VOD Encryption Manager
VOD Encryption and Workflow Management
The Verimatrix VOD Encryption Manager (VEM) is an option within the Video Content Authority System (VCAS™) for IPTV, which provides an integrated and highly flexible mechanism to generate encrypted content files in preparation for video-on-demand (VOD) delivery. VEM supports automation of the content ingestion process from receipt of intermediate files and metadata, through optional watermark insertion to provisioning the VOD server and subscriber entitlement system. It provides an efficient and robust operational front-end for a wide range of added-value pay-TV services.
VEM consists of three components:
- Video Pre-Processor for faster-than-real-time encryption of on-demand assets
- VRUN workflow automation tool with scripted ingest and output support
- Remote Key Extractor for wholesale/retail distribution architectures
Video Pre-Processor (VPP)
Working with the Verimatrix Content Security Manager (CSM) for key generation, VPP encrypts video assets using the proven AES-128 algorithm, which can be applied at an operator specific percentage level.
The VPP video encryption process is “MPEG-aware” and preserves key header fields to support indexing utilities used to implement VOD “trick play.” The use of MPEG-2 Transport Stream and Digital Video Broadcast (DVB) standard entitlement control message (ECM) formats enable secure insertion of a range of control data within each stream, e.g. copy control flags, watermarking management, and content ratings (“parental control”) data.
VPP employs encryption and key management protocols that are symmetrical to those used by the Verimatrix Real-Time Encryption Server (RTES) and MultiCAS broadcast encryption components of VCAS. This approach improves the flexibility of system configurations and offers transparent support for digital video recorder (DVR) and nDVR.
Verimatrix RUN (VRUN)
VPP can work in conjunction with the VRUN component. VRUN is a VCAS server process that flexibly automates the process of VOD asset ingestion and encryption by means of pre-defined scripts. VRUN monitors one or more directories for the arrival of video files and, when one is detected, it follows a script-based procedure to drive the encryption and authorization process.
Remote Key Extractor (RKE)
RKE is an optional VCAS utility for ingestion of VOD assets that have been pre-encrypted at a remote VCAS installation. This means that no decryption/re-encryption is necessary, thereby removing a potential security vulnerability. Keys for encrypted assets are extracted from the remote VCAS installation during the ingestion process.
- Platform OS: Red Hat Enterprise Linux 6.5
- GUI: Java-based
- Stream format: IP encapsulated MPEG-2 Transport Stream
- Content encryption: 128-bit AES
- Key mutation rate: Operator selectable per stream, up to 2/sec
- Stream encryption: Operator selectable from 1-100%
- “Trick-play”/DVR indexing support: I-frame and header detection/protection ready for “trick play” stream indexers
- Automation capability: SOAP API support for workflow management
- Scalability/Redundancy: Clustering and auto-failover support