The Setup
Set Top Box <--1--> Mediating Server <--2--> Network Storage
Where,
- 1) is an HTTP connection. The box is a walled garden which means I have no access to the media player code. The box works purely on HTTP Streaming / Progressive and does not recognize HTTPS or any kind of DRM. It does not have any storage and the media player is independent from the invoking application (Which is HTML based). This basically means that all media player requests happen on the media player level only and the application has no influence (except for overlays) on the player while the media is requested or played. The box does not support any form of HTTP redirects either.
2) Is an HTTPS connection. The organization owning the Network Storage (NAS) cannot allow plain HTTP connects. This is an internal private connectivity via a leased line of sorts. The storage system does not have any streaming server capability and cannot have directly connectivity over a public network.
The files in the NAS are not encrypted (As the box does not understand any DRM). The only way I can prevent unauthorized access to those files is to ensure that the client which is requesting the video file is an authorized client. In order to do this, I have placed this Mediating Server which negotiates with the client and authenticates it before it can stream the video out. In order to do this, I am planning on using a token based authentication method which takes various inputs from the client (Password, IP Address and Box Id.) and creates a token (16 Character Alphanumeric) or session id. and grants it to the client. The client has to append the session id to the URL of the requested video which is checked for authenticity before the video is streamed out to the client. The important thing to remember here is that this is a video on demand setup using HTTP (Yeah, I have been told that I do not require a streaming server for this).
Therefore what I require is a system that will first trap the request for media, authenticate it and only then allow the file packets to be sent via HTTP on a port that is opened for that specific user and media. Once the playback completes or is stopped, the port is closed and the session token is no longer valid. A new video request will be granted a fresh session token and port (Available from a pool of available, reserved ports). It is also important to understand that the video files do not reside in the Mediating Server and have to therefore be picked up from the Network Storage and then delivered to the requesting set top box.
The communication between the media player and the Mediating Server cannot be encrypted as it cannot understand HTTPS or any other form of DRM. The application (Which is an HTML over an internal browser) does support HTTPS so any communication between the Mediating Server and Application can be encrypted.
All this being done to prevent an unauthorized person from just picking up the media URL and playing it back on an unauthorized browser or media player outside of the valid set top box.
Can somebody help me meet this requirement using VLC or other means? I understand that this box is typical but unfortunately, I am stuck, at the moment, with what exists. Its currently impossible to change the box
Technology Stack
VLC 2.0.x
Apache Server
PHP
HTML + CSS
uBuntu Linux 12.04 LTS (Server Edition)
