One of the biggest challenges faced by the digital content providers today is to protect and secure the media content while streaming them. Streaming media servers like Adobe Flash Media Server, Wowza…etc addresses this issue in a big way. But it is a bit expensive proposition to host these media servers on our own and especially when it comes to serving a large customer base it becomes more complex. Amazon CloudFront recently announced its Media Streaming support using Adobe Flash Media Servers. As i posted in my previous article, Amazon CloudFront Media support is a good service to serve media publicly but lacks mechanism to protect the digital content and serve privately. As a stop gap, till the time Amazon addresses this in the right way, lets take a look at the below technique to stream media privately and to protect the content from bot downloads...etc
Proposed Method for Serving Private Media Content
Some of you might be aware that the Amazon CloudFront supports private objects. And one of the very old techniques and still widely used to serve streaming media is progressive download method. With the help of CloudFront private objects & progressive download, you will be able to serve private media content to the closed user base.
The major problem
There are two major drawbacks using the progressive download method
- Content being copied to the local system and played.
- Disallowing other media players (bots) to copy the content.
Of course, the other advanced features like optimal bandwidth usage, customizing the stream during runtime...etc is not considered here. Because all these issues are addressed in you streaming media server and you definitely need them for a comprehensive solution.
Disclaimer: This solution is still at the conceptualization layer; if you are interested, try this at your own risk.
1. Upload all your media files to a specific S3 bucket (http://m1.mycloudbuddy.com/usermanual.html#UploadFile%28s%29)
2. Enable CloudFront for that bucket (http://m1.mycloudbuddy.com/plugin/cloudfront.html)
3. Enable private content support for the bucket (refer section "Enabling Private Content" in this URL .)
4. Develop/customize any available open source media player to play content from CloudFront, S3 supports partial content download and you can develop a sophisticated player to download content in a multi threaded fashion as well.
5. You can implement a mechanism like SWF verification by Adobe (http://kb2.adobe.com/cps/405/kb405456.html) to protect your content being copied by other players as well.
6. Upon verifying the SWF files, the SWF player can initiate a request to the server to generate a URL which is valid only for a short time (for example 10 or 15 seconds) and starts the downloading. This method ensures that once download begins, the next call to that resource is denied.
In a nutshell,
A customized media player, S3, CloudFront private object support and a Web services application, preferably running in EC2 will help you to protect and serve digital content in a cost effective way. If you think running an application in EC2 is little expensive, you can also choose other alternative PaaS platforms like Google App or Azure to host your SWF verification/URL generation web/web services application.
In addition to this you can use encoding services like Encoding.com to encode your content to various formats. Combining this along with the above solution helps you to support multimode access such as mobile (iPhone/Android), desktop, web...etc
Protecting video content - http://kb2.adobe.com/cps/405/kb405456.html