Content Protection in UMS
(Ustream Media Server)
Zoltán Németh
Engineering Manager, Core Systems
at a
glance
Live streaming
Free broadcastingSoftware as a Service
Enterprise clients with protected content
• Internal broadcasts
• Copyrighted materials
• Embed restrictions
• Monetizing
UMS Ustream Media Server
Continuous connection to all clients
Real-time push-based updates
First use: viewer number display
Channel status poll
Viewer authentication and
authorization
Stream information
Java, kernel tweaks
UMS The source of all information for
streaming clients
Communication over RTMP /
Websocket / HTTP
Secure is also available (WSS, HTTPS)
Current: Zorp
Next gen: own SSL termination
DNS balanced, multiple clusters
Broadcaster
authentication
Upon connect, on the Ingest Server
Several methods
FMLE – like Channel Key
Ustream Session
Oauth
On fail
Reject
Allow but off air
Viewer
authentication
UMS, on connect, based on Ustream
session
Locks
Password
Email capture
Geo, IP
Referer (embed)
3rd party auth integrations
Reject on fail
Revalidate in real time on changes
Protecting the
content on CDN
Basic: frequently changing live URL
Shared secret based hash
Hash generated on UMS
Different hash for each viewer
Hash validated on Edge
Specific TTL
Lockhash – changes if locks are
modified