Category Archives: Technology

Basic HLS Encryption where the key is in the manifest file

HLS Streaming, HLS Encryption & Setting High Secure DRM

What is HLS Streaming ?

HLS Streaming ( HTTP Live Streaming) is a streaming protocol used for video content across desktop and mobile devices. HLS is developed by Apple, which forms the biggest use case for the streaming protocol. Beyond Apple there is wide support for HLS streaming across Android devices and browsers. Indeed, HLS can be used as a streaming protocol for all major browsers, including Chrome and Firefox.

In HLS Encryption the video files are encrypted using a secure AES-128 algorithm. The AES-128 is the only publicly available security algorithm that is used by the NSA for encrypting its top-secret classified information.

HLS streaming and HLS Encryption can be used for both the cases of live streaming and for Video on Demand streaming (VOD). Because video streaming is over HTTPS, there is no need for a streaming server, unlike RTMP, which requires its own streaming server

HLS Streaming Protocol is not blocked by firewalls, unlike RTMP streaming protocol

How & Why Apple Developed HLS Streaming ?

Until about 2010, Flash was the most popular video streaming application. It was supported by all desktop browsers. Because Flash utilized the same runtime across all browsers, it meant that video streamers did not have to create separate workflows for different devices. DRM and encryption were also supported by Flash.

Flash was however plagued by security issues. Video playback on Flash was processor-intensive, which caused mobile batteries to drain very fast. For these reasons Apple did not support Flash in the iPhone and in iPad, instead including support for native HTML5 playback.

Apple created its own specifications for video streaming, which could be used for both live streaming and for pre-recorded video streaming. Android OS followed suit by blocking flash playback from browsers on Android. From the introduction of the smartphone to the emergence of MPEG-DASH around 2015, Apple’s HLS streaming has been the most widely used protocol.

Because of Apple’s continued support for the protocol, encoding for HLS player is an integral element of any video streaming provider’s workflow.

How does HLS streaming work?

In plain vanilla HTML5 video streaming, only a single video file is available for streaming. The download of the complete video file is initiated every time the stream is played. Even if a viewer watches only 2 minutes of a 30 minute video, the full video would be downloaded, causing data wastage at both the server and the user end.

Streaming protocols remove this inefficiency in video streaming. Streaming protocols such as HLS effectively break down a video file into multiple chunks when streaming, and these video files are downloaded over HTTP in succession. HLS streaming uses the same workflow for both live and for on-demand content.The core idea in multi-bitrate streaming is that multiple renditions of each video, of varying resolution, are encoded. High resolution videos are delivered to large screen devices having high network bandwidth, whereas lower resolution videos are encoded for mobile phones. Encoding for low resolutions also ensures continuous video streaming when the network connection speed drops.

Progressive streaming using HLS AES-128 Protocol

When the user decides to change video resolution, or when the network bandwidth changes, video streams can be manually (or automatically) switched. HLS video streams are encoded using the H.264 standard, which can be played across all devices. Each of the video copies is broken into multiple chunks having the .ts (transport stream) extension.

There is a main index file, called the manifest file (.m3u8 file format), associated with the video stream. The main manifest file contains links to the specific manifest files associated with each unique video stream. Each of these specific manifest files in its place directs the video stream to the correct URL for video playback when streams are switched. This ensures that stream switching is seamless.This process of manifest file referring to the video stream is the same for both live video streaming and for on-demand video streaming. The only difference for live video is simply that the video files are being encoded in real-time.

Streaming over HTTP has many advantages over using a separate server. For example firewalls which may be used to block ports used for RTMP are unlikely to affect video streaming over HTTP. No additional cost are required for streaming over HTTP server.

Video Streaming through HLS protocol

What is HLS Encryption ? Is HLS Encryption effectively secure against piracy ?

HLS AES-128 encryption refers to video streams using HLS streaming protocol wherein the video files are encrypted using the AES-128 algorithms. The key exchange happens through the secure HTTPS protocol. If done in a rudimentary way the key for decryption can be seen from the network console by accessing the manifest file. A poor implementation of HLS encryption would result in plugins automatically finding the key and decrypting the HLS encrypted stream, rendering video security ineffective.

Basic HLS Encryption where the key is in the manifest file

There are however methods to strengthen the HLS Encrypted stream. The challenge is to make sure that the key is not exposed directly. These are the options for additional security in HLS Encryption:

  1. Not including URL to decryption key in Manifest File
  2. Implementations for this vary widely, and are quite difficult by themselves. This method for protecting HLS content may also cause compatibility issues on devices. If done properly however it is definitely a major improvement in video security.

  1. Using authenticated cookies for HLS Encryption streaming
  2. In this method, the browser of authorized users stores authentication cookies. These cookies are stored with a digital signature, to ensure that they are not tampered with. This ensures that only the authorised user (and not some external plugin) is seeking to fetch content. The following workflow is used for configuring authentication cookies for HLS encryption:

    1. Trusted signers are configured, who have permission to create authentication cookies. This configuration is done at the edge location (content delivery network)
    2. Application is developed to send set-cookie headers to authorized viewers
    3. Authorized users store name-value pairs in the cookie
    4. When user requests protected content, the browser adds the name-value pair in the cookie header to the request
    5. The CDN uses the public key to verify the digital signature in the name-value pair
    6. If the authentication cookie is verified, the CDN looks at the authentication cookie’s policy statement. The policy statement determines if the access request is valid. For example the policy statement could include the beginning and end time for cookie validity.

    Advanced HLS Encryption, using authentication cookies/ signed URLs
    For further information on authentication cookies for content protection you can have a look at Amazon Cloudfront’s documentation.

  1. Signed URLs can be generated for authorized users
  2. The following workflow is used for configuring signed URLs for HLS encryption:

    1. In the CDN trusted signers are created, who have permission to create signed URLs
    2. Develop application to create signed URLs for protected content
    3. When user requests protected content by signed URLs, the application verifies if they have authorization to access it
    4. If verified, the application creates a signed URL and sends it to the requesting user
    5. On accessing content through signed URL, the CDN verifies that the URL has not been tampered with. This is done by using the Public Key to verify the digital signature of the URL
    6. If the signed URL is valid,
    7. The CDN uses the public key to verify the digital signature in the name-value pair
    8. If the signed URL is verified, the CDN looks at the signed URL’s policy statement. The policy statement determines if the access request is valid. For example the policy statement could include the beginning and end time for the signed URL. For protecting content, this period of validity of URL should be short – as little as a few minutes is optimal. For this you can create dynamic URLs, that change every few minutes.

    For further information on signed URLs for content protection you can have a look at Amazon Cloudfront’s documentation.

All these 3 steps make the video stream considerably immune to direct download through plugins. However these methods are still breakable by already available codes and tech hacks.

How is DRM level security for HLS Encryption possible ?

DRM requires that the key exchange and licensing mechanism is highly secure and is always out of reach of external tools and hackers. A DRM technology also has additional elements. It delivers a license file, which also specifies the usage rights of the viewer. Usage rights specify the conditions in which the video playback is allowed.
Implementation of these usage rights ensures that the signed key used for decryption can only be used for playback on the viewer’s device. The key would simply fail to decrypt the video stream if the video file is copied to any other device.

DRM adds complex layers of workflow for license management. This workflow includes:

  1. Specifying highly detailed usage rights such as-
    1. Limiting video playback on a device to only a fixed number of times
    2. Video access can expire after a period of days if subscription is not renewed
    3. Limiting the device or screen on which the video can be played. For example usage rights can be used to restrict users to cast their video playback on an external device such as a Smart TV.
  2. The license database is also bound to the user’s device, which means that if shared the license and decryption key becomes redundant.
  3. Licenses are also signed with the digital signature, which means that they cannot be tampered with either during transit over HTTP or when stored locally on the device.

Implementing DRM along with HLS streaming entails considerable modification of the HLS Encryption infrastructure.  At VdoCipher, we have been able to do that and provide a full fledged proprietary + HLS DRM. We cannot technically say that we are streaming a HLS encrypted stream as it is highly modified. We use combination of other technologies based on different platforms and are able to roll out a cross-device, cross-browser compatible DRM.

VdoCipher HLS Encrypted DRM Infrastructure Details

  1. Upload of Videos (All common formats are supported )
    The content can be uploaded through Dashboard or APIs. Upload from desktop, FTP, Drop Box, Box, URL, Server all are supported.
  2. Encryption & Transcoding for DRM streaming
    Videos are converted into encrypted files, and multiple qualities & versions for ensuring delivery of quality content at all devices, browsers and all connection speeds. The encrypted content is stored at our AWS S3 servers and raw videos are never exposed. We have setup our custom EC2 instances for the encoding pipeline, and the resultant files are hosted securely on AWS S3 servers.
  3. Encrypted Video Streaming (Modified HLS Encryption & Streaming)
    As discussed above the high secure key and license exchange mechanism supports the transfer of encrypted video data ,ensuring HLS DRM level security. Dynamic URLs ensure that each playback is authenticated and the URL cannot be extracted outside the website or app for pirated playback. We use multiple top tier CDNs – Cloudfront, Akamai, Google CDN, Verizon to ensure smooth delivery of content all across the globe
  4. Decryption in Video Player & Watermarking
    There is private communication between our API & the client website. This ensures that its not possible for hackers to decrypt our streams. The One Time encryption that we use is theoretically and practically hack-proof . The website embedding the video content requests a One-time password from the VdoCipher web server using the API. This OTP request is made only after the user is authenticated. The VdoCipher API returns the OTP, which is used to render the embed code. This embed code is valid for a single playback session only. Along with the key a usage policy is specified, ensuring that only a logged-in and authenticated user is allowed to playback the encrypted video. The video would simply fail to play if an external plugin or downloader is used to try to access the video file.We have timely modifications to our licensing and authentication mechanism to keep sareecurity updated.Watermarking -Video licensing and playback are combined to generate customisable viewer specific watermarks. The watermark can be IP address, Email ID  and User ID shown in customisable colour & transparency to identify a playback session by the viewer.
  5. Result – Progressive High Secure Streaming
    Through this 6-step Video Hosting, Encryption and Streaming process, VdoCipher is able to provide a progressive high security video streaming with future buffer possible. This is also different from RTMP which does not maintain any buffer and can be quite erratic as a result.

