Video Copy Protection Software

This KB article describes the various method by which videos can be protected against un-authorized copying and viewing. It begins by enumerating the various options available to you, and explains the relative merits and demerits of each option, especially with context to the internet connectivity in Asian countries. It also explains the bottlenecks that could be hit by a project that aims at a video streaming solution. Finally, this article ends with an explanation of Hoven's video copy protection solution.

Last Reviewed and Updated on February 7, 2020
Posted by Parveen(Hoven),
Aptitude Trainer and Software Developer

Video Copy Protection Problem

Like me, you must also be worried about protecting your video content, afterall it takes a huge amount of effort and money to create a quality video course. Everybody invests a lot of time and money into video recording, editing tools and the drawing board software. But all this investment goes waste if the videos are easily transferred and copied by the consumers.

Copy and Transfer Protection Techniques

One method of protection is to first write all your data to a storage, like a USB flash drive, and then use a locker software to either delete or encrypt its storage headers. That way, the USB is rendered headless, making it impossible for the operating systems to open it. It is difficult to break this encryption. But there are certain problems and limitations with this method. One is that you are forced to buy an expensive pen drive, at a time when online storage is becoming cheap and affordable. The second, and more serious one, is that your end users must run the un-locker software with administrative privileges. This is invasive, particularly, when so much malware attacks are being reported worldwide. The end users do not respond favorably to such software. They will have every reason to blame your software, even if things go wrong because of something else. They are un-likely to refer your course to their friends and colleagues. Another problem is that Windows 10 doesn't support this type of software because it considers it to be suspicious. The same thing holds about the anti-virus software that may either block or delete it altogether.

Another method of protection is the online streaming, in which you have to place your videos on an online server, and allow access only to the users who have a valid login id. You could, for example, publish a website, and present a login box to your users. Once a user is authenticated, then he can watch the videos with a video player embedded on the web page itself, just like we see on a youtube page. Everything stays on your server. The users are not required to install any software. You are not required to interact with them. The show runs between your website, and the end users. In an honest world, this would be the most ideal scenario from both the video producer's and the video consumer's point of view. But things don't work out like that. Google hasn't so far been able to prevent un-authorized downloads of its videos. People can view the source(Ctrl+U on chrome, or perhaps use a third party software to download the html content of that page) and find out the location of your video file, only to share the link with others, bypassing the login channel. This is not the only hack possible. Users can even run a screen capture software side by side.

The above method can be improved by creating a native software application that pops up a login box. This application could be a Windows or Android or iPhone software written in a custom way so that the users have no means to "view the source". To make it even more stringent, the application can send a pre-decided code string along with a pre-decided key and salt with each request, so that the server can entertain only the requests containing the correct parameters. This technique holds a good promise because even if a hacker comes to know about the URL to your video, he is un-likely to be able to break the key and salt mechanism, which can be made as strong as the credit card encryption. But, what about the data that is being streamed and served to an authenticated user? The stream is the raw mp4/video data, which can be intercepted by the user who has purchased your subscription. A legitimate user who has been allowed an entry by you, can hook the raw data, and sniff all the raw bytes onto the hard disk. We can think of solving this problem, too, by not storing the actual video files on the server, but by storing them in an encrypted form. The encryption formula could be pre-decided so that the native application can de-crypt them just in time. To explain it a bit better, consider a server sending encrypted data, and a client video player decrypting that data just in time and presenting it as a video. If you understood me correctly, then this scheme is almost flawless - the server allowing entry only to authenticated users, and even after that, sending encrypted bytes to a listening video player, which decrypts them back into a video stream. But other sorts of problems creep up here. Let's look at some of the problems with this scheme. First and foremost, you will have to write a custom video player because a built-in player like the VLC player can't do that for you. If you are thinking of writing a separate decryption software and then providing the decrypted bytes to a built-in player, then the link between the two can always be intercepted by a hacker. So we can leave out the possibility of using a built-in player. Coming, now, to writing a new video player, you will have to write a solution from scratch. Your player will have to be written for decoding an mp4 encoded video stream, and also for writing a fast video presenter. This all is not a kids play. Years have been spent by teams of developers for writing the various players that you already know.

Another possibility, as I briefly took in the preceding paragraph, is to write a custom decryption software but plug a built-in video player, like the VLC or WMP, into it, and stay with the risk of a hacker siphoning the data out from that joint. This approach is also not without problems. One problem is about handling concurrent connections, like, a hundred viewers watching the same video at the same time, and straining the server bandwidth, possibly, leading to buffering at each of the connected clients. Another problem is that your server has to be able to handle requests for byte ranges[this is a technical term from the HTTP protocol] because the users also have to be given the ability to seek and jump back and forth the video timeline. If all this had been so easy and so affordable, then there would have been as many youtube like websites as you are having stars in the sky.

The most economical strategy, the one we are using in our Hoven's video copy protection software, is to first encrypt a video file, and then make it available to the end-users for a download to their hard disk. The user cannot use that file to watch the video because it is encrypted. The only downside is that a hacker could break the encryption mechanism and decrypt the bytes back into the actual video. But, we have found a means of minimizing the associated risk. We provide the player only to those buyers who are already into the video production business, and have a youtube channel or a website to prove this. Such buyers are un-likely to be interested in this sort of hacking. OK, coming back to the encrypted file. The decryption formula is known only to the custom WinPlay or SyPlay Video Player. The player decrypts the bytes just in time and passes them on to the Windows Media Player for rendering.

Introducing Hoven's Video Copy Protection Software

Ours is a three step solution - first encrypt your videos, then distribute them to your end users, and third provide a license file so that they can start watching them. For this there are three software applications - one for each task.

The video encryption software is at the first step. This software is used to encrypt MP4 or AVI or WMV videos into a custom encryption format, the extension for which we have chosen happens to be MP7. You can specify certain parameters at the time of encryption, notably, the package to which this video will belong. A Package is a name given to a group of videos so that a single common license file can be issued for them. They can be sold as a single selling unit. For example, if you have 100 videos belonging to the package, say, P0001, then your end-user will need only one license file from you, and be able to play all the 100 videos. So, as I was saying about the parameters at the time of encryption. Another parameter that can be set is the number of trial minutes granted to a user. You can specify a value for this starting from 1 minute, and going up to about 10. When your user tries to play a video, he would be allowed to watch the video for these number of minutes for free. As soon as the player moves past this figure, a box pops up asking the user to browse for and apply the license file. This feature is particularly useful for getting the user interested into your stuff, and convince her into buying a license. The videos can be encrypted one at a time, and also in bulk, with a single click. Since the latter is an un-attended encryption, you will have to follow a certain arrangement of folders for this to work. The details of that arrangement can be seen when you install the encryption software. Here I must mention the special package code called 'ABCDE'. Videos belonging to this package are free for anyone to watch, no license is required for watching those videos. You can use this special package for providing free samples to you end-users. Another thing that I must mention is that the videos need be encrypted just once. You don't have to encrypt them over and over again for each new order. You can continue using the same encrypted videos for years, and keep distributing them over any medium of your choice.

After encrypting your videos and classifying them into convenient chapters and sub-chapters you can make them available to your users through an internet download, or pass them on a loaded USB flash drive or burn them into a set of branded DVDs. There is no need to protect the encrypted videos because they are of no use to anybody. They can be safely offered as a public download, but of course, with the instructions that the videos can only be played through your special player, and that too after getting a valid license from you. It is suggested that if you are publishing your videos on a website, then you should also place the video player alongside so that your prospective customers can download the player and use it to go through the trial minutes offered for your videos. This also helps in avoiding customer calls at a later stage, because customers who haven't paid yet prefer doing simple things themselves, and are less likely to push the panic button. So what happens afterwards? The user plays one of your videos and moves past the trial minutes. At this point he is presented with a dialog box that shows an eight digit token code. If the player is integrated to a payment gateway, then he is instead shown a link for making his payment. In the former case it will be your responsibility to send a license file to your user. But if he goes through the payment gateway, then a pre-configured license is automatically downloaded and applied. After that the user can keep watching the videos till the license restrictions are surpassed, at which point she has to again seek a fresh license.

The third software is the license generation software. This is available in three flavors - as a desktop application, as an online web application, and as a payment gateway integration. The simplest to understand is the one available as a desktop application that you have to install on your own Windows PC. A user who has been restricted from going beyond the free minutes sends you his eight digit token, which is generated by the video player by combining the serial numbers of various hardware peripherals, including the fixed hard disk. This ensures that the token is almost unique for every user, because the hardware serial numbers are themselves globally unique and usually burnt in by the respective manufacturers. The player also ensures that this eight digit token doesn't remain same if the user un-installs the player, and then installs it back, or if the current license has expired. You have to enter this token into the license generator and set a number of parameters like the expiry date, the number of plays allowed, or whether there is going to be no expiry date, and whether the player can run with a dual monitors, or whether the player can run inside a virtual machine, and a few more of them that you can yourself check out by installing the software. All these restrictions are not guaranteed to be obeyed, but the player does try to ensure a wider compliance. After making your choices you have to hit the OK button, and you are prompted to save it somewhere. This license has to be emailed to the user, who can apply it to begin watching the videos without any restrictions.

Creative Commons License
This Blog Post/Article "Video Copy Protection Software" by Parveen (Hoven) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Updated on 2020-02-07. Published on: 2017-05-20

Comments and Discussion