Set up watermarking in your AMD property

You need to add the Watermarking behavior to your AMD property, and you can optionally set other features it offers.

Before you begin

  • You need to have it added to your Akamai contract. Work with your Akamai account representative ("rep") to get it added: AdaptiveMediaDelivery::Watermarking.
  • Is your watermarking vendor using one of the "other preprocessing methods?" If any of these methods are being used, you need to have advanced metadata set up for their use, and the settings applied here may vary. Please contact your account representative for assistance.

Add the Watermarking behavior

  1. In the Property Configuration Settings options, click Add Behavior.
  2. In the Search available behaviors field, input "watermarking" to filter the listed behaviors. Ensure that you select Watermarking from the list.
  3. The new behavior is added to your configuration. Set the Status slider to "On."
  4. Enable at least one of the two associated features—we recommend both—and set associated options as necessary.
    Note: You may need to work with your watermarking vendor to obtain these values.

  • Perform Signature Verification. Ensure that this slider is set to "On" (default). Settings you apply here are used to verify the signature in a watermarking token (WMT). What you define here must match what's included in the <signature> in the actual WMT that's defined by your watermarking vendor.
    Note: You can disable this, but watermarking is susceptible to an outside attack if a signature is not included in the WMT for verification.
    • Verification Key ID #1. Enter a unique identifier to associate with Verification Public Key #1. This value is included in the "kid" parameter in the WMT to specify that Verification Public Key #1 is used as the <signature>.
    • Verification Public Key #1. Include the full public key to be used to verify the signature in the WMT. The value needs to be hashed using the applicable encryption format set in the WMT. (The "alg" parameter set in the JWT Header.)
    • Verification Key ID #2 / Verification Public Key #2. These function the same as the "#1" options. You can include a second ID/Key combination for added security. The "kid" in the WMT must contain the Verification Key ID #2 to use Verification Public Key #2.
  • Pattern Encryption. Set this slider to "On," if each WMT will also be encrypted by the watermarking vendor. (This is defined via the "wmidalg" and "wmifpid" parameters in the WMT.)
    • Decryption Password ID #1. Include the unique ID established for Decryption Password #1. (This is included as the "wmidpid" in the WMT by your watermarking vendor.)
    • Decryption Password #1. Input the unique password that Akamai edge servers will use to decrypt the WMT.
    • Decryption Password ID #2 / Decryption Password #2. You can optionally generate a second ID/Password combination to rotate passwords. (The "wmidpid" included in the WMT must match the appropriate Decryption Password.)