For real-time digital communication of patient information, HIPAA requires that the communication channel be properly secured to protect patient confidentiality. TokBox ensures secure transmission by using:
- Secure Connection: The sessions established are secure (with secured tokens that are regenerated). Random AES keys are generated by clients at the beginning of the media connection and, to increase security, additional keys are generated periodically throughout the session.
- Data Transmission and Encryption: OpenTok employs Transport Layer Security (TLS) to encrypt both voice and video data. The core protocols used are SRTP for media traffic encryption and DTLS-SRTP for key negotiation, both of which are defined by the IETF. The endpoints use AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity.