Content Security Overview
CineSend is an industry leader in secure video streaming. We take content security very seriously to protect the intellectual property of platform customers and content rights owners.
This article details the many security features available on CineSend OTT, including those on by default as well as those that are optional features.
- Digital Rights Management (DRM) Technology
- Source File Deletion
- Forensic and Visible Watermarking / Spoilers
- Geoblocking
- Playback Controls
- View Count Limits
- Paywalls
- Single IP Restrictions (Vouchers)
- Single View Restriction (Vouchers)
- Expiration Period (Vouchers)
- Concurrent Login Restrictions (Subscribers)
1. Digital Rights Management (DRM) Technology
Digital Rights Management (DRM) is technology that helps prevent unauthorized sharing and piracy of video content. DRM is the first line of defense to protect streaming video, and it works by making sure video content is stored and transmitted in an encrypted form, so that only authorized end-users can play it back. Some of the core features/functions of DRM are:
- To prevent end-users from downloading the source streaming video (by way of a video nabbing/download software, for example)
- To prevent end-users from nefariously sharing the video with others
- To provide a trust chain that extends beyond us, the vendor
By default, video files uploaded to CineSend OTT are immediately encoded for streaming and encrypted with Digital Rights Management (DRM). There are several competing DRM schemes - Apple FairPlay, Google Widevine, and Microsoft PlayReady. Different devices, operating systems, and browsers work with different schemes, so CineSend employs all three to maximize device compatibility.
Protected with DRM, audiences will be able to watch content on modern computers and mobile devices using browsers that support DRM, as well as on native apps for smart TVs and streaming boxes.
2. Source File Deletion
Source video files (i.e. the video file uploaded by the content provider) are retained on CineSend servers for 28 days. The files are stored in encrypted storage, and the retention period allows for the DRM encoding to be repeated if necessary (for example, if a subtitle or closed captioning track is uploaded). Following the retention period, CineSend's servers automatically and permanently delete video.
3. Visible Watermarking / Spoilers
CineSend supports two types of user-specific watermarking:
- A visible watermark (sometimes called a "spoiler"), which often serves as the best deterrent to "casual" piracy.
- An invisible watermark (usually referred to as "forensic"), which can be used to determine the origin of pirated content as a leak source identifier.
It's important to understand the implications of these two technologies. Visible watermarks typically contain some user-identifying information, like a subscriber ID or name. Because these marks are visible, they can detract from the viewing experience, and so for this reason are seldom used on content being watched by a paying audience. Invisible watermarks don't share this problem, but they do very little to deter piracy and they are instead used after leaks occur to track down a culprit.
If you're unsure about when and why to use these two watermarking options, we recommend getting in touch with your CineSend account rep to discuss in more detail.
Watermarking is an optional security feature that can be enabled from the video's Security sub-menu:
Watermarks can be enabled by default for all newly created videos from the SETTINGS > ACCESS screen. Alternately or additionally, watermarks can be set on a video by video basis from the content's Security sub-menu.
The watermark overlay (visible watermark) can be enabled without assistance and without any additional fees. The invisible/forensic watermark requires some setup from CineSend staff and fees vary depending on the length of the material. Please contact CineSend support if you require forensic watermarking and we will be happy to assist you and provide a quote.
4. Geoblocking
Geoblocking is an optional feature that can restrict content access based upon the viewer's geographical location. Access can be allowed, or disallowed, by countries, Canadian provinces, US states and US zip codes.
To enable, a default can be set for all newly uploaded videos by navigating to SETTINGS > ACCESS screen. Alternately or additionally, geoblocking can be set and managed on a video by video basis by navigating to each video's Security sub-menu. Select which countries, etc. are allowed to view, or by using the "Use Blocklist" option you can instead select those that are disallowed.
5. Playback Controls
Although a viewer may have an entitlement to log into the watch portal, the content is protected with playback controls. Administrators control when content is playable, from the right-hand sidebar of the content's sub-menu screens. On the right-hand sidebar both page visibility and playback status are controlled, for the main video as well as any additional video assets like trailers or bonus content. Playback status can be "enabled", "disabled", or "scheduled".
6. View Count Limits
If you need to restrict the number of views for a video you can setup a trigger to have the film's playback become disabled automatically after it reaches a specified number of views.
To enable this feature, navigate to the video and on the right-hand sidebar click to modify the playback settings. With either status "Enable Playback" or "Schedule", you can additionally enable the "Set unplayable after specified view count" and then enter the field value for "maximum number of views". scroll to the bottom and within the Automatic Publishing Actions area you can enable and set the number of views allowed.
7. Paywalls
By design and by default, you control who has access to your content because it is protected behind a paywall. Viewers must have some entitlement to view the video, whether paid or free, that has been issued by the event producer in the form of a voucher (aka ticket) or a subscription (aka pass). Without receiving access credentials from the event producer, there is no way to get past the initial login page of the event's website
8. Single IP Restrictions (Vouchers)
Vouchers are prevented from being shared with Single IP restrictions. When this setting is turned on, vouchers issued will lock to the first IP address that initiates playback with the voucher. Anyone else trying to use that same voucher will get an error message that it has already been used at a different IP address and is not valid.
This setting is on by default within CineSend OTT accounts, however it can be turned off by navigating to SETTINGS > ACCESS > Vouchers and disabling this setting for future vouchers issued.
9. Single View Restrictions (Vouchers)
An optional setting, vouchers granted for assets can automatically expire after a designated percentage of the content has been viewed (ie. 95%). If, for example, there are very strict view count caps then this setting would be useful to ensure voucher holders are not watching the content more than once, eating up the allotted number of views.
This setting is off by default within CineSend OTT accounts, however it can be turned on by navigating to SETTINGS > ACCESS > Vouchers and enabling the setting (and designating the % watched) for vouchers redeemed going forward. This setting does not effect vouchers issued to playlists, live events, or series.
10. Expiration Period (Vouchers)
Vouchers will include an expiration period. The expiration period's clock begins ticking when the voucher holder first clicks the Play button (initiates playback) for the designated video content. Once the expiry period has been reached, the voucher is no longer valid and an error message informs the viewer that the voucher has expired.
By default the expiry period is 24 hours, however that can be modified by navigating to SETTINGS > ACCESS > Vouchers and changing the number of hours the expiry period should, effecting vouchers redeemed from this point forward.
11. Concurrent Login Restrictions (Subscribers)
While subscribers do not have IP address limitations, by design, the number of devices they are allowed to watch from can be restricted in order to prevent concurrent streaming.
This optional setting can be enabled by navigating to SETTINGS > ACCESS > Subscribers and enabling the "Login Device Restrictions" and then defining the number of devices they are allowed to view with.
Thank you for choosing CineSend for your platform. If you have any questions about the security measures discussed above, or other security questions, please reach out and we'll be happy to assist you.