This specification describes systems and methods relating to protecting video data delivery, such as added protection for streaming of video in a video on demand system.
Android and iOS both make use of the M3U system of playlists for video streaming, in which a master playlist is read by the app (mobile device application program). This master playlist contains a list of playlists corresponding to video data of different quality levels. This allows the app to select the best quality video for the given bandwidth and quality of connection to the server hosting the video files, and change this selection dynamically. The video is broken up into hundreds of video fragments that are referenced by these playlists (.ts files). In this setup, DRM (Digital Rights Management) is typically not supported. Instead, to secure the content, AES128 bit encryption is utilized. For the app to decrypt the video, a key is required. This key is referenced in the playlist files.
Typically, all the playlist and video files in such a system are publicly available over computer networks, such as the Internet. To address the security issues created by this, some software developers use a scheme that requires authentication to access the decryption keys. Specifically, the URL (Universal Resource Locator) referencing a key can use SSL/HTTP (Secure Sockets Layer/Hypertext Transfer Protocol) with an authentication mechanism of one's choosing. However, this added level of security may not be sufficient, such as if an attacker obtains access to a master playlist file after legitimately purchasing a video product online.