Hollywood-grade End to End Content Security in a Single workflow for OTT services
Over-the-top (OTT) video services have fundamentally changed the way users consume premium video content, which is packaged with rich customization and personalized offerings. Its global market size was pegged at around USD 85 billion in 2019, which is slated to grow exponentially to almost USD 159 billion by 2024, according to the UK-based market intelligence company Digital TV Research.
(Source – Global OTT revenues to reach $159 billion by 2024: Report: https://brandequity.economictimes.indiatimes.com/news/media/global-ott-revenues-to-reach-159-billion-by-2024-report/70989297.)
Given the huge potential of the market, big studios in Hollywood and other matured markets have started offering their content on OTT platforms, sometimes exclusively so. Since OTT is a fairly established medium of content consumption now, these studios make strenuous demands on OTT players to protect their content, as piracy has already hit the streaming market. Thus, it is not surprising that the demand for DRM-driven OTT content provision is on the rise. However, it is not enough to protect streaming content just with DRM. Instead, Hollywood studios demand an end-to-end secured content delivery of their premium services in a single workflow.
To cater to the burgeoning demand for premium content, it is indispensable to equip content on OTT platforms with a robust, dynamic, and scalable cloud infrastructure which runs a wide-ranging, flexible, and device- and OS-agnostic video DRM solution, which is coupled with forensic watermarking, secure content packaging, anti-screen-capture technology, and application security on the fly. PallyCon has created this secure value chain of content delivery, which guarantees execution of all checks and balances mandated by Hollywood studios. This allows content providers to have full control on managing their content on any platform with independent chunks of videos. An agnostic DRM solution in a single workflow ensures content integrity, gives content owners full privilege to prevent piracy violations, and allows efficient monetization of premium video content. This value chain of content delivery in a single workflow, thus, introduces a new era of security for content providers which want to plug all leakages from their revenue streams.
Multi-DRM-Enabled Streaming Content
With ultra HD, 4K, and 8K video offerings becoming the norm, no wonder Hollywood’s big studios are banking on OTT platforms for finding newer audiences. The requirement for robust content security in the overall threat landscape is getting complex, and, given the fast pace of technology change, a flexible DRM solution becomes the first important step in the secure content delivery value chain. Legacy based browser plugins and downloadable DRM solutions are falling short of meeting their specific demands. Given the large user base, there are a wide variety of client systems at play. Depending on such client systems opens up security vulnerabilities and does not assure end-to-end content security. This model to provide premium content for a huge user base has become a thing of the past with the introduction of agnostic multi-DRM for OTT platforms.
Most modern browsers use HTML5 web standards to stream online content and are equipped to deal with DRM-protected video content by using Javascript APIs, such as encrypted media extensions (EMEs). This content is then passed on to a content decryption module (CDM) to stream the authorized content. Modern DRM workflows possess the capability to stream content from multiple content packaging sources. With the rapid adoption of content delivery networks (CDN) by big players to distribute premium content over disparate geographies, the importance of multi-DRM solutions stands out.
PallyCon’s Agnostic Video DRM Solution
The multi-DRM support for content by PallyCon provides automatic content encryption and seamlessly integrates with various components in the entire content delivery framework. These components include various CDN providers, through which content is streamed to the end user, and encoding or transcoding platforms, such as BitMovin, AWS Elemental, Harmonic, etc., which allow content packaging into adaptive streaming formats, like MPEG-DASH. In order to ensure end-to-end content protection, it is not only necessary to protect content at each stage of the delivery network and the server, but it should be protected at the level of the user player (for example, any HTML5 player which streams the video content). PallyCon’s full capability suite is characterized by no lag in content delivery, ensures perfect user experience, and helps content providers achieve quick time to market.
PallyCon provides an agile multi-DRM service, content packaging and SDK with scalability, and DRM licence issuance services, which helps the client achieve content security quickly. Being a cloud-based AWS SaaS, the pre-integration with AWS Elemental Media Services via SPEKE (Secure Packager and Encoder Key Exchange) API enhances the power and robustness of the DRM service.
New era of Content Security value chain:
Content Packaging and Delivery
Flexible content packaging options for VOD and live streaming are available with PallyCon, which include PallyCon CLI packager, support for CPIX API, and third-party integration. Coupled with this, PallyCon’s adaptability to different content offerings, no compromise on performance, and reliability makes it stand out in the arena of agile video DRM services. Its multi-DRM approach ensures DRM support for virtually every client platform, like Google’s Widevine for Android, Apple’s Fairplay, Microsoft’s PlayReady, NCG Android SDK, Chromecast, and a wide range of support to referral technologies. The pay-as-you-go pricing policy is an added advantage for using PallyCon services.
After the content has been packaged using any of the encryption methods, a packaging callback URL provides reference to enter a unique ID for each content package. This ensures connectivity between each content package and server through the PallyCon packager.
Forensic Watermarking Service
Forensic watermarking adds an additional layer of content security to streaming content and, combined with a DRM service, protects premium content seamlessly. A SaaS integrated with AWS, this service from PallyCon is totally session based and acts dynamically on the server-hosted content. Right after the source content is encoded, PallyCon’s forensic watermark embeds with the DRM package. The watermark ID ensures tracking any leaked streaming content and identifies the culprit.
As a result of A/B variant type DASH/HLS, content is broken down into a sequence of small HTTP-based file segments, with each segment containing a defined interval of playback time. As the name suggests, A/B watermarking involves two or more different versions of a content segment. Each segment has only one bit of watermarking ID introduced for choice A or B. The watermark embedder, after receiving the video file from a third-party encoder, produces two versions in DASH and HLS formats.
The watermark mixer component of PallyCon’s forensic watermarking service is a plugin module which combines two versions of the same image dynamically at playback time. It inserts binary-converted session information (like user ID) and produces the output video stream. Thus, the stream is intelligently mixed with this unique information and sent to the client for playback. PallyCon also provides support for LambdaEdge watermark mixer that work seamlessly with Amazon CloudFront CDN.
The watermark detector component at the client detects any leakage and distribution of copyright content. This is done through an analysis of each video frame to detect the original watermark pattern and decrypting the content using a secret key which is generated during content packaging. If the watermark payload is detected, the tool reports this as a fraud detection.
Anti-Capture Technology
PallyCon’s anti-screen capture technology monitors recording activity of streaming content. This is done through PallyCon extension for the Chrome browser and a Windows service app. The player communicates with the browser extension, which then relays the message to the installed app on the user’s computer. The server parses this request and returns the appropriate response, which is then analyzed by the PallyCon browser extension. This end-to-end monitoring ensures that there is no copyright infringement of the streaming content and proactive monitoring and blacklisting of the user in case piracy is detected.
Application Security
The content value chain offered by PallyCon has an important component that many DRM services lack. Through its associated brand AppSealing, it offers robust app security for OTT apps both for Android and iOS. An OTT app is continuously under threat due app forgeray, malware attacks, SO file tampering, and reverse engineering. If hackers succeed in any of these methods to gain unauthorized access to the app, they can tamper with its premium feature and cause loss of revenue to the content provider or the OTT player. The PallyCon value chain protects the OTT app by fully encrypting its code using the AppSealing security layer, thus preventing hackers’ attempt to analyze the app’s DEX and SO files. Moreover, the AppSealing security layer also protects the app at runtime using runtime application self-protection (RASP) technology.
All Hollywood Studio Requirements under One Roof
Since video streaming is the future of content consumption, it becomes imperative for OTT players to assure content creators of end-to-end security of all streaming content right from the OTT servers to the devices used by end users. This can be made possible only if content security architecture envisages a single-workflow approach which is agnostic of any platform, device, OS, server, encryption methods, or other components of the infrastructure. This becomes a mandatory practise for OTT players since major Hollywood studios require single-workflow security architecture to arrest potential loss of revenue to piracy and hacking attempts.
Such a security architecture can offer foolproof security and protection against piracy when it uses an agnostic DRM service, coupled with content packaging, forensic watermarking, anti-capture technology, and app security under the same roof. This single-workflow approach minimizes the chances of revenue leakage caused by the diversity of content delivery protocols involved in the OTT landscape and integrates with technology offered by industry leaders on the fly. OTT players should keep in mind that unless a unified value chain has all the security components mentioned above, major Hollywood studios are not likely to tie up with them.
PallyCon, through its market-leading solutions, is fully equipped in provisioning end-to-end content security through a flexible, agnostic value chain of content delivery and caters to the mandatory requirements of big Hollywood projects on OTT platforms.
Govindraj is a Global Business Head for PallyCon at INKA Entworks. He keenly follows the innovation and development in content security, application security, and software development, he loves to educate everyone about the what, why, and how of major incidents in the content protection world. His views on industry trends and best practices have been featured in articles, white papers, and had been a keynote guest at multiple security events.