MediaGuard
OVERVIEW
Distance Learning Center’s MediaGuard is a high performance authorization service that allows customers secure access to their content in an efficient, flexible and reliable fashion. The system is token based to maximize performance and avoid unwanted three-way handshakes that are common to other methods of authentication and can lead to server latency in connection time.
With MediaGuard functionality added to your application, a script will be added to the server which processes URLs before they are given to your viewers so that the URLs contain an encrypted token in the query string. The script gives the viewer a URL with a token in the query string containing a hash (cryptographic string) of a shared secret, a 8-12 characters long, that is the desired object on our network. Query string parameters that are included in the hash are used to determine the desired criteria our network should use to evaluate the request.
Security
The purpose of Distance Learning Center’s hash-based URL verification system, MediaGuard, is to provide content protection. With our true RTMP streaming capabilities, the content is never stored in your viewers’ temporary Internet folder or hard-drive. The Vertical Player will discard the streaming content after it’s been viewed, and your data will not be accessible on or offline. A primary concern is that a malicious consumer could gain access to your content. To protect against this assault, MediaGuard uses a technique known as cryptographic hashing.
Hash
A hash is an unique value-calculated algorithm that is based on data, such that no two sets of data can have the same hash value. Cryptographic hashing, such as that provided by the MD5 or SHA1 algorithms, performs these calculations over messages or streams of byte data. The purpose is to verify that a message has not been tampered with during transmission. The algorithm is designed in a way that any changed byte of the hash propagates new changes throughout the remainder of the calculation. The result is a completely different hash that is nearly impossible to break.
Shared Secret
Another asset of MediaGuard is the shared secret, an alphanumeric value known only to Distance Learning Center. This secret code is pre-pended to the content URL. The appended arguments remain intact without the hash parameter, from which the hash is calculated. The secret code is unrecoverable from the hash. As long as the code remains secret, it prohibits malicious end users from creating their own hashes. In this way, the system protects against forms of parameter tampering and provides a secure method of URL-embedded content protection.
Expiring URL
By default, MediaGuard supports “invalid until time” and “expires time” parameters. Therefore, when a request is made for content, all parameters are checked to verify the request. A URL is considered to be a valid request only if all verification parameters meet the requirements. That means both the “invalid until time” and “expires time” parameters must be met. Distance Learning Center can set when the URL will expire. This will eliminate sharing of your content with other unauthorized users. If the viewer were to copy and paste the URL and send it to someone else for viewing, by the time the email is delivered, the URL would have expired giving the user an error message.
IP Parameters
MediaGuard lets you authorize an audience’s IP address before they are able to access your content. We generate an encrypted URL for the content containing the requester’s IP address. This address must match the IP address that the Vertical Player will report when requesting content. If the hash has not been altered and the IP address match, the requestor is authorized to view the content.
Secure Access
MediaGuard allows you to secure your content on the web. Think of it as your very own virtual movie theatre that is 24 hours a day. Unlike other videos on the web that are available to be viewed, saved, and shared by the world, we offer a ticketing system to protect your content. By issuing a pass to your viewer, it allows only invited guests to view your content. This is great for content that is valuable to the provider, in which the provider does not want made public, or the provider is selling the content.
