Encrypted Media Extensions

Description

Encrypted Media Extensions (EME) is a specification that defines a JavaScript API for controlling the playback of protected content in web browsers. It acts as an intermediary layer between web applications and Content Decryption Modules (CDMs), which are responsible for decrypting encrypted media streams. The architecture involves the web application requesting a MediaKeySession from the browser's MediaKeys object, which then communicates with the CDM to handle license acquisition and decryption. Key components include the MediaKeys interface for managing keys, MediaKeySession for individual decryption sessions, and the CDM which performs the actual cryptographic operations, often implemented as a platform-specific module or hardware security element.

EME works by allowing web applications to detect supported DRM systems via the requestMediaKeySystemAccess API. Once access is granted, the application creates a MediaKeySession and provides encrypted media data, typically packaged in formats like MPEG-DASH or HLS with Common Encryption (CENC). The CDM, through the EME interface, fetches licenses from a license server, decrypts the content, and feeds the clear media to the browser's media pipeline for playback. This process ensures that decrypted content never leaves the secure environment of the CDM, maintaining content protection.

In the 3GPP ecosystem, EME is crucial for enabling premium media services, such as mobile TV and video streaming, over LTE and 5G networks. It standardizes DRM interoperability, allowing content providers to deploy services across a wide range of devices without custom integrations for each DRM technology. EME's role extends to ensuring compliance with content owner requirements for secure distribution, thereby facilitating the commercial viability of high-value media over mobile broadband. Specifications like 26.307, 26.804, 26.857, and 26.907 detail its integration with 3GPP multimedia services, covering aspects like streaming protocols and quality of experience.

Purpose & Motivation

EME was created to address the lack of a standardized, cross-platform method for playing DRM-protected content in web browsers. Prior to EME, content providers relied on browser plugins like Adobe Flash or Silverlight, which were insecure, inefficient, and not supported on all devices, especially mobile. This fragmentation hindered the delivery of premium video services over the web and mobile networks, limiting business models for streaming media.

The motivation for EME stemmed from the growing demand for encrypted streaming services, such as Netflix and Hulu, which required robust content protection to satisfy licensing agreements. By providing a common API, EME enables browsers to interface with various DRM systems (e.g., Widevine, PlayReady, FairPlay) without exposing sensitive decryption logic. This solves the problem of device and platform diversity in the mobile ecosystem, allowing seamless content delivery across smartphones, tablets, and other connected devices.

Historically, 3GPP incorporated EME in Release 12 to support multimedia services over LTE, recognizing the need for secure media delivery as part of its broader multimedia standards. It addressed limitations of earlier approaches by eliminating plugin dependencies, improving security through sandboxed CDMs, and enhancing performance by integrating decryption into the browser's native media stack. This evolution was driven by industry collaboration among browser vendors, content providers, and standards bodies to create an open web standard for encrypted media.