SecureLink For Video Downloads

SecureLink VOD download Security Add-On

Generate temporary links on the fly to your valuable content

ScaleEngine implements the 'Secure Link' protocol for video file download security as the default for all customers, based on an MD5 hash and a timestamp. The protocol is implemented automatically for any VOD download link, will full API support for most definable requirements like expiry and viewer IP address.

Any link to a VOD file is augmented to include additional URI Parameters:

 ?st={HASH HERE}&e={EXPIRATION HERE} 

where the hash is base64 encoded binary MD5 of:

  • a secretkey
  • the URI of the file
  • expiration time of the link
  • optionally, the ip address of the user

the PHP code to generate this looks something like (you may not want the remote address restriction):

$secret = 'somesecretstring';
$path = '/customer-vod/play/sestore1/customer/movie.mp4';
$expires = strtotime('+4 hours');

$input = "${secret}${path}${expires}";

//echo "input is: $input\n";

$hash_bin = md5($input, TRUE);

$hash = str_replace("=", "", strtr(base64_encode($hash_bin), "+/", "-_"));

//echo "final: st=${hash}&e=${expires}\n";

$url =
"https://customer-dl.scaleengine.net${path}?st=${hash}&e=${expires}";

Our servers then have that secret key, the url of the file (from the request), the expiration time (from the uri parameter) and optionally the IP address of the user (from the request).

Using that information, it computes the MD5 hash in the same way. If the two hashes match (only possible if they use the same secret, and the request has not be modified in any way (prevents users using a valid link from 1 file, to download other files), and the IP address is the same (if you use that optional parameter)), and the expiration date is in the future, then the download is allowed.