Unique content requires protection.
If the video is poorly protected, then it will be quickly copied or watched without payment. You’ll either never know about it, or you’ll be too late.
The types of video content that need protection the most are:
- Tutorials and webinars which are downloaded without payment or shared.
- Corporate videos that should be restricted to viewing by company employees only.
- Financial and analytical streams which might be published on other resources without attribution.
- Sports events that must have geo-restrictions to be broadcast on a certain territory only.
- Unique TV shows and movies which are be downloaded for illegal viewing and distribution.
Unauthorized access can jeopardize trade secrets or revenue-raising strategies. If a streaming service contains confidential or personal customer data, then its protection is always a priority for the business.
We’ll tell you about two effective ways to protect your video content: access control and encryption.
Content access control
The first block of our security options allows you to control access to your broadcasts and videos. With it, you can provide videos only for a fee or by using secret links.
These two options work in a similar way: you can either allow viewing (for example, only within your subnet), or the other way around, by prohibiting some IP addresses from watching broadcasts while allowing everyone else.
The video in this case can be viewed only on your resource or only in a certain country/region. Protected broadcasts or movies can’t be copied and downloaded.
Geo-blocking is blocking content by region. This solution will help if you have obtained broadcasting rights for certain countries only.
For example, football matches that can be broadcast only on the territory of China. If a viewer from another country tries to connect, they will be shown a dummy screen “Broadcast not available in your region”. Or, maybe you’re broadcasting the premiere of a film only available in select countries.
Access within a corporate network or blocking by IP address
For corporate events, such as training webinars, the security service may require that video access is only allowed within the office network. For such cases, you can restrict the broadcast to the corporate subnet.
Access from certain devices only
Paid online TV must work with OTT boxes so that only users who have purchased a subscription can watch the broadcasts. With our Streaming Platform, you can choose the types of devices from which viewers can watch.
Blocking by domain
Competitors may copy the player with the broadcast from your website to other pages. You can restrict the placement of the player to your domain only, and then it won’t be possible to embed it into other web resources.
How does it work?
All of the above protection methods work based on nginx configurations.
You can enable or disable protection in your personal account, in the settings of the CDN resource associated with streaming.
All these methods guarantee only basic protection against copying and unauthorized access.
For example, blocking by country will filter out most of the connection attempts from restricted countries, but a slightly more advanced viewer might use a VPN or other hacking methods.
Domain protection won’t allow embedding the player into other resources, but pirates can pull direct links to broadcasts from the player, even if it takes more time and effort.
You’ll find the guide for configuring content protection options in the dedicated “Security” section of our knowledge base.
Tokenization and signed URLs
Access to content via one-time links helps to exclude some unauthorized connections to broadcasts and videos.
You can only give content links to those who have purchased a subscription. If the link somehow falls into the wrong hands, then, after a certain time (you control this parameter), it will expire, and it will be quite difficult to find a new key to the link.
If your content is in the public domain and you want to prevent competitors from copying videos, this option will also help. You can generate very short lifespan links and automatically replace them in your application. Thus, it will be possible to play content outside the application for only a few minutes or seconds.
How does it work?
We use the nginx module to generate an MD5 token and add it to the links to a live stream or video after transcoding.
When generating a token, three parameters are included:
- Link lifetime.
- Original link to the file.
The output is a unique link (with a unique key in it) that works only for a limited time. After the expiration date, it becomes irrelevant, and when it’s given to third parties, it will no longer be possible to access the content.
You can enable support for generating Secure Token in the settings of the CDN resource associated with streaming in your personal account.
You will need to generate unique links on your side using scripts.
Examples of scripts in several programming languages can be found in the article “Protecting live streams and VOD with token”.
AES-128 content encryption
AES encryption is suitable for any case when you need to provide access only for a certain group of viewers.
These are mainly views by subscription and premiere screenings of films, when fresh content should be leaked to torrents as late as possible and be available only to those who have paid for access.
This protection is more reliable than the methods described above, as it’s rather difficult for an ordinary viewer to intercept and decrypt the keys. For maximum protection, you can combine AES encryption with blocking by country or domain.
How does it work?
We deliver video using an HLS protocol, which means that the video is split into playlists consisting of fragments (chunks). To protect a video from interception in HLS format, there is a standard HLS AES encryption method (encryption using the AES-128 algorithm).
When using AES encryption, all video fragments are transmitted to viewers in encrypted form, and viewers receive a key to decrypt the video in a separate request. The customers decide for themselves (based on cookies and other session parameters) which of the viewers should be given the key, and who should be prohibited from viewing.
How to set up AES content encryption
Please contact us to configure AES encryption. We’ll enable AES support on our side and provide instructions for configuring the server for issuing keys.
Each request for viewing is sent to your server, and only you determine, according to your parameters, whether the viewer can see the video or not. If the viewer has access, your server must send a request to our API to obtain keys and give the viewer a key for decryption.
Premium content encryption using DRM technology
This is an option to protect premium content at the highest level.
DRM guarantees one of the highest levels of protection for video content. The use cases are the same: restricting access to paid or exclusive content.
The disadvantage of DRM is that it’s a complex and expensive technology. However, it makes intercepting keys almost impossible. Usually, in the case of DRM, the viewing key is issued to the viewer and decrypted at the level of the operating system of their device. At the same time, copying or modifying content for the viewer using the received key remains impossible.
How does it work?
With AES-128 encryption, key interception is still possible. Keys are requested and transmitted by the browser, which means that, in theory, advanced viewers can decrypt the key and pass it on to a third party who doesn’t have authorization to access the content.
DRM negates this possibility, as the keys for viewing are requested and decrypted not by the browser, but by the operating system.
Which DRM platforms do we support?
Gcore ensures integration with all major platforms through DRM encryption: FairPlay Streaming (Apple), PlayReady (Microsoft) or Widevine (Google) for real-time live streaming and video on demand (VOD).
Our Streaming Platform offers simultaneous use of all official licenses so that viewers can purchase access to content from any device.
Want to protect your video content with advanced technology? Leave a request for a free consultation or try our streaming platform yourself.