Hi Mark,

Thank you for the suggestion. Unfortunately zipping or rarring the content will not meet our requirement on this occasion. The problem with zips are that they are still visible on the machine, and also that the output can turn up in odd places, like temp folders etc. It can actually make it more difficult to delete files in a secure fashion. Also the encryption on these formats is very easy to break.

What we need is something that encrypts the content securely and forces the viewer to type in a password to view.

windows can encrypt the files, but I've always had issues with that. Plus Linux can read them just fine. :)

There's some free encrypting software out there, just do a search.

to make sure the client is the only one who sees it doesn't require software though fed-ex/UPS directly to them, make it so only THEY can sign for it.

There's this:

http://www.softwaretrials.com/avi-wmv-mpeg/protect-my-videos.html

Andrew

That is getting closer, but it is still not quite what I need. i do not want the file unencrypted on the client's machine at anytime. It needs to decrypt on the fly at playback. There must be a solution around somewhere.

This may do what you need and it's free.

http://www.truecrypt.org

Robert, what you're asking for would require a dedicated streaming server with the proper encryption software that would allow what you're after. That would cost a great deal more than you're probably willing to pay.

If it's the client's video, what difference does it make that it's on his machine or not?

We upload our video to a secure FTP site that the client has the username and password.

This is the only way I know of, plus it allows them to access it from any location.

Dave T2

But with an FTP server, it would/could be downloaded unencrypted to the local hard drive. Of course, the same applies to the TrueCrypt method I mentioned above.

i'm sure that decrypting on playback via local machine is no more unsafe then streaming a video from a password only site.

i'm having a hard time trying to figure out why you'd need that level of security in a place where it's not already established.

Found this in a search. I don't know anything about it other than its description.

http://www.softpedia.com/get/Security/Encrypting/Picture-Video-Encrypt.shtml

Thank you for your replies.

I shall just reiterate exactly what I am looking for. First of all I don't require any streaming. I want to be able to supply a video file to my client. It must be secure so that there is no way a person could view the file without authorisation. That means that a system where the file is at any point decrypted into it's original format is unacceptable.

What I need is a format that requires the user to have a password to play the file. So when you load up the file into whatever media player is necessary, a box pops up and asks for the password before it plays it. The best analogy would be that it would be like DRM, but with a password in place of the license.

It is the content that needs to remain encrypted and difficult to rip into other formats. Having a system where say an ordinary mpg file was encrypted and could only be viewed when returned to it's original state through decryption would be secure, and the client would have to decrypt the insecure version of the file on to their machine to view it.

Cheers,

If all you're worried about is being ripped off, then what you're asking for won't solve the problem. The person with the password can pass that along with the file. So you're back to square one--trusting the individual.

But with an FTP server, it would/could be downloaded unencrypted to the local hard drive. Of course, the same applies to the TrueCrypt method I mentioned above.

John, on their site it says "that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted."

Doesn't this mean there is no copy of the video in any temp folder anywhere on the hard drive?

I think what you are looking for probably won't exist outside of clandestine government operations.

They say that a hidden Truecrypt drive within another Truecrypt drive is undetectable and as such, virtually impenetrable. Yet something goes into memory, whether it is on a hard drive or memory chips or image bits being transfered to video card.

Your best bet is to show up with an armed guard, show them the video on your own laptop, then leave. That is the only sure way to get what you want.

http://www.programfiles.com/?LinkId=28879

Try this, says on the fly decryption with no temp files.

homepage

http://www.briggsoft.com/

http://www.briggsoft.com/cflix.htm

Dave T2

Robert, if what Dave provided works, look like you owe him a steak dinner!

Ha, Dave T2, good find!

Still, you need to see if a screen capture utility can capture any frame grabs, like Fraps, Camtasia, or my own little program that I wrote.

Are you worried about the person with the password not stealing your video? Or just people without the password?

Two thoughts.

1. Whatever solution you choose, whether local (which is what you think you need), or streaming, I strongly suggest that you attempt to "break" the video while playing by using this program: WM Recorder. It uses some pretty clever software to intercept the video as it makes its way to your screen, and will work even if no temp files are created. Thus, depending on the true nature of your security requirements, which you have understandably not disclosed, you may not be able to get what you want.

Put another way, if you played your video on my computer, with whatever encryption you choose to use, I think I could probably capture it with a $29 piece of shareware.

2. If your client is a member of "the community," you could do what the NSA did with a project I did for them four years ago. They wanted a Tom Petty song in the background ("We Won't Back Down"). I explained that I couldn't do that without license permission from Petty. They didn't believe me, so I told them to contact their legal department and ask them about "sync rights." They came back a few days later and told me I was right, but they had figured out a solution: After I delivered the project they were going to classify it "top secret," and no one would know what music was used, and those that did couldn't tell anyone.

And, that is exactly what they did.

I just pass this on, in case it is useful for you ...

The fact that they can show a screen shot seems to disqualify it the Briggsoft program.

There's a limit to how secure things can be. You could videotape the screen, after all.

Rob Mack

You could use a flash drive that self destructs after playing

"should you or any of the members of your team be caught, we will disavow....."


From what I can tell The cflix software is closest thing you will get to a secure video playback.

Dave T2

This sounds good. I'm pretty sure you can buy entire drives that are encypted and protected like this. Isn't that what forensic drives are?

This coupled with a player like the brigsoft product might just about do the job, but in the end it's got to be decrypted into memory to view it. Might want to provide an entire secure laptop.

Rob

Possibly installing that player on an encypted and protected drive would help, like this in combination with TrueCrypt.

Ideally, you need to deliver an entire secured laptop in a lockbox to be sure of the software installed on it.

I have a friend who does military contract work and they have to reformat and reinstall their software package onto their laptops before they cross the border. Lots of paperwork involved if they don't. He also can't carry electronics with cameras or microphones on them into some places.

Rob Mack