Support  |  StrikeTracker Login  |  Contact Us
Corporate: +1.866.872.0357
Amsterdam: +31.20.2629545
London: +44.20.70965940
São Paulo: +55.11.37119307
Email: info@highwinds.com

 
 

 

 

Content Protection

 

Content Protection

Monetization strategies require content owners to protect
their assets from viral distribution.  Highwinds gives content
providers the ability to create delivery business rules
enforced by the CDN.  With Highwinds Content Protection
products, end users must view the media through the
workflow designated by the publisher. 

Content Protection policies for many of the Highwinds
products are configured inside the StrikeTracker console. 
This means you can independently manage the configurations
that build restrictions on which end-user requests are honored
by the CDN. 

 

 Learn about Highwinds' many products designed to help you protect and monetize your content:
 

 

URL Signing


URL Signing is the most popular content protection product offered by Highwinds. Highwinds CDN Account owners use this product to publish content with a query string parameter token that includes a URL expiration timestamp. This private token is created on-the-fly in a server-side implementation, and can be used to create unique publishing URLs for each end user request. URL security prevents free distribution of content outside the workflow designated by the publisher. It’s easy to take advantage of the Highwinds URL Signing product. First, the URL Signing profile is enabled and managed in the Content Management tab of StrikeTracker. Then with a few lines of web application code, publishers build a URL that's safe from social sharing or deep linking.

 

GEO Blocking


GEO Blocking allows publishers to restrict content to end users in specified locations. The IP address of incoming requests is checked against a current list of IP allocations. The feature has both an Include and an Exclude list which are used to target the allowed audience. If an end user’s IP address is found on the Include list, or is not found on the Exclude list, they are allowed access to the content. GEO Blocking can be assigned by country, US State, US City, US Zip Code, or DMA.

 

HTTP Referrer Restriction


HTTP Referrer Restriction is a security product that prevents CDN publishing URLs from being freely distributed on unauthorized websites (also known as hot linking or deep linking). Highwinds CDN account owners configure one or more websites that end users can visit and successfully request content hosted by the CDN. When an end user request is made, Highwinds compares the HTTP Header Referrer field with the list of approved websites. If the end user is not visiting from an approved website, the CDN will issue an HTTP 403 – Access Denied response. Setting up HTTP Referrer security is simple. Policies are enabled on a per-directory basis from within the Content Management tab in StrikeTracker.

 

RTMPe


RTMPe is fast, real-time encryption supported by the Flash Media Server that secures data transfer between the server and the client. This feature prevents third-party applications from listening to or “ripping” the stream. RTMPe is enabled on a per-request basis and is available for both Flash On-Demand and Flash Live. The RTMPe feature is requested by appending a Highwinds query string parameter to the publishing URL. RTMPe streaming is enforced with URL Signing. When combined with URL Signing, end users will only be able to access content via RTMPe.

 

SWF Verification


SWF Verification is an Adobe Flash Media Server feature that compares the SWF playing in the client with one or more SWFs approved by the content publisher. Highwinds FMS servers inspect both the Flash player size and the Flash player hash, or the last 32 bytes of the first handshake packet. If the players are not an exact match, the end user is blocked from viewing the stream. This feature prevents manipulated or foreign players from accessing the video. SWF Verification is a popular content protection product on Highwinds. No code changes in the player are needed to support SWF Verification. This product is enabled on a per-account basis; meaning that all live or on-demand Flash video within the account needs to be delivered to an approved player.

 

Live Streaming IP Lock & Login (Push Ingest)


Highwinds provides two methods of preventing stream source hijacking on Live Push ingest. IP Lock allows only a specified IP address to provide the source stream to a Highwinds push publishing point. This product is supported for both Windows Live Push and Flash Live Push, where Push is the method of getting Highwinds a seed or source feed for the live video stream. This feature is enabled per-stream in the StrikeTracker live stream provisioning wizard. Login requires an authentication step for an encoder that wants to push a seed stream to a Highwinds Live Flash publishing point. This feature is enabled per-stream and is currently supported for Flash Live.

 

HTTP Authentication


Highwinds supports Basic HTTP Authentication for content delivery via progressive download. With basic HTTP Authentication, end users are prompted to enter Login credentials that are approved by the customer’s Web server before the media is delivered. HTTP authentication can be configured on a per-directory basis and can be enabled and managed in the StrikeTracker portal.