We are able to deply a number of technologies to protect streams from unauthorised access.
These are subtly different depending on the streaming platform ( whether its live or not) but can consist of:
- Geo blocking by country
- Blocking by IP
- Blocking by registered login sessions
Secure link (http)
HTTP is the easiest way to get content beyond firewalls, especially corporate and public sector networks (e.g schools etc). However the protocol has also traditionally been tricky to secure.
With secure link technology, urls to content are protected by making the links themselves ephemeral. Links are created once a given user has logged in and the authenticity of a requested link is verified by comparing the checksum value passed in a request with the value computed for the request. If a link has a limited lifetime and the time has expired, the link is considered outdated.
Secure Token (RTMP)
SecureToken is a challenge/response-based security system that, when used in conjunction with RTMPS or RTMPE/RTMPTE, provides a high level of content protection against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret).
The way SecureToken works is that when a client connects to the server, a security module in the server software generates a unique key for the pending connection. The generated key is encrypted using a shared secret and is returned as part of the NetConnection.onStatus info object. The client decrypts the unique key using the same shared secret and sends the result back to the module. The server then compares this key to the originally generated key. The connection is rejected if the values don't match.
For accountability reasons, we can dynamically re-encode files to have dynamic data drive watermarks so that content is uniquely identifiable.