To protect the security of your videos and prevent them from hotlinking and unauthorized download and distribution, VOD provides multiple protection mechanisms for video content security to defend your video copyright against infringements in many dimensions.
||Referer hotlink protection
||It identifies the request source through the `Referer` field in the playback request header and controls the request sources through a blocklist or allowlist
|Key hotlink protection
||It adds control parameters in the playback URL and uses `Key` as a signature to control the URL validity period, preview duration, number of IPs allowed for playback, etc.
||HLS common encryption
||It is an HLS-based AES encryption scheme and uses keys to encrypt video data
|Commercial DRM (not available yet)
||It offers video encryption and decryption services based on commercial DRM solutions such as Widevine, FairPlay, and PlayReady
- Hotlink protection is mainly used to control the validity of the sources of video playback requests, but does not encrypt video content, which means that users can download videos for secondary distribution; therefore, the security level of copyright protection is low.
- Video encryption is a means to encrypt the video content itself with a key, which cannot be played back directly after being obtained by others. Only when a terminal device passes the authentication by the business backend and the decryption key is obtained can the content by played back.
VOD's video encryption feature provides the HLS common encryption capability, which has a higher security level than hotlink protection.
How It Works
The overall architecture of VOD video encryption, decryption, and playback is as follows:
- Upload from server: the business backend uploads a video to VOD through the console, server API, or other means.
- Trigger video processing: when the video is uploaded, adaptive bitrate streaming with encryption is specified. After the video is uploaded, the encryption process begins.
- Get the key: the video is transcoded to adaptive bitstream and encrypted. VOD gets the key used during video encryption from the KMS module.
- Encrypt and write to storage: after the video is transcoded to adaptive bitstream and encrypted, the output video content is written to the VOD storage.
- Update the media asset: the encrypted video information is written into the media asset management module.
- Get the player signature: the business terminal integrates with VOD superplayer, and the player requests the player signature from the business server.
- Request the download address: superplayer gets the download address of the video from VOD's playback service.
- Download the content: superplayer downloads the content from VOD CDN at the download address.
- Get the key: superplayer requests the decryption key with the player signature.
- Decrypt and play back: superplayer uses the decryption key to decrypt the video for playback.
To help you quickly integrate the encryption capabilities of VOD, we provide a video encryption [integration guide] to describe the integration steps by way of demos.
- How do I encrypt uploaded videos?
VOD's adaptive bitrate streaming feature can transcode videos into multiple resolutions and encrypt them.For specific steps, please see the operation guide.
- How do I play back encrypted videos on terminal devices?
To play back videos encrypted in VOD, you need to integrate the superplayer SDK on the terminal devices and build a signature distribution service.For specific steps, please see the operation guide.