Video content protection system

A TV station which broadcast to multiple regions required a video content protection system for their online player to meet licensing requirements.

The station licensed television content and films that could only be viewed by users within certain regions and available for certain periods of time. The client had built these controls into their website application but the servers which hosted the content required similar controls.

We met with the client and their infrastructure team to idenifity the requirements for the project. Due to the complexity of the requirements a full risk analysis and mitigation plan was completed.

Working closely with the client we created a solution which included:

• High availability and scalabile software to authorise users to view content.
• A custom module for the main desktop streaming platform. This module would access the new software and allow or deny the user access to the content.
• A custom module on a webserver for streaming to tablet and mobile devices. This would authorise users against the software.

We built the solution, tested it. We worked with the infrastructure team to build the hosting platform for the software and trained them on installing the modules.-m-1 A deployment plan was created which allowed the client to incrementally apply the solution to all their streaming content. The deployment was successful and the solution ran smoothly for the client.

This section outlines the technical approach we took and how we implemented the solution.

The client had a website with all of the data required for the content, the users location, times and dates for availability. The client was running Adobe Flash Media Server for their streaming platform. The mobile device streaming the server used Apache to deliver the hls content over http/https.

The approach was to

• Create a module for Flash Media Server that would authorise a user by IP address against the custom software.
• Using a reverse proxy, use a web server to autorise mobile streaming requests against the software.
• Custom high availablity and scalable software exposing an api that would accept requests from the the reverse proxy and Flash Media Server module.

For the API it was determined that the website application could not return a http response quick enough to the modules requesting access to be useable. It was also determined that modules for both systems would require continual api lookups during the streaming cycle. The website could not meet those high quantity of requests along with normal traffic.

We decided to build a stand alone API platform that would call the main website api and then cache the result. This API would be a high availability and scalable application that would meet the requirements of the speed and load of modules.

We chose to Go, Redis, Max Mind to implement the software in. A web gui was build in the Go application to allow the client to manage the cache of data, and flush items content out of it. An API was built into the Go app to allow the client website to update or delete content as they updated their data.

For the Flash Media Server application, we built a C++ module that would on initialization of a flash stream call the API with the content name and ip address of the user. The Go application would then return an authorisation response for the user.

Flash Media Server utilizes Apache web server to provide http/https streaming for HLS. Building a module for Apache was a large undertaking and didn't fit within the clients timeframe or budget. We used Nginx as a reverse proxy to Apache. Utilizing Open Resty, this allowed use to script the API authorisation requests in Lua back to the Go software application.