The PassKey system employs encrypted tokens that are appended to the tune in URLs and are used to authenticate viewers. Each token is dynamically generated on the customers side using a custom built library provided by StreamGuys and contains a time frame for which the token is valid. The length of this time frame is determined by the customer and once it has expired, that token will no longer be able to tune into any of the protected streams. This method allows the customer to perform user authentication with any existing user or content management system infrastructure.
The PassKey system uses a 128-bit encryption algorithm that employs a shared key to encrypt and decrypt data. This key is shared only between StreamGuys and the client. In addition the PassKey system uses an Initialization Vector in the encrypting process to add extra security to the encrypted token and prevent reverse engineering of the shared key.
1. User requests stream
The user should be logged into the existing system and there should exist the capability to authenticate and verify their credentials.
2. PassKey is generated
The system should then reference the provided library to generate a valid token. Certain information is passed into the PassKey call, such as time frame, username and IP. An encrypted token is then returned and appended to the streaming server URL.
3. PassKey is sent to the streaming server
The player then initiates communication with the streaming server and sends the server the information specified in the URL, including the encrypted token.
4. Streaming server decodes token
The streaming server receives the content request along with the encrypted token, locates the content and then decrypts the token. If the server is unable to decrypt the token, it is assumed to be invalid and the request is denied.
5. Time frame is compared
Once a valid time frame has been extracted from the encrypted token it is then compared to the current time. If the current time falls within the time frame then the streaming server begins sending the requested content stream to the player.