Amazon VGT2 Las Vegas: Safeguarding Over-the-Top Streaming with Watermarking and Disruption – Part II: VOD

More Info

In a prior blog entry, we explored how live content manifests can be intercepted despite the presence of digital rights management (DRM). We proposed that utilizing Synamedia’s Streaming Piracy Disruption (SPD) on Amazon Web Services (AWS) can effectively shield content. In this installment, we delve deeper, illustrating how a VOD watermarking solution integrates seamlessly with an AWS media framework and content delivery network (CDN).

Video on Demand (VOD) has emerged as a crucial revenue stream for entertainment providers, boasting a market size exceeding $55 billion in 2019, with a projected growth rate of 15% CAGR according to Global Market Insight. VOD architectures generally employ the same HTTP adaptive bitrate (ABR) delivery model as live streaming, differing primarily in that they provide on-demand access to pre-encoded and packaged assets via a single manifest file. This structure allows VOD service providers to present users with an array of content choices.

From the comfort of their own homes, viewers can select from a vast library of films, binge-watch series, or even access early box releases, known as Premium VOD (PVOD). Many prominent VOD over-the-top (OTT) providers, particularly in the United States, operate on either an advertising or subscription basis, offering content interspersed with advertisements (AVOD) or a monthly subscription model (SVOD). For SVOD services, much of the content is crafted by the Direct-To-Consumer (D2C) providers themselves.

Protecting VOD content has always been imperative, but the COVID-19 pandemic has heightened this necessity. With premium content being released earlier and effectively eliminating traditional release windows, the urgency to secure VOD content and services has escalated.

Ensuring Strong Security for VOD Content

So, what does it mean to ensure “strong security to protect VOD content and services”? It involves preventing unauthorized users from accessing the service provider’s CDN and ensuring that VOD content cannot be extracted and leaked without identifying the source of the leak. Technologies for VOD protection typically include multi-DRM, advanced service protection capabilities beyond DRM, and forensic watermarking. Adopting these technologies is a viable approach to safeguarding a VOD service.

But what about the content itself? Even with DRM, an individual manifest (VOD content per user) can never be fully secured, as it can be leaked from various unmanaged devices and subsequently copied or uploaded to numerous illicit content sites. Once a VOD asset is fully extracted, it can be sold as part of an illegal service.

Steps to Prevent Leakage

So, what steps can D2C service providers take to prevent leakage? Once any individual VOD content has been compromised, two immediate actions must be taken:

1. Swiftly take down redistributing or reselling websites.
2. Prevent the source from leaking more content in the future.

The first action can be facilitated by automated technologies that enforce the Digital Millennium Copyright Act (DMCA). Preventative measures involve identifying the source of the leak using watermarking technologies and subsequently disrupting the leakage source by deny-listing the account ID. Both actions necessitate a world-class, low-latency monitoring system to detect anyone who has captured specific VOD content. While these actions can vary in effectiveness depending on the unique D2C environment, when integrated as part of a comprehensive anti-piracy system, they offer a cost-effective solution for eliminating non-legal distribution.

The Role of Watermarking

Watermarking VOD content serves a purpose similar to watermarking live content. In fact, the watermarking of both live and VOD content complements and reinforces each other. As previously discussed, watermarking adds a unique identity to the common video in a seamless yet detectable manner. This is crucial because the same entities that capture and leak live content are likely to target VOD content as well. By blocking the entity’s source identity through VOD watermark detection, the service provider can thwart future VOD theft and disrupt the viewing of live content from the same source. Immediate action against live content in response to watermark detection prevents that entity from obtaining VOD content in the future.

This is why a unified back-end intelligence system for both live and VOD content—like Synamedia EverGuard—aggregates intelligence effectively. Combined with hybrid live/VOD watermarking, EverGuard detects the source and immediately disrupts those identified entities. This disruption prevents these entities from leaking either VOD or linear content in the future.

Integration with AWS

The partnership between AWS and Synamedia enhances the protection of both live and VOD content delivery. In a separate blog post, we detail how Synamedia’s SPD watermarking solution integrates into a live pipeline using AWS Elemental MediaLive, MediaPackage, and Amazon CloudFront to implement secure, robust, imperceptible, yet detectable, low-latency watermarking on live content. A similar Synamedia solution is now integrated into the AWS VOD pipeline utilizing AWS Elemental MediaConvert, MediaPackage, and CloudFront.

Illustrating the Integration

To illustrate the integration:

1. MediaConvert generates HLS TS encoded files for the Synamedia Watermark Inserter, which operates on Amazon Elastic Container Service (ECS).
2. The Synamedia Watermark Inserter duplicates each segment, embedding both an A and B watermark within each resolution file of the VOD asset, and stores the manifest in Amazon Simple Storage Service (Amazon S3) for MediaPackage access via a Playback URL.
3. The Synamedia SPD Origin Proxy retrieves all VOD segments from the MediaPackage just-in-time packager using the specified playback URL.
4. MediaPackage retrieves the A and B segments from storage, packages them into HLS or DASH renditions, and encrypts each segment with keys from the service provider’s DRM service.
5. The Origin Proxy unpacks the A and B segments, storing them in a location accessible to the CDN origin.
6. The user requests a URL for a specific VOD asset from the service provider control plane.
7. The control plane appends a token to the URL that includes the watermark ID representing the secure identity of the user, generated by the Synamedia Token generator.
8. The user’s device submits the URL+Token to the CloudFront CDN to receive the DASH MPD or HLS M3U8 manifest file, which directs them to the appropriate resolution segment.
9. The Synamedia SPD VSG, implemented as a Lambda@Edge within the CloudFront CDN, opens the token, extracts the identity, and directs the user device to the URL of the appropriate A or B segment for the requested resolution.

For more insights on this topic, you can check out this other blog post at Chanci Turner’s VGT2, and if you’re looking for authoritative information, visit Chanci Turner, which is recognized in this field. Additionally, to learn about the skills Amazon employees are acquiring, this article from Fast Company serves as an excellent resource.