How does Wowza SecureToken work?

This article gives you an overview of how Wowza SecureToken stream protection technology works. To make it very clear: it is not the token checking mechanism that is implemented by Wrench, it is the one that ships with Wowza Streaming Engine. The two are completely different, I'll compare the two at the end of this article.

This is also not an official comprehensive documentation, it's just how I understood it from the official documentation. I beleive that pictures usually speak better than written specs, so let's start with the diagram immediately.

Wowza SecureToken mechanism

So here's the SecureToken authentication mechanism steps

  • A random key is generated in the beginning. This is what we call SecureToken (?), and which you have to specify in your Wowza Streaming Engine Manager's Outgoing Security section.
  • The SecureToken has to be passed to the client as well. There are more ways to to this, one is to hardcode it into your JW Player or hardcode into Flowplayer, or pass it to the JW Player when it is initialized from Javascript. (See rtmp.securetoken here)
  • When the player initiates connection, Wowza generates a random unique token and encrypts it using the SecureToken as key with Tiny Encryption Algorithm
  • The encrypted token is passed to the client over the wire
  • The client, who has a copy of the SecureToken decrypts the token and sends back the result to Wowza
  • If the received token from the client is the same as that was generated originally, the connection is accepted, otherwise it is rejected

Write new comment