Overview: Content Protection
DRM (Digital Rights Management) protects your video content by encrypting the video data and unlocking it based on license policies. When the video content is loaded into a Brightcove Player, the player calls back to a licensing server and obtains permission to play the video. This transaction is transparent to viewers. See the Overview: Digital Rights Management (DRM) in Video Cloud document for more information.
HLS encryption (HLSe)
While not as secure as DRM, HLS encryption makes unauthorized viewing of your videos more difficult. See Protecting Videos with HLS Encryption for details on how HLSe works and how to get your account enabled.
TTL (token authentication)
If you are delivering premium or confidential content, you will be looking for all ways to ensure it remains secure. You do not want end users to be able to copy video URLs or continue to play back content without the proper authorization. Brightcove supports VOD signing of HLS, MP4, and DASH urls. Signing is supported for both Brightcove House and BYO CDN configurations with Akamai, Fastly, Cloudfront, and JOCDN.
By default, TTL tokens have a very short life. You can increase the life if needed (for MRSS feeds and other use cases) by contacting Brightcove Support to have them set the token time-to-live value higher. The allowable range is one hour to one year. Remember that this is an account setting, however. Don't set the value so high that it might jeopardize the security of your other videos.
Short manifest TTL
In the playback workflow, the Brightcove Player calls the Playback API (or Edge Auth API) to retrieve the available manifests to start playback by providing a policy key (or JWT) for authentication.
A caching layer has been introduced to allow these APIs to scale and be highly available. That layer stores the responses from the Signed Manifest URL API and the Playback API. Since the signed manifests will be cached, the TTL must be long enough to be valid for the time in the cache, plus a buffer for the player to use.
Short manifest TTLs allow viewers to continue playback without hindrance. Also, all the Dynamic Delivery features work with Short manifest TTL.
Domain restrictions can be set on players to limit the domains where players can be used. If the player publishing code is copied and used on another site, domain restrictions would prevent the player from loading any videos. Publishers must use the in-page embed code to actually get playback working on those domains that have been whitelisted. Publishers cannot use the iframe embed code on a whitelisted domain (or any other domain) and expect playback to function properly.
See the Configuring Player Content Restrictions document for instructions on how to domain restrict your player and the Domain Restrictions Messaging document on how to deal with domain restriction errors in Brightcove Player.
With IP restrictions, you can configure players to allow whitelisted IP addresses outside the U.S. to access your Video Cloud content. Please contact Customer Support for assistance. For players used outside of North America with IP restrictions, be sure to check out the information in the Restricting Video Playback Using IP Address to prevent issues that may arise.