diff --git a/file_entity.module b/file_entity.module
index 63f7e86..57f5b72 100644
--- a/file_entity.module
+++ b/file_entity.module
@@ -2431,7 +2431,7 @@ function file_entity_fnmatch($pattern, $string) {
 function file_entity_download_uri($file) {
   $uri = array('path' => "file/{$file->fid}/download", 'options' => array());
   if (!variable_get('file_entity_allow_insecure_download', FALSE)) {
-    $uri['options']['query']['token'] = drupal_get_token($uri['path']);
+    $uri['options']['query']['token'] = file_entity_get_download_token($file);
   }
   return $uri;
 }
@@ -2456,3 +2456,12 @@ function file_entity_admin_menu_map() {
   );
   return $map;
 }
+
+/*
+ * Generate a download token avoiding the use of drupal_get_token() to ensure
+ * it works for both authenticated and anonymous users.
+ */
+function file_entity_get_download_token($file) {
+  $identifier = !empty($GLOBALS['user']->uid) ? session_id() : ip_address();
+  return drupal_hmac_base64("file/$file->fid/download", $identifier . drupal_get_private_key() . drupal_get_hash_salt());
+}
diff --git a/file_entity.pages.inc b/file_entity.pages.inc
index f157cd9..f983480 100644
--- a/file_entity.pages.inc
+++ b/file_entity.pages.inc
@@ -37,7 +37,7 @@ function file_entity_view_page($file) {
 function file_entity_download_page($file) {
   // Ensure there is a valid token to download this file.
   if (!variable_get('file_entity_allow_insecure_download', FALSE)) {
-    if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], "file/$file->fid/download")) {
+    if (!isset($_GET['token']) || $_GET['token'] !== file_entity_get_download_token($file)) {
       return MENU_ACCESS_DENIED;
     }
   }