Embedded Files
Kirk Haller
C2PA Live Streaming E2E Reference Workflow
C2PA Live Streaming E2E Reference Workflow
This demo shows how C2PA (the open standard behind Content Credentials) can be applied to live streaming so viewers (or downstream systems) can detect tampering, spoofing, or segment re-ordering during playback.
Qualabs worked closely with Google and the C2PA Live Task Force contributing to the new version of the C2PA spec.
How verification works
How verification works
The stream is split into segments. Each segment is a few seconds of video/audio.
Each segment carries a VSI message. VSI is sent in-band using an emsg box.
The VSI message is cryptographically signed. This proves who produced it (authenticity).
The VSI references the exact segment bytes. So if the segment is modified, the check fails (integrity).
The player validates while playing. It shows Pass/Fail as each VSI message is processed and flags problems immediately.
Key idea: The authenticity signal arrives alongside the live video, so verification can happen during playback — not after.
Where the C2PA data lives in this demo (VSI method)
Init segment: contains the C2PA Manifest in the uuid box (session context, including public session key info and active manifest metadata).
Media segments: contain the Verifiable Segment Info (VSI) in the emsg box so verification is continuous.
Why this matters: players can learn “who/what session” up front, then verify every arriving segment without waiting for the stream to finish.
FAQs
FAQs
What is C2PA?
What is C2PA?
C2PA (Coalition for Content Provenance and Authenticity) is an open technical standard for attaching cryptographically protected metadata to media so people and systems can understand the content’s origin and edit history. This user-facing experience is commonly called Content Credentials.
What is C2PA in a Live Video workflow?
What is C2PA in a Live Video workflow?
In live streaming, you can’t wait until “the end of the file” to prove authenticity—because the stream is continuous. C2PA Live Video enables verification during playback.
In this demo, we use the Verifiable Segment Info (VSI) method: a signed message is delivered in-band (via emsg) so the player can validate each segment as it arrives.
Why is C2PA needed in a Live Video?
Why is C2PA needed in a Live Video?
Live video is high-impact and fast-moving (news, sports, events). If a feed is spoofed or altered, misinformation or brand damage can spread instantly. C2PA live mechanisms make tampering detectable during playback, without waiting for post-processing.
What exactly is the demo validating?
What exactly is the demo validating?
The demo validates the Verifiable Segment Info (VSI) carried in-band: (1) the VSI signature is valid for the current live session, (2) the VSI-referenced hash matches the media segment bytes, and (3) the sequenceNumber is continuous to detect re-ordering or replay.
What happens if someone tampers with the live stream?
What happens if someone tampers with the live stream?
The next affected segment will fail validation (signature mismatch, hash mismatch, or continuity failure), and the UI marks it clearly. The point isn’t to “block” playback by default—it’s to make authenticity visible so viewers or systems can react.
Does this require changing HLS/DASH manifests or codecs?
Does this require changing HLS/DASH manifests or codecs?
C2PA live video is designed to integrate with modern segmented streaming using CMAF and in-band boxes (like emsg). In the VSI method, the proof travels in-band with the media via emsg.
In practice, many workflows can adopt this without redesigning the entire pipeline—especially when you’re already segmenting.
What are “session keys” and why do they exist?
What are “session keys” and why do they exist?
Session keys are short-lived signing keys used during a live session. Their public halves are delivered in C2PA data so the player can validate VSI signatures during playback. They can be rotated during long streams and updated via later manifests/segments if needed.
Is this the same as DRM or anti-piracy?
Is this the same as DRM or anti-piracy?
Different goal. DRM controls access. C2PA provides provenance and integrity signals (origin/edits/tamper evidence). They can coexist: one controls who can watch, the other helps prove what is being watched is authentic.
Where can I read the official spec?
Where can I read the official spec?
This demo is based on the C2PA Specification v2.3 and specifically the Live Video Verifiable Segment Info (VSI) mechanism (carried via emsg) and its session keys.
Architecture of the demo
Architecture of the demo
This architecture enables real-time provenance for live video, ensuring viewers can verify the authenticity of a stream as it happens.
Ingest: A live source is processed using ffmpeg into standard DASH segments (.m4s).
Signing: The C2PA Proxy monitors the input folder, hashes the init segments and generates the C2PA manifest, also hashes each new segment, and generates a VSI that is embedded in the emsg box. The C2PA Tool then binds this metadata to the segment.
Delivery: The signed segments are stored and served via a standard HTTP Server.
Verification: On the client side, a Validator Plugin works with the DASH Player to verify the cryptographic signatures in real-time, providing the viewer with a "Content Credential" that confirms the stream hasn't been tampered with.
*This architecture does not represent a production-ready environment. This was created only for the purpose of this demo.
The following diagram shows the general scheme of all the various data structures that can be used in a live video workflow and how each is connected to the others.
Glossary
Glossary
Content Credentials
This is the preferred non-technical term for a C2PA Manifest. The C2PA Manifest Store therefore represents the Content Credentials of an asset.
Content Credentials also refers to the overall C2PA technology, and is therefore essentially treated as a plural noun. If a C2PA Manifest is a Content Credential, then multiple C2PA Manifest or the broader, universal concept is Content Credentials.
Reference: C2PA v2.3 (Section 2.3.6)
Verifiable Segment Info (VSI)
The Verifiable Segment Info Map (verifiable-segment-info) is a structure designed to provide concise per-segment information for a live video stream allowing for each segment to be validated independently. It enables the validation of each segment’s integrity and authenticity during playback, ensuring that the content has not been tampered with.
Reference: C2PA v2.3 (Section 19.4.1)
Session keys
Session keys are asymmetric key pairs. Any of the cryptographic algorithms allowed for claim generator X.509 certificates may be used.
Reference: C2PA v2.3 (Section 19.4.4.1)
sequenceNumber
A unique identifier for the segment that is used to ensure the content order. This value shall either match the mfhd.sequence_number field defined in ISO/IEC 14496-12 or shall follow the segment-indexing rules defined in ISO/IEC 23009-9, Section 6.2 (conditions (a) and (f)). When used in conjunction with the per-segment C2PA Manifest Box method, the sequenceNumber in the verifiable-segment-info-map shall match the sequenceNumber value in the Section 19.3.2, “Live Video Segment Assertion”.
Reference: C2PA v2.3 (Section 19.4.1)
Page updated
Report abuse