Security overview

    Follow

    Introduction
    This article explains how to build a website which uses secure video streaming. Different solutions require different levels of security and Screen9 supports many features to meet the varying requirements.

    When we talk about security, there are a few different concepts which are often grouped under the same umbrella:

    • Video content cannot be downloaded
    • Videos cannot be distributed to other users
    • Videos cannot be watched by unauthorized users

    As you will see below, Screen9 has technology that addresses each of these problems.

    Ways of protecting content
    Screen9 supports multiple ways to protect video content from being viewed and/or downloaded by unauthorised visitors. Below are the different functions enumerated:

    • HTTPS embed codes - Platform resources (such as the player and images) are hosted with SSL encryption.
    • Player handshake - The player shares a secret token with our streaming servers, which is used to identify the player as an authorized consumer of content. This means that only the Screen9 player can download the video stream and that the stream is protected from downloads by an unauthorised adversary.
    • IP/domain locking - Video playback is restricted to users from certain IP ranges or certain domains. This is useful if you only want your videos to show in your intranet.
    • Dynamic IP locking - Each time the web page is presented to the user, a unique dynamic video link exclusive to the particular end user's IP address is created. This method makes the video link available to any user which has access to the page that the video is published on, but the video cannot be viewed by anyone with a different IP address.
    • Geo blocking - Using the user’s IP address and an IP location database the service can block out users based on the country that they are located in.

    Dynamic IP locking explained


    This is a sequence diagram that explains how dynamic IP locking works. The steps are:

    1. End user authenticates with the protected website, for example using a login or a VPN solution.
    2. The end user navigates to a page with a video that shall be secured.
    3. The protected website requests an embed code from Screen9 which is locked to the IP address of end user and presents this embed code to the end user.
    4. The end user can now play the video but cannot share it with anyone because of the IP restriction.

    Recommended security solution
    Screen9 recommends the following setup to build a secure video streaming service:

    • Use secure authorisation on your website and display embed codes using dynamic IP locking. This means that videos are only visible to authorised end users.
    • Instead of dynamic IP locking a normal IP locking method can also be used if content is only to be displayed on an intranet with a fixed IP range.
    • Optionally, use geolocking to restrict your content to a certain region.

    Example code
    Below is example code which shows how to generate a dynamically IP locked video embed code using the XML-RPC API. Simply include the userip as a parameter to the getPresentation call and the resulting embed code will only work for a user with the specified IP address.

    Python

    #!/usr/bin/env python
    from xmlrpclib import Server
    hostname = '' # API host name assigned by Screen9
    userip = '1.2.0.0' # IP address of end user
    common = {
    'browser': '',
    'custid': 351161, # Customer ID assigned by Screen9
    'refer': '',
    'version': '2.0',
    'userip': userip,
    }
    mediaid = '' # set to the mediaid of the video to embed
    embedcode = server.getPresentation(common, mediaid, 0, {'embedtype' : 'universal', 'userip' : userip})
    server = Server('http://%s:7777' % hostname)
    print embedcode['universal']

    PHP

    <?php
    $HOST = ''; # API host name assigned by Screen9
    $CUSTID = ; # Customer ID assigned by Screen9
    $MEDIAID = ''; # set to the mediaid of the video to embed
    $userip = $_SERVER['REMOTE_ADDR'];
    $common = array(
    'browser' => $_SERVER['HTTP_USER_AGENT'],
    'custid' => $CUSTID,
    'refer' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'],
    'version' => '2.0',
    'userip' => $userip);
    $options = array('embedtype' => 'universal', 'userip' => $userip);
    $call_arguments = array($common, $MEDIAID, 0, $options);
    $request = xmlrpc_encode_request('getPresentation', $call_arguments);
    $context = stream_context_create(array('http' => array(
    'method' => 'POST',
    'header' => 'Content-Type: text/xml\r\nUser-Agent: PHPRPC/1.0\r\nHost: ' . $HOST . '\r\n',
    'content' => $request
    )));
    $address = 'http://' . $HOST . ':7777/';
    $file = file_get_contents($address, false, $context);
    $response = xmlrpc_decode($file);
    if (is_array($response) and xmlrpc_is_fault($response)){
    var_dump($response);
    } else {
    echo $response['universal'];
    }
    ?>

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments