Security. AES-128 encryption for VOD

 

What is AES-128

How AES-128 works with VOD

Configure AES-128

 

 

What is AES-128?

AES-128 (Advanced Encryption Standard) is a block encryption algorithm based on several substitutions and permutations of data in blocks of 16 bytes, the key length of this encryption type is 128 bits.

Encryption is suitable when you need to allow certain viewers access to content, for example, to content by subscription which is available only for those who paid for it.

AES-128 is used as an encryption standard for high-security systems, so it is difficult to intercept and decrypt keys.

For maximum protection, you can use AES-128 encryption and configure country or domain access policy. 



How AES-128 works with VOD

We deliver the video via HLS protocol. The video is divided into playlists consisting of fragments (chunks).

Video fragments are transmitted in encrypted form, using the AES-128 algorithm. The video decryption key for viewers is transmitted in a separate request.

The process of getting the decryption key:

  1. The request to view the video is sent to your server.
  2. It is analyzed for the presence of cookies and other session parameters.
  3. If the request does not contain certain parameters, access to the video is forbidden.
  4. If the request contains certain parameters, the server sends a GET request to the G-Core Labs API to get the key.
  5. The G-Core Labs API provides the key to the server.
  6. The server sends the key to the viewer, access to the video is provided.

 

 

Configure AES-128 

Settings on the Streaming platform

To enable the ability to send video using AES-128 encryption, contact technical support by email support@gcorelabs.com or in the chat.

After the encryption is enabled, the _s_ characters will be added to the M3U8 video URL:

https://videos.access.com/videos/854_0sKTplhwDSmbV9Z_s_/master.m3u8

Please note! After the encryption is enabled, the request to view the video and receive the decryption key is sent to the Streaming servers.

There are no settings on the Streaming servers that allow us to understand on what principle to allow or prohibit access to a video to a specific viewer,  access will be provided to all viewers. 

To avoid this, configure your server according to the instructions below.

 

Settings on your server

To redirect and process requests on the decryption key, configure the server.

1. Create an API that will receive a request on the decryption key.

If you need help with server API creation, please, write to us at support@gcorelabs.com or in the chat.

 

2. Create a domain to which the viewer will be redirected to verify and receive the key.

The domain should be inserted into the link after the _s_ characters as follows:

https://videos.access.com/videos/854_0sKTplhwDSmbV9Z_s_videos.access.com/master.m3u8

 

3. In case of successful request validation, the server should send a GET request to the G-Core Labs API to get the decryption key:

Get https://api.gcdn.co/vp/api/videos/854_0sKTplhwDSbV9Z/encryption

Where:

 

4. After the key is received, the server should pass it to the viewer in the unchanged format.

Example of a key: 

W�U����<)B�4�

To pass the key in this format, these headers may be useful:

  • content-transfer-encoding: binary
  • content-type: application/octet-stream
Was this article helpful?
Recently viewed articles