Video Cloud
App Cloud
- Overview and general topics
- Product Updates
- Glossary
- The App Cloud SDK
- Creating an app template
- Tutorials
- Content optimization
- Development tips and best practices
- Packaging a template
- Creating apps from a template
- Publishing an app
- Delivering ads
- Push Notifications
- Analytics
- Managing users and accounts
Player Debugger
Resources
Protecting your Videos with DRM
This article covers how to protect your videos with the Video Cloud Digital Rights Management feature (DRM), which uses Adobe Flash Access.
Video Cloud DRM is available only to Video Cloud Enterprise publishers; the information in this article is not relevant for Video Cloud Express publishers.
What is DRM?
Video Cloud Digital Rights Management (DRM) is a robust content protection program that enables publishers to enforce polices and rules for usage of their content. Video Cloud DRM uses Adobe Flash Access to protect your content against piracy and redistribution by others.
Support Highlights
- Secured content at origin. Every video asset is packaged as an individually protected asset, each with its own unique encryption key.
- No password required. Your content is protected from pirating and from redistribution by others, without requiring any input from viewers to watch your content.
- Uses RTMPe protocol. Video Cloud DRM delivers your DRM-protected streamed using RTMPe, a highly secure delivery protocol.
- No plug-in required. The Video Cloud DRM solution is silent and seamless to your viewers.
- Progressive download and streaming. The secured content delivery allows for protected content to play via progressive download, as well as streaming for both Live and Video-on-Demand distribution. DRM requires no change to your current delivery protocol.
- Range of CDNs. In this release, Video Cloud supports DRM for publishers using Video Cloud, Akamai, and Limelight CDNs, with a case-by-case consideration for other CDNs.
- Encrypted renditions. Video Cloud DRM delivers highly secure multiple bitrate encoding wherein each rendition is a separate packaged asset; your videos are available for play when the first rendition is ready.
- Disaster protection. The Brightcove license servers are highly available, and provide disaster recovery.
- Protection sticks when shared. Video Cloud videos persist their DRM protected policies when shared to Twitter and Facebook from the Video Cloud player.
How does Video Cloud protect your content using DRM?
Video Cloud offers the option to protect your newly uploaded content using Video Cloud DRM as a fully integrated and seamless end-to-end solution, managed and hosted by Brightcove. When paired with SWF verification, Video Cloud DRM allows viewers to watch your videos in your players only where you have published them only and prevents republishing of your content by hackers. Video Cloud DRM encrypts your content, sets your license policies, and delivers your content via progressive download or streaming through a secure solution that's completely transparent to your viewers, requiring no passwords or plug-in installation from them, and no maintenance from you as a publisher.
Video Cloud DRM uses Adobe Flash Access (FAXS) to secure your content at its origin. This means that Video Cloud manages the packaging of each individual video as a protected asset along with its metadata. DRM employs a content encryption key (CEK) protocol to encrypt content assets and policies, as opposed to a protocol like RTMPe that only encrypts the content for network transport. Rather than protecting access along the network of distribution, such as a website or mobile delivery service, each video asset is individually locked up.
In addition to taking care of the encrypted packaging of your assets, Video Cloud DRM also manages the license policies for your DRM solution. DRM licenses can be cached in a pre-authorization state, a solution that does not interfere with video playback performance, since reaching the licensing server is not required at play-time. The DRM Packaging and License servers are supported by Brightcove's Hardware Security Modules that provide the highest level of industry standard protection for sensitive key information. The DRM solution is compliant with strict and extensive guidelines supported by Adobe for secure content delivery.
Signing up for DRM
This feature requires an additional fee. Please contact your Account Manager if you would like to learn more. Video Cloud also offers Apple HLS encryption protection for content shown on Apple devices. Contact your Account Manager about bundling HLS encryption and DRM protection so that you can secure your content wherever in plays.
What Happens after DRM implementation
After DRM implementation, Brightcove handles all licensing, policies, and packaging of your video assets, each with a unique encryption key. The first time a DRM-packaged video plays, the Video Cloud player silently takes a few seconds to install the required DRM protection for that video. If a video does not load as fully encrypted in the first few seconds before someone plays it, the video plays as unencrypted, to assure quality play. When packaging completes, the encrypted version loads on subsequent requests. Publishers may opt to leave the first few seconds of the video unencrypted to assure both quality of initial play and protection of the bulk of the content.
Video Cloud packages and encrypts all renditions of newly uploaded videos as the first priority. Video Cloud DRM also triggers a process to package and encrypt the backfill of all renditions for previously uploaded videos, as a second priority, until all the content of a subscribing publisher is protected. Any videos uploaded before DRM implementation will continue to be available for play in an unencrypted state until the DRM process encrypts it.
Videos protected by DRM are marked in the Video Cloud Studio Media module with this icon:
Implementation Options and Strategies
When implementing Video Cloud DRM, consider the following options for asset protection and performance:
- Brightcove strongly recommends implementing SWF verification along with DRM to protect your asset from capture and replay in another Adobe Flash Access-enabled Flash Player or AIR app. The Video Cloud DRM license server checks that the video file's policy is valid and that a publisher is enabled for DRM, while SWF verification checks that playback occurs in one of your authorized players. Without SWF verification, Video Cloud DRM will still prevent a user from gaining access to a video file to change its content or format. Video Cloud SWF verification checks a player to verify its permissions to play a certain asset and works in tandem with DRM to provide a second layer of protection.
- To enhance performance, licenses cache for 30 days and need not download when a viewer returns to a DRM packaged video before that time.
- Playback for content served via Apple HTTP Live Streaming will not be impacted by DRM but will open a security backdoor that could compromise protection. To assure full DRM protection, Brightcove recommends either disabling Apple HLS, moving content with looser restrictions to an account without DRM protection and enabling Apple HLS there, or implementing Apple HLS encryption, which lets you send encrypted video over HTTP for playback on devices running iOS, including the iPhone, iPad, and iPod Touch. See Protecting Videos on iOS Devices with HLS Encryption for details.
Limitations
- Implementation is a wholesale operation. You can either enable Video Cloud DRM protection for all or none of your newly uploaded content.
- If you elect to terminate Video Cloud DRM, newly uploaded videos will not be packaged with DRM protection, and a process will begin to unpack existing DRM-packaged titles one by one. For accounts that terminate DRM protection, previously packaged videos will fail to play until they become unpackaged. After DRM termination, playback will not be impacted for both newly uploaded videos without DRM protection, and for previously DRM-protected videos once they are unpackaged.
- Video Cloud DRM is available for Flash players only, with no current support for HTML5 players. DRM-protected assets require players running in Flash 10.1 or later.
- Video Cloud DRM-protected videos may be shared to another account if that account is DRM-enabled. DRM-protected videos may not be shared to an account that is not DRM-enabled. Videos may be shared from a non-DRM-enabled account to an account that is DRM-enabled, but the shared content will not be DRM-enabled.
- DRM is not maintained on videos distributed to YouTube via Video Cloud Studio distribution
- We provide anonymous support only. This feature does not include authentication-based DRM.
- After Video Cloud DRM has packaged and encrypted all renditions for a previously uploaded video, it updates the modified time and date for that video to the time when DRM protection was completed. The date and time when a video is last modified shows as the Last Updated date and time for that video in the Video Cloud Studio Media module, and as the MODIFIED_DATE in the Media API.
- This release of Video Cloud DRM does not allow for setting policies that target new sources of revenue and monetization via Pay-Per-View, rental or other DRM-specific monetization policies. DRM will not impact ad play for videos.
- Previewing videos in the Video Cloud Media Module requires a Flash DRM runtime client that silently installs when a DRM-protected video plays in a Flash player. If you cannot play video previews in the Media module, first install the runtime client by playing a DRM-protected video in a Flash player on the machine where you log into the Video Cloud Studio. To do this, select a video you know to have DRM protection in the Media module, and then from the Quick Video Publish area, copy the URL, paste it into a browser, and play the video. Alternatively, you can play this DRM-protected video on the machine where you log into the Video Cloud Studio.
- The image capture tool in the Media module does not work for DRM-protected videos.
- While Universal Delivery Service will provide HTTP access to DRM packaged files, videos can be delivered using UDS only to platforms that support FAXS.
- The content encrypting key (CEK) will not protect all rendition files for videos uploaded via the batch upload process that sends assets in a different manifest from the titles. Publisher can modify the batch upload process to upload title information at the same time as the video information to resolve this. Likewise, files will not have consistent CEKs across all renditions when assets are manually added to titles after the initial upload.
