Demystifying Video Security

Video security terms

When it comes to video security requirements, it is easy to get lost in a complicated and confusing world of terminology, use-cases, and implementations that are hard to grasp. So, let’s help break some of that down. First, some common buzzwords in the sphere of video security.

Common Terms in Video Security

DRM:  Digital Rights Management, a.k.a. the buzzword for secure video playback.
Breakdown: With DRM, content protection and encryption is directly tied to your user management and business rules. Content is encrypted on playback request, after which the player interacts with the Kaltura License Server to retrieve the relevant license , which is tied to the specific business model (for instance – for how long can the user playback the asset). Only entitled users using the Kaltura player, or a player integrated with the Kaltura DRM APIs, will receive a valid license to decrypt and playback content.

Forensic watermarking: “a sequence of characters or code embedded in a digital document, image, video or computer program to uniquely identify its originator and authorized user” (
Breakdown: A behind-the-scenes code is implanted on all content while it is transcoded to Kaltura. When the content is playing back, there is a behind-the-scenes code, based on the user watching the content, constantly moving around in the screen. Therefore, if this content was ever recorded or shared, it can be traced back to the user who shared.

Tokenization: Handshake between content provider and CDN based on a specific URL format to ensure secure playback.
Breakdown: A specific URL format needs to be sent to the CDN in order for the CDN to agree to playback content. This format is CDN specific, usually containing a hash, user + password, and a TTL (time to live) for the content specifying when the URL expires.

Encryption at rest: Encryption at Rest means content is fully secured when stored, even with an encryption on-the-fly implementation.
Breakdown: Content is encrypted upon ingest, on a per rendition level. By enabling encryption at rest on your account, your content can be secured across the whole delivery chain, from ingest, to storage – to playback.
First, one important word of advice: There is no need to get caught up in the buzz. Of course, everyone wants to protect their content, but it is important to remember that there are different levels of security that can be implemented, and the deeper you go into the implementation, the more work and maintenance that is required on your implementation. Typically, a DRM or forensic watermarking implementation is a requirement in certain licensing agreements. That is when it makes sense to implement these heavy security restrictions.
Second: Kaltura can help. We have a team of experts who have worked with complex workflows and requirements, who can support with defining the architecture and implementation for the solution. In addition, Kaltura offers a full end-to-end solution – content ingestion, management, playback on web and apps, advertising and analytics support.

So How Do You Use These?

We at Kaltura hold security up to a very high standard and have some customers with very interesting use-cases. Here are a few examples:
Screeners application: We have a customer who services large studios and Media companies with screeners applications. In what scenario would a studio or Media company need a screener application? First: awards shows.  For voters of awards shows, they need access to view highly highly secure content, without any shadow of possibility to record or re-use the content in another scenario. Second: Execs. When a new film is released, an executive of a large studio company needs the ability to screen new films as they are ready. Executives should also be able to preview content securely offline.
Implementation: DRM and forensic watermarking. DRM implementation also includes DRM-secure offline playback via Kaltura’s native app SDKs.

International sports tournament: For the screening of an international sports tournament, our customer had licensing rights for their specific country. This is an international tournament with extremely strict rules of security.
Implementation: Remote delivery from customer’s local CDN, with full tokenization implementation for specific content. DRM for the rest of the content. Geo-restrictions on all content. App delivery via Kaltura’s native app SDKs.

Reality TV content: A company with the licensing rights to all sorts of reality TV shows across US and Canada.
Implementation: DRM across all content, various geo-block settings based on the licensing deal for each show. App delivery via Kaltura’s native app SDKs.
In today’s video environment, your content is your biggest asset. Make sure that you’re protecting it with the right video security.

Technical support by Arik Glaiser.

Read more about playing DRM video content.

Interested in learning more about video security? Read our whitepaper!

 Successful DRM in a Changing Video Environment.

Let's Get Going