In the first part of this article, we discussed the challenges and solutions for streaming delivery in China. This installment will expand the information by exploring how to securely stream video in China and comply with current rules and regulations.
Methods to secure video streaming
Next, we will discuss the most common methods to secure video streaming in China. Please note that this is not a comprehensive list, and is intended to provide general guidance to content providers.
Hypertext Transfer Protocol Secure (HTTPS) has become a de facto standard for secure Internet communications. This has primarily been possible thanks to the efforts of Google and other major browser vendors that, since 2018, marked non-HTTPS sites as "not secure." You may be wondering, why is there so much effort to enforce HTTPS?
Well, the problem is that when you use the non-secure version of this protocol (HTTP), a hacker could intercept the communication between the server that streams video content and your device. This man-in-the-middle attack is one of the most dangerous since it can steal your confidential information, such as identity and payment method.
For this reason, it’s a best practice to implement HTTPS since it allows the use of AES 128 encrypted HTTP Live Streaming (HLS), a communication protocol developed by Apple that allows adaptive bitrate streaming to be delivered securely.
Tokenized video delivery
There is no doubt that another best practice to achieve secure video streaming is to use a method known as tokenized video delivery or dynamic tokens. In simple terms, this security mechanism dynamically generates a token each time a user requests access to streaming video. You can think of the token as a digital key that entitles the user to consume the selected content once it has been paid for. The advantage of tokenized content delivery is that the token can be customized to enforce several security checks, such as:
- Restrict IP address - this enables content to only be consumed by the IP address from which the user-generated the request. In other words, it prevents the content from being seen by another user, even if it has the access link.
- Expiration time - it’s a best practice to generate tokens with a defined expiration time; otherwise, they could be reused at any time.
- Source device restriction - in some cases, you may wish to limit the service by IP address and the type of device that requested the streaming (mobile, desktop, smart TV, etc.).
In addition to the AES encryption provided by the HLS and the tokenized token delivery, it’s worth adding another layer of security through password-protected video access. This method forces the user to enter a password when consuming content. Although this method is inconvenient for the user, it can be ideal for special events requiring a higher level of restriction than usual.
Major streaming services like Netflix, Disney+, and Amazon Prime use geographic restrictions on content for a good reason. On the one hand, there are legal aspects related to content distribution. On the other hand, limiting certain regions to consume the content is a way to combat piracy.
It's a widely known fact that the United States and some countries in Europe and Asia have strong anti-piracy laws. However, it is also true that there are a large number of regions where the legislation that protects copyright and content leaves much to be desired. By setting up geo-blocking, your organization can limit content streaming to regions you consider "safe." Implementing this protection can be done in many ways, but if you are using dynamic tokens for content security, you can add this function to check the destination IP against a blacklist.
A good security practice when your platform has referrals or commercial partners that stream the content is to create a white list or establish referrer restrictions that prevent any other IP from accessing your content. You can think of this method as the equivalent of a firewall, which only allows video streaming to certain IPs.
DRM (Digital Rights Management)
Up to this point, we have discussed methods that involve security aspects related to the transmission protocol, user authentication, geo-restrictions, and more. All these aspects have to do with the backend, but what about user-side security? This is where DRM comes into action.
Digital Rights Management, or DRM for short, is a technology that helps protect intellectual property by enforcing various security and anti-piracy mechanisms such as encryption, token verification, the number of devices authorized to consume the content, and more.
DRM can be implemented in both software and hardware and allows content distributors to add a layer of user-side security that makes it more difficult to bypass the security mechanisms discussed earlier. To begin with, DRM-protected content can only be consumed if the user's device has the appropriate hardware or software for it and the user accepts the terms and conditions of use. Put another way, by combining DRM-approved devices with the methods outlined in this article; your organization can achieve an end-to-end security solution to protect your content.
Constantly monitoring your platform for vulnerabilities is an aspect that is often overlooked. Each of the methods analyzed in this article can be hacked, so it is advisable to combine them to achieve a more comprehensive solution, but also to establish constant monitoring of the system that allows prompt action in the event of an attack. A proactive monitoring and alerting system and a consistent security solution will ensure you deliver streaming in China and comply with all applicable security regulations.
In the first installment of this article, the strict rules that apply to the distribution of content in China were discussed, including those related to security. To this end, throughout this article, several methods have been explored to ensure the delivery of steaming in China safely.
This is a complex topic, of which we have only addressed a small part. To delve deeper into this and other topics of interest related to the Chinese market, we invite you to read the Goclick China blog or contact one of our China specialists.