Protection
Last updated
Last updated
There are two main ways of protecting the content source stream
Authentication of the source manifest URL with a token or
Using an encryption method (DRM, Digital Rights Management) to secure the video and audio segments, which may be a requirement from the content rights holder/owner.
Both can be used independently or together to provide a higher level of content protection and must be applied on the origin/CDN (for token authentication) and within the encoding/packaging (for DRM) level.
Token authentication is the process of generating tokens on the CDN, associating them with an authenticated user session, and then validating the stream using these tokens to prevent unauthorized sharing of links to your content.
Serverside.ai supports token authentication via query string. Specify it on the channel configuration like this:
SERVERSIDE.AI supports encrypted media content. The encryption applies to each and every audio and video segment and prevents the playback without a valid license acquisition. The most common DRM systems use CENC(Commonencryption) for DASH and HLS (fmp4) and Fairplay for HLS(.ts).
For the content encryption workflow on the encoder/packager side and the license acquisition, decryption and playback on the player side, there are additional integration efforts required.
If you want to encrypt the media content, it must be encrypted with AES-128 or SAMPLE-AES. AES-128 encrypts or scrambles the TS while SAMPLE‐AES scrambles individual media (audio or video). Apple Fairplay stream uses SAMPLE‐AES.
Example
A media playlist with #EXT-X-KEY
Example UnifiedStreaming DASH CENC:
The Common Encryption Scheme (CENC) specifies standard encryption and key mapping methods that can be utilized by one or more digital rights and key management systems (DRM systems) to enable decryption of the same file using different DRM systems. The scheme operates by defining a common format for the encryption-related metadata necessary to decrypt the protected streams, yet leaves the details of rights mappings, key acquisition, and storage, DRM compliance rules, etc. up to the DRM system or systems supporting the 'cenc' scheme.
Signals to put the encryption headers in both the client manifest (the .mpd file requested by DASH players) and the initialization segment.
More concretely, the client manifest will have the following additional information:
Channel Url
https://your-domain.com/your-stream.m3u8?token=1234