Protecting premium video content is foundational to any platform offering premium content. For OTT platforms, live sports broadcasters, and subscription services, a pipeline without proper security leaves the door open to piracy, unauthorized redistribution, and revenue loss that’s difficult to recover from.
To show exactly how a fully secure video pipeline comes together in practice, DoveRunner partnered with Qencode for a hands-on webinar demonstrating how DoveRunner’s Multi-DRM and Forensic Watermarking integrate directly into the Qencode transcoding workflow.
The Problem with Stitching Tools Together
Most teams building a secure video pipeline end up cobbling together separate vendors for transcoding, encryption, and key management. The result is a fragile chain of integrations that’s hard to maintain, harder to debug, and rarely cohesive enough to act on piracy in real time.
The DoveRunner and Qencode integration was built specifically to solve this. Qencode handles the heavy lifting on the encoding and packaging side, taking source video, transcoding it, packaging it into HLS and DASH, and delivering it to the CDN. DoveRunner provides the security layer on top: encryption, license management, watermarking, and the anti-piracy tools to act when something goes wrong.
Step One: Multi-DRM Encryption
Multi-DRM is the foundation of any premium content protection strategy. DoveRunner’s Multi-DRM product protects video using studio-grade encryption across industry-standard DRM systems, covering the full range of devices and platforms that viewers use.
Here’s how the flow works when integrated with Qencode:
The CMS or workflow pipeline begins by calling DoveRunner’s Key Management Service (KMS) to retrieve encryption keys. Those keys are passed into Qencode, which encodes, encrypts, and packages the content into DASH or HLS format and pushes it to the CDN. When a viewer hits play, their media player detects the encrypted content, makes a DRM license request to DoveRunner’s license manager, and receives the license needed to decrypt and play the stream. The viewer sees nothing except smooth playback. Everything happens in the background.
In the live demo, this entire process was triggered via a simple Python script that called DoveRunner’s CPX API to fetch the encryption keys, then launched the Qencode transcoding job with DRM encryption enabled. Once complete, playback was verified in the Qencode player using DoveRunner’s Widevine license endpoint and a generated license token. Clean, encrypted, and ready for production.
Beyond the core encryption, DoveRunner’s Multi-DRM platform also includes concurrent stream limiting, real-time analytics, and Piracy Guard, an AI/ML-based anomaly detection service that flags suspicious license request patterns before they escalate into a larger piracy problem.
Step Two: Forensic Watermarking
Forensic watermarking embeds an invisible, session-specific identifier into every video stream, providing the means to trace leaked content back to its source. The watermark is completely imperceptible to viewers and survives aggressive attacks, including cropping, transcoding, and re-encoding, without being removed or degraded. DoveRunner’s watermarking has been validated through 155 independent tests by a third-party audit, clearing all of them.
The technical approach is an A/B server-side watermarking model. During transcoding, Qencode produces two versions of the content: Variant A (symbol 0) and Variant B (symbol 1), each with a different invisible pattern embedded in the video. Both variants are identical to the viewer in terms of resolution, bitrate, and segment structure. At playback time, DoveRunner’s Session Manager API takes a viewer identifier and returns a session URL that instructs the CDN to mix segments from A and B in a unique pattern for that specific viewer, creating a distinct binary fingerprint per session.
This approach scales seamlessly from thousands to millions of concurrent viewers for both live events and VOD, because the mixing happens at the CDN edge rather than at encode time. Completely client-agnostic, with no separate integration required per device, it works across browsers, mobile, and smart TVs without any additional configuration.
In the demo, forensic watermarking was enabled through a simple toggle in the Qencode portal under transcoding settings, with DoveRunner watermark credentials supplied. The result was two HLS output folders in the destination bucket, structurally identical and ready for CDN mixing.
When leaked content needs to be analyzed, DoveRunner’s SaaS-based detection module makes identification fast. Uploading the suspicious file or pointing it at a live stream allows the platform to extract the embedded session information within minutes, identifying exactly which viewer session was the source of the leak.
A Complete Pipeline
The DoveRunner and Qencode integration works as a unified system because its components are pre-integrated. DoveRunner manages the keys and licenses, Qencode handles transcoding and encryption, and the CDN mixes watermarked segments at the edge. If content surfaces somewhere it shouldn’t, DoveRunner’s detection and anti-piracy services can act on it in real time, providing studio-grade content protection without requiring teams to build the security layer themselves.
Want to see it in action? The integration is live. Head to the Qencode portal and enable DoveRunner’s Multi-DRM and Forensic Watermarking directly from your existing workflow — no migration, no extra tooling required.
The companion guide from the webinar includes all the technical details, including API references, sample scripts, and step-by-step setup instructions for both Multi-DRM and Forensic Watermarking with Qencode.
