Content Protection at M2A
This blog was written by Andy Wilson, VP of Customer Success.
If you are reviewing this blog, you likely have a solid understanding of content protection within the realm of online video and live streaming. Content protection encompasses the secure (encrypted, authenticated, and authorized) acquisition of media sources and their transport to content ingest services for processing. This includes robust authentication and authorization at ingest points, encrypted handling of transported streams through your ingest service, and secure handoff to content processing (such as transcoding). For OTT (over-the-top) services, this process extends to secure packaging at your origins with content encryption (using your preferred DRM/encryption choice) per ABR variant, asset, or collection as required, or for those desiring high levels of security (and cost) per requested JIT session.
You may have also implemented authentication tokens between your CDN partners and your origins to validate that only authorized networks request objects from your origins. Furthermore, a robust authentication and authorization scheme for your users may be in place, covering their media playback requests on devices you deem secure (through your DRM client’s environmental constraints and DRM license policy instructions). You might even have further secured playback session management linked to your DRM license issuance, ensuring that a player does not exceed their contractual concurrency or location agreements. In essence, you are adhering to best practices from acquisition, processing, and content delivery perspectives.
Yet, despite these precautions, you might still find your content being shared on pirate sites. How is it possible that pirates continue to steal and remonetize your live streams, providing such a quick and seamless service to their users while evading your security mechanisms?
This ongoing challenge reflects the rapidly evolving game of cat and mouse between content protection service vendors, core technology proponents (including standards bodies, software, and hardware vendors), and the vast number of pirates operating worldwide. As standards are updated or new ones are developed, it is not only security vendors who are paying attention—pirates are equally observant. Once new technology is deployed, efforts quickly shift to testing and, eventually, exploiting any weaknesses in the system.
So, is this effort all in vain? Certainly not.
Revenue protection is essential for the ongoing health of OTT service operators and the rights owners or originators of the content (although the latter typically receive payment regardless). By adhering to best practices throughout your end-to-end processing and delivery chain, you can mitigate the impact of casual piracy. This might include individuals sharing credentials with friends or family, or setting up simple restreaming systems (consider how widely compromised HDCP is with an $8 device from Amazon). The key to effective defense in depth, along with continuous vigilance in monitoring how your content is being consumed by users—whether legitimate or not.
An additional tool in your arsenal is forensic watermarking, which adds another layer of protection to your content. Forensic watermarking services consist of three key elements: embedding the watermark robustly, detecting its presence on the Internet, and taking appropriate remediation actions. Historically, getting all three elements right has been challenging and costly.
To achieve robust embedding, a recognizable payload must be inserted into your video frames in a manner that is ideally imperceptible to users. You also need a mechanism to identify illicit use of your content online. This aspect is typically managed as a black box service by security vendors, involving the acquisition of data on sources of pirate streams, the sites offering the content, and the territories originating the material. This process even extends to confirming whether the content being leaked is indeed yours, as opposed to the same “sportsball” match offered by a rival content operator. Once identified, the embedded watermark must be recovered promptly to trace the source of the leak. Finally, you have options regarding how to use this information: you could take rapid action to shut down the offending stream by revoking the playback session being used for restreaming (assuming you have implemented full best-practice heartbeats and revocation capabilities), or you might choose to monitor the situation further to gather intelligence for future action.
Where does M2A fit within this complex hierarchy of needs?
M2A typically operates at the content contribution or ingestion stage of the end-to-end ecosystem, with our hand-off point at the Player end being at the content origin (post-packaging). Built on the foundation of AWS Elemental Media Services, M2A provides a comprehensive suite of tools to ensure that your content is acquired, ingested, processed, and delivered securely. This includes insertion of imperceptible forensic watermarks within the video streams, packaging to industry standard Digital Rights Management (DRM) variants (with integrations to a multitude of DRM service provider’s key management systems), and packaging of imperceptible forensic watermarked variants as A/B variant outputs. Additionally, M2A offers services for the authentication and authorization of inbound CDN requests, as well as the unique mapping of content variants served in response to those requests, allowing for differentiation based on factors such as authentication type, region, or vendor.
If you’d like to learn more about content protection at M2A, feel free to reach out here. Additionally, if you’re attending IBC 2024 in Amsterdam, join M2A at 4 p.m. on Saturday at the Content Everywhere Stage in Hall 14, where Andy Wilson, VP of Customer Success, will participate in the ‘Keeping Content Everywhere Secure Everywhere’ panel alongside other industry experts.
Learn more about M2A at IBC 2024 here.
