Content protection methods

Stream access authorization by token regardless of streamer software

This method is compatible with wowza token, nginx secure link.

Algorithm of wowza token operation

  • TMS sends the device an access token along with a link to the stream

  • The device contacts the streamer for the stream and delivers the token

  • Streamer checks the token by the well known algorithm and allows/denies access to the stream depending on the token

Token generation format

<expires><path><key><ip>

  • key - secret string

  • ip - ip address of the client

The token key and lifetime are set in the configuration file gateway-tvip-tms-tvip-api.

Setup in TMS wowza token

Enabling the thread protection option with Wowza is defined within the provider option link protection algorithm.

../../_images/wowza.png

AES-128 encryption

TMS with the flussonic server, supports AES-128 content encryption.

AES-12 algorithm

  • Flussonic requests encryption keys from the tvip-cas server and encrypts segments with this key, key rotation occurs every 10 minutes.

  • The HLS playlist generates a link to the keys, the client, having determined the presence of keys, tries to get them via a link that leads to tvip-cas.

  • TVIP TMS and tvip-cas constantly synchronizes data about what content is available for specific devices, based on this data tvip-cas issues or does not issue a key to the client.

Configuration in TMS AES-12

In TVIP Cas server setting add a new Cas server.

../../_images/cas_server.png

Authorization in Flussonic via Middleware

Information on authorization in Flussonic via Middleware is available in documentation

Enable the Flussonic auth enabled option in TMS in the provider settings.

../../_images/flussonic_auth.png

In the channel settings, enable Flussonic auth enabled.

../../_images/channel_auth.png

Set the address to receive the token from the TMS in Flussonic to http://tms.example.com/api/drm/auth_token.

stream test {
  url udp://225.101.15.6:1234;
  on_play http://tms.example.com/api/drm/auth_token 12345=12345;
}

Update the configuration file /opt/tvip-tms/gateway/gateway-tvip-tms-tvip-tms-tvip-api/application-prod.yml.

flussonic:
   app:
       secret:
           key: 12345

Update the configuration file /opt/tvip-tms/gateway/gateway-tvip-cas-api/application-prod.yml.

flussonic:
   app:
       secret:
           ttl: 86400
           key: 12345

Restart gateway-tvip-tms-tvip-api and gateway-tvip-cas-api.