Checking access to access controlled media (via hash codes)

Where a user requests access to a media file within your VOD/AOD space usinga media access code or hash code, we simply check whether this hash code isstill valid and that it matches the visitor's IPv4 address and requestedfile. Otherwise, access is simply denied.

All hash codes used byus are temporary (2 hour) and unique for a given combination of file and IPaddress. However, we do not have an internal mapping table to determinewhether a given IP address may access a video.

What we offer isnot an authentication system but simply a verification system. If the userhas a valid hash code when requesting a video, then this means that theywere previously authorised to access the content by our site.

Authentication must therefore be carried out within your site orapplications on the basis of whatever parameters you require. You simplyneed to decide whether a user may access a given video or not.

Ifso, you then simply generate an Infomaniak hash code which will only bevalid for the user's IP address and a given file for 2 hours. Otherwise,even if they know the address of the video and retrieve the hash code fromanother user, they will not be able to access it.

This solutionis simple to implement and fairly flexible given that:

1. Youyourself handle authentications, allowing you to integrate the system withany type of web site or application.
2. Client authorisation does notsimply rely on their IP address, which is liable to change (ADSL withdynamic IPs, mobile networks, etc).
3. If you cease generating a hashcode for a given video, nobody else will be able to access it once the hashcode expires.
4. Authorised users must return to your site to get avalid hash code as these expire automatically.