-
Notifications
You must be signed in to change notification settings - Fork 79
Widevine Entity Authentication
The Widevine entity authentication scheme is used by devices with the Widevine CDM. It does not provide encryption or authentication and only identifies the entity. Therefore entity identities can be harvested and spoofed. The entity identity is composed from the provided device type and Widevine key request data. The Widevine CDM properties can be extracted from the key request data.
When coupled with the Widevine key exchange scheme, the entity identity can be cryptographically validated by comparing the entity authentication key request data against the key exchange key request data.
Note that the local entity will not know its entity identity when using this scheme.
This scheme is identified by the string WIDEVINE.
authdata = {
"#mandatory" : [ "devtype", "keyrequest" ],
"devtype" : "string",
"keyrequest" : "string",
}| Field | Description |
|---|---|
| devtype | Local entity device type |
| keyrequest | Widevine key request |
An arbitrary value identifying the device type the local entity wishes to assume. The data inside the Widevine key request may be optionally used to validate the claimed device type.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide