Watermarking: Integrate your Irdeto service
Forensic watermarking is an anti-piracy solution to prevent and trace illegal content redistribution and security breaches. This article describes how to integrate your Irdeto watermarking service with Aspera on Cloud. After integration, Packages app users can apply watermarking when sending digital packages.
It's important that you work with your Irdeto representative to set up proper access between your Irdeto service and your AoC nodes. Aspera cannot validate that you have configured your Irdeto service correctly.
- Create a watermarking profile.
Name the profile that maps your Irdeto service to AoC.
- Associate the watermarking profile with a node attached to your
organization.
You can attach any watermarking profile to one or more nodes. (A node is your cloud storage bucket that you've attached to your AoC org.)
- Enable watermarking for the AoC Packages application in each workspace where you want
watermarking available.
Once enabled, you can make watermarking required for every package sent from that workspace, or you can allow workspace members to choose whether to apply watermarking to individual packages they send.For the Packages app user procedure showing how senders can apply watermarking, see Sending: Detailed procedure. For a more in-depth treatment, see the relevant section in Sending: Become an expert.
For step-by-step instructions, see "Configure watermarking in Aspera on Cloud" later in this article.
Watermarking with Irdeto in Aspera on Cloud
Watermarking combats piracy by applying an invisible yet traceable 'signature' on digital files. The watermark allows you to track that asset through the development and distribution process.
Each time an AoC user downloads a watermarked file, Irdeto updates the watermark to indicate the specific user who downloaded it. If a user who downloads a watermarked file then forwards the file using some mechanism other than AoC, the file retains the watermark identifying the user who downloaded it.
The following drawing is a schematic representation of the package upload workflow for your integration of Irdeto with AoC.
The following drawing is a schematic representation of the package download workflow for your integration of Irdeto with AoC.
Prerequisites
- The DWM (distributed watermarking) service API endpoint address(es) that are local to your cloud storage location(s).
- The tenant ID for your organization.
- Read-only access permissions from Irdeto to your storage.
Cloud and node support
- Supported cloud platforms
- AWS S3
- N. Virginia (us-east-1); Oregon (us-west-2); N. California (us-west-1)
- Sao Paolo (sa-east-1)
- Ireland (eu-west-1); London (eu-west-2); Frankfurt (eu-central-1)
- Tokyo (ap-northeast-1); Singapore (ap-southeast-1); Sydney (ap-southeast-2)
- GCS
- us-central1
Note: Your Irdeto account and your associated cloud storage must be in same provider region. See Irdeto documentation for more information. - AWS S3
- Supported Aspera node type: Aspera-managed auto-scale clusters (ATS).
- You can enable watermarking only on nodes that do not have encryption at rest (EAR) applied.
- This EAR constraint includes both cloud-provider server-side encryption and Aspera-provided encryption-at-rest (whether Aspera or your own KMS manages the root key).
- If you are unsure whether a node is enabled for encryption at rest, Aspera recommends creating one or more new nodes to support your organization's watermarking needs.
- For supporting documentation, see Use Aspera-managed keys for server-side encryption at rest; Bring your own key for server-side encryption at rest.
Using watermarking in Aspera on Cloud
This section describes how Packages app users can work with the watermarking capabilities you configure.
Receiving a watermarked package
Recipients of watermarked packages must log in to retrieve the package. Traceability using forensic watermarking requires that users in the content workflow be authenticated. Therefore, recipients cannot download a watermarked package from a public link.
Recipients must download watermarked packages using the Aspera on Cloud Packages app with IBM Aspera Connect.
File types and profiles supported
In a watermarked package, watermarking applies only to files that conform to supported profiles. Profiles comprise not only the supported file types (.ts; .ps, .mpg; .mpeg; .mov; .mxf; .mp4), but codecs, dimensions, and more; see the Irdeto watermarking service documentation for requirements.
GCS caveat
Ensure that watermarked packages do not contain files from Google Cloud Storage (GCS) that have special characters in file names.
Package actions
- Recalled packages: You cannot recall a watermarked package.
- Forward packages: You cannot forward a watermarked package.
- Save to Files app: You cannot use the Actions menu to save a watermarked package to the Files app.
- Add recipients to a package: When you add recipients to a watermarked package, the new recipients receive packages with their watermark. Adding recipients generates an immediate notification to the new recipients.
- Draft packages: If a transfer fails to start, AoC moves the package to the Drafts folder. You cannot change the watermarking setting for a package in the Drafts folder.
Configure watermarking in Aspera on Cloud
- The name of the workspace in which you want members to send watermarked packages.
- The node secret for the node that contains the workspace in which you want members to send watermarked packages.
- These parameters from your Irdeto account:
- Storage provider
- Storage provider region
- DWM API endpoint
- Tenant ID
Troubleshooting
Errors that may occur for the transfer of watermarked packages appear in the AoC transfer monitor, on the individual transfer record.
Error code | Error message |
---|---|
106 | Service: Could not embed enough watermarks for proper detection |
130 | Service: Failed bits per sample validity check |
131 | Service: Failed Resolution validity check |
132 | Service: Failed Framerate validity check |
133 | Service: Failed Bitrate validity check |
134 | Service: Unsupported input file codec |
165 | Service: Task processing retries attempted but still failed |
1001 | Watermark: Invalid parameter value received |
1002 | Watermark: Embedder was forcefully interrupted |
1003 | Watermark: Not implemented |
1007 | Watermark: Input file not found |
1008 | Watermark: General IO error |
1009 | Watermark: Unsupported input format |
1011 | Watermark: No permissions to read input file |
1013 | Watermark: Corrupted stream |
1014 | Watermark: Cannot write variant file |
3000 | Unknown system error |