Streaming Platform Products
Virtual & Dedicated Servers Products
Serverless Computing Products
AI & Machine Learning Products
Private and Hybrid Solutions Products
Custom Services Products
Media & Entertainment
IT / Technology
Security & Protection
Unique content requires protection.
If the video is poorly protected, then it will be quickly copied or watched without payment. You’ll either never know about it, or you’ll be too late.
The types of video content that need protection the most are:
Unauthorized access can jeopardize trade secrets or revenue-raising strategies. If a streaming service contains confidential or personal customer data, then its protection is always a priority for the business.
We’ll tell you about two effective ways to protect your video content: access control and encryption.
The first block of our security options allows you to control access to your broadcasts and videos. With it, you can provide videos only for a fee or by using secret links.
These two options work in a similar way: you can either allow viewing (for example, only within your subnet), or the other way around, by prohibiting some IP addresses from watching broadcasts while allowing everyone else.
The video in this case can be viewed only on your resource or only in a certain country/region. Protected broadcasts or movies can’t be copied and downloaded.
Geo-blocking is blocking content by region. This solution will help if you have obtained broadcasting rights for certain countries only.
For example, football matches that can be broadcast only on the territory of China. If a viewer from another country tries to connect, they will be shown a dummy screen “Broadcast not available in your region”. Or, maybe you’re broadcasting the premiere of a film only available in select countries.
For corporate events, such as training webinars, the security service may require that video access is only allowed within the office network. For such cases, you can restrict the broadcast to the corporate subnet.
Paid online TV must work with OTT boxes so that only users who have purchased a subscription can watch the broadcasts. With our Streaming Platform, you can choose the types of devices from which viewers can watch.
Competitors may copy the player with the broadcast from your website to other pages. You can restrict the placement of the player to your domain only, and then it won’t be possible to embed it into other web resources.
All of the above protection methods work based on nginx configurations.
For blocking by country, we use the nginx geomodule in combination with the Maxmind IP base.
You can enable or disable protection in your personal account, in the settings of the CDN resource associated with streaming.
All these methods guarantee only basic protection against copying and unauthorized access.
For example, blocking by country will filter out most of the connection attempts from restricted countries, but a slightly more advanced viewer might use a VPN or other hacking methods.
Domain protection won’t allow embedding the player into other resources, but pirates can pull direct links to broadcasts from the player, even if it takes more time and effort.
You’ll find the guide for configuring content protection options in the dedicated “Security” section of our knowledge base.
Access to content via one-time links helps to exclude some unauthorized connections to broadcasts and videos.
You can only give content links to those who have purchased a subscription. If the link somehow falls into the wrong hands, then, after a certain time (you control this parameter), it will expire, and it will be quite difficult to find a new key to the link.
If your content is in the public domain and you want to prevent competitors from copying videos, this option will also help. You can generate very short lifespan links and automatically replace them in your application. Thus, it will be possible to play content outside the application for only a few minutes or seconds.
We use the nginx module to generate an MD5 token and add it to the links to a live stream or video after transcoding.
When generating a token, three parameters are included:
The output is a unique link (with a unique key in it) that works only for a limited time. After the expiration date, it becomes irrelevant, and when it’s given to third parties, it will no longer be possible to access the content.
You can enable support for generating Secure Token in the settings of the CDN resource associated with streaming in your personal account.
You will need to generate unique links on your side using scripts.
Examples of scripts in several programming languages can be found in the article “Protecting live streams and VOD with token”.
AES encryption is suitable for any case when you need to provide access only for a certain group of viewers.
These are mainly views by subscription and premiere screenings of films, when fresh content should be leaked to torrents as late as possible and be available only to those who have paid for access.
This protection is more reliable than the methods described above, as it’s rather difficult for an ordinary viewer to intercept and decrypt the keys. For maximum protection, you can combine AES encryption with blocking by country or domain.
We deliver video using an HLS protocol, which means that the video is split into playlists consisting of fragments (chunks). To protect a video from interception in HLS format, there is a standard HLS AES encryption method (encryption using the AES-128 algorithm).
When using AES encryption, all video fragments are transmitted to viewers in encrypted form, and viewers receive a key to decrypt the video in a separate request. The customers decide for themselves (based on cookies and other session parameters) which of the viewers should be given the key, and who should be prohibited from viewing.
Please contact us to configure AES encryption. We’ll enable AES support on our side and provide instructions for configuring the server for issuing keys.
Each request for viewing is sent to your server, and only you determine, according to your parameters, whether the viewer can see the video or not. If the viewer has access, your server must send a request to our API to obtain keys and give the viewer a key for decryption.
This is an option to protect premium content at the highest level.
DRM guarantees one of the highest levels of protection for video content. The use cases are the same: restricting access to paid or exclusive content.
The disadvantage of DRM is that it’s a complex and expensive technology. However, it makes intercepting keys almost impossible. Usually, in the case of DRM, the viewing key is issued to the viewer and decrypted at the level of the operating system of their device. At the same time, copying or modifying content for the viewer using the received key remains impossible.
With AES-128 encryption, key interception is still possible. Keys are requested and transmitted by the browser, which means that, in theory, advanced viewers can decrypt the key and pass it on to a third party who doesn’t have authorization to access the content.
DRM negates this possibility, as the keys for viewing are requested and decrypted not by the browser, but by the operating system.
Gcore ensures integration with all major platforms through DRM encryption: FairPlay Streaming (Apple), PlayReady (Microsoft) or Widevine (Google) for real-time live streaming and video on demand (VOD).
Our Streaming Platform offers simultaneous use of all official licenses so that viewers can purchase access to content from any device.
Want to protect your video content with advanced technology? Leave a request for a free consultation or try our streaming platform yourself.
At Gcore, we’re tech evolution and adaptability are our bread and butter. Recently, we embarked on a new project: migrating…
In our interconnected, digital world, privacy is paramount. To maintain your data privacy when using Instagram, Telegram, and other services,…
In this tutorial, we’ll explore how to install Quake III Arena, a popular first-person shooter, in Docker, and then play…