Protection

There are two main ways of protecting the content source stream

  1. Authentication of the source manifest URL with a token​ or

  2. Using encryption method (DRM, Digital Rights Management)​ to secure the video and audio segments itself, which may is are requirement from the content rights holder/owner.

Both can be used independently or together to provide a higher level of content protection and must be applied on the origin/CDN (for token authentication) and within the encoding/packaging (for DRM) level.

API-Key or Token

Token authentication is the process of generating tokens on the CDN, associating them with an authenticated user session, and then validating the stream using these tokens to prevent unauthorized sharing of links to your content.

Serverside.ai supports token authentication via query-string. Specify it on the channel configuration like:

DRM

SERVERSIDE.AI supports encrypted media content. The encryption apply on each and every audio and video segment and prevent the playback without a valid license acquisition. The most common DRM systems use CENC(​Common​encryption) for DASH and HLS (fmp4) and Fairplay for HLS(.ts).

For the content encryption workflow on the encoder/packager side and the license acquisition, decryption and playback on the player side, there are additional integration effort required.

FairPlay for HLS

If you want to encrypt the media content, its must be encrypted with AES-128 or SAMPLE-AES. AES-128 encrypts or scrambles the TS while SAMPLE‐AES scrambles individual media (audio or video). Apple Fairplay stream uses SAMPLE‐AES.

Example

A media playlist with ​#EXT-X-KEY

#EXTM3U
#EXT-X-VERSION:3
#EXT-X-TARGETDURATION:10
#EXT-X-MEDIA-SEQUENCE:26 #EXT-X-KEY:METHOD=AES-128,URI="https://media.example.com/asset/key1.php?id=<s ignature>",IV=<initialization vector>
#EXTINF:9.901,
http://media.example.com/wifi/segment26.ts
#EXTINF:9.901,
http://media.example.com/wifi/segment27.ts #EXT-X-KEY:METHOD=AES-128,URI="https://media.example.com/asset/key2.php?id=<s ignature>"
#EXTINF:9.501,
http://media.example.com/wifi/segment28.ts

CENC for DASH

Example UnifiedStreaming DASH CENC:

The Common Encryption Scheme (CENC) specifies standard encryption and key mapping methods that can be utilized by one or more digital rights and key management systems (DRM systems) to enable decryption of the same file using different DRM systems. The scheme operates by defining a common format for the encryption related metadata necessary to decrypt the protected streams, yet leaves the details of rights mappings, key acquisition and storage, DRM compliance rules, etc. up to the DRM system or systems supporting the 'cenc' scheme.

Signals to put the encryption headers in both the client manifest (the .mpd file requested by DASH players) and the initialization segment.

More concretely, the client manifest will have the following additional information:

<ContentProtection
  schemeIdUri="urn:mpeg:dash:mp4protection:2011"
  value="cenc"
  cenc:default_KID="F859A410-3FB8060EE9D2"
  xmlns:cenc="urn:mpeg:cenc:2013"/>

<ContentProtection schemeIdUri="urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">
  <cenc:pssh xmlns:cenc="urn:mpeg:cenc:2013">
    AAAAaPSoCU0Q=
  </cenc:pssh>
</ContentProtection>

<ContentProtection
  schemeIdUri="urn:uuid:9a04f079-9840-4286-ab92-e65be0885f95"
  value="MSPR 2.0">
  <cenc:pssh xmlns:cenc="urn:mpeg:cenc:2013">
    AAA4A
  </cenc:pssh>
</ContentProtection>

Last updated