Locking Down Your Video Catalog
When a company is just starting to grow an audience or video catalog with its own content, preventing the threat of stream
theft and revenue loss may not be seen as a business goal worth the extra development expense.
However, once a company has established recurring revenue, built a significant volume of
video material, and/or has set aside more budget for video pipeline development, it becomes
more of a priority. Thankfully, you can lock down
your streaming assets in multiple ways.
Tokenized access, or tokenization: Video providers often expose the file names of their video assets directly in <video> tags, HLS, or RTMP
URLs supplied to their video player configuration. Anyone watching video streams can typically see these stream URLs, such as http://
myserver.com/assets/video_file.mp4, in the
page source or in the network console readily
available in desktop browsers. A better way to
provide access to your video content is a process called tokenization, where, ideally, each
playback request (or page load) generates a
unique URL to the video that expires once the
URL is loaded or after a very short time interval. The video asset may no longer have an MP4
file name in the page source—it could be something very unlike a video name, such as http://
myserver.com/token/A1FQ4GC1ST. This URL
would point to a dynamic page (PHP, Ruby, Python, etc.) or streaming server module that
processes the request to return the actual bytes
of the video file to the player.
AES-128 encryption: If you’re employing HLS
or MPEG-DASH playback with your video content, you can dynamically encrypt the segments
listed in the manifest format with AES-128. A
streaming server such as Wowza Streaming Engine can rotate the encryption keys so that each
playback or session has a unique key. Such key
encryption doesn’t necessarily need to involve a
third-party digital rights management (DRM)
solution, which is discussed next. The good
news for AES-128 encryption is that you may not
need to employ third-party DRM libraries to decrypt playback on mobile devices or in browsers that support EME (Encrypted Media Extensions) or native HLS playback.
DRM system: If you want to provide the high-
est level of protection for your video content, you
can also pursue industry standard encryption
and license management such as Microsoft Play-
Ready or Google Widevine. The general process
with any DRM workflow is to encrypt the video
content with a content key, and then to generate
license files that accompany the encrypted con-
tent and dictate the usage rights for video play-
back. DRM solutions are typically the most ex-
pensive security measures to implement, both
from an actual development budget and from a
licensing perspective. DRM companies will like-
ly charge an annual or monthly fee for access
to their encryption technology as well as per-
device/per-playback charges. One of the most
expensive elements of a DRM solution is the
mobile SDK (software development kit) license
that will handle the decryption and playback
of DRM managed content on a mobile device.
Forensic-based watermarking: You can also
employ technology that will imprint an invisible
watermark into the video picture that uniquely identifies the video that has been served to
an end user. While watermarking won’t prevent playback of the video, the technology can
very precisely locate a source that has leaked
your content to an unauthorized party, such as
a torrent network. Digital projectors at movie theaters have signed copies of the movies
they host, and an illegal recording in a movie
theater that is then distributed online can be
traced back to that theater. The same technology can be employed for users who use HDMI/
HDCP decryption hardware for a watermarked
stream served to OTT or mobile devices.
In the end, it’s up to each company to determine the resources they want to commit in order to lock down playback. If you own the rights
to your content, you’ll have the difficult decision
of determining when enough is enough. If you license your video content from other parties, the
decision of what’s needed will likely be dictated
by those parties.
Robert Reinhardt ( firstname.lastname@example.org) is founder of VideoRx and
is internationally regarded as an expert on multimedia application
development and online video, particularly in HTML5, iOS, Flash,
AVC/H.264, and HEVC/H.265.
Comments? Email us at email@example.com, or check
the masthead for other ways to contact us.