Kontiki Enterprise Video Delivery - With Kontiki, It's Possible

Video Communication Everywhere

Contact Sales

Resources

End-to-End Security

Securing your content is Kontiki’s number one priority. And, since the Kontiki Delivery Management System (DMS) architecture is based on a distributed delivery model, the core of the platform has a built-in end-to-end security framework to ensure that:

  • Content is protected and encrypted during the upload process.
  • Only authorized users can publish content into the system.
  • Only authorized users can request and receive content whether the video is served to them by dedicated servers or other PCs.
  • Video streams cannot be ‘sniffed’ or ‘stolen’ while traversing the network.
  • No malicious users or PCs with viruses can alter the content and propagate it to others.
  • Only content that is published to central servers can be distributed from one PC to another.
  • Content cached on any PC or server is stored in encrypted form.

Secure Central Publishing

Only content that is published to the central system by an authorized publisher is delivered by the Kontiki DMS. To publish video into the DMS for distribution, a publisher must authenticate and logon to a central server. Once authenticated, the publisher can upload an on-demand video either by transferring it via SSL or having our central server(s) pull it from the live video source such as an encoder; and then broadcast it via the DMS. Videos published into the DMS are first virus checked and then encrypted for storage.

Access Control

Kontiki DMS enables the owner of the video (live stream or on-demand file) to protect it so only certain users or groups of users can access it. It is impossible for someone to request a secure video from a Kontiki client without first authenticating themselves via Kontiki’s central servers. Before a client or a server will serve a video stream to a requesting client, it must validate that the requesting client is authorized to receive that video stream. The DMS uses a hashed token mechanism for this authorization ensuring only authorized clients can stream the video even if their only sources of the stream are other clients.

Active Directory and LDAP Ready

Kontiki DMS has built in support for LDAP compliant directory services as well as Microsoft’s Active Directory. This eliminates the need to manage a duplicate set of groups and users in a separate system and allows content owners to pick groups of people from the corporate user directory that can be allowed to access the video.

Single Sign-on Support

For seamless single sign-on support, users can be automatically authenticated on the Kontiki DMS based on the credentials used for logging into their PC.

Point-to-Point Encryption

Transfers within the Kontiki DMS, whether server-to-client or client-to-client, are secure, using either the Kontiki Delivery Protocol (KDP) or SSL over HTTP. KDP is based on industry standards for signatures and encryption. Each KDP message and response is signed and encrypted using the following standards:

  • Public/private key pairs are generated using RSA algorithms implemented by the OpenSSL library. Kontiki uses a 1032-bit key pair.
  • Encryption is performed using the Blowfish algorithm implemented by the OpenSSL library with a 128-bit symmetric key. The PKI key pair encrypts and transfers these keys. These 128-bit keys are generated on the fly and only used temporarily during data transfers.
  • Signatures are based on the SHA-1 hash algorithm, implemented by the OpenSSL library.
  • Signature generation on the Java Web Application servers is implemented in a standard Java Security Provider library.

Guaranteed Content Integrity

It is essential that an ECDN guarantees the integrity of the content delivered. A malicious user or a PC with a virus should never result in an altered copy of content propagating through the network. To avoid this, Kontiki’s ECDN generates a SHA-1 digest for every “block” of a video file published into our ECDN. This digest then becomes part of the content metadata for that content.item. Every receiver of content also generates its own SHA-1 digest of each delivered (i.e. streamed) block and compares it against the original SHA-1 digest that is part of the metadata. If any block fails a check, the client will not source any more data from that server and will delete the bad blocks. Through this method, the system can guarantee a bit-perfect copy of every video stream received by every user.

On Disk Encryption

Videos are encrypted as they are uploaded to the DMS and reside in encrypted form on the central content servers. Content also remains encrypted as it resides on the PC and is decrypted on the fly only when the media player is streaming the video. This level of security helps ensure that a user won’t redistribute your sensitive information and that the content will remain protected even after it is delivered to the desktop.