HLS encryption, HLS Streaming, DRM streaming

Demo Free Trial for HLS DRM Streaming

You can signup for a free full version trial at VdoCipher.
Online businesses also often require features over and beyond video security. VdoCipher fulfills all major requirements for enterprise video hosting. The complete set of features that VdoCipher offers for enterprise video hosting may be found here.

RTMPe Streaming: How does Secure RTMP Streaming work?

rtmp Stream, rtmpe streaming

RTMP Stream: The Technology

Real Time Messaging Protocol is used to stream multimedia data – audio and video  – between Flash Media Server and Flash Player. The chief utility of RTMP stream is in the optimization of the audio and video data transfer between the server and player. Its major use comes in Dynamic live streaming, and because of the encryption service RTMPE (which, despite of its security flaws, has a wide use) . In this blog post I expand upon – 

  • Use as Streaming protocol – How RTMP evolved as a widely used real time streaming protocol
  • Differences from other streaming protocols, strengths – In what aspects it differs from newer streaming protocols such as  HLS & HDS.
  • Use Cases – We also discuss certain RTMP use cases.
  • RTMPE – Utility of Encrypted RTMP and the flaws in its security services.
  • Flaws in Security & Streaming reliability

RTMP transfer across media server, CDN and flash player

Is RTMP Stream Optimal for Low Latency Transmission ?

RTMP stream does not use either of the 80/443 ports(HTTP/HTTPS) ports, but instead uses the 1935 port. An exclusive port for video packet transmission signifies that the RTMP stream protocol is suitable for transmission of low latency content – essentially live streaming of video content, and streaming of media without buffering. However, by using this port RTMP stream becomes vulnerable to being blocked by certain corporate firewalls.

RTMP stream is theoretically optimal for low latency streaming as the RTMP pointer is always in sync with the media server at the exact point of stream. This means that if their is signal interruption for say 5 seconds, the flash player will not display the signal for 5 seconds, but would resume at the real time when the signal over the network resumes. The stream should therefore never lag inspite of poor network, although the quality of video may suffer.

RTMP Stream: VOD across media server, CDN, Flash Player

Adaptive Streaming through RTMP

RTMPE is suitable for live streaming as it does not download any video packets except at the time of streaming – there is no buffering of content as would occur with a progressive media player. The bitrate can be dynamically decided to optimize user experience over the available network. Dynamic streams consist of multiple single streams of the same content, all of different quality. RTMP stream relies on dynamically adaptive content transfer to maintain video playback at periods of uneven network quality

RTMP stream is distinct from Progressive Streaming Players

Progressive media players, a category that includes popular video players Youtube, Vimeo & VdoCipher, allow video portion of the future video part to be downloaded as well. Essentially it allows for a future buffer in player. Progressive Streaming is now a common feature across all popular video hosting services across the internet. The shifting of video metadata from the end of media file to the front allows this possibility. Thus, before the download of complete media file, the media player has all the information that it requires to start playback.

In progressive streaming, the media is stored in the temporary directory of the associated web browser. This is the concept on which most downloaders or download software/plugins work. They are able to fetch this data which is coming into the browser.

With RTMP there is no storage in a temporary directory, and instead a continued direct streaming between the two servers. It is conceptually live and does not have any future buffer even for recorded videos.

Encrypted RTMPE & Security

Encrypted RTMP (RTMPE) wraps the RTMP stream session in a lightweight encryption layer. Through Encrypted RTMPE, the streaming protocol provides low-level stream encryptions for high-traffic sites. RTMPE uses Anonymous Diffie-Hellman key exchange method. In this algorithm two parties – the media server and the flash player – establish a shared secret key over an insecure channel. However, the initial point of secret key sharing is unsecure. The media server cannot verify the identity of the media player. This leaves the player vulnerable to man-in-the-middle attacks at session initializations.

RTMPS is an RTMPE over a secure TLS/SSL connection. The underlying algorithm of RTMPE remains the same, but a secure SSL connection precludes a man-in-the-middle attack from unknown third parties. However there is still the case in which the client can grants access to a third party.  Through  this user can download the stream content.  In that case the video download is easy, leaving the content provider vulnerable to the potential piracy from end users for illegal distribution.


RTMP Stream Encryption

As explained, RTMP stream never has a block of data, only a pointer to the current live data. Owing to this no local storage of data RTMPE occurs. RTMPE can therefore, with an additional layer of security, be a means for video transmission locally. As discussed, RTMPE was quite different from other streaming players in concept of its streaming protocol. Thus, not many downloaders or plugins are built to grab it. Thus, it has a certain level of protection sometimes pitched with it.

RTMPDump to Download RTMP Videos

RTMP dump is an RTMP toolkit to connect to Flash Media servers just like normal flash players. It stores the data from the RTMP connection, sometimes used to capture the stream from the server. This allows local saving of the video file. This opens a means by which TV shows and videos on demand being streamed via this can be downloaded to cause piracy.

RTMP Stream and Content Delivery Networks(CDN)

RTMP also requires direct constant connection with a Flash Media Server throughout the period of playback, as there is no local storage. Every flash client has to maintain state with the media server all the time.  This results in higher CDN cost. 

Currently, CDNs have started to phase out RTMP. Although CDNs Akamai and Amazon Cloudfront have committed to supporting its streaming, they accept that usage traffic has declined considerably over the previous years. Limelight supports RTMP for video ingestion from content provider to CDN server, which routs to the video user through HTTP. 

Alternative to RTMP – High Secure & Smoother Streaming

As seen above, it has primary two problems –
1. Poor streaming due to no future buffer and constant server to player connections.
2. Downloadable through RTMPdump compromises security from piracy.

VdoCipher encryption through backend OTP

VdoCipher offers completely encrypted data transfer, viewer specific watermarking and backend authentication. This ensures highest security from any downloader or plugin looking to hack content. The OTP given to the specific viewer is authenticated at backend, precluding access from anyone except the intended video user.
VdoCipher has a progressive buffer-conserving player. On seeking the video to past or future timeline, the buffer remains conserved, thereby demanding lower bandwidth. Our video player is optimised for serving at both low and high bandwidth – VdoCipher serves viewers in tier II and tier III cities in India, we also have major clients across Africa. Our streaming has been highly effective even at lower connection speeds.

For a full version 5 GB free trial , please visit VdoCipher.

Ref – 1

Video Streaming Hosting VdoCipher

All these things, VdoCipher handles for you. Launch Today.


Encrypted Video Streaming: VdoCipher & Others

The main encrypted video streaming protocols in use by most streaming providers are:

  1. HTTP Live Streaming – HLS Encryption with AES-128
  2. Dynamic Adaptive Streaming over HTTPS – DASH
  3. Real Time Messaging Protocol (RTMP) and RTMP Encrypted (RTMPE)

HLS encryption, with AES-128 bit encrypted streaming is widely marketed as a secure streaming protocol. Indeed, certain security features have been built into these streaming protocols. However, by themselves, HLS Encrypted, DASH and RTMPE are not sufficient to protect your content. Their security flaws lie in:

  • Partial encryption of streaming content
  • Open key exchange mechanism for decryption

The encryption that these protocols offer are not foolproof.

Suppose, you have bought a state-of-the-art lock for your home. One that even the most masterful locksmiths cannot break through. But then, well, you leave your key under the door-mat. Does your state-of-the-art lock still ensure state-of-the-art security for your home?
HLS Encryption and RTMPE are not effective encryption technologies by themselves
Many tools are widely available that exploit the security vulnerabilities in encrypted streaming protocols. Tools such as IDM, Video Download Helper and RTPMDump can even download content that has been encrypted, opening the gates for pirates to download and share your content.

Although widely used, these streaming protocols are not the only streaming protocols that can be used. VdoCipher uses a modified version of the existing streaming protocols to increase video security, and minimize bandwidth usage.

Here we explain how VdoCipher’s Encrypted Video Streaming works, and how our proprietary encrypted video streaming technology is hackproof. We explain the complete workflow that our video DRM uses. Steps 5 and 6 of the video streaming workflow are the key differentiators that set us apart from competition.

Online businesses also often require features over and beyond video security. VdoCipher fulfills all major requirements for enterprise video hosting. The complete set of features that VdoCipher offers for enterprise video hosting may be found here.

Video Streaming Hosting VdoCipher

All these things, VdoCipher handles for you. Launch Today.

  1. Upload

    The video content is uploaded by the registered customer through Desktop, FTP, Drop Box, directly from server and direct from URL. VdoCipher supports all typical video formats.

  2. Transcoding for Protected Streaming

    At VdoCipher we have designed our own proprietary format that we convert videos in. It is in this format that the encrypted streaming takes place in. After user uploads the video the VdoCipher player converts content into encrypted format. The video is transcoded for optimization at multiple bitrates, so that viewers on networks of any quality can conveniently view videos.

  3. Storage of Encrypted Content

    The videos are stored securely on Amazon’s AWS S3 servers using our own server-side encryption technology, creating a double layer of protection.

  4. Encrypted Video Transfer – Differentiator

    Now the encrypted content has to be streamed to the final viewer interface , be it app or browser. Unlike many other streaming protocols, there are two key differences:

    Firstly, the entire stream (not partial) is encrypted using a non-public key whose exchange mechanism is hidden and is proprietary. Others like RTMP does it partially and not fully secure.

    Secondly, the transfer of this encrypted content is not through direct access to the video file. There is a one time URL that is generated and the content is transferred in different chunks to optimize streaming.

  5. Licensing & Authentication – Differentiator

    If the video has a direct video URL that can be shared, then the encrypted video streaming has completely ineffective security. This is because there can be multiple browser playback of the same video, and therefore the video can be easily downloaded. Our key service differentiator is that we have One Time generated video URLS. These URLs are accessed only through custom video embed codes, allowing licensing duration for each single video stream. This prevents any URL based sharing.

  6. Decryption & Playback – Differentiator

    Finally, the encrypted stream content is decrypted inside the player with a dynamic key. Our proprietary key transfer protocol is fundamentally different from the public key transfer protocol in cases of HLS, HTTPS and RTMPE Encrypted Streaming Protocols.

    A private key transfer between the website and our API signifies that it is not possible for hackers to decrypt our streams. The One Time encryption that we use is theoretically and practically hack-proof . We regularly update our authentication mechanism to keep the security features up to date.

    Video licensing and playback are combined to generate customizable viewer specific watermarks. Within the watermark offering, IP address, Email ID  and User ID can be shown as light transparent watermark, to identify a playback session by the viewer.

    Result – Progressive High Secure Video Streaming

    Through this 6-step Video Hosting, Encryption and Streaming process, VdoCipher is able to provide a progressive high security video streaming with future buffer possible. This is also different from RTMP which does not maintain any buffer and can be quite erratic as a result.  Also, once a part of a video is buffered it remains conserved, even when the viewer seeks back or forth. This ensures fastest loading times and minimal bandwidth usage for secure video streaming.

encrypted video streaming                          To try the product trusted by customers across 30+ nations secure video streaming, Add more revenues by eliminating video piracy, have a full free 5 GB trial at


3 Offline Encoder For Video Conversion: MAC & Windows

There are a lot of instances where the raw video file after camera recording is quite large in size. If it is not on a server or url, it becomes quite difficult to upload it to online sites like VdoCipher.  To solve this problem there are offline encoder or converters or transcoders which convert the huge video files into decent size without any visible lose in quality. Some of these tools can also be used to convert files into different formats for video and audio. Here are the details of top 3 offline encoder

Offline Encoder & Converters For Reducing Video Size & Formats

  1.  WinFF for Windows

    Please visit this link to donwload the software

    1-  Add the videos using the tool button.
    2- Choose MPEG-4 in the Convert-to.
    3- Select MPEG-4 1080p as the preset.
    4- Click on options to show more tabs.
    5- Go to video tab.
    6- Enter 2500 as the video bitrate (units is 2500kbps).  This is the bitrate we have experienced high enough to be HD, Users can also try with 1500 or 2000 kbps. It shall also work fine for most of the cases , specially if the movement in the video is quite less.
    7- Tick the checkbox 2 pass below it.
    8- Click on convert tool button.
    9- Wait for the video to complete.
    10- This process might consume high CPU.

  2. VLC Media Player for MAC & Windows

    It is quite unknown fact that even VLC media player can be used as an offline encoder to convert and change videos. Here are the steps –

    • Go to Media > Convert/Save >  In file tab add your raw video or audio file.
    • Click on the  “down arrow” mark on the Convert/Save button and Select “Convert”.
    • Now, provide the format in the “Profile” drop down, also provide the destination source.
    • Click on “Start”,  the conversion will start and after the completion, the converted file will be available in the destination source.

3. Prism Video Converter for Windows & Mac

It is quite easy to use software to convert and resize videos. There is both a free and commercial version available. The UI is quite clean and it is almost drag and drop.

For online encoding , VdoCipher has also a customized detailed UI + API trans-coding setup for enterprises. All popular video formats (more then 15 ) are supported , video size, bitrates , type of encoding all can be specified. By default VdoCipher converts videos to its own proprietary encrypted format but for large enterprise cases it does custom transcoding as well.


Video Streaming Hosting VdoCipher

All these things, VdoCipher handles for you. Launch Today.

Offline Encoder Online Transcoder

VdoCipher Transcoding

Register for a full version 5 GB Free trial at

Why Not to Host Your Own Videos? Challenges in Self-hosting videos

At VdoCipher we have worked with thousands of online businesses for their secure video hosting. In this period we have developed a broad understanding of the video hosting requirements that businesses have. A number of our customers had previously tried to self host video content. Here we share our learnings from working with our customers.

We see that in many cases, the first idea that comes to the video creator is to self host videos. This means having an in-house team to handle the video streaming & hosting technology. However, handling the video hosting on their own end is often not technically and economically feasible. A lot of businesses realize this only after spending valuable time and resources into developing an inefficient video hosting infrastructure. Many IT service companies that do not have video as a primary offering also come to this realization at some point.

Here we list the primary reasons as to why you should not self host videos.  Most of these recommendations apply to both high-budget and economy users, as both the service offerings and price points of premium online video platforms (OVPs) deliver better returns on investment than could be obtained from self-hosting videos.

5 Reasons Not to Self host Videos ,Why ?

  1. Server and CDN setup, Scaling, Automation for streaming

    When hosting videos on static web pages, each time the webpage loads the video is loaded as well. Handling 100s of users loading your video player each minute would require multiple cores of servers and Content Delivery Network implementation. The video hosting infrastructure should have the capacity to serve users at peak times, when there are maximum users on the page.
    It is a lot different doing these for static sites & video stuff. Handling multiple cores of servers, implementing CDN, ensuring it goes well during peaks and scales well, is a tough job. Here is an example to explain better.

    Consider a webpage that hosts a 5-minute video, getting 100 pageviews in a minute. These 100 users who came within a minute on the web page were in real time loading the page and requesting objects from server. These server requests were being generated at different milliseconds – there were never 100 simultaneous users, they had loaded the page at different milliseconds. While all the other page elements are loaded at different times within the one minute window, in the case of video every user is simultaneously fetching content. For a 5 minute video all the users will be fetching content at same millisecond level from servers, overloading the server hosting your website. This can therefore overload the server, and lead to your website crashing. For this reason optimization of hosting infrastructure requires that your video hosting and website hosting be on separate servers. Setting up a separate server for handling videos would again require a whole new server setup process, adding to your responsibilities considerably.

    VdoCipher offers cloud server video hosting, freeing you from server hosting requirements

    You wouldn’t want to spend all your time figuring out your hosting server now, would you?

  2. Protecting Videos from Download and Piracy

    If you choose to self host videos , you would most likely be providing a direct video video URL from your video hosting server to the site. This can make your video vulnerably to download from a lot of free downloaders and plugins such as IDM and Download Helper. These plugins are widely available on the web, which leads to loss of revenue from content owing to video piracy. Secure Online Video Platforms would safeguard your content from online video piracy.

    Use secure video hosting to protect content from being pirated

    Protect your videos from Jack Sparrows

  3. Encoding for multiple devices & Bitrates

    Currently the video codecs segment is highly fragmented. Apart from Chrome, which supports almost all the popularly used codecs (H.264, WebM, Ogg), none of the web browsers supports all the major codecs. For instance, Safari and Internet Explorer support only H.264 encoding and not WebM or Ogg, whereas Firefox, the next most popular browser after Chrome, does not support H.264 codecs. When self-hosting videos, you would need to transcode specifically in each of the codecs. Encoding is again a server + CPU intensive process. A different file is needed when viewing a video on a phone and when viewing the video on your PC or HD television. You would need to transcode videos for desktop, iOS and android separately. Also encoding is required for different bitrates, so that your viewers can watch your videos across all devices smoothly and seamlessly.Transcoding on cloud server for secure video hosting

  4. Video Player – Controls, Adaptive, Customization

    Video.js is a JavaScript and CSS library that is used as an HTML5 video player. Using the Video.js library requires a great level of coding. For this reason it is recommended that you opt for a secure online video platform (OVP) over coding from scratch. Apart from the initial setup, additional customizations required are adding desired colors, themes, bitrates, sizes and adaptation to aspect ratio. This customization is required to allow video playback across multiple devices and browsers.

  5. Costs of Large development team & Time to launch Video business

    If you are willing to setup your own video infrastructure in-house, it is important that you look at the bottomline of costs and time of development. This includes spending on the development team, at which point you would need to understand salary costs of developers. Besides, in-house development would take months to launch, in which period you would need to bring together a team for setting up the video infrastructure and understanding the hosting requirements. Besides the one-time setup costs, you would need a dedicated team to troubleshoot problems. VdoCipher online video platform has the necessary video infrastructure, and our support ensures that your videos faces minimal downtime. You can get started with using VdoCipher in just about 10 minutes, and can integrate your website with our hosting service in 3 days, with full support from our customer experience team. VdoCipher uses AWS & Akamai at backend to ensure great cloud availability.

Still not convinced? Shawn Hesketh at WP101 has written a comprehensive post on why you should never host your own videos.

For a full version free trial of most secure and reliable streaming solution, register at

Not Self Host videos , Video Streaming Hosting VdoCipher

All these things, VdoCipher handles for you. Launch Today.

Setting desired bitrate for video playback for multiple devices

Different devices and internet speeds require different bitrate to be served. Based on device type and your viewer connection, some of you may opt to provide particular bitrates forcefully.  Often you like to provide playback at the certain quality or constrain the network data. Bitrate, Dimensions ,Quality thus can be configured. Below are the steps.

First, Send in an extra parameter while setting up the otp. Append a post parameter called “forcedBitrate”. This need to be an integer. During load time, the player obtains the list of available resolutions from the server. If the forcedBitrate is set, it starts playing the bitrate which is closest to that one.


If you have a video with bitrates created at [300, 900, 1500, 2100].  By default, the player will try to guess the correct bitrate based on a number of factors. If you believe that the default rate should be 900, set the value of forcedBitrate to 900. If the forcedBitrate is set to 1100, then player will calculate the bitrate closest to it and play it. This will ensure that the player will continue playing inspire of any error.

Here is a sample curl command for the otp call with forcedBitrate included:

curl '' -H 'Content-Type: application/x-www-form-urlencoded' --data 'clientSecretKey=CLIENT_SECRET_KEY&forcedBitrate=1100'

Check the Api page under /otp for more info and other APIs.

AWS + CDN Infrastructure: Hosting, Streaming Details

Video Hosting & Streaming for premium use cases require a robust, scalable and secure infrastructure. I will give a brief overview of the tech stack deployed by VdoCipher in terms of Server, CDN, Encoding infrastructure to effectively ensure smoothest delivery of video content.

Here are the details explained with the help of an infrastructure diagram.


  1. Upload & Storage

    The videos on VdoCipher can be uploaded from devices, server, video url, ftp, dropbox, already existing vimeo pro account. The uploaded videos direct go to Amazon (AWS) S3 servers. We have S3 storage locations across Asia (Singapore, Mumbai), Europe (Frankfurt), USA (North Virgina), to ensure faster upload speeds and closer access of content possible during first time when streamed. For regular access of same content, CDN starts playing a major role rather then the storage. We also have AWS acceleration enabled for the accounts to ensure speedy uploads and reduced error rates.
    VdoCipher accepts videos in more than 15 standard video formats. The storage security protocols as followed by AWS are at place ensuring highest content protection from the server side. Further more, VdoCipher stores the videos in encrypted format , more details come below.

  2. Transcoding & Encryption

    VdoCipher has its own AWS EC2 on the spot instance setup systems for transcoding. As we have a lot of already existing customers, a lot of the CPUs are already running for encoding. VdoCipher converts video to multiple bitrates and in case of quite high sized camera recorded videos , vdocipher automatically converts them to decent bitrate, keeping the same quality. The conversion for encryption and various devices is also done at this point.

  3. CDN & Streaming

    This is the major tech part of the whole system which has to be optimized and take care of to ensure best viewer experience. Content Distribution Network (CDN) are geographically diverse located small pops which help in caching popular video content. VdoCipher uses a combination of AWS CDN CloudFront + Akamai to distribute content. These are the top two international tier CDNs helping video industries to make billions of revenues. Here is an example – Say the video is stored in North Virgina Region of AWS S3. Now some viewer in New york tries to access the content through VdoCipher embedded video on customer site. Now, for the first time in a day , the content will directly reach him from Virgina. Suppose, some body else or the same person again tries to access the content from New york on the same day. This time the video will be served from the cached part at New york Pop. The science behind is not so simple and involves lot of optimizations, if – else & caching algorithms, video chunks being monitored. It is taken care of by VdoCipher, AWS, Akamai objectively and our customers need not worry of any of these. VdoCipher has customers across all 6 continents and has great tech experience and skills to oversee this.

    It is worthy to note that VdoCipher uses its own proprietary  streaming technology that allows it to transfer fully encrypted content + watermarking. Other then the server + CDN from the partner companies (AWS, Akamai), VdoCipher has put a lot of efforts in optimizing the quality of streaming to ensure faster load speeds & buffer retention. Buffer retention means that on seeking back or forth during a video playback, the video already loaded is not flushed out. The buffer remains conserved, this ensures smooth streaming even at poor net connections. Also, it minimizes bandwidth costs for you and your viewers.

  4. Licensing or Authentication of Stream

    Most of the video hosting companies who provide a fixed url from server to access the video, results in url based video sharing and piracy. VdoCipher through its APIs & plugins provide a custom embed code , which invokes a different video url which is generated uniquely for each playback. There is a one time password (OTP) based authentication , ensuring each video url plays only one time.  Custom licensing like ip restriction, time restriction can be done by VdoCipher on enterprise demands.

    To start streaming with a full version free trial with us, Register at VdoCipher.

Faster video upload to VdoCipher: AWS acceleration + Aspera

Now you can enjoy speedy video upload even of large size from your dashboard & APIs to VdoCipher dashboard. The speedy functionality works with all kinds of video upload- from desktop, ftp, url, server, dropbox. The speeds of video upload to VdoCipher servers now show improvements typically in the range of 50% to 500% for cross-country transfer of larger objects, but can go ever higher under certain conditions.

Technology behind faster uploads:

  1. AWS S3 accelerations – Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path. We are providing this feature at no extra costs to our customers. Automatically built in and integrated with VdoCipher workflow for free and paid accounts.
  2. Asperasoft – Aspera (an IBM company),  helps in receiving terabytes of file-based content per day, from providers at even global distances with simplicity, high speed and low cost – minimal  investment in hardware and Internet bandwidth and a single transfer stream per provider. It also eliminates costly re-sending of files when transfers failed with FTP, laborious monitoring, and network collapse caused by data blasters or parallel FTP streams. VdoCipher uses Aspera for some large enterprise media cases and the costs for it are quite affordable.

So, register for 5GB free trial at, upload, embed and enjoy most secure and smooth streaming solution for your online business. C# web forms embed vdocipher video

The following code is the complete set up for embedding video in ASP.NET Web forms using vdocipher secure streaming. This code has been generated using Visual Studio Community 2015.

For the MVC implementation, please check:

For  vbscript implementation of aspx, check this:

Vdocipher video in aspx and aspx.cs files:

Do not save API Secret in the code

API secret is a key which gives your website authority to generate access tokens (OTPs) for video playback. This secret key can also be used to upload, delete videos in your vdocipher account. Hence, it should not be hard-coded in the application. It should be kept as an app secret. In the above example, it has been added to the web.config file which is not the recommended method. Please read this official article on best practices of saving secret keys in ASP.NET.

Complete code

Download the complete sample application from the Github.

Adding watermark to the videos

Watermark can be added when generating the OTP in the controller file. Please read this article on structuring your watermark and a sample code. The watermark has to be URLencoded and sent as a post data. You shall need to change around line 33 to send annotation information. Let us know if you find any trouble with the watermark setup.

A note about caching

OTP generated here is temporary. You can not cache this OTP and send it to multiple users as it might cause trouble. The OTP once used gets expired and can no longer be used to play video. Some extensions might try to automate the page rendering and especially when on pages which do not need login. The configuration must be set to make sure pages with embedded videos are not cached and cause error while playback.

vdocipher api illustration

For reference about how everything works, please check API reference.

Do let us know about your experiences setting up your secure video in to create your own PPV or subscription-based video portal. and how we can make the integration simpler.

Video upload from website or server to vdocipher API

[The following article on video upload is based on vdocipher API v2 which is the latest version]

We use Amazon aws storage to store original user videos securely in AWS S3. With an intent to automate their online business, many of our customers wish to allow their users to upload videos directly from their website. To enable this, we have a API call that returns an authenticated policy document which is used video upload into a S3 bucket allotted to your account.

Step 1 (Obtain authorized access):

Create authorized video upload request with your API secret key.

Content type: application/x-www-form-urlencoded
Method: POST
PostData: clientSecretKey=API_SECRET_KEY&title=newTitle
Content-Type: application/json

 x-amz-algorithm: ,

The API call has returned a set of parameters that must go with the video upload call to the AWS S3 endpoint. We shall refer to this JSON object returned above as uploadData.

The policy document is valid only for the next 1 hour. It is recommended to make the video upload immediately after creating the authorized access. There is also a soft restriction on the number of upload calls every hour, so it is advised to create it only after the user has chosen to upload the video. It should not be made every time somebody loads their dashboard or mobile app.

This call must be made from a secure environment such as your server. This should not be called from a mobile device or the browser to protect your API key. The uploadData should then be passed to user’s device (mobile or browser) to do the file upload.

Step 2 (Video upload via S3 API):

Upload the file to amazon s3 directly. This upload can be made using server code or using an HTML5 form. You can use any third party upload library to make the upload script. The famous ones already have tutorials on setting it up with S3 upload.

application Request
Endpoint: https://{bucket}
Method: POST
 'x-amz-credential': uploadData['x-amz-credential'],
 'x-amz-algorithm': uploadData['x-amz-algorithm'],
 'x-amz-date' : uploadData['x-amz-date'],
 'x-amz-signature': uploadData['x-amz-signature'],
 key : uploadData['key'],
 policy : uploadData['policy'],
 success_action_status : 201,
 success_action_redirect : ''
 file: <file content>
  • upload_link_secure string – The vdocipher storage location on S3 that has been allocated for this file
  • x-amz-credential string – These must be accompanied in the upload request.
  • x-amz-algorithm string
  • x-amz-date string
  • x-amz-signature string – A signature value that authorizes the form and proves that only vdocipher could have created it.
  • key string – A name for the S3 object that will store the uploaded file’s data
  • policy string – authorization string
  • success_action_status integer – The status code returned upon successful upload if success_action_redirect is not specified.
  • success_action_redirect string(optional) – Specifies if to redirect to a URL after a successful post instead of issuing a 201.

If everything goes right, the response from the above request should be:

<?xml version="1.0" encoding="UTF-8"?>

You can ignore the content of this response. Now, the video status should be shown as Queued or Processing in the API or on your dashboard. The video will get processed after some time. You can poll the API or configure the web hooks(coming soon) to know the time when video is ready. You should only load the video player if the video is ready.


Some sample code for the above operations: