While doing some research on secure video delivery technologies and DRM I was not able to understand the differences between using EME + ClearKey with key configured in a player itself (like this option from BitMovin) or getting the key from license server (as suggested in this answer).
If I understand correctly when using commercial DRM systems decryption process is done in CDM and therefore the private keys and decrypted data are kept in a secure environment within the browser, operating system, and hardware (if supported). At the same time BitMovin documentation mentions, that when using ClearKey in player configuration ‘the decryption on the client side doesn't happen in an isolated secure environment as it is the case with an actual DRM solution, it is handled by a HTML5 player directly.’
My question is: how decryption works when you use normal license request mechanism with ClearKey? Is it more robust in terms of decryption process than having keys in player configuration? Does decryption happen in isolated environment?
I understand that from key security point of view this solution is still much less secure than using commercial DRM-system, but I want to have full information for proper comparison. My goal is to choose the right technology for video content delivery for small educational business.
The encryption concerning ClearKey is likely not any different than other DRM systems - hence the name Common Encryption (cenc). The key exchange is different - as name implies the ClearKey key exchange happens in the clear. So you could hard code the key and key id and side load it into the player or implement a simple key server. But the JavaScript code getting and setting the key can easily be reverse engineered and you can eavesdrop on the key exchange. For me as a developer ClearKey is a DRM system for testing the encryption process without worrying about setting up a license server or renting a license server.
If I can make encrypted DASH packages using ClearKey that play in Chrome using dash.js - then I know I got the encryption right.