Content protection with UMS

1. Content Protection in UMS (Ustream Media Server) Zoltán Németh Engineering Manager, Core Systems

2. at a glance Live streaming Free broadcastingSoftware as a Service Enterprise clients with protected content • Internal broadcasts • Copyrighted materials • Embed restrictions • Monetizing

3. Streaming

4. UMS  Ustream Media Server  Continuous connection to all clients  Real-time push-based updates  First use: viewer number display  Channel status poll  Viewer authentication and authorization  Stream information  Java, kernel tweaks

5. UMS  The source of all information for streaming clients  Communication over RTMP / Websocket / HTTP  Secure is also available (WSS, HTTPS)  Current: Zorp  Next gen: own SSL termination  DNS balanced, multiple clusters

6. Broadcaster authentication  Upon connect, on the Ingest Server  Several methods  FMLE – like Channel Key  Ustream Session  Oauth  On fail  Reject  Allow but off air

7. Viewer authentication  UMS, on connect, based on Ustream session  Locks  Password  Email capture  Geo, IP  Referer (embed)  3rd party auth integrations  Reject on fail  Revalidate in real time on changes

8. Protecting the content on CDN  Basic: frequently changing live URL  Shared secret based hash  Hash generated on UMS  Different hash for each viewer  Hash validated on Edge  Specific TTL  Lockhash – changes if locks are modified

9. Questions syntaxerror@ustream.tv