports multiple encryption modes, including CENC (Common Encryption) : Used for DASH streams. CBCS (AES-CBC) : Preferred for HLS on iOS devices. The following snippet shows a Widevine-protected DASH stream:
AAAAPXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAB8aEHNhbXBsZV9jb250ZW50X2tleQ==
Explanation: schemeIdUri : Identifies Widevine’s DRM system. cenc:pssh : Contains the initialization data for license requests. Device-Level Decryption and Performance Considerations Mobile devices handle decryption in hardware-secured environments (e.g., Trusted Execution Environment or Secure Enclave). Widevine’s CDM (Content Decryption Module) interfaces with platform-specific APIs: MediaDrm mediaDrm = new MediaDrm(UUID.fromString('EDEF8BA9-79D6-4ACE-A3C8-27DCD51D21ED')); mediaDrm.getKeyRequest( sessionId, initData, 'video/mp4', MediaDrm.KEY_TYPE_STREAMING, optionalParameters ); Explanation : MediaDrm : Android API for Widevine DRM operations. initData : PSSH box from the DASH. KEY_TYPE_STREAMING : Indicates a streaming license request. Latency Mitigation in Mobile Streaming CDNs reduce latency through: Prefetching licenses : Acquiring digital rights licenses before playback begins to reduce wait time. Edge-based key rotation : Updating encryption keys at CDN edge servers to minimize the repeated round-trips to a central license server. The table below compares standard vs. optimized license workflows: