Today's media monetization strategies require content owners to protect their media assets from viral distribution.

The Media Motion Online management console gives you the ability to create delivery business rules that are enforced by the CDN.

With Media Motion's Content Protection products, your end users must view the media through the workflow designated by you, the publisher. Content Protection policies for many of the Media Motion products are configured inside the management console. This means you can independently manage the configurations that build restrictions on which end-user requests are honored by the CDN.

URL Signing

URL Signing is the most popular content protection product. Media Motion's CDN Account owners use this product to publish content with a query string parameter token that includes a URL expiration timestamp. This private token is created on-the-fly in a server-side implementation, and can be used to create unique publishing URLs for each end user request. URL security prevents free distribution of content outside the workflow designated by the publisher. It's easy to take advantage of the URL Signing product. First, the URL Signing profile is enabled and managed in the Content Management tab of the management console. Then with a few lines of web application code, publishers build a URL that's safe from social sharing or deep linking.

GEO Blocking

GEO Blocking allows you to restrict content to end users in specified locations. The IP address of incoming requests is checked against a current list of IP allocations. The feature has both an Include and an Exclude list which are used to target the allowed audience. If an end user's IP address is found on the Include list, or is not found on the Exclude list, they are allowed access to the content. GEO Blocking can be assigned by country, US State, US City, US Zip Code, or DMA.

HTTP Referrer Restriction

HTTP Referrer Restriction is a security product that prevents CDN publishing URLs from being freely distributed on unauthorized websites (also known as hot linking or deep linking). Media Motion's CDN account owners configure one or more websites that end users can visit and successfully request content hosted by the CDN. When an end user request is made, the CDN compares the HTTP Header Referrer field with the list of approved websites. If the end user is not visiting from an approved website, the CDN will issue an HTTP 403 - Access Denied response. Setting up HTTP Referrer security is simple. Policies are enabled on a per-directory basis from within the Content Management tab in the management console.

RTMPe

RTMPe is fast, real-time encryption supported by the Flash Media Server that secures data transfer between the server and the client. This feature prevents third-party applications from listening to or "ripping" the stream. RTMPe is enabled on a per-request basis and is available for both Flash On-Demand and Flash Live. The RTMPe feature is requested by appending a CDN query string parameter to the publishing URL. RTMPe streaming is enforced with URL Signing. When combined with URL Signing, end users will only be able to access content via RTMPe.

SWF Verification

SWF Verification is an Adobe Flash Media Server feature that compares the SWF playing in the client with one or more SWFs approved by the content publisher. Media Motion's FMS servers inspect both the Flash player size and the Flash player hash, or the last 32 bytes of the first handshake packet. If the players are not an exact match, the end user is blocked from viewing the stream. This feature prevents manipulated or foreign players from accessing the video. SWF Verification is a popular content protection product. No code changes in the Flash player are needed to support SWF Verification. This product is enabled on a per-account basis; meaning that all live or on-demand Flash video within the account needs to be delivered to an approved player.

Live Streaming IP Lock & Login (Push Ingest)

Media Motion provides two methods of preventing stream source hijacking on Live Push ingest. IP Lock allows only a specified IP address to provide the source stream to a Media Motion push publishing point. This product is supported for both Windows Live Push and Flash Live Push, where Push is the method of getting Media Motion Online a seed or source feed for the live video stream. This feature is enabled per-stream in the management console live stream provisioning wizard. Login requires an authentication step for an encoder that wants to push a seed stream to a Media Motion Live Flash publishing point. This feature is enabled per-stream and is currently supported for Flash Live.

HTTP Authentication

Media Motion supports Basic HTTP Authentication for content delivery via progressive download. With basic HTTP Authentication, end users are prompted to enter Login credentials that are approved by the customer's Web server before the media is delivered. HTTP authentication can be configured on a per-directory basis and can be enabled and managed in the management console.