Media Guard
Our system is token based to maximize performance and avoid unwanted three-way handshakes that are common with other methods of authentication and can lead to server latency in connection time. With our MediaGuard application, a script will be added that will processes URLs before they are given to viewers so that the URLs contain an encrypted token in the query string. The script gives the viewer a URL with a token in the query string containing a hash (cryptographic string) of a shared secret, that is 8-12 characters long. Our query string parameters included in the hash are used to determine the optimal criteria our network must use to evaluate the request.
Security:
With our true RTMP streaming capabilities, the content is never stored in the viewers’ temporary internet folder or hard-drive. The Vertical Player will discard the streaming content after it’s been viewed, and secure data will not be accessible on or offline.
A Hash is used to verify that messages are not tampered with during transmission. It is a unique value-calculated algorithm that is based on data, so that no two sets of data can have the same hash value. Cryptographic hashing, that is provided by the MD5 or SHA1 algorithms, performs these calculations over messages or streams of byte data. The algorithm is designed to recognize any changes in the byte of the hash. When changes are detected it will create and transmit new changes throughout the remainder of the calculation resulting in a completely different hash that is completely protected.
Another asset of MediaGuard is the shared secret, an alphanumeric value known only to Vertical Streaming. This secret code is pre-pended to the content URL. The appended arguments remain intact without the hash parameter, from which the hash is calculated. The secret code is unrecoverable from the hash. As long as the code remains secret, it prohibits users from creating their own hashes. In this way, the system protects against forms of parameter tampering and provides a secure method of URL-embedded content protection.
By default, MediaGuard supports “invalid until time” and “expired time” parameters. Therefore, when a request is made for content, all parameters are checked to verify the request. A URL is considered to be a valid request only if all verification parameters meet the requirements. That means both the “invalid until time” and “expired time” parameters must be met. Vertical Streaming can set when the URL will expire which will eliminate the sharing of content with other unauthorized users. If a viewer were to copy and paste the URL and send it to someone else for viewing, the URL will be expired by the time the email is delivered, thus giving the user an error message.
IP Parameters allow the authorization of a user IP address before they are able to access secure content. We generate an encrypted URL for the content containing the requester’s IP address. This address must match the IP address that is reported by the Vertical Player when it requests content. If the IP addresses match then the hash has not been altered and the requestor is authorized to view the content.
MediaGuard allows secure content to be viewable on the web; unlike other videos on the web that are available to be viewed, saved, and shared by the world, we offer a ticketing system to keep content protected. Issuing passes to viewers allows only those invited guests to view that specific content.
